[Snort-sigs] I'm so close I smell Bacon... little more help thanks!

JJC cummingsj at ...2420...
Sat Sep 15 11:20:05 EDT 2012


you have still not specified the arch value in the pulledpork.conf.. if you
are not using SO rules... specify the -T flag...

On Sat, Sep 15, 2012 at 8:30 AM, James Lay <jlay at ...3266...> wrote:

>
> On Sep 14, 2012, at 1:15 AM, PR <oly562 at ...2420...> wrote:
>
> > ok, i am loaded pulledpork.conf... oh and im still sorta waiting for the
> info i asked earlier, but i think i have gotten past all that now...
> >
> > moving forward...
> >
> >
> > 1. i ran this:
> >
> > ./pulledpork.pl -s /etc/snort/so_rules -p /usr/local/bin/snort -C
> /etc/snort.conf -i /etc/snort/disablesid.conf -b /etc/snort/dropsid.conf -e
> /etc/snort/enablesid.conf -M /etc/snort/modifysid.conf -e
> /etc/snort/enablesid.conf -c /etc/snort/pulledpork.conf -o /etc/snort/rules/
> >
> >
> > 2. i got this:
> >
> > Use of uninitialized value $arch in regexp compilation at ./
> pulledpork.pl line 271.
> > Use of uninitialized value $arch in regexp compilation at ./
> pulledpork.pl line 271.
> > Use of uninitialized value $arch in regexp compilation at ./
> pulledpork.pl line 271.
> > Use of uninitialized value $arch in regexp compilation at ./
> pulledpork.pl line 271.
> > Use of uninitialized value $arch in regexp compilation at ./
> pulledpork.pl line 271.
> > Use of uninitialized value $arch in regexp compilation at ./
> pulledpork.pl line 271.
> > Done!
> > ~
> > ~
> >
> > Checking latest MD5 for emerging.rules.tar.gz....
> > Error 500 when fetching
> https://rules.emergingthreats.net/open/snort-2.9.3/emerging.rules.tar.gz.md5at ./
> pulledpork.pl line 453.
> > main::md5file('open', 'emerging.rules.tar.gz', '/tmp/', '
> https://rules.emergingthreats.net/open/snort-2.9.3/') called at ./
> pulledpork.pl line 1758
> >
> >
> >
> > 3. i checked pulledpork.pl - 271 first,,,
> >
> > elsif ( $filename =~ /^preproc_rules\/.*\.rules$/ ) {
> >             $singlefile =~ s/^preproc_rules\///;
> >             $tar->extract_file( $filename,
> >                 $temp_path . "/tha_rules/$prefix" . $singlefile );
> >             print "\tExtracted: /tha_rules/$prefix$singlefile\n"
> >               if ( $Verbose && !$Quiet );
> >         }
> > here ???  elsif ($Sorules   <<<<
> >             && $filename =~
> > or here  ???
> >
>  /^so_rules\/precompiled\/($Distro)\/($arch)\/($Snort)\/.*\.so/
> >             && -d $Sorules
> >             && !$Textonly )
> >
> > line 271 is var $Sorules
> >
> > i believe its complaining about precompiled, ill recheck to see if i
> added ubuntu 10.04 anywhere, dont think so, and im running 12.04 which is
> not listed yet in docs, however, let me check, if i didn't invoke
> precompiled var in pulledpork.conf, where is my mistake?
> >
> > thanks
> >
> >
> >
>
> I get a BUNCH of those every time I update…still updates fine so eh…ignore
> and conquer has worked for me :)
>
> James
>
>
>
> ------------------------------------------------------------------------------
> How fast is your code?
> 3 out of 4 devs don\\\'t know how their code performs in production.
> Find out how slow your code is with AppDynamics Lite.
> http://ad.doubleclick.net/clk;262219672;13503038;z?
> http://info.appdynamics.com/FreeJavaPerformanceDownload.html
> _______________________________________________
> Snort-sigs mailing list
> Snort-sigs at lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/snort-sigs
> http://www.snort.org
>
>
> Please visit http://blog.snort.org for the latest news about Snort!
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-sigs/attachments/20120915/9b8b7ce4/attachment.html>


More information about the Snort-sigs mailing list