[Snort-users] Pulledpork: please verify that you have recently updated your root certificates!

Lawrence Decker lld0227 at ...11827...
Wed Feb 18 08:33:04 EST 2015

I'm running fedora core 20, I've updated my ca-certs, tried installing the
cert from amazonaws, but I still get

"500 Can't connect to s3.amazonaws.com:443 (certificate verify failed) (1s)"

If I take the link, I can plug it into my browser and it saves the
snapshot, but running pulledpork, it keeps erroring out...  I've changed my
distro from FC-20 -> FC-19 -> FC-14, no difference

Any suggestions???


frwg01:~># yum install ca-certificates
Loaded plugins: langpacks, refresh-packagekit
Package ca-certificates-2014.2.2-1.0.
fc20.noarch already installed and latest version
Nothing to do

frwg01:~># /usr/scripts/pulledpork/pulledpork.pl -vv -c
/etc/snort/pulledpork.conf -T -l

      _____ ____
     `----,\    )
      `--==\\  /    PulledPork v0.7.1 - Swine Flu with a side of Ebola!
     .-~~~~-.Y|\\_  Copyright (C) 2009-2014 JJ Cummings
  @_/        /  66\_  cummingsj at ...11827...
    |    \   \   _(")
     \   /-| ||'--'  Rules give me wings!
      \_\  \_\\

Config File Variable Debug /etc/snort/pulledpork.conf
    rule_path = /etc/snort/rules
    sorule_path = /usr/local/lib/snort_dynamicrules/
    version = 0.7.1
    rule_url = ARRAY(0x2675e50)
    ignore = deleted.rules,experimental.rules,local.rules
    config_path = /etc/snort/snort.conf
    sid_msg_version = 1
    dropsid = /etc/snort/dropsid.conf
    sid_msg = /etc/snort/sid-msg.map
    snort_path = /usr/sbin/snort
    temp_path = /tmp
    distro = FC-14
    snort_control = /usr/sbin/snort_control
    disablesid = /etc/snort/disablesid.conf
    sid_changelog = /var/log/sid_changes.log
    local_rules = /etc/snort/rules/rules/local.rules
    modifysid = /etc/snort/modifysid.conf
    enablesid = /etc/snort/enablesid.conf
    black_list = /etc/snort/rules/black_list.rules
MISC (CLI and Autovar) Variable Debug:
    arch Def is: x86-64
    Config Path is: /etc/snort/pulledpork.conf
    Distro Def is: FC-14
    Disabled policy specified
    local.rules path is: /etc/snort/rules/rules/local.rules
    Rules file is: /etc/snort/rules
    Path to disablesid file: /etc/snort/disablesid.conf
    Path to dropsid file: /etc/snort/dropsid.conf
    Path to enablesid file: /etc/snort/enablesid.conf
    Path to modifysid file: /etc/snort/modifysid.conf
    sid changes will be logged to: /var/log/sid_changes.log
    sid-msg.map Output Path is: /etc/snort/sid-msg.map
    Snort Version is:
    Snort Config File: /etc/snort/snort.conf
    Snort Path is: /usr/sbin/snort
    Logging Flag is Set
    Text Rules only Flag is Set
    Extra Verbose Flag is Set
    Verbose Flag is Set
    Base URL is:
Checking latest MD5 for snortrules-snapshot-2970.tar.gz....
    Fetching md5sum for: snortrules-snapshot-2970.tar.gz.md5
** GET https://www.snort.org/reg-rules/snortrules-snapshot-2970.tar.gz.md5/<oinkcode>
==> 200 OK (1s)
    most recent rules file digest: b1583e298e07ace6460dd985d94729f0
Rules tarball download of snortrules-snapshot-2970.tar.gz....
    Fetching rules file: snortrules-snapshot-2970.tar.gz
** GET https://www.snort.org/reg-rules/snortrules-snapshot-2970.tar.gz/<oinkcode>
==> 302 Found
** GET
==> 500 Can't connect to s3.amazonaws.com:443 (certificate verify failed)
    A 500 error occurred, please verify that you have recently updated your
root certificates!

Message from syslogd at ...17101... at Feb 17 18:56:36 ...
 pulledpork[2232]:FATAL: 500 error occured
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20150218/b22c6a7f/attachment.html>

More information about the Snort-users mailing list