[Snort-users] PulledPork Stop working

Shirkdog shirkdog at ...11827...
Tue Dec 1 19:42:22 EST 2015


Without the version provided for Snort, pulledpork will detect the Snort
version based on the binary.
On Dec 1, 2015 7:36 PM, "Rafael Leiva-Ochoa" <spawn at ...17369...> wrote:

> Thanks that's what I thought, but was not 100% Why would pulledpork be
> pulling that?
>
> On Tuesday, December 1, 2015, Joel Esler (jesler) <jesler at ...589...>
> wrote:
>
>> As mentioned earlier in another thread the ruleset for 2980 is not out
>> yet, (should be out probably Thursday), 2976’s rules work fine.
>>
>> --
>> *Joel Esler*
>> Manager, Talos Group
>>
>>
>>
>>
>> On Dec 1, 2015, at 5:37 PM, Rafael Leiva-Ochoa <spawn at ...17369...> wrote:
>>
>> Hi All,
>>
>>   I am getting the following error with pulledpork:
>>
>> Last login: Tue Dec  1 14:14:43 2015 from 172.16.1.39
>>
>> [root at ...17370... ~]# pulledpork.pl -vv -c /etc/snort/pulledpork.conf
>> -l
>>
>>
>>     https://github.com/shirkdog/pulledpork
>>
>>       _____ ____
>>
>>      `----,\    )
>>
>>       `--==\\  /    PulledPork v0.7.2 - E.Coli in your water bottle!
>>
>>        `--==\\/
>>
>>      .-~~~~-.Y|\\_  Copyright (C) 2009-2015 JJ Cummings
>>
>>   @_/        /  66\_  cummingsj at ...11827...
>>
>>     |    \   \   _(")
>>
>>      \   /-| ||'--'  Rules give me wings!
>>
>>       \_\  \_\\
>>
>>  ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
>>
>>
>> Config File Variable Debug /etc/snort/pulledpork.conf
>>
>> snort_path = /usr/local/bin/snort
>>
>> enablesid = /etc/snort/enablesid.conf
>>
>> black_list = /etc/snort/rules/black_list.rules
>>
>> modifysid = /etc/snort/modifysid.conf
>>
>> rule_path = /etc/snort/rules/snort.rules
>>
>> ignore = deleted.rules,experimental.rules,local.rules
>>
>> snort_control = /usr/local/bin/snort_control
>>
>> rule_url = ARRAY(0x16a3220)
>>
>> sid_msg_version = 1
>>
>> sid_changelog = /var/log/sid_changes.log
>>
>> sid_msg = /etc/snort/sid-msg.map
>>
>> backup_file = /tmp/pp_backup
>>
>> ips_policy = security
>>
>> config_path = /etc/snort/snort.conf
>>
>> temp_path = /tmp
>>
>> distro = Centos-5-4
>>
>> version = 0.7.2
>>
>> sorule_path = /usr/local/lib/snort_dynamicrules/
>>
>> disablesid = /etc/snort/disablesid.conf
>>
>> dropsid = /etc/snort/dropsid.conf
>>
>> local_rules = /etc/snort/rules/local.rules
>>
>> MISC (CLI and Autovar) Variable Debug:
>>
>> arch Def is: x86-64
>>
>> Operating System is: linux
>>
>> CA Certificate File is: OS Default
>>
>> Config Path is: /etc/snort/pulledpork.conf
>>
>> Distro Def is: Centos-5-4
>>
>> security policy specified
>>
>> local.rules path is: /etc/snort/rules/local.rules
>>
>> Rules file is: /etc/snort/rules/snort.rules
>>
>> Path to disablesid file: /etc/snort/disablesid.conf
>>
>> Path to dropsid file: /etc/snort/dropsid.conf
>>
>> Path to enablesid file: /etc/snort/enablesid.conf
>>
>> Path to modifysid file: /etc/snort/modifysid.conf
>>
>> sid changes will be logged to: /var/log/sid_changes.log
>>
>> sid-msg.map Output Path is: /etc/snort/sid-msg.map
>>
>> Snort Version is: 2.9.8.0
>>
>> Snort Config File: /etc/snort/snort.conf
>>
>> Snort Path is: /usr/local/bin/snort
>>
>> SO Output Path is: /usr/local/lib/snort_dynamicrules/
>>
>> Will process SO rules
>>
>> Logging Flag is Set
>>
>> Extra Verbose Flag is Set
>>
>> Verbose Flag is Set
