Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Pulled Pork - Error 500 when fetching

From: Jomana Malone <jomana.malone () gmail com>
Date: Thu, 29 Dec 2011 11:04:28 -0700
Hi all,
I recently installed Snort and PulledPork using Nick Moore's document, "Snort 2.9.1 on CentOS 5.6". I'm very new to all this. After lots of tweaks and research, I have Snort and Barnyard2 up and running. I even had PulledPork pull rulesets from Emerging Threats; however, I can't seem to get PulledPork to pull the rulesets from Snort. I was able to manually pull using wget though:
wget http://www.snort.org/reg-rules/snortrules-snapshot-edge.tar.gz/<my oinkcode> -O snortrules-snapshot-edge.tar.gz
As per JJC's suggestion in one of the discussions, I'm using the snortrules-snapshot-edge.tar.gz file instead of a specific snort rule version.
Below are all my system and error information. I know it's a lot, but I tried to break it up for you. I've been going around and around with this for a while, so I greatly appreciate any help you may provide. 

Thanks so much!

######################################
Here are my system specs:
######################################
OS: CentOS 5.6
PulledPork version: 0.6.1
Snort Version: 2.9.1

KERNEL:
[root@ip-50-63-56-122 ~]# uname -m
i686

CENTOS RELEASE:
[root@ip-50-63-56-122 ~]# cat /etc/issue
CentOS release 5.6 (Final)
Kernel \r on an \m

SNORT VERSION:
[root@ip-50-63-56-122 ~]# snort -V

   ,,_     -*> Snort! <*-
  o"  )~   Version 2.9.1 IPv6 GRE (Build 71)
'''' By Martin Roesch & The Snort Team: http://www.snort.org/snort/snort-team 
           Copyright (C) 1998-2011 Sourcefire, Inc., et al.
           Using libpcap version 1.1.1
           Using PCRE version: 8.13 2011-08-16
           Using ZLIB version: 1.2.3
######################################

######################################
After searching the Web and reading through Snort Users archives, I found other users with similar errors, but nothing that seemed to be a complete match. 

Here's my error:
######################################
[root@ip-50-63-56-122 ~]# /usr/local/pulledpork-0.6.1/pulledpork.pl -c /etc/snort/pulledpork.conf 

    http://code.google.com/p/pulledpork/
      _____ ____
     `----,\    )
      `--==\\  /    PulledPork: 0.6.1
       `--==\\/
     .-~~~~-.Y|\\_  Copyright (C) 2009-2011 JJ Cummings
  @_/        /  66\_  cummingsj () gmail com
    |    \   \   _(")
     \   /-| ||'--'  Rules give me wings!
      \_\  \_\\
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Checking latest MD5 for snortrules-snapshot-2910.tar.gz....
Error 500 when fetching https://www.snort.org/reg-rules/snortrules-snapshot-2910.tar.gz.md5 at /usr/local/pulledpork-0.6.1/pulledpork.pl line 454 main::md5file('<my oinkcode>', 'snortrules-snapshot-2910.tar.gz', '/tmp/', 'https://www.snort.org/reg-rules/&apos;) called at /usr/local/pulledpork-0.6.1/pulledpork.pl line 1760 

######################################

######################################
Line 454 in my pulledpork.pl file
######################################

croak "\tError $getrules_md5 when fetching "

######################################

######################################
Below is my error with extra verbose
######################################
[root@ip-50-63-56-122 ~]# /usr/local/pulledpork-0.6.1/pulledpork.pl -c /etc/snort/pulledpork.conf -vv 

    http://code.google.com/p/pulledpork/
      _____ ____
     `----,\    )
      `--==\\  /    PulledPork: 0.6.1
       `--==\\/
     .-~~~~-.Y|\\_  Copyright (C) 2009-2011 JJ Cummings
  @_/        /  66\_  cummingsj () gmail com
    |    \   \   _(")
     \   /-| ||'--'  Rules give me wings!
      \_\  \_\\
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Config File Variable Debug /etc/snort/pulledpork.conf
    snort_path = /usr/local/bin/snort
    pid_path = /var/run/snort_eth1.pid,/var/run/barnyard2_eth1.pid
    rule_path = /etc/snort/rules/snort.rules
    ignore = deleted.rules,experimental.rules,local.rules
    rule_url = ARRAY(0x9f79c30)
    snort_version = 2.9.1.0
    sid_changelog = /var/log/sid_changes.log
    sid_msg = /etc/snort/sid-msg.map
    backup_file = /tmp/pulled_pork_backup/pp_backup
    backup = /etc/snort,/usr/local/lib/snort_dynamicrules/
    ips_policy = security
    config_path = /etc/snort/snort.conf
    sostub_path = /etc/snort/rules/so_rules.rules
    oinkcode = <my oinkcode>
    temp_path = /tmp
    distro = Centos-5-4
    version = 0.6.1
    sorule_path = /usr/local/lib/snort_dynamicrules/
    local_rules = /etc/snort/rules/local.rules
MISC (CLI and Autovar) Variable Debug:
    arch Def is: i386
    Config Path is: /etc/snort/pulledpork.conf
    Distro Def is: Centos-5-4
    security policy specified
    local.rules path is: /etc/snort/rules/local.rules
    Rules file is: /etc/snort/rules/snort.rules
    sid changes will be logged to: /var/log/sid_changes.log
    sid-msg.map Output Path is: /etc/snort/sid-msg.map
    Snort Version is: 2.9.1.0
    Snort Config File: /etc/snort/snort.conf
    Snort Path is: /usr/local/bin/snort
    SO Output Path is: /usr/local/lib/snort_dynamicrules/
    SO Stub File is: /etc/snort/rules/so_rules.rules
    Extra Verbose Flag is Set
    Verbose Flag is Set
Base URL is: https://www.snort.org/reg-rules/|snortrules-snapshot-edge.tar.gz|<my oinkcode> 
Checking latest MD5 for snortrules-snapshot-2910.tar.gz....
    Fetching md5sum for: snortrules-snapshot-2910.tar.gz.md5
** GET https://www.snort.org/reg-rules/snortrules-snapshot-2910.tar.gz.md5/<my oinkcode> ==> SSL_connect:before/connect initialization 
SSL_connect:SSLv2/v3 write client hello A
SSL_connect:SSLv3 read server hello A
SSL_connect:SSLv3 read server certificate A
SSL_connect:SSLv3 read server done A
SSL_connect:SSLv3 write client key exchange A
SSL_connect:SSLv3 write change cipher spec A
SSL_connect:SSLv3 write finished A
SSL_connect:SSLv3 flush data
SSL_connect:SSLv3 read finished A
500 read failed:  (1s)
Error 500 when fetching https://www.snort.org/reg-rules/snortrules-snapshot-2910.tar.gz.md5 at /usr/local/pulledpork-0.6.1/pulledpork.pl line 454 main::md5file('<my oinkcode>', 'snortrules-snapshot-2910.tar.gz', '/tmp/', 'https://www.snort.org/reg-rules/&apos;) called at /usr/local/pulledpork-0.6.1/pulledpork.pl line 1760 


------------------------------------------------------------------------------
Ridiculously easy VDI. With Citrix VDI-in-a-Box, you don't need a complex
infrastructure or vast IT resources to deliver seamless, secure access to
virtual desktops. With this all-in-one solution, easily deploy virtual 
desktops for less than the cost of PCs and save 60% on VDI infrastructure 
costs. Try it free! http://p.sf.net/sfu/Citrix-VDIinabox
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!
Previous By Date Next
Previous By Thread Next

Current thread: