[Snort-users] pulledpork help

Jeremy Hoel jthoel at ...11827...
Fri Oct 12 14:15:29 EDT 2012


What does 'snort -V' show?


On Fri, Oct 12, 2012 at 6:03 PM, Tony Reusser <treusser at ...15879...> wrote:
> My snort box:
>
>
>
> CentOS 6.3
>
> Snort vers 2.9.3
>
> Standard barnyard/pulledpork/mysql/BASE setup
>
>
>
> I’m fairly new to Snort.  I’ve had it up and running for a couple of months
> now.  About a month ago I downloaded the 2930 ruleset and successfully
> installed it using pulledpork.  I am not a subscriber, so I only get the
> ‘registered user’ rulesets 30 days late.  I’m fine with that as this whole
> thing is a learning process for me anyway.
>
>
>
> Because of that, I download the rule tarballs manually and place them in my
> /tmp folder on the snort machine.  I run pulledpork with the /n option to
> process without downloading.  With the latest rule tarball in /tmp, this
> should work right?  It seemed to function properly with 2930.  However, now
> that I’ve downloaded the 2931 ruleset, I get the following error when I run
> pulledpork.  Why is it still looking for the 2930 file?  I’m not a PERL guy,
> but line 1798 just refers to a variable $rule_file.  Where is this actually
> defined?  And why doesn’t it reflect the current rule tarball file I have?
>
>
>
> Any help would be appreciated.
>
>
>
>                 -Tony Reusser
>
>
>
>
>
> [root at ...15880... pp]# ./pulledpork.pl -c ./etc/pulledpork.conf -E -n
>
>
>
>     http://code.google.com/p/pulledpork/
>
>       _____ ____
>
>      `----,\    )
>
>       `--==\\  /    PulledPork v0.6.1 the Smoking Pig <////~
>
>        `--==\\/
>
>      .-~~~~-.Y|\\_  Copyright (C) 2009-2011 JJ Cummings
>
>   @_/        /  66\_  cummingsj at ...11827...
>
>     |    \   \   _(")
>
>      \   /-| ||'--'  Rules give me wings!
>
>       \_\  \_\\
>
> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
>
>
>
> file /tmp//snortrules-snapshot-2930.tar.gz does not exist!
>
> at ./pulledpork.pl line 1798
>
>
>
>
>
> file listing of /tmp:
>
> [root at ...15880... pp]# ls -al /tmp
>
> total 23280
>
> drwxrwxrwt. 13 root     root         4096 Oct 12 11:39 .
>
> dr-xr-xr-x. 26 root     root         4096 Oct 12 11:04 ..
>
> -rw-r--r--.  1 root     root      1272869 Oct 12 09:32 emerging.rules.tar.gz
>
> -rw-r--r--.  1 root     root            0 Oct 12 10:53 etpro.rules.tar.gz
>
> srwxrwxr-x.  1 notroot  notroot         0 Jul 31 11:46
> gnome-system-monitor.treusser.2837431554
>
> drwxrwxrwt.  2 root     root         4096 Oct 12 11:05 .ICE-unix
>
> drwx------.  2 gdm      gdm          4096 Oct 12 11:06 orbit-gdm
>
> -rw-rw-r--.  1 notroot  notroot  22487562 Oct 12 11:19
> snortrules-snapshot-2931.tar.gz
>
> -r--r--r--.  1 root     root           11 Oct 12 11:05 .X0-lock
>
> drwxrwxrwt.  2 root     root         4096 Oct 12 11:05 .X11-unix
>
> -r--r--r--.  1 notroot  notroot        11 Oct 12 11:05 .X1-lock
>
> -rw-------.  1 root     root         1671 Oct  3 15:24
> yum_save_tx-2012-10-03-15-24H0Dg_g.yumtx
>
> -rw-------.  1 root     root         3856 Oct  8 08:56
> yum_save_tx-2012-10-08-08-56ONmnWM.yumtx
>
> -rw-------.  1 root     root         1204 Oct 11 11:20
> yum_save_tx-2012-10-11-11-20aPV3jH.yumtx
>
>
> ------------------------------------------------------------------------------
> Don't let slow site performance ruin your business. Deploy New Relic APM
> Deploy New Relic app performance management and know exactly
> what is happening inside your Ruby, Python, PHP, Java, and .NET app
> Try New Relic at no cost today and get our sweet Data Nerd shirt too!
> http://p.sf.net/sfu/newrelic-dev2dev
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
>
> Please visit http://blog.snort.org to stay current on all the latest Snort
> news!




More information about the Snort-users mailing list