Snort ruleset 2.9.12 needs a zero at the end - the right format is `s…

timfprogs / ipfidsupdate

Automated Snort rule update for IPFire

GNU General Public License v2.0

5 stars 3 forks source link

Snort ruleset 2.9.12 needs a zero at the end - the right format is `s… #5

Open ccurdt opened 5 years ago

ccurdt commented 5 years ago

…nortrules-snapshot-29120.tar.gz`

ccurdt commented 5 years ago

I was hoping to see something more robust than a temporary solution that addresses only one specific version of Snort.

@jneb1980 do you mean something like that?

# If version string is less than 5 bytes, append a '0' to it
   $vrt_v .= '0' if(length($vrt_v) < 5);

Not all versions have a 0 at the end.

snortrules-snapshot-29120.tar.gz
snortrules-snapshot-29111.tar.gz
snortrules-snapshot-2990.tar.gz
snortrules-snapshot-3000.tar.gz
snortrules-snapshot-2983.tar.gz

https://www.snort.org/downloads/registered/md5s

jneb1980 commented 5 years ago

I was hoping for a generalized approach -- perhaps based on the number of dots in the Snort version info.

jneb1980 commented 5 years ago

With three dots as in version 2.9.11.1, the name is good as is. With only two dots as in version 2.9.12, the missing fourth component of version is implied to be zero -- and our friends at Snort append the zero on the file names. Of course, I am only guessing here. I'm good with whatever you choose to do.

jneb1980 commented 5 years ago

Perhaps something like this ...

# get the dot count before stripping them out
  my $dots = ($v =~ tr/.//);
  $v =~ s/\.//g if ($v);
  $vrt_v = $v if ($v);
# If snort version string has less than 3 dots, append a '0' to it
  $vrt_v .= '0' if($dots < 3);