Snort mailing list archives
Re: Pulledpork doesn't creates sid-msg.map properly
From: "C. L. Martinez" <carlopmart () gmail com>
Date: Mon, 13 Oct 2014 09:27:50 +0000
On Mon, Oct 13, 2014 at 8:27 AM, C. L. Martinez <carlopmart () gmail com> wrote:
Hi all, After some days working with pulledpork for suricata 2.0.4 all works ok until today. I have added the following rules in pulledpork's config file as a local_rules: https://sslbl.abuse.ch/blacklist/sslblacklist.rules After that, sid-msg doesn't creates properly. For emergingthreats rules works ok, but not for these last ones rules: cat sid-msg.rules 2523264 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 633 || url,doc.emergingthreats.net/bin/view/Main/TorRules 2523266 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 634 || url,doc.emergingthreats.net/bin/view/Main/TorRules 2523268 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 635 || url,doc.emergingthreats.net/bin/view/Main/TorRules 2523270 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 636 || url,doc.emergingthreats.net/bin/view/Main/TorRules 3 || FILEEXT BMP file claimed 6 || FILESTORE jpg 648 || GPL SHELLCODE x86 NOOP || arachnids,181 653 || GPL SHELLCODE x86 0x90 unicode NOOP 8 || FILESTORE pdf 9 || FILEMAGIC pdf 902200008 || 902200009 || 902200035 || 902200060 || 902200062 || 902200064 || 902200081 || 902200082 || 902200125 || 902200133 || 902200134 || 902200141 || 902200148 || 902200151 || 902200178 || 902200195 || 902200209 || 902200213 || 902200241 || 902200248 || 902200381 || 902200382 || 902200383 || How can I fix this??
More info. Pulledpork clear this file: cat Custom-sslblacklist.rules # ----- Begin Custom-sslblacklist Rules Category ----- # # -- Begin GID:1 Based Rules -- # pulledpork.conf: # # Download rules url # #rule_url=http://rules.emergingthreats.net/|emerging.rules.tar.gz|open rule_url=http://rules.emergingthreats.net/open/suricata/|emerging.rules.tar.gz|open # What is our temp path, be sure this path has a bit of space for rule # extraction and manipulation, no trailing slash temp_path=/tmp # Output path for download rules out_path=/data/config/etc/idpsuricata/rules local_rules=/data/config/etc/idpsuricata/rules/Custom-sslblacklist.rules # Location for sid-msg.map file sid_msg=/data/config/etc/idpsuricata/sid-msg.map # New for by2 and more advanced msg mapping. Valid options are 1 or 2 # specify version 2 if you are running barnyard2.2+. Otherwise use 1 sid_msg_version=1 # Defined path for sid changelog file sid_changelog=/tmp/sid_changes.log # Here you can specify what rule modification files to run automatically. # simply uncomment and specify the apt path. # enablesid=/usr/local/etc/snort/enablesid.conf # dropsid=/usr/local/etc/snort/dropsid.conf disablesid=/data/config/etc/idpsuricata/pulledpork/disablesid.conf # modifysid=/usr/local/etc/snort/modifysid.conf version=0.7.0 ------------------------------------------------------------------------------ Meet PCI DSS 3.0 Compliance Requirements with EventLog Analyzer Achieve PCI DSS 3.0 Compliant Status with Out-of-the-box PCI DSS Reports Are you Audit-Ready for PCI DSS 3.0 Compliance? Download White paper Comply to PCI DSS 3.0 Requirement 10 and 11.5 with EventLog Analyzer http://p.sf.net/sfu/Zoho _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- Pulledpork doesn't creates sid-msg.map properly C. L. Martinez (Oct 13)
- Re: Pulledpork doesn't creates sid-msg.map properly C. L. Martinez (Oct 13)
- Re: Pulledpork doesn't creates sid-msg.map properly Rob MacGregor (Oct 13)
- Re: Pulledpork doesn't creates sid-msg.map properly Shirkdog (Oct 13)
- Re: Pulledpork doesn't creates sid-msg.map properly C. L. Martinez (Oct 13)
- Re: Pulledpork doesn't creates sid-msg.map properly Shirkdog (Oct 13)
- Re: Pulledpork doesn't creates sid-msg.map properly C. L. Martinez (Oct 13)
- Re: Pulledpork doesn't creates sid-msg.map properly Rob MacGregor (Oct 13)
- Re: Pulledpork doesn't creates sid-msg.map properly waldo kitty (Oct 13)
- Re: Pulledpork doesn't creates sid-msg.map properly C. L. Martinez (Oct 13)