Notable changes include the tarball filename change, preprocessor rules and sensitive data rules. Note that pulledpork 0.4.0 will still work with 2.8.6 but will not properly make use of the new rules that I just listed and that you will need to change the rules tarball name for VRT releases. Please also note that if you use pulledpork 0.4.1 and are still using Snort 220.127.116.11 that you need to make some changes in the "ignore" variable section of the pulledpork.conf file.
- Flowbit tracking! - This means that all flowbits are not enabled when a specific base ruleset is specified (security etc...) but rather all flowbits are now tracked, allowing for only those that are required to be enabled.
- Adjusted pulledpork.conf to account for new snort rules tarball naming and packing scheme, post Snort 2.8.6 release.
- Added option to specify all rule modification files in the master pulledpork.conf file - feature request 19.
- Added capability to specify base ruleset (see README.RULESETS) in master pulledpork.conf file.
- Handle preprocessor and sensitive-information rulesets
- 18 - non-rule lines containing the string sid:xxxx were being populated into the rule data structure, added an extra check to ensure that this does not occur
- Cleaned up href pointers, syntactical purposes only...
- Modified master config to allow for better readability on smaller console based systems
- Error output was not always returning full error, fixed this
Thanks to the community for continued support and feedback!