[Snort-sigs] still having download problems
YorkJ at ...855...
Thu Jul 1 13:39:18 EDT 2010
apt-get install libcrypt-ssleay-perl fixed it like magic-thanks JJ!
From: JJC [mailto:cummingsj at ...2420...]
Sent: Thursday, July 01, 2010 1:27 PM
To: Crook, Parker
Cc: John York; snort-sigs at lists.sourceforge.net
Subject: Re: [Snort-sigs] still having download problems
Ok, this seems to be an issue that stems from the fact that this version of Ubuntu does not have some required perl modules (even though if installed from CPAN they are dependencies) The short of it is that you need Crypt::SSLeay and for whatever reason the maintainers did not include this dependency... but I'm not gonna get into that discussion today. The following will fix the problem in Ubuntu.
apt-get install libcrypt-ssleay-perl
Other required modules, if you don't have them (from the repos, not CPAN) are:
And of course you also need to be sure that all of your root certs are up to date (I know that this has been covered, but I am covering again for the sake of completeness:
sudo apt-get install ca-certificates
That should just about cover it.. all of the reports were from Ubuntu 8x x66_64 and so fourth...
On Thu, Jul 1, 2010 at 9:02 AM, Crook, Parker <Parker_Crook at ...2899...<mailto:Parker_Crook at ...2899...>> wrote:
I just upgraded my LWP::Simple to 5.836 and still having this issue. I also ran update-ca-certificates to cover that base. Just curious, is this only happening on Debain and Debain-based distros?
P.S. If I am still having an issue on this, I will setup a lab at home tonight to test this out on OS X, Debian, and if someone is having issues on another distro, let me know and I'll see if can't test it out there too.
From: JJC [mailto:cummingsj at ...2420...<mailto:cummingsj at ...2420...>]
Sent: Thursday, July 01, 2010 10:51 AM
To: John York
Cc: snort-sigs at lists.sourceforge.net<mailto:snort-sigs at ...3414...t>
Subject: Re: [Snort-sigs] still having download problems
Do you know what version of LWP::SImple you are using?
On Thu, Jul 1, 2010 at 8:32 AM, John York <YorkJ at ...855...<mailto:YorkJ at ...253...855...>> wrote:
I've updated to pulledpork 0.4.2 on my Ubuntu 8.04 box. I also tried to update the CA certs with apt-get, but they are already up to date. When I do a packet trace, I see the box go to Snort and ask for the rules. Snort replies that the rules have moved to s3.amazonaws.com<http://s3.amazonaws.com>. At that point, my box just gives up--I don't see any traffic where it even tries to connect with amazon. Any ideas? I tried manually changing pp so it asked for sub-rules instead of reg-rules, but both do the same thing. The pp debug output and https conversation are below, mangled to protect the oinkcode.
me at ...3503...:~$ sudo apt-get install ca-certificates
[sudo] password for me:
Reading package lists... Done
Building dependency tree
Reading state information... Done
ca-certificates is already the newest version.
0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
me at ...3503...:~$ sudo ./ppgo
`--==\\ / Pulled_Pork v0.4.2
.-~~~~-.Y|\\_ Copyright (C) 2009-2010 JJ Cummings
@_/ / 66\_ cummingsj at ...2420...<mailto:cummingsj at ...2420...>
| \ \ _(")
\ /-| ||'--' Rules give me wings!
Command Line Variable Debug:
Config Path is: /home/bryorkj/snortrules/pulledpork/etc/pulledpork.conf
Path to disablesid file: /home/bryorkj/snortrules/pulledpork/etc/disablesid.conf
Verbose Flag is Set
Extra Verbose Flag is Set
Config File Variable Debug /home/bryorkj/snortrules/pulledpork/etc/pulledpork.conf
snort_path = /usr/local/bin/snort
pid_path = /var/run/snortd.pid
rule_path = /usr/local/etc/snort/rules/snort.rules
ignore = deleted,experimental,local
rule_file = snortrules-snapshot-2860.tar.gz
sid_changelog = /var/log/sid_changes.log
sid_msg = /usr/local/etc/snort/sid-msg.map
config_path = /usr/local/etc/snort/snort.conf
sostub_path = /usr/local/etc/snort/rules/so_rules.rules
oinkcode = 7025mangle-mangle7813
temp_path = /tmp
distro = Ubuntu-8.04
base_url = http://www.snort.org/
sorule_path = /usr/local/lib/snort_dynamicrules/
version = 0.4.2
disablesid = /usr/local/etc/snort/disablesid.conf
local_rules = /usr/local/etc/snort/rules/local.rules
Checking latest MD5....
Fetching md5sum for: snortrules-snapshot-2860.tar.gz.md5
most recent rules file digest: d8b7b694e4f21b7406e3c86a32b362bf
Rules tarball download....
Fetching rules file: snortrules-snapshot-2860.tar.gz
Error 501 when fetching snortrules-snapshot-2860.tar.gz at /home/bryorkj/snortrules/pulledpork/pulledpork.pl<http://pulledpork.pl> line 264.
going to get this url: http://www.snort.org/sub-rules/snortrules-snapshot-2860.tar.gz/7025mangle-mangle7813
GET /sub-rules/snortrules-snapshot-2860.tar.gz/7025mangle-mangle7813 HTTP/1.1
Connection: TE, close
HTTP/1.0 302 Moved Temporarily
Date: Thu, 01 Jul 2010 13:57:15 GMT
X-Powered-By: Phusion Passenger (mod_rails/mod_rack) 2.2.4
Set-Cookie: _radiant_session=BAh7BjoPmangle-mangleDhmNDA%3D--777377mangle-mangled8cc; path=/; HttpOnly
Content-Type: text/html; charset=utf-8
X-Cache: MISS from web610.br.vccs.edu<http://web610.br.vccs.edu>
Via: 1.0 web610.br.vccs.edu:8080<http://web610.br.vccs.edu:8080> (http_scan/22.214.171.124.19)
<html><body>You are being <a href="https://s3.amazonaws.com/snort.org/rules/20100629/snortrules-snapshot-2860.tar.gz?AWSAccessKeyId=AKImangle-mangle&Expires=1277992665&Signature=7ZFmangle-mangle4%3D<https://s3.amazonaws.com/snort.org/rules/20100629/snortrules-snapshot-2860.tar.gz?AWSAccessKeyId=AKImangle-mangle&Expires=1277992665&Signature=7ZFmangle-mangle4%3D>">redirected</a>.</body></html>
This SF.net email is sponsored by Sprint
What will you do first with EVO, the first 4G phone?
Visit sprint.com/first<http://sprint.com/first> -- http://p.sf.net/sfu/sprint-com-first
Snort-sigs mailing list
Snort-sigs at lists.sourceforge.net<mailto:Snort-sigs at lists.sourceforge.net>
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Snort-sigs