[Snort-users] pulledpork 0.7.1 -wc certificate verification problem

Shirkdog shirkdog at ...11827...
Fri Jan 16 20:49:43 EST 2015


0.7.0 is known to be good. Try again and see if you still have issues.
There is one bug fix and the verification skip in 0.7.1, so if 0.7.0
does not work, something else is going on.

---
Michael Shirk


On Fri, Jan 16, 2015 at 8:14 PM, Joel Esler (jesler) <jesler at ...589...> wrote:
> Nothing has changed with the site.
>
> --
> Joel Esler
> Sent from my iPhone
>
> On Jan 16, 2015, at 7:29 PM, "amn0p at ...14399..." <amn0p at ...14399...> wrote:
>
> Hi everyone,
>
> I have the pulledpork 0.7.1 perl script to download snort rules. But because
> of certificate verification it keeps failing. I even tried the -w option.
> Please see verbose output below. Any guidance? Thanks for your time.
>
>  sudo /usr/bin/pulledpork.pl -vvwc /usr/local/snort/etc/pulledpork.conf
>
>     http://code.google.com/p/pulledpork/
>       _____ ____
>      `----,\    )
>       `--==\\  /    PulledPork v0.7.1 - Swine Flu with a side of Ebola!
>        `--==\\/
>      .-~~~~-.Y|\\_  Copyright (C) 2009-2014 JJ Cummings
>   @_/        /  66\_  cummingsj at ...11827...
>     |    \   \   _(")
>      \   /-| ||'--'  Rules give me wings!
>       \_\  \_\\
>  ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
>
> Config File Variable Debug /usr/local/snort/etc/pulledpork.conf
>         snort_path = /usr/local/bin/snort
>         enablesid = /usr/local/snort/etc/enablesid.conf
>         black_list = /usr/local/snort/rules/black_list.rules
>         IPRVersion = /usr/local/snort/rules/iplists
>         rule_path = /usr/local/snort/rules/snort.rules
>         ignore = deleted.rules,experimental.rules,local.rules
>         state_order = disable,drop,enable
>         snort_control = /usr/local/bin/snort_control
>         rule_url = ARRAY(0x2133638)
>         snort_version = 2.9.6.2
>         sid_msg_version = 1
>         sid_changelog = /var/log/sid_changes.log
>         sid_msg = /usr/local/snort/etc/sid-msg.map
>         config_path = /usr/local/snort/etc/snortint1.conf
>         temp_path = /tmp
>         distro = Ubuntu-12-04
>         version = 0.7.1
>         sorule_path = /usr/local/snort/lib/snort_dynamicrules/
>         disablesid = /usr/local/snort/etc/disablesid.conf
>         local_rules = /usr/local/snort/rules/local.rules
> MISC (CLI and Autovar) Variable Debug:
>         arch Def is: x86-64
>         Config Path is: /usr/local/snort/etc/pulledpork.conf
>         Distro Def is: Ubuntu-12-04
>         Disabled policy specified
>         local.rules path is: /usr/local/snort/rules/local.rules
>         Rules file is: /usr/local/snort/rules/snort.rules
>         Path to disablesid file: /usr/local/snort/etc/disablesid.conf
>         Path to enablesid file: /usr/local/snort/etc/enablesid.conf
>         sid changes will be logged to: /var/log/sid_changes.log
>         sid-msg.map Output Path is: /usr/local/snort/etc/sid-msg.map
>         Snort Version is: 2.9.6.2
>         Snort Config File: /usr/local/snort/etc/snortint1.conf
>         Snort Path is: /usr/local/bin/snort
>         SO Output Path is: /usr/local/snort/lib/snort_dynamicrules/
>         Will process SO rules
>         Extra Verbose Flag is Set
>         Verbose Flag is Set
>         SSL Hostname Verification disabled
>         Base URL is:
> https://www.snort.org/sub-rules/|snortrules-snapshot.tar.gz|<trimmed>
> http://labs.snort.org/feeds/ip-filter.blf|IPBLACKLIST|<trimmed>
> Checking latest MD5 for snortrules-snapshot-2962.tar.gz....
>         Fetching md5sum for: snortrules-snapshot-2962.tar.gz.md5
> ** GET
> https://www.snort.org/reg-rules/snortrules-snapshot-2962.tar.gz.md5/<trimmed>
> ==> 500 Can't connect to www.snort.org:443 (certificate verify failed) (1s)
>         Error 500 when fetching
> https://www.snort.org/sub-rules/snortrules-snapshot-2962.tar.gz.md5 at
> /usr/bin/pulledpork.pl line 482
>         main::md5file('<trimmed>', 'snortrules-snapshot-2962.tar.gz',
> '/tmp/', 'https://www.snort.org/sub-rules/') called at
> /usr/bin/pulledpork.pl line 1875
>
> ------------------------------------------------------------------------------
> New Year. New Location. New Benefits. New Data Center in Ashburn, VA.
> GigeNET is offering a free month of service with a new server in Ashburn.
> Choose from 2 high performing configs, both with 100TB of bandwidth.
> Higher redundancy.Lower latency.Increased capacity.Completely compliant.
> http://p.sf.net/sfu/gigenet
>
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users
>
> Please visit http://blog.snort.org to stay current on all the latest Snort
> news!
>
>
> ------------------------------------------------------------------------------
> New Year. New Location. New Benefits. New Data Center in Ashburn, VA.
> GigeNET is offering a free month of service with a new server in Ashburn.
> Choose from 2 high performing configs, both with 100TB of bandwidth.
> Higher redundancy.Lower latency.Increased capacity.Completely compliant.
> http://p.sf.net/sfu/gigenet
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users
>
> Please visit http://blog.snort.org to stay current on all the latest Snort
> news!




More information about the Snort-users mailing list