Snort mailing list archives
Pulled Pork - Error 500 when fetching
From: Jomana Malone <jomana.malone () gmail com>
Date: Thu, 29 Dec 2011 11:04:28 -0700
Hi all,I recently installed Snort and PulledPork using Nick Moore's document, "Snort 2.9.1 on CentOS 5.6". I'm very new to all this. After lots of tweaks and research, I have Snort and Barnyard2 up and running. I even had PulledPork pull rulesets from Emerging Threats; however, I can't seem to get PulledPork to pull the rulesets from Snort. I was able to manually pull using wget though:
wget http://www.snort.org/reg-rules/snortrules-snapshot-edge.tar.gz/<my oinkcode> -O snortrules-snapshot-edge.tar.gz
As per JJC's suggestion in one of the discussions, I'm using the snortrules-snapshot-edge.tar.gz file instead of a specific snort rule version.
Below are all my system and error information. I know it's a lot, but I tried to break it up for you. I've been going around and around with this for a while, so I greatly appreciate any help you may provide.
Thanks so much! ###################################### Here are my system specs: ###################################### OS: CentOS 5.6 PulledPork version: 0.6.1 Snort Version: 2.9.1 KERNEL: [root@ip-50-63-56-122 ~]# uname -m i686 CENTOS RELEASE: [root@ip-50-63-56-122 ~]# cat /etc/issue CentOS release 5.6 (Final) Kernel \r on an \m SNORT VERSION: [root@ip-50-63-56-122 ~]# snort -V ,,_ -*> Snort! <*- o" )~ Version 2.9.1 IPv6 GRE (Build 71)'''' By Martin Roesch & The Snort Team: http://www.snort.org/snort/snort-team
Copyright (C) 1998-2011 Sourcefire, Inc., et al. Using libpcap version 1.1.1 Using PCRE version: 8.13 2011-08-16 Using ZLIB version: 1.2.3 ###################################### ######################################After searching the Web and reading through Snort Users archives, I found other users with similar errors, but nothing that seemed to be a complete match.
Here's my error: ######################################[root@ip-50-63-56-122 ~]# /usr/local/pulledpork-0.6.1/pulledpork.pl -c /etc/snort/pulledpork.conf
http://code.google.com/p/pulledpork/ _____ ____ `----,\ ) `--==\\ / PulledPork: 0.6.1 `--==\\/ .-~~~~-.Y|\\_ Copyright (C) 2009-2011 JJ Cummings @_/ / 66\_ cummingsj () gmail com | \ \ _(") \ /-| ||'--' Rules give me wings! \_\ \_\\ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Checking latest MD5 for snortrules-snapshot-2910.tar.gz....Error 500 when fetching https://www.snort.org/reg-rules/snortrules-snapshot-2910.tar.gz.md5 at /usr/local/pulledpork-0.6.1/pulledpork.pl line 454 main::md5file('<my oinkcode>', 'snortrules-snapshot-2910.tar.gz', '/tmp/', 'https://www.snort.org/reg-rules/') called at /usr/local/pulledpork-0.6.1/pulledpork.pl line 1760
###################################### ###################################### Line 454 in my pulledpork.pl file ###################################### croak "\tError $getrules_md5 when fetching " ###################################### ###################################### Below is my error with extra verbose ######################################[root@ip-50-63-56-122 ~]# /usr/local/pulledpork-0.6.1/pulledpork.pl -c /etc/snort/pulledpork.conf -vv
http://code.google.com/p/pulledpork/ _____ ____ `----,\ ) `--==\\ / PulledPork: 0.6.1 `--==\\/ .-~~~~-.Y|\\_ Copyright (C) 2009-2011 JJ Cummings @_/ / 66\_ cummingsj () gmail com | \ \ _(") \ /-| ||'--' Rules give me wings! \_\ \_\\ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Config File Variable Debug /etc/snort/pulledpork.conf snort_path = /usr/local/bin/snort pid_path = /var/run/snort_eth1.pid,/var/run/barnyard2_eth1.pid rule_path = /etc/snort/rules/snort.rules ignore = deleted.rules,experimental.rules,local.rules rule_url = ARRAY(0x9f79c30) snort_version = 2.9.1.0 sid_changelog = /var/log/sid_changes.log sid_msg = /etc/snort/sid-msg.map backup_file = /tmp/pulled_pork_backup/pp_backup backup = /etc/snort,/usr/local/lib/snort_dynamicrules/ ips_policy = security config_path = /etc/snort/snort.conf sostub_path = /etc/snort/rules/so_rules.rules oinkcode = <my oinkcode> temp_path = /tmp distro = Centos-5-4 version = 0.6.1 sorule_path = /usr/local/lib/snort_dynamicrules/ local_rules = /etc/snort/rules/local.rules MISC (CLI and Autovar) Variable Debug: arch Def is: i386 Config Path is: /etc/snort/pulledpork.conf Distro Def is: Centos-5-4 security policy specified local.rules path is: /etc/snort/rules/local.rules Rules file is: /etc/snort/rules/snort.rules sid changes will be logged to: /var/log/sid_changes.log sid-msg.map Output Path is: /etc/snort/sid-msg.map Snort Version is: 2.9.1.0 Snort Config File: /etc/snort/snort.conf Snort Path is: /usr/local/bin/snort SO Output Path is: /usr/local/lib/snort_dynamicrules/ SO Stub File is: /etc/snort/rules/so_rules.rules Extra Verbose Flag is Set Verbose Flag is SetBase URL is: https://www.snort.org/reg-rules/|snortrules-snapshot-edge.tar.gz|<my oinkcode>
Checking latest MD5 for snortrules-snapshot-2910.tar.gz.... Fetching md5sum for: snortrules-snapshot-2910.tar.gz.md5** GET https://www.snort.org/reg-rules/snortrules-snapshot-2910.tar.gz.md5/<my oinkcode> ==> SSL_connect:before/connect initialization
SSL_connect:SSLv2/v3 write client hello A SSL_connect:SSLv3 read server hello A SSL_connect:SSLv3 read server certificate A SSL_connect:SSLv3 read server done A SSL_connect:SSLv3 write client key exchange A SSL_connect:SSLv3 write change cipher spec A SSL_connect:SSLv3 write finished A SSL_connect:SSLv3 flush data SSL_connect:SSLv3 read finished A 500 read failed: (1s)Error 500 when fetching https://www.snort.org/reg-rules/snortrules-snapshot-2910.tar.gz.md5 at /usr/local/pulledpork-0.6.1/pulledpork.pl line 454 main::md5file('<my oinkcode>', 'snortrules-snapshot-2910.tar.gz', '/tmp/', 'https://www.snort.org/reg-rules/') called at /usr/local/pulledpork-0.6.1/pulledpork.pl line 1760
------------------------------------------------------------------------------ Ridiculously easy VDI. With Citrix VDI-in-a-Box, you don't need a complex infrastructure or vast IT resources to deliver seamless, secure access to virtual desktops. With this all-in-one solution, easily deploy virtual desktops for less than the cost of PCs and save 60% on VDI infrastructure costs. Try it free! http://p.sf.net/sfu/Citrix-VDIinabox
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- Pulled Pork - Error 500 when fetching Jomana Malone (Dec 30)