[Snort-users] Snort with PulledPork and Ubuntu 12.04 Server

Christian Gebler geblerchristian at ...14012...
Thu Jul 24 07:33:14 EDT 2014


thx, but I think my proxy configuration is fine.:) It's something with Perl
and the HTTPS GET Method.


2014-07-24 13:27 GMT+02:00 Doug Burks <doug.burks at ...11827...>:

> Hi Christian,
>
> Here are some settings you might want to try:
> https://code.google.com/p/security-onion/wiki/Proxy
>
> On Thu, Jul 24, 2014 at 3:43 AM, Christian Gebler
> <geblerchristian at ...14012...> wrote:
> > I'm using the Ubuntu Server 12.04 standard Repository.
> >
> > Perl  5.14.2
> > libcrypt-ssleay-perl 0.58-1
> > liblwp-protocol-https-perl 6.04-2
> >
> > And yes, there is also a proxy. But the proxy variable http_proxy and
> > https_proxy is set.
> >
> >
> > 2014-07-23 15:04 GMT+02:00 JJ Cummings (jjcummin) <jjcummin at ...589...>:
> >>
> >> A 501 generally means something is not being handled correctly with SSL
> in
> >> your perl installation.  I would try validating that the following are
> >> installed and updated:
> >> Crypt::SSLeay
> >> LWP::Protocol::https
> >>
> >> Also, are you using a proxy?
> >>
> >> JJC
> >>
> >> On Jul 23, 2014, at 7:55 AM, Joel Esler (jesler) <jesler at ...589...>
> wrote:
> >>
> >> CC’ing JJ, as it’s not a Snort.org problem, seems to be a pulledpork
> >> issue.
> >>
> >> On Jul 23, 2014, at 2:03 AM, Christian Gebler
> >> <geblerchristian at ...14012...> wrote:
> >>
> >> manually I can download it
> >>
> >>
> >> 2014-07-22 23:53 GMT+02:00 Joel Esler (jesler) <jesler at ...589...>:
> >>>
> >>> Try this:
> >>>
> >>>
> >>>
> https://www.snort.org/rules/snortrules-snapshot-2961.tar.gz?oinkcode=8b46559ee9c2faaa4464a693d2133dff62f3feaf
> >>>
> >>>
> >>>
> >>> On Jul 22, 2014, at 2:55 AM, Christian Gebler
> >>> <geblerchristian at ...14012...> wrote:
> >>>
> >>> > Ah okay, the email is "itadmin at ...16916..."
> >>> >
> >>> >
> >>> > 2014-07-22 8:41 GMT+02:00 Christian Gebler
> >>> > <geblerchristian at ...14012...>:
> >>> > Hi Joel,
> >>> >
> >>> > the account is registered under the username "tcs". Now I see we need
> >>> > an email address to login on the snort website...that's new?!?
> >>> > I have a friend in another company, same Ubuntu Server 12.04 version
> >>> > and same problem....
> >>> >
> >>> >
> >>> >
> >>> >
> >>> > 2014-07-21 19:25 GMT+02:00 Joel Esler (jesler) <jesler at ...589...>:
> >>> >
> >>> > So I can view the status of your account to see if it’s a subscriber
> >>> > problem or a registered problem, and the status of the account.
> >>> >
> >>> > --
> >>> > Joel Esler
> >>> > Open Source Manager
> >>> > Threat Intelligence Team Lead
> >>> > Vulnerability Research Team
> >>>
> >>> >
> >>> > On Jul 21, 2014, at 10:39 AM, Christian Gebler
> >>> > <geblerchristian at ...14012...> wrote:
> >>> >
> >>> >> Hi,
> >>> >>
> >>> >> why did you need the oinkcode or the email address for my problem?
> :)
> >>> >>
> >>> >> I think it's a problem with the GET Method in Perl with HTTPS. With
> >>> >> HTTP it worked well, since the snort Page Update last week.
> >>> >>
> >>> >>
> >>> >> 2014-07-21 14:11 GMT+02:00 Joel Esler (jesler) <jesler at ...589...>:
> >>>
> >>> >> Can you write me offlist with your oinkcode or email address your
