Closed redbaron4 closed 3 years ago
I downloaded pulledpork.pl today (July 24, 2021) and had to modify the code to properly handle SO_rules for Snort3 (my flavor is ubuntu). I removed the "(" and ")" around $Distro and $arch on line 333 (else). And I also changed pulledpork.conf with distro=ubuntu.
if ($Snortv3 == 0) { $sofile_pat_base = $sofile_pat_base . "($Distro)\/($arch)\/($Snort)\/"; } else { $sofile_pat_base = $sofile_pat_base . "$Distro-$arch\/"; }
This PR modifies the Pulledpork script to handle shared object rules under both Snort2 and Snort3
It uses a new variable Snortv3 which is set to 1 if Snort3 is detected.
NOTE - Under Snort3, the distro names have changed. They should be
centos
instead ofRHEL-7
under Snort2. It is user responsibility to set the distro correctly in config based on Snort version.