[Snort-users] Snort with PulledPork and Ubuntu 12.04 Server

Christian Gebler geblerchristian at ...14012...
Thu Jul 24 03:43:20 EDT 2014


I'm using the Ubuntu Server 12.04 standard Repository.

Perl  5.14.2
libcrypt-ssleay-perl 0.58-1
liblwp-protocol-https-perl 6.04-2

And yes, there is also a proxy. But the proxy variable http_proxy and
https_proxy is set.


2014-07-23 15:04 GMT+02:00 JJ Cummings (jjcummin) <jjcummin at ...589...>:

> A 501 generally means something is not being handled correctly with SSL in
> your perl installation.  I would try validating that the following are
> installed and updated:
> Crypt::SSLeay
> LWP::Protocol::https
>
> Also, are you using a proxy?
>
> JJC
>
> On Jul 23, 2014, at 7:55 AM, Joel Esler (jesler) <jesler at ...589...> wrote:
>
>  CC’ing JJ, as it’s not a Snort.org <http://snort.org/> problem, seems to
> be a pulledpork issue.
>
>  On Jul 23, 2014, at 2:03 AM, Christian Gebler <
> geblerchristian at ...14012...> wrote:
>
>  manually I can download it
>
>
> 2014-07-22 23:53 GMT+02:00 Joel Esler (jesler) <jesler at ...589...>:
>
>> Try this:
>>
>>
>> https://www.snort.org/rules/snortrules-snapshot-2961.tar.gz?oinkcode=8b46559ee9c2faaa4464a693d2133dff62f3feaf
>>
>>
>>
>> On Jul 22, 2014, at 2:55 AM, Christian Gebler <
>> geblerchristian at ...14012...> wrote:
>>
>> > Ah okay, the email is "itadmin at ...16916..."
>> >
>> >
>> > 2014-07-22 8:41 GMT+02:00 Christian Gebler <
>> geblerchristian at ...14012...>:
>> > Hi Joel,
>> >
>> > the account is registered under the username "tcs". Now I see we need
>> an email address to login on the snort website...that's new?!?
>> > I have a friend in another company, same Ubuntu Server 12.04 version
>> and same problem....
>> >
>> >
>> >
>> >
>> > 2014-07-21 19:25 GMT+02:00 Joel Esler (jesler) <jesler at ...589...>:
>> >
>> > So I can view the status of your account to see if it’s a subscriber
>> problem or a registered problem, and the status of the account.
>> >
>> > --
>> > Joel Esler
>> > Open Source Manager
>> > Threat Intelligence Team Lead
>> > Vulnerability Research Team
>> >
>> > On Jul 21, 2014, at 10:39 AM, Christian Gebler <
>> geblerchristian at ...14012...> wrote:
>> >
>> >> Hi,
>> >>
>> >> why did you need the oinkcode or the email address for my problem? :)
>> >>
>> >> I think it's a problem with the GET Method in Perl with HTTPS. With
>> HTTP it worked well, since the snort Page Update last week.
>> >>
>> >>
>> >> 2014-07-21 14:11 GMT+02:00 Joel Esler (jesler) <jesler at ...589...>:
>> >> Can you write me offlist with your oinkcode or email address your
>> account is under?
>> >>
>> >> --
>> >> Joel Esler
>> >> Sent from my iPhone
>> >>
>> >> On Jul 21, 2014, at 7:43, "Christian Gebler" <
>> geblerchristian at ...14012...> wrote:
>> >>
>> >>> Hi,
>> >>>
>> >>> I'm using Snort 2.9.6.2 with PulledPork 0.7.0 on an Ubuntu Server
>> 12.04 LTS.
>> >>>
>> >>> Since last week it is not possible to download the new VRT Snort
>> 2.9.6.2 Ruleset (now with https):
>> >>>
>> >>> Checking latest MD5 for snortrules-snapshot-2962.tar.gz....
>> >>> Fetching md5sum for: snortrules-snapshot-2962.tar.gz.md5
>> >>> ** GET
>> https://www.snort.org/rules/snortrules-snapshot-2962.tar.gz.md5?oinkcode=<my
>> oinkcode> ==> 501 Not Implemented
>> >>> Error 501 when fetching
>> https://www.snort.org/rules/snortrules-snapshot-2962.tar.gz.md5 at ./
>> pulledpork.pl line 463
>> >>> main::md5file('<oinkcode>', 'snortrules-snapshot-2962.tar.gz',
>> '/etc/snort/rules/tmp/', 'https://www.snort.org/rules/') called at ./
>> pulledpork.pl line 1847
>> >>>
>> >>>
>> >>>
>> >>> Any suggestions?
>> >>>
>> >>> thx
>> >>>
>> >>>
>> ------------------------------------------------------------------------------
>> >>> Want fast and easy access to all the code in your enterprise? Index
>> and
>> >>> search up to 200,000 lines of code with a free copy of Black Duck
>> >>> Code Sight - the same software that powers the world's largest code
>> >>> search on Ohloh, the Black Duck Open Hub! Try it now.
>> >>> http://p.sf.net/sfu/bds
>> >>> _______________________________________________
>> >>> Snort-users mailing list
>> >>> Snort-users at lists.sourceforge.net
>> >>> Go to this URL to change user options or unsubscribe:
>> >>> https://lists.sourceforge.net/lists/listinfo/snort-users
>> >>> Snort-users list archive:
>> >>> http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users
>> >>>
>> >>> Please visit http://blog.snort.org to stay current on all the latest
>> Snort news!
>> >>
>> >
>> >
>> >
>>
>>
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20140724/149d9df2/attachment.html>


More information about the Snort-users mailing list