[Snort-users] PulledPork Rules with Snort 2.9.2

Christian Gebler geblerchristian at ...14012...
Wed Sep 18 12:07:36 EDT 2013


Hello,

since last week I am having trouble to download  my VRT rules with
PulledPork.
My Snort and PulledPork runs on an Ubuntu 12.04LTS Server version with the
latest Snort Package (2.9.2-3ubuntu1) from the Ubuntu Repo. I also
installed the latest PulledPork version (07.0) from the google code website.

Is 2.9.2 no longer supported?

Here is my error:

Config File Variable Debug ./etc/pulledpork.conf
        snort_path = /usr/sbin/snort
        black_list = /etc/snort/rules/iplists/default.blacklist
        IPRVersion = /etc/snort/rules/iplists
        rule_path = /etc/snort/rules/snort.rules
        ignore = deleted.rules,experimental.rules,local.rules
        snort_control = /usr/local/bin/snort_control
        rule_url = ARRAY(0x2dc37b0)
        sid_msg_version = 1
        sid_changelog = /var/log/sid_changes.log
        sid_msg = /etc/snort/sid-msg.map
        config_path = /etc/snort/snort.conf
        temp_path = /tmp
        distro = FreeBSD-8.1
        sorule_path = /usr/local/lib/snort_dynamicrules/
        version = 0.7.0
        local_rules = /etc/snort/rules/local.rules
MISC (CLI and Autovar) Variable Debug:
        arch Def is: x86-64
        Config Path is: ./etc/pulledpork.conf
        Distro Def is: FreeBSD-8.1
        Disabled policy specified
        local.rules path is: /etc/snort/rules/local.rules
        Rules file is: /etc/snort/rules/snort.rules
        Path to disablesid file: /etc/disablesid.conf
        sid changes will be logged to: /var/log/sid_changes.log
        sid-msg.map Output Path is: /etc/snort/sid-msg.map
        SIGHUP Flag is Set
        Snort Version is: 2.9.2.0
        Snort Config File: /etc/snort/snort.conf
        Snort Path is: /usr/sbin/snort
        Text Rules only Flag is Set
        Extra Verbose Flag is Set
        Verbose Flag is Set
        Base URL is:
http://www.snort.org/reg-rules/|snortrules-snapshot.tar.gz|<oinkcode>
http://s3.amazonaws.com/snort-org/www/rules/community/|community-rules.tar.gz|Community
http://labs.snort.org/feeds/ip-filter.blf|IPBLACKLIST|open
http://www.snort.org/reg-rules/|opensource.gz|<oinkcode>


MY HTTPS PROXY = http://proxy:8080


MY HTTP PROXY = http://proxy:8080
Checking latest MD5 for snortrules-snapshot-2920.tar.gz....
        Fetching md5sum for: snortrules-snapshot-2920.tar.gz.md5
** GET http://www.snort.org/reg-rules/snortrules-snapshot-2920.tar.gz.md5/<oinkcode>
==> 200 OK (1s)
        most recent rules file digest: d57a807b52ff2b4cebbd1d25242e6bb9
Rules tarball download of snortrules-snapshot-2920.tar.gz....
        Fetching rules file: snortrules-snapshot-2920.tar.gz
** GET http://www.snort.org/reg-rules/snortrules-snapshot-2920.tar.gz/<oinkcode>
==> 302 Moved Temporarily
** GET
http://s3.amazonaws.com/snort-org/www/rules/20120426/snortrules-snapshot-2920.tar.gz?AWSAccessKeyId=AKIAJ65S5YX6KA26VRJQ&Expires=1379520098&Signature=UVek67%2Bl4qth3%2FiQjqKr5dcRlOU%3D==>
403 Forbidden (1s)
        A 403 error occurred, please wait for the 15 minute timeout
        to expire before trying again or specify the -n runtime switch
        You may also wish to verfiy your oinkcode, tarball name, and other
configuration options
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20130918/093d2b7d/attachment.html>


More information about the Snort-users mailing list