[Snort-users] Pulledpork: please verify that you have recently updated your root certificates!

Joel Esler (jesler) jesler at ...589...
Mon Feb 23 17:12:16 EST 2015


Are you still seeing these errors?

> On Feb 19, 2015, at 6:30 AM, C. L. Martinez <carlopmart at ...11827...> wrote:
> 
> Uhmm ... same problem here this morning:
> 
> Checking latest MD5 for snortrules-snapshot-2970.tar.gz....
>    Fetching md5sum for: snortrules-snapshot-2970.tar.gz.md5
>    most recent rules file digest: b1583e298e07ace6460dd985d94729f0
> Rules tarball download of snortrules-snapshot-2970.tar.gz....
>    Fetching rules file: snortrules-snapshot-2970.tar.gz
>    A 500 error occurred, please verify that you have recently updated
> your root certificates!
> 
> On Wed, Feb 18, 2015 at 4:21 PM, Joel Esler (jesler) <jesler at ...589...> wrote:
>> Nothing has been change from our side in quite awhile.
>> 
>> --
>> Joel Esler
>> Open Source Manager
>> Threat Intelligence Team Lead
>> Talos
>> 
>> On Feb 18, 2015, at 11:12 AM, Shirkdog <shirkdog at ...11827...> wrote:
>> 
>> In 0.7.1 an option to ignore the certificate check "-w" was added.
>> 
>> Try that, but normally this is an issue on the back end.
>> 
>> ---
>> Michael Shirk
>> 
>> 
>> On Wed, Feb 18, 2015 at 8:33 AM, Lawrence Decker <lld0227 at ...11827...> wrote:
>> 
>> I'm running fedora core 20, I've updated my ca-certs, tried installing the
>> cert from amazonaws, but I still get
>> 
>> "500 Can't connect to s3.amazonaws.com:443 (certificate verify failed) (1s)"
>> 
>> If I take the link, I can plug it into my browser and it saves the snapshot,
>> but running pulledpork, it keeps erroring out...  I've changed my distro
>> from FC-20 -> FC-19 -> FC-14, no difference
>> 
>> Any suggestions???
>> 
>> Lawrence
>> 
>> 
>> 
>> frwg01:~># yum install ca-certificates
>> Loaded plugins: langpacks, refresh-packagekit
>> Package ca-certificates-2014.2.2-1.0.
>> fc20.noarch already installed and latest version
>> Nothing to do
>> 
>> 
>> 
>> frwg01:~># /usr/scripts/pulledpork/pulledpork.pl -vv -c
>> /etc/snort/pulledpork.conf -T -l
>> 
>>   http://code.google.com/p/pulledpork/
>>     _____ ____
>>    `----,\    )
>>     `--==\\  /    PulledPork v0.7.1 - Swine Flu with a side of Ebola!
>>      `--==\\/
>>    .-~~~~-.Y|\\_  Copyright (C) 2009-2014 JJ Cummings
>> @_/        /  66\_  cummingsj at ...11827...
>>   |    \   \   _(")
>>    \   /-| ||'--'  Rules give me wings!
>>     \_\  \_\\
>> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
>> 
>> Config File Variable Debug /etc/snort/pulledpork.conf
>>   rule_path = /etc/snort/rules
>>   sorule_path = /usr/local/lib/snort_dynamicrules/
>>   version = 0.7.1
>>   rule_url = ARRAY(0x2675e50)
>>   ignore = deleted.rules,experimental.rules,local.rules
>>   config_path = /etc/snort/snort.conf
>>   sid_msg_version = 1
>>   dropsid = /etc/snort/dropsid.conf
>>   sid_msg = /etc/snort/sid-msg.map
>>   snort_path = /usr/sbin/snort
>>   temp_path = /tmp
>>   distro = FC-14
>>   snort_control = /usr/sbin/snort_control
>>   disablesid = /etc/snort/disablesid.conf
>>   sid_changelog = /var/log/sid_changes.log
>>   local_rules = /etc/snort/rules/rules/local.rules
>>   modifysid = /etc/snort/modifysid.conf
>>   enablesid = /etc/snort/enablesid.conf
>>   black_list = /etc/snort/rules/black_list.rules
>> MISC (CLI and Autovar) Variable Debug:
>>   arch Def is: x86-64
>>   Config Path is: /etc/snort/pulledpork.conf
>>   Distro Def is: FC-14
>>   Disabled policy specified
>>   local.rules path is: /etc/snort/rules/rules/local.rules
>>   Rules file is: /etc/snort/rules
>>   Path to disablesid file: /etc/snort/disablesid.conf
>>   Path to dropsid file: /etc/snort/dropsid.conf
>>   Path to enablesid file: /etc/snort/enablesid.conf
>>   Path to modifysid file: /etc/snort/modifysid.conf
>>   sid changes will be logged to: /var/log/sid_changes.log
>>   sid-msg.map Output Path is: /etc/snort/sid-msg.map
>>   Snort Version is: 2.9.7.0
>>   Snort Config File: /etc/snort/snort.conf
>>   Snort Path is: /usr/sbin/snort
