Re: Oinkmaster can't get rules

[Joel Esler <jesler () sourcefire com>]

http://global-security.blogspot.com/2010/07/pulledpork-042-501-error-when.html


On Jul 8, 2010, at 9:07 AM, Fábio Ferrão wrote:

> Dears,
>
> I'm receiving the follow error when I execute oinkmaster for upgrade of my snort rules:
>
> [prompt]# /usr/local/bin/oinkmaster -o /usr/local/snort/rules/rules > /home/suporte/oinkmaster.update                 
>         
> Loading /usr/local/etc/oinkmaster.conf
> Downloading file from http://www.snort.org/pub-bin/oinkmaster.cgi/*oinkcode*/snortrules-snapshot-2853.tar.gz... 
> /usr/local/bin/oinkmaster: Error: could not download from 
> http://www.snort.org/pub-bin/oinkmaster.cgi/*oinkcode*/snortrules-snapshot-2853.tar.gz. Output from wget follows:
>
>  http://www.snort.org/pub-bin/oinkmaster.cgi/*oinkcode*/snortrules-snapshot-2853.tar.gzResolving www.snort.org... 
> 68.177.102.20
> Connecting to www.snort.org|68.177.102.20|:80... connected.
> HTTP request sent, awaiting response... 302 Found
> Location: 
> https://s3.amazonaws.com/snort.org/rules/20100605/snortrules-snapshot-2853.tar.gz?AWSAccessKeyId=AKIAJJSHU7YNPLE5MKOQ&Expires=1278433099&Signature=orIzbg4Dttu4XDFED51PWMaBzSU%3D
>  [following]
> --2010-07-06 13:17:49--  
> https://s3.amazonaws.com/snort.org/rules/20100605/snortrules-snapshot-2853.tar.gz?AWSAccessKeyId=AKIAJJSHU7YNPLE5MKOQ&Expires=1278433099&Signature=orIzbg4Dttu4XDFED51PWMaBzSU%3D
> Resolving s3.amazonaws.com... 72.21.207.100
> Connecting to s3.amazonaws.com|72.21.207.100|:443... connected.
> ERROR: cannot verify s3.amazonaws.com's certificate, issued by `/C=US/O=VeriSign, Inc./OU=VeriSign Trust 
> Network/OU=Terms of use at https://www.verisign.com/rpa (c)09/CN=VeriSign Class 3 Secure Server CA - G2':
>   Unable to locally verify the issuer's authority.
> To connect to s3.amazonaws.com insecurely, use `--no-check-certificate'.
> Unable to establish SSL connection.
>
> Oink, oink. Exiting...
>
> One more try
>
> [prompt]# /usr/local/bin/oinkmaster -o /usr/local/snort/rules/rules > /home/suporte/oinkmaster.update
> Loading /usr/local/etc/oinkmaster.conf
> Downloading file from http://www.snort.org/pub-bin/oinkmaster.cgi/*oinkcode*/snortrules-snapshot-2853.tar.gz... 
> /usr/local/bin/oinkmaster: Error: could not download from 
> http://www.snort.org/pub-bin/oinkmaster.cgi/*oinkcode*/snortrules-snapshot-2853.tar.gz. Output from wget follows:
>
>  http://www.snort.org/pub-bin/oinkmaster.cgi/*oinkcode*/snortrules-snapshot-2853.tar.gzResolving www.snort.org... 
> 68.177.102.20
> Connecting to www.snort.org|68.177.102.20|:80... connected.
> HTTP request sent, awaiting response... 403 Forbidden
> 2010-07-06 13:18:43 ERROR 403: Forbidden.
>
>
> My oinkcode is ok, because I download the snort rule file successfully by browser.
>
>
> Can somebody help me?
>
> Thanks.
>
> -- 
> Fábio Ferrão
>
> "E conhecereis a verdade e a verdade vos libertará".    João 8.32
> "And you will know the truth and the truth you will free".    John 8.32
> ------------------------------------------------------------------------------
> This SF.net email is sponsored by Sprint
> What will you do first with EVO, the first 4G phone?
> Visit sprint.com/first -- http://p.sf.net/sfu/sprint-com-first_______________________________________________
> Snort-users mailing list
> Snort-users () lists sourceforge net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users

------------------------------------------------------------------------------
This SF.net email is sponsored by Sprint
What will you do first with EVO, the first 4G phone?
Visit sprint.com/first -- http://p.sf.net/sfu/sprint-com-first

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users