>>
>> File(s) to ignore = deleted.rules,experimental.rules,local.rules
>>
>> Base URL is:
>> https://www.snort.org/rules/|snortrules-snapshot.tar.gz|b26b2f91e7f8ac8a3bf091999b07f9a458e39048
>> https://snort.org/downloads/community/|community-rules.tar.gz|Community
>> http://talosintel.com/feeds/ip-filter.blf|IPBLACKLIST|open
>> https://www.snort.org/rules/|opensource.gz|b26b2f91e7f8ac8a3bf091999b07f9a458e39048
>>
>> Checking latest MD5 for snortrules-snapshot-2980.tar.gz....
>>
>> Fetching md5sum for: snortrules-snapshot-2980.tar.gz.md5
>>
>> ** GET
>> https://www.snort.org/reg-rules/snortrules-snapshot-2980.tar.gz.md5/b26b2f91e7f8ac8a3bf091999b07f9a458e39048
>> ==> SSL_connect:before/connect initialization
>>
>> SSL_connect:SSLv2/v3 write client hello A
>>
>> SSL_connect:SSLv3 read server hello A
>>
>> SSL_connect:SSLv3 read server certificate A
>>
>> SSL_connect:SSLv3 read server key exchange A
>>
>> SSL_connect:SSLv3 read server done A
>>
>> SSL_connect:SSLv3 write client key exchange A
>>
>> SSL_connect:SSLv3 write change cipher spec A
>>
>> SSL_connect:SSLv3 write finished A
>>
>> SSL_connect:SSLv3 flush data
>>
>> SSL_connect:SSLv3 read server session ticket A
>>
>> SSL_connect:SSLv3 read finished A
>>
>> 422 Unprocessable Entity (1s)
>>
>> Error 422 when fetching
>> https://www.snort.org/rules/snortrules-snapshot-2980.tar.gz.md5 at
>> /usr/local/bin/pulledpork.pl line 516
>>
>> main::md5file('b26b2f91e7f8ac8a3bf091999b07f9a458e39048',
>> 'snortrules-snapshot-2980.tar.gz', '/tmp/', 'https://www.snort.org/rules/')
>> called at /usr/local/bin/pulledpork.pl line 1937
>>
>> [root at ...17370... ~]#
>>
>>
>> I looked at the snort archive, and it was an issue before. Any idea how
>> to fix it?
>>
>> Thanks,
>>
>> Rafael
>>
>> ------------------------------------------------------------------------------
>> Go from Idea to Many App Stores Faster with Intel(R) XDK
>> Give your users amazing mobile app experiences with Intel(R) XDK.
>> Use one codebase in this all-in-one HTML5 development environment.
>> Design, debug & build mobile apps & 2D/3D high-impact games for multiple
>> OSs.
>>
>> http://pubads.g.doubleclick.net/gampad/clk?id=254741911&iu=/4140_______________________________________________
>> Snort-users mailing list
>> Snort-users at lists.sourceforge.net
>> Go to this URL to change user options or unsubscribe:
>> https://lists.sourceforge.net/lists/listinfo/snort-users
>> Snort-users list archive:
>> http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users
>>
>> Please visit http://blog.snort.org to stay current on all the latest
>> Snort news!
>>
>>
>>
>
> ------------------------------------------------------------------------------
> Go from Idea to Many App Stores Faster with Intel(R) XDK
> Give your users amazing mobile app experiences with Intel(R) XDK.
> Use one codebase in this all-in-one HTML5 development environment.
> Design, debug & build mobile apps & 2D/3D high-impact games for multiple
> OSs.
> http://pubads.g.doubleclick.net/gampad/clk?id=254741911&iu=/4140
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users
>
> Please visit http://blog.snort.org to stay current on all the latest
> Snort news!
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20151201/716381b6/attachment.html>


More information about the Snort-users mailing list