[Snort-users] PulledPork 403 Forbidden error

Kurzawa, Kevin kkurzawa at ...16800...
Fri May 23 13:17:52 EDT 2014


Yes, after I provide Joel my account name it worked. My name and username were not matching which he changed to match, I believe. More might have been done, but after he contacted me, it worked fine.


From: Steve Crow [mailto:scrow at ...16818...]
Sent: Friday, May 23, 2014 10:51 AM
To: snort-users at lists.sourceforge.net
Subject: Re: [Snort-users] PulledPork 403 Forbidden error

Kevin, were you able to get this issue resolved?

Thank you!

Steve Crow

From: Joel Esler (jesler) [mailto:jesler at ...589...]
Sent: Friday, April 18, 2014 1:03 PM
To: Kurzawa, Kevin
Cc: snort-users at lists.sourceforge.net<mailto:snort-users at ...3783...net>
Subject: Re: [Snort-users] PulledPork 403 Forbidden error

Dear Kevin,

In order to look into this issue, I am going to need your Snort.org<http://Snort.org> username and email address.  Please feel free to email me directly with that information.

--
Joel Esler
Open Source Manager
Threat Intelligence Team Lead
Vulnerability Research Team


On Apr 18, 2014, at 1:32 PM, Kurzawa, Kevin <kkurzawa at ...16800...<mailto:kkurzawa at ...16800...>> wrote:

PulledPork 0.7.0
Snort 2960
Archlinux

Switching over from Oinkmaster to PulledPork. I want the ability to automatically switch between the connectivity, balanced, and security rulesets easily (if this is do-able in Oinkmaster, someone please enlighten me).

Running sudo pulledpork.pl -c /etc/pulledpork/pulledpork.conf -T -vv

Base URL is: https://www.snort.org/reg-rules/|snortrules-snapshot-2960.tar.gz|83c886d030bc3d56e56d69488c456404xxxx
Checking latest MD5 for snortrules-snapshot-2960.tar.gz....
Fetching md5sum for: snortrules-snapshot-2960.tar.gz.md5
** GET https://www.snort.org/reg-rules/snortrules-snapshot-2960.tar.gz.md5/83c886d030bc3d56e56d69488c456404xxxx ==> 403 Forbidden (1s)
A 403 error occurred, please wait for the 15 minute timeout
to expire before trying again or specify the -n runtime switch
You may also wish to verfiy your oinkcode, tarball name, and other configuration options
Error 403 when fetching https://www.snort.org/reg-rules/snortrules-snapshot-2960.tar.gz.md5 at /usr/local/bin/pulledpork.pl line 463.
main::md5file('83c886d030bc3d56e56d69488c456404xxxx ', 'snortrules-snapshot-2960.tar.gz', '/tmp/', 'https://www.snort.org/reg-rules/') called at /usr/local/bin/pulledpork.pl line 1847

If I use a base URL without the version in yells at me and tells me I have to specify it.
Base URL is: https://www.snort.org/reg-rules/|snortrules-snapshot.tar.gz|83c886d030bc3d56e56d69488c456404xxxx

I get this 403 error after waiting for 20 minutes, 30 minutes, whenever minutes.
I verified my oinkcode, it is correct.
I got the tarball name from the Snort.org<http://snort.org/> site where it references downloading via the command line.
As for other configuration options, I do not know what else it could be.


My pulledpork.conf file:

# RULE URI
#rule_url=https://www.snort.org/reg-rules/|snortrules-snapshot.tar.gz|83c886d030bc3d56e56d69488c456404xxxx
rule_url=https://www.snort.org/reg-rules/|snortrules-snapshot-2960.tar.gz|83c886d030bc3d56e56d69488c456404xxxx
#rule_url=http://labs.snort.org/feeds/ip-filter.blf|IPBLACKLIST|open
#rule_url=https://www.snort.org/reg-rules/|opensource.gz|<oinkcode><https://www.snort.org/reg-rules/|opensource.gz|%3Coinkcode%3E>
#rule_url=https://rules.emergingthreatspro.com/|emerging.rules.tar.gz|open
#rule_url=https://rules.emergingthreatspro.com/|etpro.rules.tar.gz|<et oinkcode>

ips_policy=security
ignore=deleted.rules,experimental.rules,local.rules
temp_path=/tmp
rule_path=/etc/pulledpork/rules/snort.rules
# out_path=/usr/local/etc/snort/rules/
local_rules=/etc/pulledpork/rules/local.rules
sid_msg=/etc/pulledpork/sid-msg.map
sid_msg_version=1
sid_changelog=/var/log/pulledpork/sid_changes.log

# SHARED OBJECT (SO) RULES
#sorule_path=/usr/local/lib/snort_dynamicrules/
snort_path=/usr/bin/snort
#sostub_path=
#config_path=/etc/snort/snort.conf
# Define your distro, this is for the precompiled shared object libs!
# Valid Distro Types:
# Debian-5-0, Debian-6-0,
# Ubuntu-8.04, Ubuntu-10-4
# Centos-4-8, Centos-5-4
# FC-12, FC-14, RHEL-5-5, RHEL-6-0
# FreeBSD-7-3, FreeBSD-8-1
# OpenBSD-4-8
# Slackware-13-1
#distro=FreeBSD-8.1

black_list=/etc/pulledpork/rules/default.blacklist
IPRVersion=/etc/pulledpork/rules/iplists
#snort_control=/usr/bin/snort_control
# backup=/usr/local/etc/snort,/usr/local/etc/pulledpork,/usr/local/lib/snort_dynamicrules/
# backup_file=/tmp/pp_backup
# docs=/path/to/base/www
# state_order=disable,drop,enable
# pid_path=/var/run/snort.pid,/var/run/barnyard.pid,/var/run/barnyard2.pid
# snort_version=2.9.0.0
enablesid=/etc/pulledpork/enablesid.conf
dropsid=/etc/pulledpork/dropsid.conf
disablesid=/etc/pulledpork/disablesid.conf
modifysid=/etc/pulledpork/modifysid.conf
version=0.7.0
------------------------------------------------------------------------------
Learn Graph Databases - Download FREE O'Reilly Book
"Graph Databases" is the definitive new guide to graph databases and their
applications. Written by three acclaimed leaders in the field,
this first edition is now available. Download your free book today!
http://p.sf.net/sfu/NeoTech_______________________________________________
Snort-users mailing list
Snort-users at lists.sourceforge.net<mailto:Snort-users at lists.sourceforge.net>
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org<http://blog.snort.org/> to stay current on all the latest Snort news!

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20140523/5555f40a/attachment.html>


More information about the Snort-users mailing list