[Snort-users] PulledPork Stop working

Rafael Leiva-Ochoa spawn at ...17369...
Tue Dec 1 17:37:12 EST 2015


Hi All,

  I am getting the following error with pulledpork:

Last login: Tue Dec  1 14:14:43 2015 from 172.16.1.39

[root at ...17370... ~]# pulledpork.pl -vv -c /etc/snort/pulledpork.conf -l



    https://github.com/shirkdog/pulledpork

      _____ ____

     `----,\    )

      `--==\\  /    PulledPork v0.7.2 - E.Coli in your water bottle!

       `--==\\/

     .-~~~~-.Y|\\_  Copyright (C) 2009-2015 JJ Cummings

  @_/        /  66\_  cummingsj at ...11827...

    |    \   \   _(")

     \   /-| ||'--'  Rules give me wings!

      \_\  \_\\

 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


Config File Variable Debug /etc/snort/pulledpork.conf

snort_path = /usr/local/bin/snort

enablesid = /etc/snort/enablesid.conf

black_list = /etc/snort/rules/black_list.rules

modifysid = /etc/snort/modifysid.conf

rule_path = /etc/snort/rules/snort.rules

ignore = deleted.rules,experimental.rules,local.rules

snort_control = /usr/local/bin/snort_control

rule_url = ARRAY(0x16a3220)

sid_msg_version = 1

sid_changelog = /var/log/sid_changes.log

sid_msg = /etc/snort/sid-msg.map

backup_file = /tmp/pp_backup

ips_policy = security

config_path = /etc/snort/snort.conf

temp_path = /tmp

distro = Centos-5-4

version = 0.7.2

sorule_path = /usr/local/lib/snort_dynamicrules/

disablesid = /etc/snort/disablesid.conf

dropsid = /etc/snort/dropsid.conf

local_rules = /etc/snort/rules/local.rules

MISC (CLI and Autovar) Variable Debug:

arch Def is: x86-64

Operating System is: linux

CA Certificate File is: OS Default

Config Path is: /etc/snort/pulledpork.conf

Distro Def is: Centos-5-4

security policy specified

local.rules path is: /etc/snort/rules/local.rules

Rules file is: /etc/snort/rules/snort.rules

Path to disablesid file: /etc/snort/disablesid.conf

Path to dropsid file: /etc/snort/dropsid.conf

Path to enablesid file: /etc/snort/enablesid.conf

Path to modifysid file: /etc/snort/modifysid.conf

sid changes will be logged to: /var/log/sid_changes.log

sid-msg.map Output Path is: /etc/snort/sid-msg.map

Snort Version is: 2.9.8.0

Snort Config File: /etc/snort/snort.conf

Snort Path is: /usr/local/bin/snort

SO Output Path is: /usr/local/lib/snort_dynamicrules/

Will process SO rules

Logging Flag is Set

Extra Verbose Flag is Set

Verbose Flag is Set

File(s) to ignore = deleted.rules,experimental.rules,local.rules

Base URL is:
https://www.snort.org/rules/|snortrules-snapshot.tar.gz|b26b2f91e7f8ac8a3bf091999b07f9a458e39048
https://snort.org/downloads/community/|community-rules.tar.gz|Community
http://talosintel.com/feeds/ip-filter.blf|IPBLACKLIST|open
https://www.snort.org/rules/|opensource.gz|b26b2f91e7f8ac8a3bf091999b07f9a458e39048

Checking latest MD5 for snortrules-snapshot-2980.tar.gz....

Fetching md5sum for: snortrules-snapshot-2980.tar.gz.md5

** GET
https://www.snort.org/reg-rules/snortrules-snapshot-2980.tar.gz.md5/b26b2f91e7f8ac8a3bf091999b07f9a458e39048
==> SSL_connect:before/connect initialization

SSL_connect:SSLv2/v3 write client hello A

SSL_connect:SSLv3 read server hello A

SSL_connect:SSLv3 read server certificate A

SSL_connect:SSLv3 read server key exchange A

SSL_connect:SSLv3 read server done A

SSL_connect:SSLv3 write client key exchange A

SSL_connect:SSLv3 write change cipher spec A

SSL_connect:SSLv3 write finished A

SSL_connect:SSLv3 flush data

SSL_connect:SSLv3 read server session ticket A

SSL_connect:SSLv3 read finished A

422 Unprocessable Entity (1s)

Error 422 when fetching
https://www.snort.org/rules/snortrules-snapshot-2980.tar.gz.md5 at
/usr/local/bin/pulledpork.pl line 516

main::md5file('b26b2f91e7f8ac8a3bf091999b07f9a458e39048',
'snortrules-snapshot-2980.tar.gz', '/tmp/', 'https://www.snort.org/rules/')
called at /usr/local/bin/pulledpork.pl line 1937

[root at ...17370... ~]#


I looked at the snort archive, and it was an issue before. Any idea how to
fix it?

Thanks,

Rafael
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20151201/8b2c1682/attachment.html>


More information about the Snort-users mailing list