Snort mailing list archives
Re: Snort with PulledPork and Ubuntu 12.04 Server
From: Christian Gebler <geblerchristian () googlemail com>
Date: Thu, 24 Jul 2014 14:12:51 +0200
Ah ok, sry. But same result. :/ 2014-07-24 13:50 GMT+02:00 Doug Burks <doug.burks () gmail com>:
Right, did you see this note on the page? For certain proxies (Bluecoat in particular), you may need to change from https to http in /etc/nsm/pulledpork/pulledpork.conf. For more information, please see: https://code.google.com/p/pulledpork/issues/detail?id=154 https://groups.google.com/d/topic/security-onion-testing/piRYj-7Ar8M/discussion On Thu, Jul 24, 2014 at 7:33 AM, Christian Gebler <geblerchristian () googlemail com> wrote:thx, but I think my proxy configuration is fine.:) It's something withPerland the HTTPS GET Method. 2014-07-24 13:27 GMT+02:00 Doug Burks <doug.burks () gmail com>:Hi Christian, Here are some settings you might want to try: https://code.google.com/p/security-onion/wiki/Proxy On Thu, Jul 24, 2014 at 3:43 AM, Christian Gebler <geblerchristian () googlemail com> wrote:I'm using the Ubuntu Server 12.04 standard Repository. Perl 5.14.2 libcrypt-ssleay-perl 0.58-1 liblwp-protocol-https-perl 6.04-2 And yes, there is also a proxy. But the proxy variable http_proxy and https_proxy is set. 2014-07-23 15:04 GMT+02:00 JJ Cummings (jjcummin) <jjcummin () cisco com:A 501 generally means something is not being handled correctly withSSLin your perl installation. I would try validating that the followingareinstalled and updated: Crypt::SSLeay LWP::Protocol::https Also, are you using a proxy? JJC On Jul 23, 2014, at 7:55 AM, Joel Esler (jesler) <jesler () cisco com> wrote: CC’ing JJ, as it’s not a Snort.org problem, seems to be a pulledpork issue. On Jul 23, 2014, at 2:03 AM, Christian Gebler <geblerchristian () googlemail com> wrote: manually I can download it 2014-07-22 23:53 GMT+02:00 Joel Esler (jesler) <jesler () cisco com>:Try this:https://www.snort.org/rules/snortrules-snapshot-2961.tar.gz?oinkcode=8b46559ee9c2faaa4464a693d2133dff62f3feafOn Jul 22, 2014, at 2:55 AM, Christian Gebler <geblerchristian () googlemail com> wrote:Ah okay, the email is "itadmin () tcsgmbh de" 2014-07-22 8:41 GMT+02:00 Christian Gebler <geblerchristian () googlemail com>: Hi Joel, the account is registered under the username "tcs". Now I see we need an email address to login on the snort website...that's new?!? I have a friend in another company, same Ubuntu Server 12.04versionand same problem.... 2014-07-21 19:25 GMT+02:00 Joel Esler (jesler) <jesler () cisco com:So I can view the status of your account to see if it’s asubscriberproblem or a registered problem, and the status of the account. -- Joel Esler Open Source Manager Threat Intelligence Team Lead Vulnerability Research TeamOn Jul 21, 2014, at 10:39 AM, Christian Gebler <geblerchristian () googlemail com> wrote:Hi, why did you need the oinkcode or the email address for myproblem?:) I think it's a problem with the GET Method in Perl with HTTPS.WithHTTP it worked well, since the snort Page Update last week. 2014-07-21 14:11 GMT+02:00 Joel Esler (jesler) <jesler () cisco com:Can you write me offlist with your oinkcode or email address your account is under? -- Joel Esler Sent from my iPhone On Jul 21, 2014, at 7:43, "Christian Gebler" <geblerchristian () googlemail com> wrote:Hi, I'm using Snort 2.9.6.2 with PulledPork 0.7.0 on an UbuntuServer12.04 LTS. Since last week it is not possible to download the new VRT Snort 2.9.6.2 Ruleset (now with https): Checking latest MD5 for snortrules-snapshot-2962.tar.gz.... Fetching md5sum for: snortrules-snapshot-2962.tar.gz.md5 ** GEThttps://www.snort.org/rules/snortrules-snapshot-2962.tar.gz.md5?oinkcode= <myoinkcode> ==> 501 Not Implemented Error 501 when fetching https://www.snort.org/rules/snortrules-snapshot-2962.tar.gz.md5at./pulledpork.pl line 463 main::md5file('<oinkcode>', 'snortrules-snapshot-2962.tar.gz', '/etc/snort/rules/tmp/', 'https://www.snort.org/rules/')called at./pulledpork.pl line 1847 Any suggestions? thx------------------------------------------------------------------------------Want fast and easy access to all the code in your enterprise? Index and search up to 200,000 lines of code with a free copy of BlackDuckCode Sight - the same software that powers the world's largest code search on Ohloh, the Black Duck Open Hub! Try it now. http://p.sf.net/sfu/bds _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive:http://sourceforge.net/mailarchive/forum.php?forum_name=snort-usersPlease visit http://blog.snort.org to stay current on all the latest Snort news!------------------------------------------------------------------------------Want fast and easy access to all the code in your enterprise? Indexandsearch up to 200,000 lines of code with a free copy of Black Duck Code Sight - the same software that powers the world's largest code search on Ohloh, the Black Duck Open Hub! Try it now. http://p.sf.net/sfu/bds _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!-- Doug Burks http://securityonionsolutions.com-- Doug Burks http://securityonionsolutions.com
------------------------------------------------------------------------------ Want fast and easy access to all the code in your enterprise? Index and search up to 200,000 lines of code with a free copy of Black Duck Code Sight - the same software that powers the world's largest code search on Ohloh, the Black Duck Open Hub! Try it now. http://p.sf.net/sfu/bds
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- Snort with PulledPork and Ubuntu 12.04 Server Christian Gebler (Jul 21)
- Re: Snort with PulledPork and Ubuntu 12.04 Server Joel Esler (jesler) (Jul 21)
- Re: Snort with PulledPork and Ubuntu 12.04 Server JJC (Jul 21)
- Re: Snort with PulledPork and Ubuntu 12.04 Server Joel Esler (jesler) (Jul 21)
- Re: Snort with PulledPork and Ubuntu 12.04 Server Christian Gebler (Jul 21)
- Re: Snort with PulledPork and Ubuntu 12.04 Server JJC (Jul 21)
- Message not available
- Message not available
- Message not available
- Message not available
- Message not available
- Message not available
- Message not available
- Message not available
- Re: Snort with PulledPork and Ubuntu 12.04 Server Christian Gebler (Jul 24)
- Re: Snort with PulledPork and Ubuntu 12.04 Server Doug Burks (Jul 24)
- Re: Snort with PulledPork and Ubuntu 12.04 Server Christian Gebler (Jul 24)
- Re: Snort with PulledPork and Ubuntu 12.04 Server Doug Burks (Jul 24)
- Re: Snort with PulledPork and Ubuntu 12.04 Server Christian Gebler (Jul 24)
- Re: Snort with PulledPork and Ubuntu 12.04 Server Joel Esler (jesler) (Jul 21)