[Snort-users] 403 Error when attempting to pull rules using Pulled-Pork

Joel Esler jesler at ...1935...
Wed Feb 20 08:46:36 EST 2013


Add a 0 to the end of the "294" line.  2940.tar.gz.  It'll work.

--
Joel Esler
Senior Research Engineer, VRT
OpenSource Community Manager
Sourcefire


On Wednesday, February 20, 2013 at 8:41 AM, Tamara Fisher wrote:

> Hi. 
> 
> I'm having issues when attempting to fetch subscriber rules and have questions. 
> 
> I use the following rule path:
> 
> https://www.snort.org/sub-rules/|snortrules-snapshot.tar.gz|<my_oinkcode>
> 
> but I notice that the GET request that is submitted is:
> 
> GET https://www.snort.org/reg-rules/snortrules-snapshot-294.tar.gz.md5/<my_oinkcode> ==> SSL_connect:before/connect initialization
> 
> Is it normal that the rule path shows sub-rules and GET request shows reg-rules? Can anyone see any issues with my config or have any suggestions?
> 
> I have checked that ca-certificates is installed and updated. I continue to wait 30 minutes between attempts, reconfigs and re-attempts but having same 403 error each time. 
> 
> Google is no longer helpful. 
> 
> Any help appreciated.
> 
> My extra verbose error:
> 
> Config File Variable Debug /etc/snort/pulledpork.conf
>     snort_path = /usr/local/bin/snort
>     enablesid = /etc/snort/enablesid.conf
>     modifysid = /etc/snort/modifysid.conf
>     rule_path = /etc/snort/rules/snort.rules
>     ignore = deleted.rules,experimental.rules,local.rules
>     rule_url = ARRAY(0x22e5400)
>     snort_version = 2.9.4
>     sid_changelog = /var/log/sid_changes.log
>     sid_msg = /etc/snort/sid-msg.map
>     ips_policy = security
>     config_path = /etc/snort/snort.conf
>     sostub_path = /etc/snort/so_rules
>     temp_path = /tmp
>     distro = RHEL-6.0
>     version = 0.6.0
>     sorule_path = /usr/local/lib/snort_dynamicrules/
>     disablesid = /etc/snort/disablesid.conf
>     local_rules = /etc/snort/rules/local.rules
> MISC (CLI and Autovar) Variable Debug:
>     arch Def is: x86-64
>     Config Path is: /etc/snort/pulledpork.conf
>     Distro Def is: RHEL-6.0
>     security policy specified
>     local.rules path is: /etc/snort/rules/local.rules
>     Rules file is: /etc/snort/rules/snort.rules
>     Path to disablesid file: /etc/snort/disablesid.conf
>     Path to enablesid file: /etc/snort/enablesid.conf
>     Path to modifysid file: /etc/snort/modifysid.conf
>     sid changes will be logged to: /var/log/sid_changes.log
>     sid-msg.map Output Path is: /etc/snort/sid-msg.map
>     Snort Version is: 2.9.4
>     Snort Config File: /etc/snort/snort.conf
>     Snort Path is: /usr/local/bin/snort
>     SO Output Path is: /usr/local/lib/snort_dynamicrules/
>     SO Stub File is: /etc/snort/so_rules
>     Extra Verbose Flag is Set
>     Verbose Flag is Set
>     Base URL is: https://www.snort.org/sub-rules/|snortrules-snapshot.tar.gz|<my_oinkcode>
> Checking latest MD5 for snortrules-snapshot-294.tar.gz....
>     Fetching md5sum for: snortrules-snapshot-294.tar.gz.md5
> ** GET https://www.snort.org/reg-rules/snortrules-snapshot-294.tar.gz.md5/<my_oinkcode> ==> SSL_connect:before/connect initialization
> SSL_connect:SSLv2/v3 write client hello A
> SSL_connect:SSLv3 read server hello A
> SSL_connect:SSLv3 read server certificate A
> SSL_connect:SSLv3 read server done A
> SSL_connect:SSLv3 write client key exchange A
> SSL_connect:SSLv3 write change cipher spec A
> SSL_connect:SSLv3 write finished A
> SSL_connect:SSLv3 flush data
> SSL_connect:SSLv3 read server session ticket A
> SSL_connect:SSLv3 read finished A
> 403 Forbidden
>     A 403 error occurred, please wait for the 15 minute timeout
>     to expire before trying again or specify the -n runtime switch
>     You may also wish to verfiy your oinkcode, tarball name, and other configuration options
>     Error 403 when fetching https://www.snort.org/sub-rules/snortrules-snapshot-294.tar.gz.md5 at /usr/local/bin/pulledpork.pl (http://pulledpork.pl) line 453
>     main::md5file('f9751bd415990aae31509d71805891ac089', 'snortrules-snapshot-294.tar.gz', '/tmp/', 'https://www.snort.org/sub-rules/') called at /usr/local/bin/pulledpork.pl (http://pulledpork.pl) line 1758
> 
> ------------------------------------------------------------------------------
> Everyone hates slow websites. So do we.
> Make your web apps faster with AppDynamics
> Download AppDynamics Lite for free today:
> http://p.sf.net/sfu/appdyn_d2d_feb
> 
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net (mailto:Snort-users at lists.sourceforge.net)
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users
> 
> Please visit http://blog.snort.org to stay current on all the latest Snort news! 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20130220/cbcae3be/attachment.html>


More information about the Snort-users mailing list