Usage: ./pulledpork.pl [–dEgHklnRTPVvv? –help] –c <config filename> –o <rule output path>
–O <oinkcode> –s <so_rule output directory> –D <Distro> –S <SnortVer>
–p <path to your snort binary> –C <path to your snort.conf> –t <sostub output path>
–h <changelog path> –I (security|connectivity|balanced) –i <path to disablesid.conf>
–b <path to dropsid.conf> –e <path to enablesid.conf> –M <path to modifysid.conf>
–r <path to docs folder> –K <directory for separate rules files>
–help/? Print this help info.
–b Where the dropsid config file lives.
–C Path to your snort.conf
–c Where the pulledpork config file lives.
–d Do not verify signature of rules tarball, i.e. downloading fron non VRT or ET locations.
–D What Distro are you running on, for the so_rules
Valid Distro Types:
Debian–6–0, Ubuntu–10–4, Ubuntu–12–04, Centos–5–4
FC–12, FC–14, RHEL–5–5, RHEL–6–0
FreeBSD–8–1, FreeBSD–9–0, FreeBSD–10–0, OpenBSD–5–2, OpenBSD–5–3
OpenSUSE–11–4, OpenSUSE–12–1, Slackware–13–1
–e Where the enablesid config file lives.
–E Write ONLY the enabled rules to the output files.
–g grabonly (download tarball rule file(s) and do NOT process)
–h path to the sid_changelog if you want to keep one?
–H Send a SIGHUP to the pids listed in the config file
–I Specify a base ruleset( –I security,connectivity,or balanced, see README.RULESET)
–i Where the disablesid config file lives.
–k Keep the rules in separate files (using same file names as found when reading)
–K Where (what directory) do you want me to put the separate rules files?
–l Log Important Info to Syslog (Errors, Successful run etc, all items logged as WARN or higher)
–L Where do you want me to read your local.rules for inclusion in sid–msg.map
–m where do you want me to put the sid–msg.map file?
–M where the modifysid config file lives.
–n Do everything other than download of new files (disablesid, etc)
–o Where do you want me to put generic rules file?
–p Path to your Snort binary
–P Process rules even if no new rules were downloaded
–R When processing enablesid, return the rules to their ORIGINAL state
–r Where do you want me to put the reference docs (xxxx.txt)
–S What version of snort are you using
–s Where do you want me to put the so_rules?
–T Process text based rules files only, i.e. DO NOT process so_rules
–u Where do you want me to pull the rules tarball from
** E.g., ET, Snort.org. See pulledpork config rule_url option for value ideas
–V Print Version and exit
–v Verbose mode, you know.. for troubleshooting and such nonsense.
–vv EXTRA Verbose mode, you know.. for in–depth troubleshooting and other such nonsense.
–w Skip the SSL verification (if there are issues pulling down rule files)
–W Where you want to work around the issue where some implementations of LWP do not work with pulledpork‘s proxy configuration.