[Snort-users] [Snort-sigs] Update your oinkmaster/pulled_porkconf files

infosec posts infosec.posts at ...11827...
Wed Jun 30 12:45:46 EDT 2010


Fred,

Not sure if the typo is just in this email or if it's also in your
config, but the filename you show is "tag.gz" not "tar.gz"

FWIW, I was able to wget
http://www.snort.org/reg-rules/snortrules-snapshot-2853_s.tar.gz/<oinkcode>
this morning, but I had to add a -O to specify the output filename so
my script wouldn't break.



On Wed, Jun 30, 2010 at 10:03 AM, Fred Austin
<fred.austin at ...14917...> wrote:
> Even using the "--no-check-certificate" for wget, the download is failing. I
> thought the correct URL to use is now:
>
> http://www.snort.org/reg-rules/snortrules-snapshot-2853.tag.gz/<oinkcode>
>
> based on the VRT blog from Monday.
>
> Fred Austin
>
>
> On Wed, Jun 30, 2010 at 8:05 AM, Weir, Jason <jason.weir at ...14916...> wrote:
>>
>> Joel,
>>
>> Still getting the below error, could this be a wget problem not handling
>> the ssl connection correctly?  Anyone know how to use the
>> `--no-check-certificate' option with oinkmaster?
>>
>> ------------------------------------------------------------------------
>> --------------------------------------
>>
>> Downloading file from
>> http://www.snort.org/pub-bin/oinkmaster.cgi/*oinkcode*/snortrules-snapsh
>> ot-2853.tar.gz...
>>
>> /usr/local/bin/oinkmaster.pl: Error: could not download from
>> http://www.snort.org/pub-bin/oinkmaster.cgi/*oinkcode*/snortrules-snapsh
>> ot-2853.tar.gz.
>>
>> Output from wget follows:
>>
>> http://www.snort.org/pub-bin/oinkmaster.cgi/*oinkcode*/snortrules-snapsh
>> ot-2853.tar.gz
>>
>> Resolving www.snort.org... 68.177.102.20
>>
>> Connecting to www.snort.org|68.177.102.20|:80... connected.
>>
>> HTTP request sent, awaiting response... 302 Found
>>
>> Location:
>> https://s3.amazonaws.com/snort.org/rules/20100525/snortrules-snapshot-28
>> 53.tar.gz?AWSAccessKeyId=AKIAJJSHU7YNPLE5MKOQ&Expires=1277895698&Signatu
>> re=px1MZAMmLNzKWMw93CljxWGLJco%3D
>>
>> [following] --2010-06-30 07:01:08--
>> https://s3.amazonaws.com/snort.org/rules/20100525/snortrules-snapshot-28
>> 53.tar.gz?AWSAccessKeyId=AKIAJJSHU7YNPLE5MKOQ&Expires=1277895698&Signatu
>> re=px1MZAMmLNzKWMw93CljxWGLJco%3D
>>
>> Resolving s3.amazonaws.com... 72.21.202.164
>>
>> Connecting to s3.amazonaws.com|72.21.202.164|:443... connected.
>>
>> ERROR: cannot verify s3.amazonaws.com's certificate, issued by
>> `/C=US/O=VeriSign, Inc./OU=VeriSign Trust Network/OU=Terms of use at
>> https://www.verisign.com/rpa (c)09/CN=VeriSign Class 3 Secure Server CA
>> - G2':
>>
>> Unable to locally verify the issuer's authority.
>>
>> To connect to s3.amazonaws.com insecurely, use `--no-check-certificate'.
>> Unable to establish SSL connection.
>>
>> ------------------------------------------------------------------------
>> --------------------------------------
>>
>> -Jason
>>
>> -----Original Message-----
>> From: Joel Esler [mailto:jesler at ...1935...]
>> Sent: Tuesday, June 29, 2010 3:03 PM
>> To: Weir, Jason
>> Cc: infosec posts; snort-sigs at lists.sourceforge.net; Snort Users List
>> Subject: Re: [Snort-sigs] [Snort-users] Update your
>> oinkmaster/pulled_porkconf files
>>
>>
>> On Jun 29, 2010, at 10:41 AM, Weir, Jason wrote:
>> > Me too - common guys this isn't that complicated
>> >
>> > Oinkmaster output below
>>
>> Okay, I know our web team made some changes after these series of
>> emails.  If you are still having problems, please let us know.
>>
>> Joel
>>
>>
>>
>> _____________________________________________________________________________________________
>>
>> Please visit www.nhrs.org to subscribe to NHRS email announcements and
>> updates.
>>
>> ------------------------------------------------------------------------------
>> This SF.net email is sponsored by Sprint
>> What will you do first with EVO, the first 4G phone?
>> Visit sprint.com/first -- http://p.sf.net/sfu/sprint-com-first
>> _______________________________________________
>> Snort-sigs mailing list
>> Snort-sigs at lists.sourceforge.net
>> https://lists.sourceforge.net/lists/listinfo/snort-sigs
>
>
>
> --
> This email and any files transmitted with it are solely intended for the use
> of the named recipient(s) and may contain information that is privileged and
> confidential. If you receive this email in error, please immediately notify
> the sender and delete this message in all its forms.  E-mail transmission
> cannot be guaranteed to be secure or error-free as information could be
> intercepted, corrupted, lost, destroyed, arrive late or incomplete, or
> contain viruses.  Therefore N-Dimension Solutions Inc. does not accept
> liability for any errors or omission in the contents of the message which
> arise as a result of e-mail transmission.
>
> ------------------------------------------------------------------------------
> This SF.net email is sponsored by Sprint
> What will you do first with EVO, the first 4G phone?
> Visit sprint.com/first -- http://p.sf.net/sfu/sprint-com-first
> _______________________________________________
> Snort-sigs mailing list
> Snort-sigs at lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/snort-sigs
>
>




More information about the Snort-users mailing list