[Snort-users] [Snort-openappid] Snort rule management ubuntu

Joel Esler (jesler) jesler at cisco.com
Thu Jan 25 13:58:23 EST 2018


Moving this from the openappid list to users.

True, we did move to https, but but oinkmaster (which you should stop using) and pulledpork support https.  Sounds like an issue that needs to be troubleshot for pulledpork.




--
Joel Esler | Talos: Manager | jesler at cisco.com<mailto:jesler at cisco.com>






On Jan 24, 2018, at 6:36 PM, DElboux, Nathan J via Snort-openappid <snort-openappid at lists.snort.org<mailto:snort-openappid at lists.snort.org>> wrote:

Hi all,

I have a few sensors that I have just purchased VRT rule subscriptions for. Up until now they were using the emerging threats free ruleset. They are based on Ubuntu and live behind a proxy.

I have discovered an issue with pulled pork within https via a proxy uses CONNECT method which is causing errors and not downloading the rules. So for the emerging threats ruleset I have switched to HTTP and it works fine.

I read somewhere that HTTP has been cut off from the VRT url “www.snort.org<http://www.snort.org/>” “ so I must use HTTPS. Is anyone using a rule management utility like oinkmaster on Ubuntu behind a proxy that has had success?

I can download the rules manually and inset them but with more sensors being on boarded I would prefer to have as much of it automated as I can.

Thanks!
Nathan

_______________________________________________
Snort-openappid mailing list
Snort-openappid at lists.snort.org<mailto:Snort-openappid at lists.snort.org>
https://lists.snort.org/mailman/listinfo/snort-openappid

Please visit http://blog.snort.org<http://blog.snort.org/> to stay current on all the latest Snort news!

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20180125/253452be/attachment-0001.html>


More information about the Snort-users mailing list