[Snort-users] PulledPork 403 Forbidden error

Kurzawa, Kevin kkurzawa at ...16800...
Fri Apr 18 13:32:48 EDT 2014


PulledPork 0.7.0
Snort 2960
Archlinux

Switching over from Oinkmaster to PulledPork. I want the ability to automatically switch between the connectivity, balanced, and security rulesets easily (if this is do-able in Oinkmaster, someone please enlighten me).

Running sudo pulledpork.pl -c /etc/pulledpork/pulledpork.conf -T -vv

Base URL is: https://www.snort.org/reg-rules/|snortrules-snapshot-2960.tar.gz|83c886d030bc3d56e56d69488c456404xxxx
Checking latest MD5 for snortrules-snapshot-2960.tar.gz....
Fetching md5sum for: snortrules-snapshot-2960.tar.gz.md5
** GET https://www.snort.org/reg-rules/snortrules-snapshot-2960.tar.gz.md5/83c886d030bc3d56e56d69488c456404xxxx ==> 403 Forbidden (1s)
A 403 error occurred, please wait for the 15 minute timeout
to expire before trying again or specify the -n runtime switch
You may also wish to verfiy your oinkcode, tarball name, and other configuration options
Error 403 when fetching https://www.snort.org/reg-rules/snortrules-snapshot-2960.tar.gz.md5 at /usr/local/bin/pulledpork.pl line 463.
main::md5file('83c886d030bc3d56e56d69488c456404xxxx ', 'snortrules-snapshot-2960.tar.gz', '/tmp/', 'https://www.snort.org/reg-rules/') called at /usr/local/bin/pulledpork.pl line 1847

If I use a base URL without the version in yells at me and tells me I have to specify it.
Base URL is: https://www.snort.org/reg-rules/|snortrules-snapshot.tar.gz|83c886d030bc3d56e56d69488c456404xxxx

I get this 403 error after waiting for 20 minutes, 30 minutes, whenever minutes.
I verified my oinkcode, it is correct.
I got the tarball name from the Snort.org site where it references downloading via the command line.
As for other configuration options, I do not know what else it could be.


My pulledpork.conf file:

# RULE URI
#rule_url=https://www.snort.org/reg-rules/|snortrules-snapshot.tar.gz|83c886d030bc3d56e56d69488c456404xxxx
rule_url=https://www.snort.org/reg-rules/|snortrules-snapshot-2960.tar.gz|83c886d030bc3d56e56d69488c456404xxxx
#rule_url=http://labs.snort.org/feeds/ip-filter.blf|IPBLACKLIST|open
#rule_url=https://www.snort.org/reg-rules/|opensource.gz|<oinkcode>
#rule_url=https://rules.emergingthreatspro.com/|emerging.rules.tar.gz|open
#rule_url=https://rules.emergingthreatspro.com/|etpro.rules.tar.gz|<et oinkcode>

ips_policy=security
ignore=deleted.rules,experimental.rules,local.rules
temp_path=/tmp
rule_path=/etc/pulledpork/rules/snort.rules
# out_path=/usr/local/etc/snort/rules/
local_rules=/etc/pulledpork/rules/local.rules
sid_msg=/etc/pulledpork/sid-msg.map
sid_msg_version=1
sid_changelog=/var/log/pulledpork/sid_changes.log

# SHARED OBJECT (SO) RULES
#sorule_path=/usr/local/lib/snort_dynamicrules/
snort_path=/usr/bin/snort
#sostub_path=
#config_path=/etc/snort/snort.conf
# Define your distro, this is for the precompiled shared object libs!
# Valid Distro Types:
# Debian-5-0, Debian-6-0,
# Ubuntu-8.04, Ubuntu-10-4
# Centos-4-8, Centos-5-4
# FC-12, FC-14, RHEL-5-5, RHEL-6-0
# FreeBSD-7-3, FreeBSD-8-1
# OpenBSD-4-8
# Slackware-13-1
#distro=FreeBSD-8.1

black_list=/etc/pulledpork/rules/default.blacklist
IPRVersion=/etc/pulledpork/rules/iplists
#snort_control=/usr/bin/snort_control
# backup=/usr/local/etc/snort,/usr/local/etc/pulledpork,/usr/local/lib/snort_dynamicrules/
# backup_file=/tmp/pp_backup
# docs=/path/to/base/www
# state_order=disable,drop,enable
# pid_path=/var/run/snort.pid,/var/run/barnyard.pid,/var/run/barnyard2.pid
# snort_version=2.9.0.0
enablesid=/etc/pulledpork/enablesid.conf
dropsid=/etc/pulledpork/dropsid.conf
disablesid=/etc/pulledpork/disablesid.conf
modifysid=/etc/pulledpork/modifysid.conf
version=0.7.0
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20140418/ea4aa49d/attachment.html>


More information about the Snort-users mailing list