Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: pulledpork 0.7.1 -wc certificate verification problem

From: Shirkdog <shirkdog () gmail com>
Date: Fri, 16 Jan 2015 20:49:43 -0500
0.7.0 is known to be good. Try again and see if you still have issues.
There is one bug fix and the verification skip in 0.7.1, so if 0.7.0
does not work, something else is going on.

---
Michael Shirk


On Fri, Jan 16, 2015 at 8:14 PM, Joel Esler (jesler) <jesler () cisco com> wrote:

Nothing has changed with the site.

--
Joel Esler
Sent from my iPhone

On Jan 16, 2015, at 7:29 PM, "amn0p () me com" <amn0p () me com> wrote:

Hi everyone,

I have the pulledpork 0.7.1 perl script to download snort rules. But because
of certificate verification it keeps failing. I even tried the -w option.
Please see verbose output below. Any guidance? Thanks for your time.

 sudo /usr/bin/pulledpork.pl -vvwc /usr/local/snort/etc/pulledpork.conf

    http://code.google.com/p/pulledpork/
      _____ ____
     `----,\    )
      `--==\\  /    PulledPork v0.7.1 - Swine Flu with a side of Ebola!
       `--==\\/
     .-~~~~-.Y|\\_  Copyright (C) 2009-2014 JJ Cummings
  @_/        /  66\_  cummingsj () gmail com
    |    \   \   _(")
     \   /-| ||'--'  Rules give me wings!
      \_\  \_\\
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Config File Variable Debug /usr/local/snort/etc/pulledpork.conf
        snort_path = /usr/local/bin/snort
        enablesid = /usr/local/snort/etc/enablesid.conf
        black_list = /usr/local/snort/rules/black_list.rules
        IPRVersion = /usr/local/snort/rules/iplists
        rule_path = /usr/local/snort/rules/snort.rules
        ignore = deleted.rules,experimental.rules,local.rules
        state_order = disable,drop,enable
        snort_control = /usr/local/bin/snort_control
        rule_url = ARRAY(0x2133638)
        snort_version = 2.9.6.2
        sid_msg_version = 1
        sid_changelog = /var/log/sid_changes.log
        sid_msg = /usr/local/snort/etc/sid-msg.map
        config_path = /usr/local/snort/etc/snortint1.conf
        temp_path = /tmp
        distro = Ubuntu-12-04
        version = 0.7.1
        sorule_path = /usr/local/snort/lib/snort_dynamicrules/
        disablesid = /usr/local/snort/etc/disablesid.conf
        local_rules = /usr/local/snort/rules/local.rules
MISC (CLI and Autovar) Variable Debug:
        arch Def is: x86-64
        Config Path is: /usr/local/snort/etc/pulledpork.conf
        Distro Def is: Ubuntu-12-04
        Disabled policy specified
        local.rules path is: /usr/local/snort/rules/local.rules
        Rules file is: /usr/local/snort/rules/snort.rules
        Path to disablesid file: /usr/local/snort/etc/disablesid.conf
        Path to enablesid file: /usr/local/snort/etc/enablesid.conf
        sid changes will be logged to: /var/log/sid_changes.log
        sid-msg.map Output Path is: /usr/local/snort/etc/sid-msg.map
        Snort Version is: 2.9.6.2
        Snort Config File: /usr/local/snort/etc/snortint1.conf
        Snort Path is: /usr/local/bin/snort
        SO Output Path is: /usr/local/snort/lib/snort_dynamicrules/
        Will process SO rules
        Extra Verbose Flag is Set
        Verbose Flag is Set
        SSL Hostname Verification disabled
        Base URL is:
https://www.snort.org/sub-rules/|snortrules-snapshot.tar.gz|<trimmed>
http://labs.snort.org/feeds/ip-filter.blf|IPBLACKLIST|<trimmed>
Checking latest MD5 for snortrules-snapshot-2962.tar.gz....
        Fetching md5sum for: snortrules-snapshot-2962.tar.gz.md5
** GET
https://www.snort.org/reg-rules/snortrules-snapshot-2962.tar.gz.md5/<trimmed>
==> 500 Can't connect to www.snort.org:443 (certificate verify failed) (1s)
        Error 500 when fetching
https://www.snort.org/sub-rules/snortrules-snapshot-2962.tar.gz.md5 at
/usr/bin/pulledpork.pl line 482
        main::md5file('<trimmed>', 'snortrules-snapshot-2962.tar.gz',
'/tmp/', 'https://www.snort.org/sub-rules/&apos;) called at
/usr/bin/pulledpork.pl line 1875

------------------------------------------------------------------------------
New Year. New Location. New Benefits. New Data Center in Ashburn, VA.
GigeNET is offering a free month of service with a new server in Ashburn.
Choose from 2 high performing configs, both with 100TB of bandwidth.
Higher redundancy.Lower latency.Increased capacity.Completely compliant.
http://p.sf.net/sfu/gigenet

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort
news!


------------------------------------------------------------------------------
New Year. New Location. New Benefits. New Data Center in Ashburn, VA.
GigeNET is offering a free month of service with a new server in Ashburn.
Choose from 2 high performing configs, both with 100TB of bandwidth.
Higher redundancy.Lower latency.Increased capacity.Completely compliant.
http://p.sf.net/sfu/gigenet
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort
news!


------------------------------------------------------------------------------
New Year. New Location. New Benefits. New Data Center in Ashburn, VA.
GigeNET is offering a free month of service with a new server in Ashburn.
Choose from 2 high performing configs, both with 100TB of bandwidth.
Higher redundancy.Lower latency.Increased capacity.Completely compliant.
http://p.sf.net/sfu/gigenet
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!
Previous By Date Next
Previous By Thread Next

Current thread: