[Snort-users] Pulled Pork - 403 error for subscriber

Vona, Steven A CIV NSWCCD Philadelphia, 34117 steven.vona at ...7622...
Mon Apr 7 15:34:00 EDT 2014


Hello,
I have a current subscription for the latest snort rules but seem to be having issues with pulled pork.  I was unable to get any help from the pulled pork user group and was hoping I can get some here.

I receive a 403 error everytime I try to run pulled pork.  Verbose output below (some information was changed for security reasons).

/usr/local/bin/pulledpork.pl -c /etc/snort/pulledpork.conf -vv

    http://code.google.com/p/pulledpork/
      _____ ____
     `----,\    )
      `--==\\  /    PulledPork v0.7.0 - Swine Flu!
       `--==\\/
     .-~~~~-.Y|\\_  Copyright (C) 2009-2013 JJ Cummings
  @_/        /  66\_  cummingsj at ...11827...
    |    \   \   _(")
     \   /-| ||'--'  Rules give me wings!
      \_\  \_\\
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Config File Variable Debug /etc/snort/pulledpork.conf
	snort_path = /usr/local/bin/snort
	black_list = /etc/snort/rules/iplists/default.blacklist
	IPRVersion = /etc/snort/rules/iplists
	rule_path = /etc/snort/rules/snort.rules
	ignore = deleted.rules,experimental.rules,local.rules
	snort_control = /usr/local/bin/snort_control
	rule_url = ARRAY(0x125f388)
	sid_msg_version = 1
	sid_changelog = /var/log/sid_changes.log
	sid_msg = /etc/snort/sid-msg.map
	config_path = /etc/snort/snort.conf
	temp_path = /tmp
	distro = RHEL-6-0
	version = 0.7.0
	sorule_path = /usr/local/lib/snort_dynamicrules/
	out_path = /etc/snort/rules/
	local_rules = /etc/snort/rules/local.rules
MISC (CLI and Autovar) Variable Debug:
	arch Def is: x86-64
	Config Path is: /etc/snort/pulledpork.conf
	Distro Def is: RHEL-6-0
	Disabled policy specified
	local.rules path is: /etc/snort/rules/local.rules
	Rules file is: /etc/snort/rules/snort.rules
	sid changes will be logged to: /var/log/sid_changes.log
	sid-msg.map Output Path is: /etc/snort/sid-msg.map
	Snort Version is: 2.9.6.0
	Snort Config File: /etc/snort/snort.conf
	Snort Path is: /usr/local/bin/snort
	SO Output Path is: /usr/local/lib/snort_dynamicrules/
	Will process SO rules
	Extra Verbose Flag is Set
	Verbose Flag is Set
	Base URL is: http://www.snort.org/reg-rules/|snortrules-snapshot.tar.gz|<MY OINKCODE>


MY HTTPS PROXY = http://webcache.mydomain.com:80


MY HTTP PROXY = http://webcache.mydomain.com:80
Checking latest MD5 for snortrules-snapshot-2960.tar.gz....
	Fetching md5sum for: snortrules-snapshot-2960.tar.gz.md5
** GET https://www.snort.org/reg-rules/snortrules-snapshot-2960.tar.gz.md5/<MY OINKCODE> ==> 403 Access Denied
	A 403 error occurred, please wait for the 15 minute timeout
	to expire before trying again or specify the -n runtime switch
	You may also wish to verfiy your oinkcode, tarball name, and other configuration options
	Error 403 when fetching http://www.snort.org/reg-rules/snortrules-snapshot-2960.tar.gz.md5 at /usr/local/bin/pulledpork.pl line 463
	main::md5file('<MY OINKCODE>', 'snortrules-snapshot-2960.tar.gz', '/tmp/', 'http://www.snort.org/reg-rules/') called at /usr/local/bin/pulledpork.pl line 1847
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 5607 bytes
Desc: not available
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20140407/6b571fa5/attachment.bin>


More information about the Snort-users mailing list