Arch Linux

Please read this before reporting a bug:
https://wiki.archlinux.org/title/Bug_reporting_guidelines

Do NOT report bugs when a package is just outdated, or it is in the AUR. Use the 'flag out of date' link on the package page, or the Mailing List.

REPEAT: Do NOT report bugs for outdated packages!
Tasklist

FS#3041 - Snort rules are missing in new version

Attached to Project: Arch Linux
Opened by Ido van Verseveld (idovitz) - Thursday, 04 August 2005, 12:25 GMT
Last edited by Dale Blount (dale) - Thursday, 04 August 2005, 12:28 GMT
Task Type Bug Report
Category Packages: Extra
Status Closed
Assigned To dorphell (dorphell)
Architecture not specified
Severity Medium
Priority Normal
Reported Version 0.7 Wombat
Due in Version Undecided
Due Date Undecided
Percent Complete 100%
Votes 0
Private No

Details

Rules are missing in snort 2.4.0:
QUOTE releasenotes: "*Rules are no longer distributed as part of the Snort releases, they are available as a separate download from snort.org."
Add source: http://www.snort.org/pub-bin/downloads.cgi/Download/vrt_pr/snortrules-pr-2.4.tar.gz

btw,
Perhaps this line in PKBUILD: backup=('etc/conf.d/snort' 'usr/etc/snort/snort.conf') should be backup=('/etc/snort/snort.conf') or something
This task depends upon

Closed by  dorphell (dorphell)
Saturday, 03 December 2005, 05:10 GMT
Reason for closing:  Fixed
Additional comments about closing:  Added rules
Comment by Dale Blount (dale) - Thursday, 04 August 2005, 12:28 GMT
we should probably keep the rules separate as I bet they're updated more than the program itself so they split them up.
Comment by Ido van Verseveld (idovitz) - Thursday, 04 August 2005, 12:36 GMT
Good idea, so we can remove the line:
install -D -m644 rules/*.rules $startdir/pkg/etc/snort/rules
Comment by Alexander Baldeck (kth5) - Tuesday, 16 August 2005, 08:01 GMT
doesn't sound right. snort simply will refuse to work without rules so they are a required runtime dependency and shoulr always be included in my opinion. if they were optional i'd say: go for it!
Comment by Dale Blount (dale) - Tuesday, 16 August 2005, 11:11 GMT
I wasn't suggesting not making it a dependency... just keeping it separate so the rules can be updated without updating the program too.
Comment by dorphell (dorphell) - Saturday, 03 December 2005, 05:07 GMT
Added and fixed the backup line. Thanks Ido.

Dale: I agree with you that separating snort and snort-rules would be better hygiene, but in practice I don't think it helps much -- I don't have the time to update the rules more frequently than I update snort itself so this would end up being just an extra hurdle for me =] so for now i'll just stick them together.

Loading...