[Snort-sigs] I'm so close I smell Bacon... little more help thanks!

PR oly562 at ...2420...
Fri Sep 14 03:15:37 EDT 2012


ok, i am loaded pulledpork.conf... oh and im still sorta waiting for the
info i asked earlier, but i think i have gotten past all that now... 

moving forward...


1. i ran this:

./pulledpork.pl -s /etc/snort/so_rules -p /usr/local/bin/snort
-C /etc/snort.conf -i /etc/snort/disablesid.conf
-b /etc/snort/dropsid.conf -e /etc/snort/enablesid.conf
-M /etc/snort/modifysid.conf -e /etc/snort/enablesid.conf
-c /etc/snort/pulledpork.conf -o /etc/snort/rules/


2. i got this:

Use of uninitialized value $arch in regexp compilation
at ./pulledpork.pl line 271.
Use of uninitialized value $arch in regexp compilation
at ./pulledpork.pl line 271.
Use of uninitialized value $arch in regexp compilation
at ./pulledpork.pl line 271.
Use of uninitialized value $arch in regexp compilation
at ./pulledpork.pl line 271.
Use of uninitialized value $arch in regexp compilation
at ./pulledpork.pl line 271.
Use of uninitialized value $arch in regexp compilation
at ./pulledpork.pl line 271.
	Done!
~
~

Checking latest MD5 for emerging.rules.tar.gz....
	Error 500 when fetching
https://rules.emergingthreats.net/open/snort-2.9.3/emerging.rules.tar.gz.md5 at ./pulledpork.pl line 453.
	main::md5file('open', 'emerging.rules.tar.gz', '/tmp/',
'https://rules.emergingthreats.net/open/snort-2.9.3/') called
at ./pulledpork.pl line 1758



3. i checked pulledpork.pl - 271 first,,, 

elsif ( $filename =~ /^preproc_rules\/.*\.rules$/ ) {
            $singlefile =~ s/^preproc_rules\///;
            $tar->extract_file( $filename,
                $temp_path . "/tha_rules/$prefix" . $singlefile );
            print "\tExtracted: /tha_rules/$prefix$singlefile\n"
              if ( $Verbose && !$Quiet );
        }
here ???  elsif ($Sorules   <<<<
            && $filename =~
or here  ???
             /^so_rules\/precompiled\/($Distro)\/($arch)\/($Snort)\/.*
\.so/
            && -d $Sorules
            && !$Textonly )

line 271 is var $Sorules

i believe its complaining about precompiled, ill recheck to see if i
added ubuntu 10.04 anywhere, dont think so, and im running 12.04 which
is not listed yet in docs, however, let me check, if i didn't invoke
precompiled var in pulledpork.conf, where is my mistake?

thanks


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-sigs/attachments/20120914/9791d233/attachment.html>


More information about the Snort-sigs mailing list