[Snort-users] Pulled Pork - 403 error for subscriber

Teo En Ming teo.en.ming at ...11827...
Mon Apr 7 15:56:08 EDT 2014


Dear Steven,

You need to be a registered user to download Snort rules
(snortrules-snapshot-2960.tar.
gz) and its md5 checksum file (snortrules-snapshot-2960.tar.
gz.md5). You need to create an account at the Snort official website and
log in to download all these files. A log in to the Snort server is
required. That is why you are experiencing a 403 Forbidden error with
pulled-pork. The pulled-pork perl script cannot log in to the Snort server
with your username and password and the md5 checksum file may not be
available on the Snort server.

Teo En Ming
.


On Tue, Apr 8, 2014 at 3:34 AM, Vona, Steven A CIV NSWCCD Philadelphia,
34117 <steven.vona at ...7622...> wrote:

> Hello,
> I have a current subscription for the latest snort rules but seem to be
> having issues with pulled pork.  I was unable to get any help from the
> pulled pork user group and was hoping I can get some here.
>
> I receive a 403 error everytime I try to run pulled pork.  Verbose output
> below (some information was changed for security reasons).
>
> /usr/local/bin/pulledpork.pl -c /etc/snort/pulledpork.conf -vv
>
>     http://code.google.com/p/pulledpork/
>       _____ ____
>      `----,\    )
>       `--==\\  /    PulledPork v0.7.0 - Swine Flu!
>        `--==\\/
>      .-~~~~-.Y|\\_  Copyright (C) 2009-2013 JJ Cummings
>   @_/        /  66\_  cummingsj at ...11827...
>     |    \   \   _(")
>      \   /-| ||'--'  Rules give me wings!
>       \_\  \_\\
>  ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
>
> Config File Variable Debug /etc/snort/pulledpork.conf
>         snort_path = /usr/local/bin/snort
>         black_list = /etc/snort/rules/iplists/default.blacklist
>         IPRVersion = /etc/snort/rules/iplists
>         rule_path = /etc/snort/rules/snort.rules
>         ignore = deleted.rules,experimental.rules,local.rules
>         snort_control = /usr/local/bin/snort_control
>         rule_url = ARRAY(0x125f388)
>         sid_msg_version = 1
>         sid_changelog = /var/log/sid_changes.log
>         sid_msg = /etc/snort/sid-msg.map
>         config_path = /etc/snort/snort.conf
>         temp_path = /tmp
>         distro = RHEL-6-0
>         version = 0.7.0
>         sorule_path = /usr/local/lib/snort_dynamicrules/
>         out_path = /etc/snort/rules/
>         local_rules = /etc/snort/rules/local.rules
> MISC (CLI and Autovar) Variable Debug:
>         arch Def is: x86-64
>         Config Path is: /etc/snort/pulledpork.conf
>         Distro Def is: RHEL-6-0
>         Disabled policy specified
>         local.rules path is: /etc/snort/rules/local.rules
>         Rules file is: /etc/snort/rules/snort.rules
>         sid changes will be logged to: /var/log/sid_changes.log
>         sid-msg.map Output Path is: /etc/snort/sid-msg.map
>         Snort Version is: 2.9.6.0
>         Snort Config File: /etc/snort/snort.conf
>         Snort Path is: /usr/local/bin/snort
>         SO Output Path is: /usr/local/lib/snort_dynamicrules/
>         Will process SO rules
>         Extra Verbose Flag is Set
>         Verbose Flag is Set
>         Base URL is:
> http://www.snort.org/reg-rules/|snortrules-snapshot.tar.gz|<MY OINKCODE>
>
>
> MY HTTPS PROXY = http://webcache.mydomain.com:80
>
>
> MY HTTP PROXY = http://webcache.mydomain.com:80
> Checking latest MD5 for snortrules-snapshot-2960.tar.gz....
>         Fetching md5sum for: snortrules-snapshot-2960.tar.gz.md5
> ** GET
> https://www.snort.org/reg-rules/snortrules-snapshot-2960.tar.gz.md5/<MY
> OINKCODE> ==> 403 Access Denied
>         A 403 error occurred, please wait for the 15 minute timeout
>         to expire before trying again or specify the -n runtime switch
>         You may also wish to verfiy your oinkcode, tarball name, and other
> configuration options
>         Error 403 when fetching
> http://www.snort.org/reg-rules/snortrules-snapshot-2960.tar.gz.md5 at
> /usr/local/bin/pulledpork.pl line 463
>         main::md5file('<MY OINKCODE>', 'snortrules-snapshot-2960.tar.gz',
> '/tmp/', 'http://www.snort.org/reg-rules/') called at /usr/local/bin/
> pulledpork.pl line 1847
>
>
> ------------------------------------------------------------------------------
> Put Bad Developers to Shame
> Dominate Development with Jenkins Continuous Integration
> Continuously Automate Build, Test & Deployment
> Start a new project now. Try Jenkins in the cloud.
> http://p.sf.net/sfu/13600_Cloudbees
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users
>
> Please visit http://blog.snort.org to stay current on all the latest
> Snort news!
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20140408/1536c9d6/attachment.html>


More information about the Snort-users mailing list