[Snort-users] Pulled Pork - 403 error for subscriber
Vona, Steven A CIV NSWCCD Philadelphia, 34117
steven.vona at ...7622...
Mon Apr 7 15:34:00 EDT 2014
I have a current subscription for the latest snort rules but seem to be having issues with pulled pork. I was unable to get any help from the pulled pork user group and was hoping I can get some here.
I receive a 403 error everytime I try to run pulled pork. Verbose output below (some information was changed for security reasons).
/usr/local/bin/pulledpork.pl -c /etc/snort/pulledpork.conf -vv
`--==\\ / PulledPork v0.7.0 - Swine Flu!
.-~~~~-.Y|\\_ Copyright (C) 2009-2013 JJ Cummings
@_/ / 66\_ cummingsj at ...11827...
| \ \ _(")
\ /-| ||'--' Rules give me wings!
Config File Variable Debug /etc/snort/pulledpork.conf
snort_path = /usr/local/bin/snort
black_list = /etc/snort/rules/iplists/default.blacklist
IPRVersion = /etc/snort/rules/iplists
rule_path = /etc/snort/rules/snort.rules
ignore = deleted.rules,experimental.rules,local.rules
snort_control = /usr/local/bin/snort_control
rule_url = ARRAY(0x125f388)
sid_msg_version = 1
sid_changelog = /var/log/sid_changes.log
sid_msg = /etc/snort/sid-msg.map
config_path = /etc/snort/snort.conf
temp_path = /tmp
distro = RHEL-6-0
version = 0.7.0
sorule_path = /usr/local/lib/snort_dynamicrules/
out_path = /etc/snort/rules/
local_rules = /etc/snort/rules/local.rules
MISC (CLI and Autovar) Variable Debug:
arch Def is: x86-64
Config Path is: /etc/snort/pulledpork.conf
Distro Def is: RHEL-6-0
Disabled policy specified
local.rules path is: /etc/snort/rules/local.rules
Rules file is: /etc/snort/rules/snort.rules
sid changes will be logged to: /var/log/sid_changes.log
sid-msg.map Output Path is: /etc/snort/sid-msg.map
Snort Version is: 188.8.131.52
Snort Config File: /etc/snort/snort.conf
Snort Path is: /usr/local/bin/snort
SO Output Path is: /usr/local/lib/snort_dynamicrules/
Will process SO rules
Extra Verbose Flag is Set
Verbose Flag is Set
Base URL is: http://www.snort.org/reg-rules/|snortrules-snapshot.tar.gz|<MY OINKCODE>
MY HTTPS PROXY = http://webcache.mydomain.com:80
MY HTTP PROXY = http://webcache.mydomain.com:80
Checking latest MD5 for snortrules-snapshot-2960.tar.gz....
Fetching md5sum for: snortrules-snapshot-2960.tar.gz.md5
** GET https://www.snort.org/reg-rules/snortrules-snapshot-2960.tar.gz.md5/<MY OINKCODE> ==> 403 Access Denied
A 403 error occurred, please wait for the 15 minute timeout
to expire before trying again or specify the -n runtime switch
You may also wish to verfiy your oinkcode, tarball name, and other configuration options
Error 403 when fetching http://www.snort.org/reg-rules/snortrules-snapshot-2960.tar.gz.md5 at /usr/local/bin/pulledpork.pl line 463
main::md5file('<MY OINKCODE>', 'snortrules-snapshot-2960.tar.gz', '/tmp/', 'http://www.snort.org/reg-rules/') called at /usr/local/bin/pulledpork.pl line 1847
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 5607 bytes
Desc: not available
More information about the Snort-users