Snort mailing list archives
Re: manual update of rules using pulledpork
From: tadios tefera <ttefera () gmail com>
Date: Thu, 12 Jul 2012 10:48:33 -0400
Thanks JJC, that worked! On Jul 12, 2012 1:41 AM, "JJC" <cummingsj () gmail com> wrote:
You have to pull the file from a URL, otherwise simply bypass this process by copying the tarball to the "temp" location that you have specified pulledpork to use, that would be "c:\windows\temp" in your case. Once you copy that file to the specified location run pulledpork with the nodownload flag.. make sense? JJC On Wed, Jul 11, 2012 at 2:29 PM, tadios tefera <ttefera () gmail com> wrote:Hi all, As my snort box is not connected to the internet, I need to be able to update rules using pulledpork but only mannually. By that I mean i will be downloading snortrules-snapshot-2923.tar.gz file to my D drive, then have pulledpork grab it from D drive as opposed to going to https://www.snort.org/reg-rules... Is that possible? When doing what I described above, the error I am getting is: *** GET c:%5Cwin-ids%5Csnort%5Crules%5C/snortrules-snapshot-2923.tar.gz ==> 500 A ccess to 'c' URIs has been disabled A 500 error occurred, please verify that you have recently updated your root certificates!* The whole output is below. Thanks Tad. Config File Variable Debug c:\win-ids\pulledpork\etc\pulledpork.conf temp_path = c:\windows\temp version = 0.6.0 rule_path = c:\win-ids\snort\rules\winids.rules ignore = deleted.rules,experimental.rules,local.rules rule_url = ARRAY(0x2d1136c) snort_version = 2.9.2.3 sid_changelog = c:\win-ids\snort\log\sid_changes.log sid_msg = c:\win-ids\snort\etc\sid-msg.map local_rules = c:\win-ids\snort\rules\local.rules docs = \\lv8civweb\c$\inetpub\wwwroot\snort_base\signatures Use of uninitialized value $Snort_path in -B at c:\win-ids\pulledpork\pulledpork .pl line 1565. 'uname' is not recognized as an internal or external command, operable program or batch file. MISC (CLI and Autovar) Variable Debug: Config Path is: c:\win-ids\pulledpork\etc\pulledpork.conf Docs Reference Location is: \\lv8civweb-01\c$\inetpub\wwwroot\snort_ba se\signatures Disabled policy specified local.rules path is: c:\win-ids\snort\rules\local.rules Rules file is: c:\win-ids\snort\rules\winids.rules sid changes will be logged to: c:\win-ids\snort\log\sid_changes.log sid-msg.map Output Path is: c:\win-ids\snort\etc\sid-msg.map Snort Version is: 2.9.2.3 Text Rules only Flag is Set Verbose Flag is Set Base URL is: c:\win-ids\snort\rules\|snortrules-snapshot-2923.tar.gz|<75 65f2172c3399402aead7c8cd20b8985d1974c0> Rules tarball download of snortrules-snapshot-2923.tar.gz.... Fetching rules file: snortrules-snapshot-2923.tar.gz But not verifying MD5 *** GET c:%5Cwin-ids%5Csnort%5Crules%5C/snortrules-snapshot-2923.tar.gz ==> 500 A ccess to 'c' URIs has been disabled A 500 error occurred, please verify that you have recently updated your root certificates!* ------------------------------------------------------------------------------ Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
------------------------------------------------------------------------------ Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- manual update of rules using pulledpork tadios tefera (Jul 11)
- Re: manual update of rules using pulledpork JJC (Jul 11)
- Re: manual update of rules using pulledpork tadios tefera (Jul 12)
- Re: manual update of rules using pulledpork JJC (Jul 11)