Developers guide
Chapter 7
Copyright © 2008-2013 Inverse inc.
Optional components 53
Oinkmaster
Oinkmaster is a perl script that enables the possibility to update the different snort rules very easily.
It is simple to use, and install. This section will show you how to implement Oinkmaster to work with
PacketFence and Snort.
Please visit http://oinkmaster.sourceforge.net/download.shtml to download oinkmaster. A sample
oinkmaster configuration file is provided at /usr/local/pf/addons/snort/oinkmaster.conf.
Configuration
Here are the steps to make Oinkmaster work. We will assume that you already downloaded the newest
oinkmaster archive:
1. Untar the freshly downloaded Oinkmaster
2.
Copy the required perl scripts into /usr/local/pf/oinkmaster. You need to copy over contrib and
oinkmaster.pl
3.
Copy the oinkmaster.conf provided by PacketFence (see the section above) in /usr/local/pf/conf
4. Modify the configuration to suit your own needs. Currently, the configuration file is set to fetch the
bleeding rules.
Rules update
In order to get periodic updates for PacketFence Snort rules, we simply need to create a crontab entry
with the right information. The example below shows a crontab entry to fetch the updates daily at
23:00 PM:
0 23 * * * (cd /usr/local/pf; perl oinkmaster/oinkmaster.pl -C conf/
oinkmaster.conf -o conf/snort/)
Floating Network Devices
Starting with version 1.9, PacketFence now supports floating network devices. A Floating network device is
a device for which PacketFence has a different behaviour compared to a regular device. This functionality
was originally added to support mobile Access Points.