Re: PulledPork 403 Forbidden error

["Steve Crow" <scrow () amarilloheartgroup com>]

Joel, I get the same thing, would you check into my account?

 

Thank you!

 

Steve Crow

 

From: Joel Esler (jesler) [mailto:jesler () cisco com] 
Sent: Friday, April 18, 2014 1:03 PM
To: Kurzawa, Kevin
Cc: snort-users () lists sourceforge net
Subject: Re: [Snort-users] PulledPork 403 Forbidden error

 

Dear Kevin,

In order to look into this issue, I am going to need your Snort.org username
and email address.  Please feel free to email me directly with that
information. 

 

--
Joel Esler
Open Source Manager
Threat Intelligence Team Lead
Vulnerability Research Team

 

 

On Apr 18, 2014, at 1:32 PM, Kurzawa, Kevin <kkurzawa () co pinellas fl us>
wrote:





PulledPork 0.7.0

Snort 2960

Archlinux

 

Switching over from Oinkmaster to PulledPork. I want the ability to
automatically switch between the connectivity, balanced, and security
rulesets easily (if this is do-able in Oinkmaster, someone please enlighten
me).

 

Running sudo pulledpork.pl -c /etc/pulledpork/pulledpork.conf -T -vv

 

Base URL is:
<https://www.snort.org/reg-rules/|snortrules-snapshot-2960.tar.gz|83c886d030
bc3d56e56d69488c456404xxxx>
https://www.snort.org/reg-rules/|snortrules-snapshot-2960.tar.gz|83c886d030b
c3d56e56d69488c456404xxxx

Checking latest MD5 for snortrules-snapshot-2960.tar.gz....

Fetching md5sum for: snortrules-snapshot-2960.tar.gz.md5

** GET
<https://www.snort.org/reg-rules/snortrules-snapshot-2960.tar.gz.md5/83c886d
030bc3d56e56d69488c456404xxxx>
https://www.snort.org/reg-rules/snortrules-snapshot-2960.tar.gz.md5/83c886d0
30bc3d56e56d69488c456404xxxx ==> 403 Forbidden (1s)

A 403 error occurred, please wait for the 15 minute timeout

to expire before trying again or specify the -n runtime switch

You may also wish to verfiy your oinkcode, tarball name, and other
configuration options

Error 403 when fetching
<https://www.snort.org/reg-rules/snortrules-snapshot-2960.tar.gz.md5>
https://www.snort.org/reg-rules/snortrules-snapshot-2960.tar.gz.md5 at
/usr/local/bin/pulledpork.pl line 463.

main::md5file('83c886d030bc3d56e56d69488c456404xxxx ',
'snortrules-snapshot-2960.tar.gz', '/tmp/', '
<https://www.snort.org/reg-rules/&apos;> https://www.snort.org/reg-rules/&apos;)
called at /usr/local/bin/pulledpork.pl line 1847

 

If I use a base URL without the version in yells at me and tells me I have
to specify it.

Base URL is:
<https://www.snort.org/reg-rules/|snortrules-snapshot.tar.gz|83c886d030bc3d5
6e56d69488c456404xxxx>
https://www.snort.org/reg-rules/|snortrules-snapshot.tar.gz|83c886d030bc3d56
e56d69488c456404xxxx

 

I get this 403 error after waiting for 20 minutes, 30 minutes, whenever
minutes.

I verified my oinkcode, it is correct.

I got the tarball name from the  <http://snort.org/> Snort.org site where it
references downloading via the command line.

As for other configuration options, I do not know what else it could be.

