[Snort-users] pulledpork help

Tony Reusser treusser at ...15879...
Fri Oct 12 14:03:34 EDT 2012


My snort box:

 

CentOS 6.3

Snort vers 2.9.3

Standard barnyard/pulledpork/mysql/BASE setup

 

I'm fairly new to Snort.  I've had it up and running for a couple of months
now.  About a month ago I downloaded the 2930 ruleset and successfully
installed it using pulledpork.  I am not a subscriber, so I only get the
'registered user' rulesets 30 days late.  I'm fine with that as this whole
thing is a learning process for me anyway.

 

Because of that, I download the rule tarballs manually and place them in my
/tmp folder on the snort machine.  I run pulledpork with the /n option to
process without downloading.  With the latest rule tarball in /tmp, this
should work right?  It seemed to function properly with 2930.  However, now
that I've downloaded the 2931 ruleset, I get the following error when I run
pulledpork.  Why is it still looking for the 2930 file?  I'm not a PERL guy,
but line 1798 just refers to a variable $rule_file.  Where is this actually
defined?  And why doesn't it reflect the current rule tarball file I have?

 

Any help would be appreciated.

 

                -Tony Reusser

 

 

[root at ...15880... pp]# ./pulledpork.pl -c ./etc/pulledpork.conf -E -n

 

    http://code.google.com/p/pulledpork/

      _____ ____

     `----,\    )

      `--==\\  /    PulledPork v0.6.1 the Smoking Pig <////~

       `--==\\/

     .-~~~~-.Y|\\_  Copyright (C) 2009-2011 JJ Cummings

  @_/        /  66\_  cummingsj at ...11827...

    |    \   \   _(")

     \   /-| ||'--'  Rules give me wings!

      \_\  \_\\

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

file /tmp//snortrules-snapshot-2930.tar.gz does not exist!

at ./pulledpork.pl line 1798

 

 

file listing of /tmp:

[root at ...15880... pp]# ls -al /tmp

total 23280

drwxrwxrwt. 13 root     root         4096 Oct 12 11:39 .

dr-xr-xr-x. 26 root     root         4096 Oct 12 11:04 ..

-rw-r--r--.  1 root     root      1272869 Oct 12 09:32 emerging.rules.tar.gz

-rw-r--r--.  1 root     root            0 Oct 12 10:53 etpro.rules.tar.gz

srwxrwxr-x.  1 notroot  notroot         0 Jul 31 11:46
gnome-system-monitor.treusser.2837431554

drwxrwxrwt.  2 root     root         4096 Oct 12 11:05 .ICE-unix

drwx------.  2 gdm      gdm          4096 Oct 12 11:06 orbit-gdm

-rw-rw-r--.  1 notroot  notroot  22487562 Oct 12 11:19
snortrules-snapshot-2931.tar.gz

-r--r--r--.  1 root     root           11 Oct 12 11:05 .X0-lock

drwxrwxrwt.  2 root     root         4096 Oct 12 11:05 .X11-unix

-r--r--r--.  1 notroot  notroot        11 Oct 12 11:05 .X1-lock

-rw-------.  1 root     root         1671 Oct  3 15:24
yum_save_tx-2012-10-03-15-24H0Dg_g.yumtx

-rw-------.  1 root     root         3856 Oct  8 08:56
yum_save_tx-2012-10-08-08-56ONmnWM.yumtx

-rw-------.  1 root     root         1204 Oct 11 11:20
yum_save_tx-2012-10-11-11-20aPV3jH.yumtx

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20121012/c4db4b59/attachment.html>


More information about the Snort-users mailing list