Snort mailing list archives

Re: I'm so close I smell Bacon... little more help thanks!

From: James Lay <jlay () slave-tothe-box net>
Date: Sat, 15 Sep 2012 08:30:01 -0600


On Sep 14, 2012, at 1:15 AM, PR <oly562 () gmail com> wrote:

ok, i am loaded pulledpork.conf... oh and im still sorta waiting for the info i asked earlier, but i think i have 
gotten past all that now... 

moving forward...


1. i ran this:

./pulledpork.pl -s /etc/snort/so_rules -p /usr/local/bin/snort -C /etc/snort.conf -i /etc/snort/disablesid.conf -b 
/etc/snort/dropsid.conf -e /etc/snort/enablesid.conf -M /etc/snort/modifysid.conf -e /etc/snort/enablesid.conf -c 
/etc/snort/pulledpork.conf -o /etc/snort/rules/


2. i got this:

Use of uninitialized value $arch in regexp compilation at ./pulledpork.pl line 271.
Use of uninitialized value $arch in regexp compilation at ./pulledpork.pl line 271.
Use of uninitialized value $arch in regexp compilation at ./pulledpork.pl line 271.
Use of uninitialized value $arch in regexp compilation at ./pulledpork.pl line 271.
Use of uninitialized value $arch in regexp compilation at ./pulledpork.pl line 271.
Use of uninitialized value $arch in regexp compilation at ./pulledpork.pl line 271.
Done!
~
~

Checking latest MD5 for emerging.rules.tar.gz....
Error 500 when fetching https://rules.emergingthreats.net/open/snort-2.9.3/emerging.rules.tar.gz.md5 at 
./pulledpork.pl line 453.
main::md5file('open', 'emerging.rules.tar.gz', '/tmp/', 'https://rules.emergingthreats.net/open/snort-2.9.3/&apos;) called 
at ./pulledpork.pl line 1758



3. i checked pulledpork.pl - 271 first,,, 

elsif ( $filename =~ /^preproc_rules\/.*\.rules$/ ) {
            $singlefile =~ s/^preproc_rules\///;
            $tar->extract_file( $filename,
                $temp_path . "/tha_rules/$prefix" . $singlefile );
            print "\tExtracted: /tha_rules/$prefix$singlefile\n"
              if ( $Verbose && !$Quiet );
        }
here ???  elsif ($Sorules   <<<<
            && $filename =~
or here  ???
             /^so_rules\/precompiled\/($Distro)\/($arch)\/($Snort)\/.*\.so/
            && -d $Sorules
            && !$Textonly )

line 271 is var $Sorules

i believe its complaining about precompiled, ill recheck to see if i added ubuntu 10.04 anywhere, dont think so, and 
im running 12.04 which is not listed yet in docs, however, let me check, if i didn't invoke precompiled var in 
pulledpork.conf, where is my mistake?

thanks


I get a BUNCH of those every time I update…still updates fine so eh…ignore and conquer has worked for me :)

James


------------------------------------------------------------------------------
How fast is your code?
3 out of 4 devs don\\\'t know how their code performs in production.
Find out how slow your code is with AppDynamics Lite.
http://ad.doubleclick.net/clk;262219672;13503038;z?
http://info.appdynamics.com/FreeJavaPerformanceDownload.html
_______________________________________________
Snort-sigs mailing list
Snort-sigs () lists sourceforge net
https://lists.sourceforge.net/lists/listinfo/snort-sigs
http://www.snort.org


Please visit http://blog.snort.org for the latest news about Snort!

Current thread:

I'm so close I smell Bacon... little more help thanks! PR (Sep 15)
- Re: I'm so close I smell Bacon... little more help thanks! James Lay (Sep 15)
  - Re: I'm so close I smell Bacon... little more help thanks! JJC (Sep 15)
    - Re: I'm so close I smell Bacon... little more help thanks! James Lay (Sep 15)
    - Re: I'm so close I smell Bacon... little more help thanks! JJ Cummings (Sep 17)