[Snort-users] Pulled Pork - Error 500 when fetching

Jomana Malone jomana.malone at ...11827...
Thu Dec 29 13:04:28 EST 2011


Hi all,

I recently installed Snort and PulledPork using Nick Moore's document, 
"Snort 2.9.1 on CentOS 5.6".  I'm very new to all this.  After lots of 
tweaks and research, I have Snort and Barnyard2 up and running.  I even 
had PulledPork pull rulesets from Emerging Threats; however, I can't 
seem to get PulledPork to pull the rulesets from Snort.  I was able to 
manually pull using wget though:

wget http://www.snort.org/reg-rules/snortrules-snapshot-edge.tar.gz/<my 
oinkcode> -O snortrules-snapshot-edge.tar.gz

As per JJC's suggestion in one of the discussions, I'm using the 
snortrules-snapshot-edge.tar.gz file instead of a specific snort rule 
version.

Below are all my system and error information.  I know it's a lot, but I 
tried to break it up for you.  I've been going around and around with 
this for a while, so I greatly appreciate any help you may provide.

Thanks so much!

######################################
Here are my system specs:
######################################
OS: CentOS 5.6
PulledPork version: 0.6.1
Snort Version: 2.9.1

KERNEL:
[root at ...15481... ~]# uname -m
i686

CENTOS RELEASE:
[root at ...15481... ~]# cat /etc/issue
CentOS release 5.6 (Final)
Kernel \r on an \m

SNORT VERSION:
[root at ...15481... ~]# snort -V

    ,,_     -*> Snort! <*-
   o"  )~   Version 2.9.1 IPv6 GRE (Build 71)
    ''''    By Martin Roesch & The Snort Team: 
http://www.snort.org/snort/snort-team
            Copyright (C) 1998-2011 Sourcefire, Inc., et al.
            Using libpcap version 1.1.1
            Using PCRE version: 8.13 2011-08-16
            Using ZLIB version: 1.2.3
######################################

######################################
After searching the Web and reading through Snort Users archives, I 
found other users with similar errors, but nothing that seemed to be a 
complete match.

Here's my error:
######################################
[root at ...15481... ~]# /usr/local/pulledpork-0.6.1/pulledpork.pl -c 
/etc/snort/pulledpork.conf

     http://code.google.com/p/pulledpork/
       _____ ____
      `----,\    )
       `--==\\  /    PulledPork: 0.6.1
        `--==\\/
      .-~~~~-.Y|\\_  Copyright (C) 2009-2011 JJ Cummings
   @_/        /  66\_  cummingsj at ...11827...
     |    \   \   _(")
      \   /-| ||'--'  Rules give me wings!
       \_\  \_\\
  ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Checking latest MD5 for snortrules-snapshot-2910.tar.gz....
     Error 500 when fetching 
https://www.snort.org/reg-rules/snortrules-snapshot-2910.tar.gz.md5 at 
/usr/local/pulledpork-0.6.1/pulledpork.pl line 454
     main::md5file('<my oinkcode>', 'snortrules-snapshot-2910.tar.gz', 
'/tmp/', 'https://www.snort.org/reg-rules/') called at 
/usr/local/pulledpork-0.6.1/pulledpork.pl line 1760

######################################

######################################
Line 454 in my pulledpork.pl file
######################################

croak "\tError $getrules_md5 when fetching "

######################################

######################################
Below is my error with extra verbose
######################################

[root at ...15481... ~]# /usr/local/pulledpork-0.6.1/pulledpork.pl -c 
/etc/snort/pulledpork.conf -vv

     http://code.google.com/p/pulledpork/
       _____ ____
      `----,\    )
       `--==\\  /    PulledPork: 0.6.1
        `--==\\/
      .-~~~~-.Y|\\_  Copyright (C) 2009-2011 JJ Cummings
   @_/        /  66\_  cummingsj at ...11827...
     |    \   \   _(")
      \   /-| ||'--'  Rules give me wings!
       \_\  \_\\
  ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Config File Variable Debug /etc/snort/pulledpork.conf
     snort_path = /usr/local/bin/snort
     pid_path = /var/run/snort_eth1.pid,/var/run/barnyard2_eth1.pid
     rule_path = /etc/snort/rules/snort.rules
     ignore = deleted.rules,experimental.rules,local.rules
     rule_url = ARRAY(0x9f79c30)
     snort_version = 2.9.1.0
     sid_changelog = /var/log/sid_changes.log
     sid_msg = /etc/snort/sid-msg.map
     backup_file = /tmp/pulled_pork_backup/pp_backup
     backup = /etc/snort,/usr/local/lib/snort_dynamicrules/
     ips_policy = security
     config_path = /etc/snort/snort.conf
     sostub_path = /etc/snort/rules/so_rules.rules
     oinkcode = <my oinkcode>
     temp_path = /tmp
     distro = Centos-5-4
     version = 0.6.1
     sorule_path = /usr/local/lib/snort_dynamicrules/
     local_rules = /etc/snort/rules/local.rules
MISC (CLI and Autovar) Variable Debug:
     arch Def is: i386
     Config Path is: /etc/snort/pulledpork.conf
     Distro Def is: Centos-5-4
     security policy specified
     local.rules path is: /etc/snort/rules/local.rules
     Rules file is: /etc/snort/rules/snort.rules
     sid changes will be logged to: /var/log/sid_changes.log
     sid-msg.map Output Path is: /etc/snort/sid-msg.map
     Snort Version is: 2.9.1.0
     Snort Config File: /etc/snort/snort.conf
     Snort Path is: /usr/local/bin/snort
     SO Output Path is: /usr/local/lib/snort_dynamicrules/
     SO Stub File is: /etc/snort/rules/so_rules.rules
     Extra Verbose Flag is Set
     Verbose Flag is Set
     Base URL is: 
https://www.snort.org/reg-rules/|snortrules-snapshot-edge.tar.gz|<my 
oinkcode>
Checking latest MD5 for snortrules-snapshot-2910.tar.gz....
     Fetching md5sum for: snortrules-snapshot-2910.tar.gz.md5
** GET 
https://www.snort.org/reg-rules/snortrules-snapshot-2910.tar.gz.md5/<my 
oinkcode> ==> SSL_connect:before/connect initialization
SSL_connect:SSLv2/v3 write client hello A
SSL_connect:SSLv3 read server hello A
SSL_connect:SSLv3 read server certificate A
SSL_connect:SSLv3 read server done A
SSL_connect:SSLv3 write client key exchange A
SSL_connect:SSLv3 write change cipher spec A
SSL_connect:SSLv3 write finished A
SSL_connect:SSLv3 flush data
SSL_connect:SSLv3 read finished A
500 read failed:  (1s)
     Error 500 when fetching 
https://www.snort.org/reg-rules/snortrules-snapshot-2910.tar.gz.md5 at 
/usr/local/pulledpork-0.6.1/pulledpork.pl line 454
     main::md5file('<my oinkcode>', 'snortrules-snapshot-2910.tar.gz', 
'/tmp/', 'https://www.snort.org/reg-rules/') called at 
/usr/local/pulledpork-0.6.1/pulledpork.pl line 1760

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20111229/a67fc27c/attachment.html>


More information about the Snort-users mailing list