 

 

My pulledpork.conf file:

 

# RULE URI

#rule_url=
<https://www.snort.org/reg-rules/|snortrules-snapshot.tar.gz|83c886d030bc3d5
6e56d69488c456404xxxx>
https://www.snort.org/reg-rules/|snortrules-snapshot.tar.gz|83c886d030bc3d56
e56d69488c456404xxxx

rule_url=
<https://www.snort.org/reg-rules/|snortrules-snapshot-2960.tar.gz|83c886d030
bc3d56e56d69488c456404xxxx>
https://www.snort.org/reg-rules/|snortrules-snapshot-2960.tar.gz|83c886d030b
c3d56e56d69488c456404xxxx

#rule_url= <http://labs.snort.org/feeds/ip-filter.blf|IPBLACKLIST|open>
http://labs.snort.org/feeds/ip-filter.blf|IPBLACKLIST|open

#rule_url= <https://www.snort.org/reg-rules/|opensource.gz|%3Coinkcode%3E>
https://www.snort.org/reg-rules/|opensource.gz|<oinkcode>

#rule_url=
<https://rules.emergingthreatspro.com/|emerging.rules.tar.gz|open>
https://rules.emergingthreatspro.com/|emerging.rules.tar.gz|open

#rule_url= <https://rules.emergingthreatspro.com/|etpro.rules.tar.gz|>
https://rules.emergingthreatspro.com/|etpro.rules.tar.gz|<et oinkcode>

 

ips_policy=security

ignore=deleted.rules,experimental.rules,local.rules

temp_path=/tmp

rule_path=/etc/pulledpork/rules/snort.rules

# out_path=/usr/local/etc/snort/rules/

local_rules=/etc/pulledpork/rules/local.rules

sid_msg=/etc/pulledpork/sid-msg.map

sid_msg_version=1

sid_changelog=/var/log/pulledpork/sid_changes.log

 

# SHARED OBJECT (SO) RULES

#sorule_path=/usr/local/lib/snort_dynamicrules/

snort_path=/usr/bin/snort

#sostub_path=

#config_path=/etc/snort/snort.conf

# Define your distro, this is for the precompiled shared object libs!

# Valid Distro Types:

# Debian-5-0, Debian-6-0,

# Ubuntu-8.04, Ubuntu-10-4

# Centos-4-8, Centos-5-4

# FC-12, FC-14, RHEL-5-5, RHEL-6-0

# FreeBSD-7-3, FreeBSD-8-1

# OpenBSD-4-8

# Slackware-13-1

#distro=FreeBSD-8.1

 

black_list=/etc/pulledpork/rules/default.blacklist

IPRVersion=/etc/pulledpork/rules/iplists

#snort_control=/usr/bin/snort_control

#
backup=/usr/local/etc/snort,/usr/local/etc/pulledpork,/usr/local/lib/snort_d
ynamicrules/

# backup_file=/tmp/pp_backup

# docs=/path/to/base/www

# state_order=disable,drop,enable

# pid_path=/var/run/snort.pid,/var/run/barnyard.pid,/var/run/barnyard2.pid

# snort_version=2.9.0.0

enablesid=/etc/pulledpork/enablesid.conf

dropsid=/etc/pulledpork/dropsid.conf

disablesid=/etc/pulledpork/disablesid.conf

modifysid=/etc/pulledpork/modifysid.conf

version=0.7.0

----------------------------------------------------------------------------
--
Learn Graph Databases - Download FREE O'Reilly Book
"Graph Databases" is the definitive new guide to graph databases and their
applications. Written by three acclaimed leaders in the field,
this first edition is now available. Download your free book today!
 
<http://p.sf.net/sfu/NeoTech_______________________________________________>
http://p.sf.net/sfu/NeoTech_______________________________________________
Snort-users mailing list
 <mailto:Snort-users () lists sourceforge net>
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
 <https://lists.sourceforge.net/lists/listinfo/snort-users>
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
 <http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users>
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit  <http://blog.snort.org/> http://blog.snort.org to stay current
on all the latest Snort news!

 

------------------------------------------------------------------------------
"Accelerate Dev Cycles with Automated Cross-Browser Testing - For FREE
Instantly run your Selenium tests across 300+ browser/OS combos.
Get unparalleled scalability from the best Selenium testing platform available
Simple to use. Nothing to install. Get started now for free."
http://p.sf.net/sfu/SauceLabs

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!