> >>> >> account is under?
> >>> >>
> >>> >> --
> >>> >> Joel Esler
> >>> >> Sent from my iPhone
> >>> >>
> >>> >> On Jul 21, 2014, at 7:43, "Christian Gebler"
> >>> >> <geblerchristian at ...14012...> wrote:
> >>> >>
> >>> >>> Hi,
> >>> >>>
> >>> >>> I'm using Snort 2.9.6.2 with PulledPork 0.7.0 on an Ubuntu Server
> >>> >>> 12.04 LTS.
> >>> >>>
> >>> >>> Since last week it is not possible to download the new VRT Snort
> >>> >>> 2.9.6.2 Ruleset (now with https):
> >>> >>>
> >>> >>> Checking latest MD5 for snortrules-snapshot-2962.tar.gz....
> >>> >>> Fetching md5sum for: snortrules-snapshot-2962.tar.gz.md5
> >>> >>> ** GET
> >>> >>>
> https://www.snort.org/rules/snortrules-snapshot-2962.tar.gz.md5?oinkcode=
> <my
> >>> >>> oinkcode> ==> 501 Not Implemented
> >>> >>> Error 501 when fetching
> >>> >>> https://www.snort.org/rules/snortrules-snapshot-2962.tar.gz.md5 at
> >>> >>> ./pulledpork.pl line 463
> >>> >>> main::md5file('<oinkcode>', 'snortrules-snapshot-2962.tar.gz',
> >>> >>> '/etc/snort/rules/tmp/', 'https://www.snort.org/rules/') called at
> >>> >>> ./pulledpork.pl line 1847
> >>> >>>
> >>> >>>
> >>> >>>
> >>> >>> Any suggestions?
> >>> >>>
> >>> >>> thx
> >>> >>>
> >>> >>>
> >>> >>>
> ------------------------------------------------------------------------------
> >>> >>> Want fast and easy access to all the code in your enterprise? Index
> >>> >>> and
> >>> >>> search up to 200,000 lines of code with a free copy of Black Duck
> >>> >>> Code Sight - the same software that powers the world's largest code
> >>> >>> search on Ohloh, the Black Duck Open Hub! Try it now.
> >>> >>> http://p.sf.net/sfu/bds
> >>> >>> _______________________________________________
> >>> >>> Snort-users mailing list
> >>> >>> Snort-users at lists.sourceforge.net
> >>> >>> Go to this URL to change user options or unsubscribe:
> >>> >>> https://lists.sourceforge.net/lists/listinfo/snort-users
> >>> >>> Snort-users list archive:
> >>> >>>
> http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users
> >>> >>>
> >>> >>> Please visit http://blog.snort.org to stay current on all the
> latest
> >>> >>> Snort news!
> >>> >>
> >>> >
> >>> >
> >>> >
> >>>
> >>
> >>
> >>
> >
> >
> >
> ------------------------------------------------------------------------------
> > Want fast and easy access to all the code in your enterprise? Index and
> > search up to 200,000 lines of code with a free copy of Black Duck
> > Code Sight - the same software that powers the world's largest code
> > search on Ohloh, the Black Duck Open Hub! Try it now.
> > http://p.sf.net/sfu/bds
> > _______________________________________________
> > Snort-users mailing list
> > Snort-users at lists.sourceforge.net
> > Go to this URL to change user options or unsubscribe:
> > https://lists.sourceforge.net/lists/listinfo/snort-users
> > Snort-users list archive:
> > http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users
> >
> > Please visit http://blog.snort.org to stay current on all the latest
> Snort
> > news!
>
>
>
> --
> Doug Burks
> http://securityonionsolutions.com
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20140724/45e03649/attachment.html>


More information about the Snort-users mailing list