Snort mailing list archives
Re: PulledPork recent issue
From: James Lay <jlay () slave-tothe-box net>
Date: Thu, 09 Oct 2014 08:49:58 -0600
On 2014-10-09 08:44, Joel Esler (jesler) wrote:
Try without the -w now. I think we may have fixed the issue?On Oct 9, 2014, at 10:22 AM, James Lay <jlay () slave-tothe-box net [5]> wrote: On 2014-10-09 07:42, Shirkdog wrote:I updated this in svn, you can pass a "-w" option which will bypass the check. --- Michael Shirk On Thu, Oct 9, 2014 at 7:18 AM, James Lay <jlay () slave-tothe-box net [4]> wrote:On Thu, 2014-10-09 at 07:01 -0400, Shirkdog wrote: There appears to be an issue with the certificate on labs.snort.org [1]. I am going add an option to pulled pork to skip verification of the hostname for SSL when something like this happens. On Oct 9, 2014 6:57 AM, "James Lay" <jlay () slave-tothe-box net [2]> wrote: Second day in a row I've seen this....anyone else having this issue? Checking latest MD5 for snortrules-snapshot-2962.tar.gz.... They Match Done! Checking latest MD5 for emerging.rules.tar.gz.... They Match Done! IP Blacklist download of http://labs.snort.org/feeds/ip-filter.blf [3].... Reading IP List... Couldn't read /tmp/185.925288914831-black_list.rules - No such file or directory at /opt/bin/pulledpork.pl line 487 main::read_iplist('HASH(0xa3aa974)', '/tmp/185.925288914831-black_list.rules') called at /opt/bin/pulledpork.pl line 378 main::rulefetch('open', 'IPBLACKLIST0', '/tmp/', 'http://labs.snort.org/feeds/ip-filter.blf') called at /opt/bin/pulledpork.pl line 1856 Thanks for any insight. James Thanks...that helps...I can temporarily disable getting blacklists and indeed it works like a champ. JamesConfirmed svn with -w working well..thanks again. James [08:20:04 gateway:~/snort/pulledpork$] sudo /opt/bin/pulledpork.pl -P -w -l -c /opt/etc/snort/pulledpork/pulledpork.conf http://code.google.com/p/pulledpork/ [6] _____ ____ `----, ) `--==\ / PulledPork v0.7.1 - Swine Flu with a side of Ebola! `--==\/ .-~~~~-.Y|\_ Copyright (C) 2009-2014 JJ Cummings @_/ / 66_ cummingsj () gmail com [7] | _(") /-| ||'--' Rules give me wings! _ _\ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Checking latest MD5 for snortrules-snapshot-2962.tar.gz.... They Match Done! Checking latest MD5 for emerging.rules.tar.gz.... They Match Done! IP Blacklist download of http://labs.snort.org/feeds/ip-filter.blf [8].... Reading IP List... Prepping rules from snortrules-snapshot-2962.tar.gz for work.... Done! Prepping rules from emerging.rules.tar.gz for work.... Done! Reading rules... Generating Stub Rules.... Done Reading rules... Reading rules... Writing Blacklist File /opt/etc/snort/rules/iplists/default.blacklist.... Writing Blacklist Version 1647588404 to /opt/etc/snort/rules/iplistsIPRVersion.dat.... Use of uninitialized value $bin in -f at /opt/bin/pulledpork.pl line 1005. Processing /opt/etc/snort/pulledpork/disablesid.conf.... Modified 2 rules Done Setting Flowbit State.... Enabled 115 flowbits Done Writing /opt/etc/snort/rules/snort.rules.... Done Generating sid-msg.map.... Done Writing v1 /opt/etc/snort/sid-msg.map.... Done Writing /var/log/sid_changes.log.... Done Rule Stats... New:-------108 Deleted:---21 Enabled Rules:----19996 Dropped Rules:----0 Disabled Rules:---19560 Total Rules:------39556 IP Blacklist Stats... Total IPs:-----6990 Done Please review /var/log/sid_changes.log for additional details Fly Piggy Fly!
Yea that's workin now sans -w Joel: They Match Done! IP Blacklist download of http://labs.snort.org/feeds/ip-filter.blf.... Reading IP List... Prepping rules from snortrules-snapshot-2962.tar.gz for work.... Done! Thank you! James ------------------------------------------------------------------------------ Meet PCI DSS 3.0 Compliance Requirements with EventLog Analyzer Achieve PCI DSS 3.0 Compliant Status with Out-of-the-box PCI DSS Reports Are you Audit-Ready for PCI DSS 3.0 Compliance? Download White paper Comply to PCI DSS 3.0 Requirement 10 and 11.5 with EventLog Analyzer http://pubads.g.doubleclick.net/gampad/clk?id=154622311&iu=/4140/ostg.clktrk _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- PulledPork recent issue James Lay (Oct 09)
- Re: PulledPork recent issue Shirkdog (Oct 09)
- Re: PulledPork recent issue James Lay (Oct 09)
- Re: PulledPork recent issue Shirkdog (Oct 09)
- Re: PulledPork recent issue James Lay (Oct 09)
- Re: PulledPork recent issue James Lay (Oct 09)
- Re: PulledPork recent issue Joel Esler (jesler) (Oct 09)
- Re: PulledPork recent issue James Lay (Oct 09)
- Re: PulledPork recent issue James Lay (Oct 09)
- Re: PulledPork recent issue Shirkdog (Oct 09)