Snort mailing list archives

Re: pulledpork not retrieving reg rules

From: Heine Lysemose <lysemose () gmail com>
Date: Thu, 10 Oct 2013 11:59:28 +0200

Hi

Rules for Snort 2.9.2.2 are no longer available.
http://blog.snort.org/2012/08/snort-2922-is-end-of-life.html

regards,
Lysemose


On Thu, Oct 10, 2013 at 11:52 AM, Roland RoLaNd <r_o_l_a_n_d () hotmail com>wrote:

All,

i configured pulledpork.conf as such:

black_list=/usr/local/etc/snort/rules/iplists/default.blacklist
config_path=/etc/snort/snort.conf
disablesid=/etc/snort/disablesid.conf
distro=Debian-7-1
enablesid=/etc/snort/enablesid.conf
ignore=deleted.rules,experimental.rules,local.rules
IPRVersion=/usr/local/etc/snort/rules/iplists
local_rules=/etc/snort/rules/local.rules
modifysid=/etc/snort/modifysid.conf
pid_path=/var/run/snort_eth0.pid
pid_path=/var/run/snort_eth3.pid
rule_path=/etc/snort/rules/snort.rules
rule_url=http://labs.snort.org/feeds/ip-filter.blf|IPBLACKLIST|open
rule_url=
https://www.snort.org/reg-rules/|snortrules-snapshot.tar.gz|myoinkcode
sid_changelog=/var/log/sid_changes.log
sid_msg=/etc/snort/sid-msg.map
sid_msg_version=1
snort_control=/usr/local/bin/snort_control
snort_path=/usr/sbin/snort
snort_version=2.9.2.2-3
sorule_path=/usr/local/lib/snort_dynamicrules/
temp_path=/tmp
version=0.7.0


When i run try updating:

 pulledpork.pl -c /etc/snort/pulledpork.conf -T -l

    http://code.google.com/p/pulledpork/
      _____ ____
     `----,\    )
      `--==\\  /    PulledPork v0.7.0 - Swine Flu!
       `--==\\/
     .-~~~~-.Y|\\_  Copyright (C) 2009-2013 JJ Cummings
  @_/        /  66\_  cummingsj () gmail com
    |    \   \   _(")
     \   /-| ||'--'  Rules give me wings!
      \_\  \_\\
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Checking latest MD5 for snortrules-snapshot-2922-3.tar.gz....
A 403 error occurred, please wait for the 15 minute timeout
to expire before trying again or specify the -n runtime switch
You may also wish to verfiy your oinkcode, tarball name, and other
configuration options
Error 403 when fetching
https://www.snort.org/reg-rules/snortrules-snapshot-2922-3.tar.gz.md5 at
/usr/local/bin/pulledpork.pl line 463
main::md5file('myoinkcode', 'snortrules-snapshot-2922-3.tar.gz', '/tmp/', '
https://www.snort.org/reg-rules/&apos;) called at /usr/local/bin/pulledpork.plline 1847



PS: visiting
https://www.snort.org/reg-rules/snortrules-snapshot-2922-3.tar.gz/<https://www.snort.org/reg-rules/snortrules-snapshot-2922-3.tar.gz/5b78fef78a3bd4f1e80821fc12b941f11b16dd1a>
myoinkcode
 in a browser returns the following:

Snort.org Rule Pack Download Error:
      --------------------------
      Subscription: false
      --------------------------
      No rule pack with this filename is available to you.
      --------------------------



Am i using the wrong url to retrieve 30 days old rules?




------------------------------------------------------------------------------
October Webinars: Code for Performance
Free Intel webinars can help you accelerate application performance.
Explore tips for MPI, OpenMP, advanced profiling, and more. Get the most
from
the latest Intel processors and coprocessors. See abstracts and register >
http://pubads.g.doubleclick.net/gampad/clk?id=60134071&iu=/4140/ostg.clktrk
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest
Snort news!

------------------------------------------------------------------------------
October Webinars: Code for Performance
Free Intel webinars can help you accelerate application performance.
Explore tips for MPI, OpenMP, advanced profiling, and more. Get the most from 
the latest Intel processors and coprocessors. See abstracts and register >
http://pubads.g.doubleclick.net/gampad/clk?id=60134071&iu=/4140/ostg.clktrk

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!

Current thread:

pulledpork not retrieving reg rules Roland RoLaNd (Oct 10)
- Re: pulledpork not retrieving reg rules Heine Lysemose (Oct 10)
  - Re: pulledpork not retrieving reg rules Roland RoLaNd (Oct 10)
- <Possible follow-ups>
- Re: pulledpork not retrieving reg rules wkitty42 (Oct 10)