Version extraction for Windows

13 views
Skip to first unread message

Michael Steele

unread,
Sep 18, 2013, 6:17:20 PM9/18/13
to pulledpo...@googlegroups.com

JJ,

 

Pulled Pork is getting more and more popular for Windows, which brings me to the question:

 

PP for Windows can be pretty much automated. The problem is extracting the version number from the Windows executable, and using that in PP to download the latest rule set. We are now using the ‘snort_version=’ to set the download version. The problem arises when a new version of Snort is released along with a new version of the rules. We have to monitor the snort.org site and make the necessary change to the ‘snort_version=’ setting when that happens.

 

To fully automate PP where monitoring of new rule set versions are not necessary there needs to be a way to extract the version from the Windows Snort executable and use it to match the latest rule set available for downloading. Is there a way the developers could add something into the windows executable that could be used, or maybe there is a way for PP to use the ‘snort -V’ switch to extract the version number that way? There would need to be something added to the pp code to detect this.

 

This brings me to the realization of another question:

 

Is it safe to say that all Registered users (regardless of platform used) should probably use the ‘snort_version=’, or the equivalent switch for rule set downloading? It appears when a new version of Snort is released to everyone, along with a new rule set that Subscribers get, that match the new version of Snort; PP will fail if a Registered users installs the new version of Snort, and does not have access to the new rule set, correct?

 

I would still like to see a way for PP to pull the version out of the Windows executable and use it in the same fashion as it does for UNIX. If the above is true this would mean if the Windows user wanted full automation of PP they would need to be Subscribers.

 

Best regards,

Michael...

 

WINSNORT.com Management…

--

****************** Established ~ 2001 *******************

*          Visit Us @ http://www.winsnort.com           *

*      ~~ FREE WinIDS Snort installation guides ~~      *

*               ~~ FREE support forums ~~               *

* Snort: Open Source Network IDS - http://www.snort.org *

*********************************************************

Reply all
Reply to author
Forward
0 new messages