[Snort-users] [Snort-sigs] Update your oinkmaster/pulled_porkconf files

Joel Esler jesler at ...1935...
Wed Jun 30 12:06:00 EDT 2010


All,

So the problem is whatever openssl version that is being used on their
system has an old root CA chain file that doesn't have the recent Verisign
CA's chain certificates in it.

We're continuing to test on our side, however, you'll need to update these
and this error should go away.

J

On Wed, Jun 30, 2010 at 11:03 AM, Fred Austin
<fred.austin at ...14917...>wrote:

> Even using the "--no-check-certificate" for wget, the download is failing.
> I thought the correct URL to use is now:
>
> http://www.snort.org/reg-rules/snortrules-snapshot-2853.tag.gz/<oinkcode>
>
> based on the VRT blog from Monday.
>
> Fred Austin
>
>
> On Wed, Jun 30, 2010 at 8:05 AM, Weir, Jason <jason.weir at ...14916...> wrote:
>
>> Joel,
>>
>> Still getting the below error, could this be a wget problem not handling
>> the ssl connection correctly?  Anyone know how to use the
>> `--no-check-certificate' option with oinkmaster?
>>
>> ------------------------------------------------------------------------
>> --------------------------------------
>>
>> Downloading file from
>> http://www.snort.org/pub-bin/oinkmaster.cgi/*oinkcode*/snortrules-snapsh
>> ot-2853.tar.gz.<http://www.snort.org/pub-bin/oinkmaster.cgi/*oinkcode*/snortrules-snapsh%0Aot-2853.tar.gz.>
>> ..
>>
>> /usr/local/bin/oinkmaster.pl: Error: could not download from
>> http://www.snort.org/pub-bin/oinkmaster.cgi/*oinkcode*/snortrules-snapsh
>> ot-2853.tar.gz<http://www.snort.org/pub-bin/oinkmaster.cgi/*oinkcode*/snortrules-snapsh%0Aot-2853.tar.gz>
>> .
>>
>> Output from wget follows:
>>
>> http://www.snort.org/pub-bin/oinkmaster.cgi/*oinkcode*/snortrules-snapsh
>> ot-2853.tar.gz<http://www.snort.org/pub-bin/oinkmaster.cgi/*oinkcode*/snortrules-snapsh%0Aot-2853.tar.gz>
>>
>> Resolving www.snort.org... 68.177.102.20
>>
>> Connecting to www.snort.org|68.177.102.20|:80... connected.
>>
>> HTTP request sent, awaiting response... 302 Found
>>
>> Location:
>> https://s3.amazonaws.com/snort.org/rules/20100525/snortrules-snapshot-28
>> 53.tar.gz?AWSAccessKeyId=AKIAJJSHU7YNPLE5MKOQ&Expires=1277895698&Signatu
>> re=px1MZAMmLNzKWMw93CljxWGLJco%3D
>>
>> [following] --2010-06-30 07:01:08--
>> https://s3.amazonaws.com/snort.org/rules/20100525/snortrules-snapshot-28
>> 53.tar.gz?AWSAccessKeyId=AKIAJJSHU7YNPLE5MKOQ&Expires=1277895698&Signatu
>> re=px1MZAMmLNzKWMw93CljxWGLJco%3D
>>
>> Resolving s3.amazonaws.com... 72.21.202.164
>>
>> Connecting to s3.amazonaws.com|72.21.202.164|:443... connected.
>>
>> ERROR: cannot verify s3.amazonaws.com's certificate, issued by
>> `/C=US/O=VeriSign, Inc./OU=VeriSign Trust Network/OU=Terms of use at
>> https://www.verisign.com/rpa (c)09/CN=VeriSign Class 3 Secure Server CA
>> - G2':
>>
>> Unable to locally verify the issuer's authority.
>>
>> To connect to s3.amazonaws.com insecurely, use `--no-check-certificate'.
>> Unable to establish SSL connection.
>>
>> ------------------------------------------------------------------------
>> --------------------------------------
>>
>> -Jason
>>
>> -----Original Message-----
>> From: Joel Esler [mailto:jesler at ...1935...]
>> Sent: Tuesday, June 29, 2010 3:03 PM
>> To: Weir, Jason
>> Cc: infosec posts; snort-sigs at lists.sourceforge.net; Snort Users List
>> Subject: Re: [Snort-sigs] [Snort-users] Update your
>> oinkmaster/pulled_porkconf files
>>
>>
>> On Jun 29, 2010, at 10:41 AM, Weir, Jason wrote:
>> > Me too - common guys this isn't that complicated
>> >
>> > Oinkmaster output below
>>
>> Okay, I know our web team made some changes after these series of
>> emails.  If you are still having problems, please let us know.
>>
>> Joel
>>
>>
>>
>> _____________________________________________________________________________________________
>>
>> Please visit www.nhrs.org to subscribe to NHRS email announcements and
>> updates.
>>
>> ------------------------------------------------------------------------------
>> This SF.net email is sponsored by Sprint
>> What will you do first with EVO, the first 4G phone?
>> Visit sprint.com/first -- http://p.sf.net/sfu/sprint-com-first
>> _______________________________________________
>> Snort-sigs mailing list
>> Snort-sigs at lists.sourceforge.net
>> https://lists.sourceforge.net/lists/listinfo/snort-sigs
>>
>
>
>
> --
> This email and any files transmitted with it are solely intended for the
> use of the named recipient(s) and may contain information that is privileged
> and confidential. If you receive this email in error, please immediately
> notify the sender and delete this message in all its forms.  E-mail
> transmission cannot be guaranteed to be secure or error-free as information
> could be intercepted, corrupted, lost, destroyed, arrive late or incomplete,
> or contain viruses.  Therefore N-Dimension Solutions Inc. does not accept
> liability for any errors or omission in the contents of the message which
> arise as a result of e-mail transmission.
>



-- 
Joel Esler
skype: eslerjoel
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20100630/539f232f/attachment.html>


More information about the Snort-users mailing list