数日前からoinkmasterを使ったsnortのルールの更新ができなくなった.
Snort-user MLに流れたアナウンスによると,
Recently, we have become increasing aware of companies who are commercially redistributing rules written by the Sourcefire VRT without contributing to the considerable resources required to develop high quality rules in such a timely fashion.
In order to enable us to continue supporting the open source model and dedicate these various resources to ensuring users have access to the best possible detection capabilities, we will begin distributing new “Sourcefire VRT Certified Rules” under a new license that restricts commercial redistribution.
というわけで,ルールの開発・維持に何の貢献もせずにsnortのルールを商用に配布する企業が増えたのでライセンスを変更することにしたらしい.ルールの配布方法は,
There are three ways to obtain these rules:
* Subscribers receive real-time rules updates as they are available
* Registered users can access rule updates 5 days after release to subscription users.
* Unregistered users receive a static ruleset at the time of each major Snort Release
の3種類. つまり,
- 有料($1795/year)で登録する
- 無料で登録する(ルールは有料登録のルールと同じもの.ただし,有料登録ユーザに比べて5日遅れ)
- 登録しない(ルールはsnortのmajor release時にのみ更新される)