[Snort-users] Snort IP blacklist issue (Pulledprok)

Shirkdog shirkdog at ...11827...
Thu Feb 4 07:26:23 EST 2016


Does /etc/snort/rules/iplists exist?

Try this and post your results running pulledpork:

mkdir -p /etc/snort/rules/iplists
touch /etc/snort/rules/iplists/black_list.rules
On Feb 4, 2016 4:40 AM, "Nicolas Lepolard" <Nicolas.Lepolard at ...17447...>
wrote:

> Hi,
>
> Thank you for your reply !
>
> I have checked and I think my config is OK. Here, are the variables that I
> have modified in my pulledpork.conf file :
>
> Line19        rule_url=
> https://www.snort.org/reg_rules/|snortrules-snapshot.tar.gz|<my oinkcode>
> Line 26        rule_url=https://www.snort.org/reg-rules/|opensource.gz|<my
> oinkcode>
> Line 61        temp_path=/opt/snort/tmp (I have changed  the path cause it
> didn't worked with /tmp, the permissions are OK)
> Line 74        rule_path=/etc/snort/rules/snort.rules
> Line 89        local_rules=/etc/snort/rules/local.rules
> Line 92        sid_msg=/etc/snort/sid-msg.map
> Line 96        sid_msg_version=2
> Line 119        config_path=/etc/snort/snort.conf
> Line 133        distro=Debian-6.0
> Line 141         black_list=/etc/snort/rules/iplists/black_list.rules
> Line 150        IPRVersion=/etc/snort/rules/iplists
>
> Thank for your help.
>
> Best regards
>
> Nicolas
>
>
>
> De :        Shirkdog <shirkdog at ...11827...>
> A :        Nicolas Lepolard <Nicolas.Lepolard at ...17447...>
> Cc :        snort-users mailinglist <snort-users at lists.sourceforge.net>
> Date :        03/02/2016 18:40
> Objet :        Re: [Snort-users] Snort IP blacklist issue (Pulledprok)
> ------------------------------
>
>
>
> Make sure the file specified in pulledpork.conf actually exists.
>
> Check the black_list variable in your config.
>
> On Feb 3, 2016 11:53 AM, "Nicolas Lepolard" <*Nicolas.Lepolard at ...17447...*
> <Nicolas.Lepolard at ...17447...>> wrote:
> Hi guys,
>
> I have an issue with my PulledPork's installation !
>
> When i try this command, i've got this error message :
>
> sudo /usr/local/bin/*pulledpork.pl* <http://pulledpork.pl/>-c
> /etc/snort/pulledpork.conf -l
>
> (...)
> Checking latest MD5 for snortrules-snapshot-2980.tar.gz....
> They Match
> Done!
> Rules tarball download of community-rules.tar.gz....
> IP Blacklist download of *http://talosintel.com/feeds/ip-filter.blf..*
> <http://talosintel.com/feeds/ip-filter.blf..>..
> Reading IP List...
> Couldn't read /opt/snort/tmp/648.041857729794-black_list.rules - Aucun
> fichier ou dossier de ce type
>  at /usr/local/bin/*pulledpork.pl* <http://pulledpork.pl/> line 540.
> main::read_iplist(HASH(0x2a281f8),
> "/opt/snort/tmp/648.041857729794-black_list.rules") called at
> /usr/local/bin/*pulledpork.pl* <http://pulledpork.pl/> line 431
> main::rulefetch("open", "IPBLACKLIST0", "/opt/snort/tmp/", "
> *http://talosintel.com/feeds/ip-filter.blf*
> <http://talosintel.com/feeds/ip-filter.blf>") called at /usr/local/bin/
> *pulledpork.pl* <http://pulledpork.pl/> line 1946
>
> I've seen other posts about this problem but i didn't find solution !
>
> Can you help me please ?
>
> Snort : 2.9.8.0
> PulledPorks : 0.7.2
>
> Best regards
>
> Nicolas
>
>
>
> ------------------------------------------------------------------------------
> Site24x7 APM Insight: Get Deep Visibility into Application Performance
> APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month
> Monitor end-to-end web transactions and take corrective actions now
> Troubleshoot faster and improve end-user experience. Signup Now!
> *http://pubads.g.doubleclick.net/gampad/clk?id=267308311&iu=/4140*
> <http://pubads.g.doubleclick.net/gampad/clk?id=267308311&iu=/4140>
> _______________________________________________
> Snort-users mailing list
> *Snort-users at lists.sourceforge.net* <Snort-users at lists.sourceforge.net>
> Go to this URL to change user options or unsubscribe:
> *https://lists.sourceforge.net/lists/listinfo/snort-users*
> <https://lists.sourceforge.net/lists/listinfo/snort-users>
> Snort-users list archive:
> *http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users*
> <http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users>
>
> Please visit *http://blog.snort.org* <http://blog.snort.org/>to stay
> current on all the latest Snort news!
> ------------------------------------------------------------------------------
> Site24x7 APM Insight: Get Deep Visibility into Application Performance
> APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month
> Monitor end-to-end web transactions and take corrective actions now
> Troubleshoot faster and improve end-user experience. Signup Now!
> http://pubads.g.doubleclick.net/gampad/clk?id=267308311&iu=/4140
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users
>
> Please visit http://blog.snort.orgto stay current on all the latest Snort
> news!
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20160204/ad18b254/attachment.html>


More information about the Snort-users mailing list