[Snort-sigs] I'm so close I smell Bacon... little more help thanks!

James Lay jlay at ...3266...
Sat Sep 15 10:30:01 EDT 2012


On Sep 14, 2012, at 1:15 AM, PR <oly562 at ...2420...> wrote:

> ok, i am loaded pulledpork.conf... oh and im still sorta waiting for the info i asked earlier, but i think i have gotten past all that now... 
> 
> moving forward...
> 
> 
> 1. i ran this:
> 
> ./pulledpork.pl -s /etc/snort/so_rules -p /usr/local/bin/snort -C /etc/snort.conf -i /etc/snort/disablesid.conf -b /etc/snort/dropsid.conf -e /etc/snort/enablesid.conf -M /etc/snort/modifysid.conf -e /etc/snort/enablesid.conf -c /etc/snort/pulledpork.conf -o /etc/snort/rules/
> 
> 
> 2. i got this:
> 
> Use of uninitialized value $arch in regexp compilation at ./pulledpork.pl line 271.
> Use of uninitialized value $arch in regexp compilation at ./pulledpork.pl line 271.
> Use of uninitialized value $arch in regexp compilation at ./pulledpork.pl line 271.
> Use of uninitialized value $arch in regexp compilation at ./pulledpork.pl line 271.
> Use of uninitialized value $arch in regexp compilation at ./pulledpork.pl line 271.
> Use of uninitialized value $arch in regexp compilation at ./pulledpork.pl line 271.
> Done!
> ~
> ~
> 
> Checking latest MD5 for emerging.rules.tar.gz....
> Error 500 when fetching https://rules.emergingthreats.net/open/snort-2.9.3/emerging.rules.tar.gz.md5 at ./pulledpork.pl line 453.
> main::md5file('open', 'emerging.rules.tar.gz', '/tmp/', 'https://rules.emergingthreats.net/open/snort-2.9.3/') called at ./pulledpork.pl line 1758
> 
> 
> 
> 3. i checked pulledpork.pl - 271 first,,, 
> 
> elsif ( $filename =~ /^preproc_rules\/.*\.rules$/ ) {
>             $singlefile =~ s/^preproc_rules\///;
>             $tar->extract_file( $filename,
>                 $temp_path . "/tha_rules/$prefix" . $singlefile );
>             print "\tExtracted: /tha_rules/$prefix$singlefile\n"
>               if ( $Verbose && !$Quiet );
>         }
> here ???  elsif ($Sorules   <<<<
>             && $filename =~
> or here  ???
>              /^so_rules\/precompiled\/($Distro)\/($arch)\/($Snort)\/.*\.so/
>             && -d $Sorules
>             && !$Textonly )
> 
> line 271 is var $Sorules
> 
> i believe its complaining about precompiled, ill recheck to see if i added ubuntu 10.04 anywhere, dont think so, and im running 12.04 which is not listed yet in docs, however, let me check, if i didn't invoke precompiled var in pulledpork.conf, where is my mistake?
> 
> thanks
> 
> 
> 

I get a BUNCH of those every time I update…still updates fine so eh…ignore and conquer has worked for me :)

James





More information about the Snort-sigs mailing list