[Snort-users] Snort with PulledPork and Ubuntu 12.04 Server

Doug Burks doug.burks at ...11827...
Thu Jul 24 07:27:16 EDT 2014


Hi Christian,

Here are some settings you might want to try:
https://code.google.com/p/security-onion/wiki/Proxy

On Thu, Jul 24, 2014 at 3:43 AM, Christian Gebler
<geblerchristian at ...14012...> wrote:
> I'm using the Ubuntu Server 12.04 standard Repository.
>
> Perl  5.14.2
> libcrypt-ssleay-perl 0.58-1
> liblwp-protocol-https-perl 6.04-2
>
> And yes, there is also a proxy. But the proxy variable http_proxy and
> https_proxy is set.
>
>
> 2014-07-23 15:04 GMT+02:00 JJ Cummings (jjcummin) <jjcummin at ...589...>:
>>
>> A 501 generally means something is not being handled correctly with SSL in
>> your perl installation.  I would try validating that the following are
>> installed and updated:
>> Crypt::SSLeay
>> LWP::Protocol::https
>>
>> Also, are you using a proxy?
>>
>> JJC
>>
>> On Jul 23, 2014, at 7:55 AM, Joel Esler (jesler) <jesler at ...589...> wrote:
>>
>> CC’ing JJ, as it’s not a Snort.org problem, seems to be a pulledpork
>> issue.
>>
>> On Jul 23, 2014, at 2:03 AM, Christian Gebler
>> <geblerchristian at ...14012...> wrote:
>>
>> manually I can download it
>>
>>
>> 2014-07-22 23:53 GMT+02:00 Joel Esler (jesler) <jesler at ...589...>:
>>>
>>> Try this:
>>>
>>>
>>> https://www.snort.org/rules/snortrules-snapshot-2961.tar.gz?oinkcode=8b46559ee9c2faaa4464a693d2133dff62f3feaf
>>>
>>>
>>>
>>> On Jul 22, 2014, at 2:55 AM, Christian Gebler
>>> <geblerchristian at ...14012...> wrote:
>>>
>>> > Ah okay, the email is "itadmin at ...16916..."
>>> >
>>> >
>>> > 2014-07-22 8:41 GMT+02:00 Christian Gebler
>>> > <geblerchristian at ...14012...>:
>>> > Hi Joel,
>>> >
>>> > the account is registered under the username "tcs". Now I see we need
>>> > an email address to login on the snort website...that's new?!?
>>> > I have a friend in another company, same Ubuntu Server 12.04 version
>>> > and same problem....
>>> >
>>> >
>>> >
>>> >
>>> > 2014-07-21 19:25 GMT+02:00 Joel Esler (jesler) <jesler at ...589...>:
>>> >
>>> > So I can view the status of your account to see if it’s a subscriber
>>> > problem or a registered problem, and the status of the account.
>>> >
>>> > --
>>> > Joel Esler
>>> > Open Source Manager
>>> > Threat Intelligence Team Lead
>>> > Vulnerability Research Team
>>>
>>> >
>>> > On Jul 21, 2014, at 10:39 AM, Christian Gebler
>>> > <geblerchristian at ...14012...> wrote:
>>> >
>>> >> Hi,
>>> >>
>>> >> why did you need the oinkcode or the email address for my problem? :)
>>> >>
>>> >> I think it's a problem with the GET Method in Perl with HTTPS. With
>>> >> HTTP it worked well, since the snort Page Update last week.
>>> >>
>>> >>
>>> >> 2014-07-21 14:11 GMT+02:00 Joel Esler (jesler) <jesler at ...589...>:
>>>
>>> >> Can you write me offlist with your oinkcode or email address your
>>> >> account is under?
>>> >>
>>> >> --
>>> >> Joel Esler
>>> >> Sent from my iPhone
>>> >>
>>> >> On Jul 21, 2014, at 7:43, "Christian Gebler"
>>> >> <geblerchristian at ...14012...> wrote:
>>> >>
>>> >>> Hi,
>>> >>>
>>> >>> I'm using Snort 2.9.6.2 with PulledPork 0.7.0 on an Ubuntu Server
>>> >>> 12.04 LTS.
>>> >>>
>>> >>> Since last week it is not possible to download the new VRT Snort
>>> >>> 2.9.6.2 Ruleset (now with https):
>>> >>>
>>> >>> Checking latest MD5 for snortrules-snapshot-2962.tar.gz....
>>> >>> Fetching md5sum for: snortrules-snapshot-2962.tar.gz.md5
>>> >>> ** GET
>>> >>> https://www.snort.org/rules/snortrules-snapshot-2962.tar.gz.md5?oinkcode=<my
>>> >>> oinkcode> ==> 501 Not Implemented
>>> >>> Error 501 when fetching
>>> >>> https://www.snort.org/rules/snortrules-snapshot-2962.tar.gz.md5 at
>>> >>> ./pulledpork.pl line 463
>>> >>> main::md5file('<oinkcode>', 'snortrules-snapshot-2962.tar.gz',
>>> >>> '/etc/snort/rules/tmp/', 'https://www.snort.org/rules/') called at
>>> >>> ./pulledpork.pl line 1847
>>> >>>
>>> >>>
>>> >>>
>>> >>> Any suggestions?
>>> >>>
>>> >>> thx
>>> >>>
>>> >>>
>>> >>> ------------------------------------------------------------------------------
>>> >>> Want fast and easy access to all the code in your enterprise? Index
>>> >>> and
>>> >>> search up to 200,000 lines of code with a free copy of Black Duck
>>> >>> Code Sight - the same software that powers the world's largest code
>>> >>> search on Ohloh, the Black Duck Open Hub! Try it now.
>>> >>> http://p.sf.net/sfu/bds
>>> >>> _______________________________________________
>>> >>> Snort-users mailing list
>>> >>> Snort-users at lists.sourceforge.net
>>> >>> Go to this URL to change user options or unsubscribe:
>>> >>> https://lists.sourceforge.net/lists/listinfo/snort-users
>>> >>> Snort-users list archive:
>>> >>> http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users
>>> >>>
>>> >>> Please visit http://blog.snort.org to stay current on all the latest
>>> >>> Snort news!
>>> >>
>>> >
>>> >
>>> >
>>>
>>
>>
>>
>
>
> ------------------------------------------------------------------------------
> Want fast and easy access to all the code in your enterprise? Index and
> search up to 200,000 lines of code with a free copy of Black Duck
> Code Sight - the same software that powers the world's largest code
> search on Ohloh, the Black Duck Open Hub! Try it now.
> http://p.sf.net/sfu/bds
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users
>
> Please visit http://blog.snort.org to stay current on all the latest Snort
> news!



-- 
Doug Burks
http://securityonionsolutions.com




More information about the Snort-users mailing list