# $Id: INSTALL,v 1.45 2004/03/26 12:09:34 andreas_o Exp $ #

Installation instructions for Oinkmaster v1.0
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

o Put oinkmaster.pl in some suitable directory, for example 
  /usr/local/bin/. Put oinkmaster.conf in /etc/ or /usr/local/etc/
  (this is where Oinkmaster will search for it by default). If you want 
  to have oinkmaster.conf in some other directory, you must run Oinkmaster 
  with the -C argument. Make sure that the ownership/permission on the 
  above files are suitable for your environment. You may also want to
  copy the man page (oinkmaster.1) to something like /usr/local/man/man1/.


o Edit oinkmaster.conf, or at least have a look at it to make sure 
  everything looks ok. There are some options you may want to change 
  before running Oinkmaster, although the defaults should work for most 
  people. One particular option you must make sure is correctly set is 
  "url", which specifies the location of the rules archive. What URL to 
  use depends on which version of Snort you run (see comments inside
  oinkmaster.conf or the FAQ for more information).

  In oinkmaster.conf.conf you will then also tell Oinkmaster which SIDs 
  or files you want to disable/enable/modify/ignore. If you already have 
  several rules commented out (or removed) in your current rules, you 
  must add the SIDs of those to oinkmaster.conf so they don't get 
  re-enabled after each update (there is a help script for that, see 
  makesidex.pl in the contrib directory). Remember that after switching 
  to Oinkmaster for updating the rules, all permanent modifications to 
  the rules must be done by editing oinkmaster.conf, not by editing the 
  rules files directly.


o Decide in which directory you want to put the new rules. Since you 
  probably have Snort up and running already, you should use the 
  directory where you keep the official rules. It's a very good idea to 
  create a backup of it first. You must run Oinkmaster as a user that has 
  read/write access to your rules directory and all rules files in it. It 
  should however *NOT* be a privileged user such as root! Never run
  Oinkmaster as root.


o Done! 
  Assuming your rules directory is /etc/snort/rules/, you can now update 
  those rules by running:

  oinkmaster.pl -o /etc/snort/rules

  You should really check out the entire README before doing anything 
  though. You may also run oinkmaster.pl -h to list all available command
  line options. They are described in more detail in the Oinkmaster manual
  page. See the FAQ if you need to setup proxy configuration.