>>   Logging Flag is Set
>>   Text Rules only Flag is Set
>>   Extra Verbose Flag is Set
>>   Verbose Flag is Set
>>   Base URL is:
>> https://www.snort.org/reg-rules/|snortrules-snapshot.tar.gz|<oinkcode>
>> http://labs.snort.org/feeds/ip-filter.blf|IPBLACKLIST|open
>> Checking latest MD5 for snortrules-snapshot-2970.tar.gz....
>>   Fetching md5sum for: snortrules-snapshot-2970.tar.gz.md5
>> ** GET
>> https://www.snort.org/reg-rules/snortrules-snapshot-2970.tar.gz.md5/<oinkcode>
>> ==> 200 OK (1s)
>>   most recent rules file digest: b1583e298e07ace6460dd985d94729f0
>> Rules tarball download of snortrules-snapshot-2970.tar.gz....
>>   Fetching rules file: snortrules-snapshot-2970.tar.gz
>> ** GET
>> https://www.snort.org/reg-rules/snortrules-snapshot-2970.tar.gz/<oinkcode>
>> ==> 302 Found
>> ** GET
>> https://s3.amazonaws.com/snort-org-site/production/release_files/files/000/001/327/original/snortrules-snapshot-2970.tar.gz?AWSAccessKeyId=<TRIMMED>&Expires=1424221083&Signature=<TRIMMED>
>> ==> 500 Can't connect to s3.amazonaws.com:443 (certificate verify failed)
>>   A 500 error occurred, please verify that you have recently updated your
>> root certificates!
>> 
>> Message from syslogd at ...17101... at Feb 17 18:56:36 ...
>> pulledpork[2232]:FATAL: 500 error occured
>> 
>> ------------------------------------------------------------------------------
>> Download BIRT iHub F-Type - The Free Enterprise-Grade BIRT Server
>> from Actuate! Instantly Supercharge Your Business Reports and Dashboards
>> with Interactivity, Sharing, Native Excel Exports, App Integration & more
>> Get technology previously reserved for billion-dollar corporations, FREE
>> http://pubads.g.doubleclick.net/gampad/clk?id=190641631&iu=/4140/ostg.clktrk
>> _______________________________________________
>> Snort-users mailing list
>> Snort-users at lists.sourceforge.net
>> Go to this URL to change user options or unsubscribe:
>> https://lists.sourceforge.net/lists/listinfo/snort-users
>> Snort-users list archive:
>> http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users
>> 
>> Please visit http://blog.snort.org to stay current on all the latest Snort
>> news!
>> 
>> 
>> ------------------------------------------------------------------------------
>> Download BIRT iHub F-Type - The Free Enterprise-Grade BIRT Server
>> from Actuate! Instantly Supercharge Your Business Reports and Dashboards
>> with Interactivity, Sharing, Native Excel Exports, App Integration & more
>> Get technology previously reserved for billion-dollar corporations, FREE
>> http://pubads.g.doubleclick.net/gampad/clk?id=190641631&iu=/4140/ostg.clktrk
>> _______________________________________________
>> Snort-users mailing list
>> Snort-users at lists.sourceforge.net
>> Go to this URL to change user options or unsubscribe:
>> https://lists.sourceforge.net/lists/listinfo/snort-users
>> Snort-users list archive:
>> http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users
>> 
>> Please visit http://blog.snort.org to stay current on all the latest Snort
>> news!
>> 
>> 
>> 
>> ------------------------------------------------------------------------------
>> Download BIRT iHub F-Type - The Free Enterprise-Grade BIRT Server
>> from Actuate! Instantly Supercharge Your Business Reports and Dashboards
>> with Interactivity, Sharing, Native Excel Exports, App Integration & more
>> Get technology previously reserved for billion-dollar corporations, FREE
>> http://pubads.g.doubleclick.net/gampad/clk?id=190641631&iu=/4140/ostg.clktrk
>> _______________________________________________
>> Snort-users mailing list
>> Snort-users at lists.sourceforge.net
>> Go to this URL to change user options or unsubscribe:
>> https://lists.sourceforge.net/lists/listinfo/snort-users
>> Snort-users list archive:
>> http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users
>> 
>> Please visit http://blog.snort.org to stay current on all the latest Snort
>> news!





More information about the Snort-users mailing list