Snort mailing list archives
Re: Getting Incorrect URL Error Message for a working URL
From: MMartin () jwpepper com
Date: Tue, 11 Feb 2014 17:41:22 -0500
Hey Guys, Sorry to double post, but I think I may have found the problem... Looking at the Perl code for oinkmaster.pl I found the section that checks the URL by comparing it to a REGEX... You can see in the snippet of code below, that the regex wants the URL to end with ".tar.gz" --or-- ".tgz"... Which is why my URL wouldn't work... Here is the REGEX from the Snippet below ==> /^((?:https*|ftp|file|scp):\/\/.+\.(?:tar\.gz|tgz))$/ __________________________ __________________________ CODE SNIPPET # Make sure all urls look ok, and untaint them. my @urls = @{$config{url}}; $#{$config{url}} = -1; foreach my $url (@urls) { clean_exit("incorrect URL: \"$url\"") unless ($url =~ /^((?:https*|ftp|file|scp):\/\/.+\.(?:tar\.gz|tgz))$/ || $url =~ /^(dir:\/\/.+)/); my $ok_url = $1; :.....MORE CODE..... } ________________________END CODE SNIPPET________________________ The problem is my URL actually ends with my Oinkcode and NOT the file name... I think I'll try to adjust the REGEX to match MY url and give it another try in the morning... I'll let you guys know what happens just in case anyone else has or had this issue and isn't familiar with Perl and/or REGEXs. Although, I could probably just remove the '$' at the end of the REGEX and it should probably work just fine since that matches the end of the line, and by including "^" at the start, and '$' at the end, it's basically saying it has to start and end exactly like this..... And removing the '$' will basically just make it want to see that ".tar.gz" or ".tgz" is included somewhere in the URL... I'll post back shortly. Again, sorry about double posting... Thanks Again, Matt From: MMartin () jwpepper com To: snort-users () lists sourceforge net Date: 02/11/2014 05:12 PM Subject: [Snort-users] Getting Incorrect URL Error Message for a working URL Hello All, Installed Version: Snort v2.9.6.0 --and-- Oinkmaster v2.0 Let me start by saying I am new to Snort, but I have it configured and running in IDS mode. The issue I'm having is with Oinkmaster.pl, which is telling me the URL I am giving is incorrect. Sorry if this was asked before, but I tried checking the mail-list's archive for a similar situation at but without a search function it was impossible to find a similar case... But anyway, I am a registered User on snort.org and I generated an "Oinkcode" from My Account page in order to get a URL configured for oinkmaster to update my rules. I added the following URL from my "My Oinkcode" page, under "Registered User Release", which was generated using my specific code that was given to me, which I added to my "/etc/oinkmaster.conf" file: (*FYI, I hid my OinkCode with 'xxx....' below) http://www.snort.org/reg-rules/snortrules-snapshot-2931.tar.gz/xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx This link was the default one given as an example so I tried the ".../snortrules-snapshot-2960.tar.gz/..." because that is the Snort version I currently have installed, and when I open that in a browser I get this error below..: Snort.org Rule Pack Download Error: -------------------------- Subscription: false -------------------------- No rule pack with this filename is available to you. -------------------------- I assume since this is the newest version of Snort available, the rules are not yet ready for download...? So I tried the next newest release, which was --> "snortrules-snapshot-2956.tar.gz" http://www.snort.org/reg-rules/snortrules-snapshot-2956.tar.gz/xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx I entered that URL above into a browser, and when the page loads I'm prompted with a download dialog to download the snortrules-snapshot. Since I got a download prompt I assume this is the correct URL for me to use. So I entered the following line in my oinkmaster.conf file: url = http://www.snort.org/reg-rules/snortrules-snapshot-2956.tar.gz/xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx Now, when I run the oinkmaster command to update/download the newest rule's file I get an error about the URL, see below: # oinkmaster -o /etc/snort/rules Loading /etc/oinkmaster.conf /usr/local/bin/oinkmaster: Error: incorrect URL: " http://www.snort.org/reg-rules/snortrules-snapshot-2931.tar.gz/xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx " Oink, oink. Exiting... Since the URL works in a browser I'm not sure why it wouldn't work from the oinkmaster.pl command..? Does anyone know why this would be happening? Any thoughts or suggestions would be much appreciated. Thanks in Advance, Matt ------------------------------------------------------------------------------ Android apps run on BlackBerry 10 Introducing the new BlackBerry 10.2.1 Runtime for Android apps. Now with support for Jelly Bean, Bluetooth, Mapview and more. Get your Android app in front of a whole new audience. Start now. http://pubads.g.doubleclick.net/gampad/clk?id=124407151&iu=/4140/ostg.clktrk _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
------------------------------------------------------------------------------ Android apps run on BlackBerry 10 Introducing the new BlackBerry 10.2.1 Runtime for Android apps. Now with support for Jelly Bean, Bluetooth, Mapview and more. Get your Android app in front of a whole new audience. Start now. http://pubads.g.doubleclick.net/gampad/clk?id=124407151&iu=/4140/ostg.clktrk
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- Getting Incorrect URL Error Message for a working URL MMartin (Feb 11)
- Re: Getting Incorrect URL Error Message for a working URL MMartin (Feb 11)
- Re: Getting Incorrect URL Error Message for a working URL Joel Esler (jesler) (Feb 11)