Re: Problems with new pulledpork 0.6.0 version

[Kevin Ross <kevross33 () googlemail com>]

I am getting the same. It seems to be linked to if you put text in your list
of sids for disable/enable etc. i.e ET-scada.rules or whatever. If you
remove it and leave only sid listings it runs fine.

On 29 March 2011 09:44, carlopmart <carlopmart () gmail com> wrote:

> Hi all,
>
>  I am testing new pulledpork 0.6.0 version (I didn't have used
> previously), and I have found some problems.
>
>  First Test: I have configured an empty disabled.conf and result is:
>
> Rule Stats....
>        New:-------0
>        Deleted:---0
>        Enabled Rules:----17759
>        Dropped Rules:----0
>        Disabled Rules:---13820
>        Total Rules:------31579
>        Done
> Please review /tmp/sid_changes_prod.log for additional details
> Fly Piggy Fly!
>
>  Why pulledpork disables 13820 rules?? I have commented out ips_policy
>
>
> Second Test: In disablesid.conf I have disable some categories:
> ET-emerging-mobile_malware,ET-emerging-scada,ET-emerging-voip,ET-
>
> emerging-web_client,ET-emerging-web_server,ET-emerging-web_specific_apps,VRT-deleted,VRT-experimental,VRT-local,VRT-nntp,VRT-scada,VRT-web-activex,VRT-web-attacks,VRT-web-cgi,VRT-web-client,VRT-web-coldfusion,VRT-web-frontpage,VRT-web-iis,VRT-web-misc,VRT-web-php
> ...
>
>  And the result is:
>
> Rule Stats....
>        New:-------0
>        Deleted:---0
>        Enabled Rules:----0
>        Dropped Rules:----0
>        Disabled Rules:---31579
>        Total Rules:------31579
>        Done
> Please review /tmp/sid_changes_prod.log for additional details
> Fly Piggy Fly!
>
>  ALL rules are disabled!!!. Why??
>
>
> And a lot of errors are produced:
>
> Argument "web-activex" isn't numeric in numeric eq (==) at
> /usr/local/bin/pulledpork.pl line 844.
> Argument "exploit" isn't numeric in numeric eq (==) at
> /usr/local/bin/pulledpork.pl line 844.
> Argument "exploit" isn't numeric in numeric eq (==) at
> /usr/local/bin/pulledpork.pl line 844.
> Argument "web-client" isn't numeric in numeric eq (==) at
> /usr/local/bin/pulledpork.pl line 844.
> Argument "web-activex" isn't numeric in numeric eq (==) at
> /usr/local/bin/pulledpork.pl line 844.
> Argument "web-client" isn't numeric in numeric eq (==) at
> /usr/local/bin/pulledpork.pl line 844.
> Argument "web-activex" isn't numeric in numeric eq (==) at
> /usr/local/bin/pulledpork.pl line 844.
> Argument "web-activex" isn't numeric in numeric eq (==) at
> /usr/local/bin/pulledpork.pl line 844.
> Argument "netbios" isn't numeric in numeric eq (==) at
> /usr/local/bin/pulledpork.pl line 844.
> Argument "netbios" isn't numeric in numeric eq (==) at
> /usr/local/bin/pulledpork.pl line 844.
> Argument "preprocessor" isn't numeric in numeric eq (==) at
> /usr/local/bin/pulledpork.pl line 844.
> Argument "preprocessor" isn't numeric in numeric eq (==) at
> /usr/local/bin/pulledpork.pl line 844.
> Argument "sensitive-data" isn't numeric in numeric eq (==) at
> /usr/local/bin/pulledpork.pl line 844.
> Argument "sensitive-data" isn't numeric in numeric eq (==) at
> /usr/local/bin/pulledpork.pl line 844.
> Argument "sensitive-data" isn't numeric in numeric eq (==) at
> /usr/local/bin/pulledpork.pl line 844.
> Argument "sensitive-data" isn't numeric in numeric eq (==) at
> /usr/local/bin/pulledpork.pl line 844.
> Argument "sensitive-data" isn't numeric in numeric eq (==) at
> /usr/local/bin/pulledpork.pl line 844.
> Argument "preprocessor" isn't numeric in numeric eq (==) at
> /usr/local/bin/pulledpork.pl line 844.
> Argument "preprocessor" isn't numeric in numeric eq (==) at
> /usr/local/bin/pulledpork.pl line 844.
> Argument "preprocessor" isn't numeric in numeric eq (==) at
> /usr/local/bin/pulledpork.pl line 844.
> Argument "preprocessor" isn't numeric in numeric eq (==) at
> /usr/local/bin/pulledpork.pl line 844.
> Argument "preprocessor" isn't numeric in numeric eq (==) at
> /usr/local/bin/pulledpork.pl line 844.
> Argument "preprocessor" isn't numeric in numeric eq (==) at
> /usr/local/bin/pulledpork.pl line 844.
> Argument "preprocessor" isn't numeric in numeric eq (==) at
> /usr/local/bin/pulledpork.pl line 844.
>
>  What am I doing wrong??
>
>  Thanks.
> --
> CL Martinez
> carlopmart {at} gmail {d0t} com
>
>
> ------------------------------------------------------------------------------
> Enable your software for Intel(R) Active Management Technology to meet the
> growing manageability and security demands of your customers. Businesses
> are taking advantage of Intel(R) vPro (TM) technology - will your software
> be a part of the solution? Download the Intel(R) Manageability Checker
> today! http://p.sf.net/sfu/intel-dev2devmar
> _______________________________________________
> Snort-users mailing list
> Snort-users () lists sourceforge net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
------------------------------------------------------------------------------
Enable your software for Intel(R) Active Management Technology to meet the
growing manageability and security demands of your customers. Businesses
are taking advantage of Intel(R) vPro (TM) technology - will your software 
be a part of the solution? Download the Intel(R) Manageability Checker 
today! http://p.sf.net/sfu/intel-dev2devmar

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users