[Snort-users] Error 500 during update of rule-set using pulled-pork

Joel Esler (jesler) jesler at ...589...
Sat May 3 14:19:34 EDT 2014


Still haven't seen an email from you with your snort.org<http://snort.org> login in order for me to see if you have a problem with your account.

--
Joel Esler
Sent from my iPhone

On May 3, 2014, at 13:44, "basant subba" <basantsubba at ...11827...<mailto:basantsubba at ...11827...>> wrote:

Looks like there's no definite solution to this problem, no troubleshooting guides and no documentation of whats causing the error. Some one said to try

cpan Mozilla::CA IO::Socket::SSL


It doesn't help either.


On Sat, May 3, 2014 at 10:59 PM, Michael Steele <michaels at ...9077...<mailto:michaels at ...9077...>> wrote:
For testing PP only; As long as you specify the version of rules to pull in the pulledpork.conf  ( snort_version=x.x.x.x )  the version of snort you are running is not relevant, or shouldn’t be. PP should complete successfully.

I complained about this MONTHS / YEARS ago; For thirty days after a new version of Snort is released there is confusion about the rule set / configuration files compatibility for new users. Registered users can’t get access to the newly named rule set that matches the latest Snort version.

As a Registered user, you have just downloaded Snort 2.9.6.1, and the only rule set available is 2.9.6.0. However, you see that the subscribers have a Snort 2.9.6.1 rule set. It’s confusing if the only rule set available to registered users is 2.9.6.0, when they only have access to Snort 2.9.6.1. It’s not just the rule set, what about the new configuration files that are embedded into the new 2.9.6.1 rule set.  By installing Snort 2.9.6.1 and using the old Snort 2.9.6.0 configuration files from the 2.9.6.0 rule set, are you using outdated configuration files?

All Sourcefire needs to do at the release of a new Snort version is:

Clone the current registered users 2.9.6.0 rule set
Add all the configuration files from 2.9.6.1 subscribers rule set to the cloned 2.9.6.0 registered users rule set.
Rename the cloned 2.9.6.0 rule set to 2.9.6.1, and post it in the registered users area.

Registered users are not getting access to any new Subscribers rules, but all the confusion is gone.

Best regards,
Michael...

WINSNORT.com<http://WINSNORT.com> Management…
--
****************** Established ~ 2001 *******************
*          Visit Us @ http://www.winsnort.com<http://www.winsnort.com/>           *
*      ~~ FREE WinIDS Snort installation guides ~~      *
*               ~~ FREE support forums ~~               *
* Snort: Open Source Network IDS - http://www.snort.org<http://www.snort.org/> *
*********************************************************

From: basant subba [mailto:basantsubba at ...11827...<mailto:basantsubba at ...5119...827...>]
Sent: Saturday, May 3, 2014 10:45 AM
To: snort-users at lists.sourceforge.net<mailto:snort-users at ...3783...net>
Subject: Re: [Snort-users] Error 500 during update of rule-set using pulled-pork

@Joe: 2961 ruleset is available only for subscribed user and not for registered user. Is it mandatory to have a matching version of snort.conf file and rule set i.e. if I want to download 2960 rule-set I must have a 2960 version snort.conf file ?

On Sat, May 3, 2014 at 7:18 PM, Michael Steele <michaels at ...9077...<mailto:michaels at ...9077...>> wrote:
I’m not sure what your problem is, but upgrading Snort won’t have any effect on the way PP processes the rules.

There is a lot of information out there from multiple people having the same problem.

Try the link below and I’m confident the answer is in there somewhere.

http://tinyurl.com/n2l8n5g

Best regards,
Michael...

WINSNORT.com<http://WINSNORT.com> Management…
--
****************** Established ~ 2001 *******************
*          Visit Us @ http://www.winsnort.com<http://www.winsnort.com/>           *
*      ~~ FREE WinIDS Snort installation guides ~~      *
*               ~~ FREE support forums ~~               *
* Snort: Open Source Network IDS - http://www.snort.org<http://www.snort.org/> *
*********************************************************

From: basant subba [mailto:basantsubba at ...11827...<mailto:basantsubba at ...5119...827...>]
Sent: Saturday, May 3, 2014 9:05 AM
To: snort-users at lists.sourceforge.net<mailto:snort-users at ...3783...net>
Subject: [Snort-users] Error 500 during update of rule-set using pulled-pork

I am getting the following error when I am trying to update my rule-set using pulled pork

Checking latest MD5 for snortrules-snapshot-2956.tar.gz....
    Error 500 when fetching http://www.snort.org/reg-rules/snortrules-snapshot-2956.tar.gz.md5 at /usr/local/bin/pulledpork.pl<http://pulledpork.pl> line 463
    main::md5file('*oinkcode', 'snortrules-snapshot-2956.tar.gz', '/tmp/', 'http://www.snort.org/reg-rules/') called at /usr/local/bin/pulledpork.pl<http://pulledpork.pl> line 1847
I am a registered user. Some one in the mailing list told me to upgrade my snort. But even after up-garding my snort to version 2.9.6.1, I am still getting the same error.



------------------------------------------------------------------------------
"Accelerate Dev Cycles with Automated Cross-Browser Testing - For FREE
Instantly run your Selenium tests across 300+ browser/OS combos.  Get
unparalleled scalability from the best Selenium testing platform available.
Simple to use. Nothing to install. Get started now for free."
http://p.sf.net/sfu/SauceLabs
_______________________________________________
Snort-users mailing list
Snort-users at lists.sourceforge.net<mailto:Snort-users at lists.sourceforge.net>
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20140503/663e2d87/attachment.html>


More information about the Snort-users mailing list