This is a sample Oinkmaster Oinkmaster-bleedingsnort.conf for use with the Bleeding Snort Ruleset.

———–
url = http://www.bleedingsnort.com/downloads/bleeding.rules.tar.gz
path = /bin:/usr/bin:/usr/local/bin
tmpdir = /tmp
update_files = \.rules$|\.config$|\.conf$|\.txt$|\.map$
skipfile local.rules

———–

Then run oinkmaster like so:
oinkmaster.pl -q -C Oinkmaster-bleedingsnort.conf -o ./rules

Adjust ./rules to be your rules dir of course.

Add these lines to your snort.conf:

include $RULE_PATH/bleeding-virus.rules
include $RULE_PATH/bleeding-attack-response.rules
include $RULE_PATH/bleeding-policy.rules
include $RULE_PATH/bleeding-custom.rules
include $RULE_PATH/bleeding-dos.rules
include $RULE_PATH/bleeding-exploit.rules

include $RULE_PATH/bleeding-inappropriate.rules
include $RULE_PATH/bleeding-malware.rules
include $RULE_PATH/bleeding-p2p.rules
include $RULE_PATH/bleeding-scan.rules
include $RULE_PATH/bleeding-web.rules

or just:
include $RULE_PATH/bleeding-all.rules

And finally, only if you are using Barnyard or some other tool that relies on a sid-msg.map you need to add the bleedingsnort map to the stock file like so:
cp sid-msg.map sid-msg.map.orig
cat bleeding-sid-msg.map sid-msg.map.orig | sort -u > sid-msg.map
And you’re ready to go!!!