[Snort-sigs] still having download problems
YorkJ at ...855...
Thu Jul 1 10:32:02 EDT 2010
I've updated to pulledpork 0.4.2 on my Ubuntu 8.04 box. I also tried to update the CA certs with apt-get, but they are already up to date. When I do a packet trace, I see the box go to Snort and ask for the rules. Snort replies that the rules have moved to s3.amazonaws.com. At that point, my box just gives up--I don't see any traffic where it even tries to connect with amazon. Any ideas? I tried manually changing pp so it asked for sub-rules instead of reg-rules, but both do the same thing. The pp debug output and https conversation are below, mangled to protect the oinkcode.
me at ...3503...:~$ sudo apt-get install ca-certificates
[sudo] password for me:
Reading package lists... Done
Building dependency tree
Reading state information... Done
ca-certificates is already the newest version.
0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
me at ...3503...:~$ sudo ./ppgo
`--==\\ / Pulled_Pork v0.4.2
.-~~~~-.Y|\\_ Copyright (C) 2009-2010 JJ Cummings
@_/ / 66\_ cummingsj at ...2420...
| \ \ _(")
\ /-| ||'--' Rules give me wings!
Command Line Variable Debug:
Config Path is: /home/bryorkj/snortrules/pulledpork/etc/pulledpork.conf
Path to disablesid file: /home/bryorkj/snortrules/pulledpork/etc/disablesid.conf
Verbose Flag is Set
Extra Verbose Flag is Set
Config File Variable Debug /home/bryorkj/snortrules/pulledpork/etc/pulledpork.conf
snort_path = /usr/local/bin/snort
pid_path = /var/run/snortd.pid
rule_path = /usr/local/etc/snort/rules/snort.rules
ignore = deleted,experimental,local
rule_file = snortrules-snapshot-2860.tar.gz
sid_changelog = /var/log/sid_changes.log
sid_msg = /usr/local/etc/snort/sid-msg.map
config_path = /usr/local/etc/snort/snort.conf
sostub_path = /usr/local/etc/snort/rules/so_rules.rules
oinkcode = 7025mangle-mangle7813
temp_path = /tmp
distro = Ubuntu-8.04
base_url = http://www.snort.org/
sorule_path = /usr/local/lib/snort_dynamicrules/
version = 0.4.2
disablesid = /usr/local/etc/snort/disablesid.conf
local_rules = /usr/local/etc/snort/rules/local.rules
Checking latest MD5....
Fetching md5sum for: snortrules-snapshot-2860.tar.gz.md5
most recent rules file digest: d8b7b694e4f21b7406e3c86a32b362bf
Rules tarball download....
Fetching rules file: snortrules-snapshot-2860.tar.gz
Error 501 when fetching snortrules-snapshot-2860.tar.gz at /home/bryorkj/snortrules/pulledpork/pulledpork.pl line 264.
going to get this url: http://www.snort.org/sub-rules/snortrules-snapshot-2860.tar.gz/7025mangle-mangle7813
GET /sub-rules/snortrules-snapshot-2860.tar.gz/7025mangle-mangle7813 HTTP/1.1
Connection: TE, close
HTTP/1.0 302 Moved Temporarily
Date: Thu, 01 Jul 2010 13:57:15 GMT
X-Powered-By: Phusion Passenger (mod_rails/mod_rack) 2.2.4
Set-Cookie: _radiant_session=BAh7BjoPmangle-mangleDhmNDA%3D--777377mangle-mangled8cc; path=/; HttpOnly
Content-Type: text/html; charset=utf-8
X-Cache: MISS from web610.br.vccs.edu
Via: 1.0 web610.br.vccs.edu:8080 (http_scan/18.104.22.168.19)
<html><body>You are being <a href="https://s3.amazonaws.com/snort.org/rules/20100629/snortrules-snapshot-2860.tar.gz?AWSAccessKeyId=AKImangle-mangle&Expires=1277992665&Signature=7ZFmangle-mangle4%3D">redirected</a>.</body></html>
More information about the Snort-sigs