Snort mailing list archives
Re: RESOLVED Re: Oinkmaster can't get rules
From: James Lay <jlay () slave-tothe-box net>
Date: Fri, 16 Jul 2010 07:31:11 -0600
An interesting thing. Just tested this morning...on slackware 10.2 (old I know). All three things needed to happen..why I have no idea. Wget version is 1.10.2. Current setup: Crypt::SSLeay is updated to 0.57. Verisign certs from the ca-certs package dated December 2009 are in /etc/ssl/certs (openssl has been compiled with default dir as /etc/ssl/). --no-check-certificate is in oinkmaster.pl line 909. If I remove the certs I get: Resolving www.snort.org... 68.177.102.20 Connecting to www.snort.org|68.177.102.20|:80... connected. HTTP request sent, awaiting response... 403 Forbidden 06:15:08 ERROR 403: Forbidden. If I remove the --no-check-certificate line I get: Resolving www.snort.org... 68.177.102.20 Connecting to www.snort.org|68.177.102.20|:80... connected. HTTP request sent, awaiting response... 302 Found Location: https://s3.amazonaws.com/snort.org/rules/20100614/snortrules-snapshot-2860.t ar.gz?AWSAccessKeyId= [following] --06:52:53-- https://s3.amazonaws.com/snort.org/rules/20100614/snortrules-snapshot-2860.t ar.gz?AWSAccessKeyId= => `/tmp/oinkmaster.OOORjjxt1X/url.erXoRpKg3C/snortrules.tar.gz' Resolving s3.amazonaws.com... 72.21.207.242 Connecting to s3.amazonaws.com|72.21.207.242|:443... connected. ERROR: Certificate verification error for s3.amazonaws.com: unable to get local issuer certificate To connect to s3.amazonaws.com insecurely, use `--no-check-certificate'. Unable to establish SSL connection. With both the above set however, all is fine in the universe: Loading /chroot/snort/etc/oinkmaster.conf Downloading file from http://www.snort.org/pub-bin/oinkmaster.cgi/*oinkcode*/snortrules-snapshot-2 860.tar.gz... done. Archive successfully downloaded, unpacking... done. Downloading file from http://www.emergingthreats.net/rules/emerging.rules.tar.gz... done. Archive successfully downloaded, unpacking... done. Setting up rules structures... done. Processing downloaded rules... disabled 3, enabled 0, modified 0, total=20447 Setting up rules structures... done. Comparing new files to the old ones... done. Updating local rules files... done. So there we have it ;) James
From: Nigel Houghton <nhoughton () sourcefire com> Date: Thu, 15 Jul 2010 08:51:37 -0400 To: James Lay <jlay () slave-tothe-box net> Cc: Snort <snort-users () lists sourceforge net> Subject: Re: [Snort-users] RESOLVED Re: Oinkmaster can't get rules On Thu, Jul 15, 2010 at 8:27 AM, James Lay <jlay () slave-tothe-box net> wrote:Success! Apparently 3 things needed to occur: Update Crypt::SSLeayGood practice to keep things up to date, especially where your security software is concerned. (I'm looking at you people who aren't running 2.8.5.3 or 2.8.6.0)Modify oinkmaster.pl line 909 with --no-check-certificateSo now you're not checking certificate validity so...Snag the ca-certificates package and install each cert in /etc/ssl/certs...you wouldn't need these anymore.While I can see Slackware's point of having the user install the certs, eh...it was a bit of a pain to have to figure all this out ;) Thanks for all the help folks.You need to make sure you have the up to date certificates installed and don't use the "--no-check-cert" option. -- Nigel Houghton Head Mentalist SF VRT http://vrt-sourcefire.blogspot.com && http://labs.snort.org/ ------------------------------------------------------------------------------ This SF.net email is sponsored by Sprint What will you do first with EVO, the first 4G phone? Visit sprint.com/first -- http://p.sf.net/sfu/sprint-com-first _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
------------------------------------------------------------------------------ This SF.net email is sponsored by Sprint What will you do first with EVO, the first 4G phone? Visit sprint.com/first -- http://p.sf.net/sfu/sprint-com-first _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Re: Oinkmaster can't get rules, (continued)
- Re: Oinkmaster can't get rules JJC (Jul 14)
- Re: Oinkmaster can't get rules Jefferson, Shawn (Jul 19)
- oinkmaster vs pulledpork was (Oinkmaster can't get rules) Russell Fulton (Jul 19)
- Re: oinkmaster vs pulledpork was (Oinkmaster can't get rules) JJC (Jul 19)
- Re: oinkmaster vs pulledpork was (Oinkmaster can't get rules) Mike Lococo (Jul 19)
- Re: oinkmaster vs pulledpork was (Oinkmaster can't get rules) Joel Esler (Jul 19)
- Re: oinkmaster vs pulledpork was (Oinkmaster can't get rules) Mike Lococo (Jul 20)
- RESOLVED Re: Oinkmaster can't get rules James Lay (Jul 15)
- Re: RESOLVED Re: Oinkmaster can't get rules Joel Esler (Jul 15)
- Re: RESOLVED Re: Oinkmaster can't get rules Nigel Houghton (Jul 15)
- Re: RESOLVED Re: Oinkmaster can't get rules James Lay (Jul 16)
- Re: Oinkmaster can't get rules Jun Wan (Jul 25)
- Re: Oinkmaster can t get rules waldo kitty (Jul 25)
- FW: Oinkmaster can't get rules Jun Wan (Jul 25)
- Re: FW: Oinkmaster can't get rules Joel Esler (Jul 26)
- Re: FW: Oinkmaster can't get rules Nigel Houghton (Jul 26)
- Re: FW: Oinkmaster can't get rules Joel Esler (Jul 26)
- Re: FW: Oinkmaster can t get rules waldo kitty (Jul 26)
- Re: FW: Oinkmaster can t get rules waldo kitty (Jul 26)
- Re: FW: Oinkmaster can't get rules JJC (Jul 26)
- Re: FW: Oinkmaster can't get rules Jun Wan (Jul 26)