# $Id: INSTALL,v 1.29 2003/08/02 19:28:44 andreaso Exp $ #

Installation instructions for Oinkmaster v0.8
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

o Put oinkmaster.pl in some suitable directory, for example /usr/local/bin/.
  Put oinkmaster.conf in /usr/local/etc/ (this is where oinkmaster will search
  for it by default). If you want to have oinkmaster.conf in some other
  directory, you must run oinkmaster with the -C argument.

o Make sure that the ownership/permission on the above files and your 
  rules directory are suitable for your environment. You must run Oinkmaster
  as a user that has read/write access to your rules directory. It should not
  be a privileged user. (The user you run Snort as, if different than the 
  Oinkmaster user, usually only needs read access.)

o Edit oinkmaster.conf. There are some options you may want to change before
  running Oinkmaster. Here you will then also tell Oinkmaster which SIDs or 
  files you want to disable or ignore.
  If you already have several rules commented out (or removed) in your current
  rules, you need to add the SIDs of those to oinkmaster.conf so they don't get
  re-enabled after each update.

o Decide in which directory you want to put the new rules. Since you probably
  already have Snort up and running, you should use the directory where you
  keep the official rules. It's a good idea to create a backup of it first.
  For example, if the directory is /snort/snort.org-rules/, you can now update
  those rules by running:

  oinkmaster.pl -o /snort/snort.org-rules/

  You should really check out the entire README before doing anything though.
  You may also run oinkmaster.pl -h for more usage information and options.
  See wget's manual page (http://www.gnu.org/manual/) if you need to setup
  proxy configuration etc.
