[Snort-users] PulledPork Stopped Working

Keith Pachulski keith.pachulski at ...17691...
Mon Jan 9 13:59:24 EST 2017


Pulledpork was working fine for me until this latest snort update so looking for some advice on how to correct the error:

$ ./pulledpork.pl -c /home/snort/pulledpork/etc/pulledpork.conf -I security -P -e /home/snort/pulledpork/etc/enablesid.conf -vv
    https://github.com/shirkdog/pulledpork
      _____ ____
     `----,\    )
      `--==\\  /    PulledPork v0.7.3 - Making signature updates great again!
       `--==\\/
     .-~~~~-.Y|\\_  Copyright (C) 2009-2016 JJ Cummings
  @_/        /  66\_  cummingsj at ...11827...
    |    \   \   _(")
     \   /-| ||'--'  Rules give me wings!
      \_\  \_\\
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Config File Variable Debug /home/snort/pulledpork/etc/pulledpork.conf
        sid_msg_version = 1
        IPRVersion = /home/snort/rules/iplists
        ignore = deleted.rules,experimental.rules,local.rules
        snort_path = /usr/local/bin/snort
        temp_path = /tmp
        sorule_path = /usr/local/lib/snort_dynamicrules/
        sid_msg = /home/snort/rules/etc/sid-msg.map
        local_rules = /home/snort/rules/local.rules
        rule_path = /home/snort/rules/snort.rules
        distro = Ubuntu-12-04
       sid_changelog = /home/snort/rules/pullpork-sid_changes.log
        rule_url = ARRAY(0x1bf0a70)
        config_path = /home/snort/rules/snort.conf
        version = 0.7.3
        black_list = /home/snort/rules/black_list.rules
MISC (CLI and Autovar) Variable Debug:
        Process flag specified!
        arch Def is: x86-64
        Operating System is: linux
        CA Certificate File is: OS Default
        Config Path is: /home/snort/pulledpork/etc/pulledpork.conf
        Distro Def is: Ubuntu-12-04
        security policy specified
        local.rules path is: /home/snort/rules/local.rules
        Rules file is: /home/snort/rules/snort.rules
        Path to enablesid file: /home/snort/pulledpork/etc/enablesid.conf
        sid changes will be logged to: /home/snort/rules/pullpork-sid_changes.log
        sid-msg.map Output Path is: /home/snort/rules/etc/sid-msg.map
        Snort Version is: 2.9.9.0
        Snort Config File: /home/snort/rules/snort.conf
        Snort Path is: /usr/local/bin/snort
        SO Output Path is: /usr/local/lib/snort_dynamicrules/
        Will process SO rules
        Extra Verbose Flag is Set
        Verbose Flag is Set
        File(s) to ignore = deleted.rules,experimental.rules,local.rules
        Base URL is: https://www.snort.org/rules/|snortrules-snapshot.tar.gz| http://talosintelligence.com/feeds/ip-filter.blf|IPBLACKLIST|open
Checking latest MD5 for snortrules-snapshot-2990.tar.gz....
        Fetching md5sum for: snortrules-snapshot-2990.tar.gz.md5
** GET https://www.snort.org/reg-rules/snortrules-snapshot-2990.tar.gz.md5/ ==> 501 Protocol scheme 'https' is not supported (LWP::Protocol::https not installed) (1s)
        Error 501 when fetching https://www.snort.org/rules/snortrules-snapshot-2990.tar.gz.md5 at /home/snort/pulledpork/pulledpork.pl line 534.
        main::md5file("", "snortrules-snapshot-2990.tar.gz", "/tmp/", "https://www.snort.org/rules/") called at /home/snort/pulledpork/pulledpork.pl line 2007

$ locate https.pm
/usr/local/share/perl/5.22.1/LWP/Protocol/https.pm
/usr/share/perl5/URI/https.pm

This message (including any attachments) is intended only for
the use of the individual or entity to which it is addressed and
may contain information that is non-public, proprietary,
privileged, confidential, and exempt from disclosure under
applicable law or may constitute as attorney work product.
If you are not the intended recipient, you are hereby notified
that any use, dissemination, distribution, or copying of this
communication is strictly prohibited. If you have received this
communication in error, notify us immediately by telephone and
(i) destroy this message if a facsimile or (ii) delete this message
immediately if this is an electronic communication.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20170109/c96add25/attachment.html>


More information about the Snort-users mailing list