Snort mailing list archives
Re: Snort IP blacklist issue
From: ha dinhphu <hadinhphu () gmail com>
Date: Thu, 27 Aug 2015 16:16:24 -0500
well, I followed the instruction from here: http://sublimerobots.com/2014/12/installing-snort-part-5/ which is exactly the same as instruction posted on snort.org website. So I don't know where the issue is. On Thu, Aug 27, 2015 at 4:13 PM, Shirkdog <shirkdog () gmail com> wrote:
I am not seeing this issue, with the correct permissions with the latest code (about to release 0.7.2): https://github.com/shirkdog/pulledpork _____ ____ `----,\ ) `--==\\ / PulledPork v0.7.2 - E.Coli in your water bottle! `--==\\/ .-~~~~-.Y|\\_ Copyright (C) 2009-2015 JJ Cummings @_/ / 66\_ cummingsj () gmail com | \ \ _(") \ /-| ||'--' Rules give me wings! \_\ \_\\ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Checking latest MD5 for snortrules-snapshot-2975.tar.gz.... Rules tarball download of snortrules-snapshot-2975.tar.gz.... They Match Done! Checking latest MD5 for community-rules.tar.gz.... Rules tarball download of community-rules.tar.gz.... They Match Done! IP Blacklist download of http://talosintel.com/files/additional_resources/ips_blacklist/ip-filter.blf.. .. Reading IP List... Checking latest MD5 for opensource.gz.... Rules tarball download of opensource.gz.... They Match Done! Prepping rules from opensource.gz for work.... Done! Prepping rules from community-rules.tar.gz for work.... Done! Prepping rules from snortrules-snapshot-2975.tar.gz for work.... Done! Reading rules... Reading rules... Writing Blacklist File /usr/local/etc/snort/rules/iplists/default.blacklist.... Writing Blacklist Version 825308466 to /usr/local/etc/snort/rules/iplistsIPRVersion.dat.... Setting Flowbit State.... Enabled 16 flowbits Done Writing /usr/local/etc/snort/rules/snort.rules.... Done Generating sid-msg.map.... Done Writing v1 /usr/local/etc/snort/sid-msg.map.... Done Writing /var/log/sid_changes.log.... Done Rule Stats... New:-------0 Deleted:---0 Enabled Rules:----8695 Dropped Rules:----0 Disabled Rules:---17344 Total Rules:------26039 IP Blacklist Stats... Total IPs:-----6312 Done Please review /var/log/sid_changes.log for additional details Fly Piggy Fly! --- Michael Shirk On Thu, Aug 27, 2015 at 1:26 PM, ha dinhphu <hadinhphu () gmail com> wrote:It's been a while since I asked about this problem. Does anyone hassolutionfor it? On Fri, Aug 14, 2015 at 1:12 PM, ha dinhphu <hadinhphu () gmail com> wrote:Hi kitty, Yes my /tmp directory is available with rwx permission by all user. Iranthe command as root, so i don't think that's the problem. https://code.google.com/p/pulledpork/issues/detail?id=166 -- anotheruserhas the same problem. http://sourceforge.net/p/snort/mailman/message/32913112/ --snort-user On Fri, Aug 14, 2015 at 1:04 PM, waldo kitty <wkitty42 () windstream net> wrote:On 08/14/2015 12:21 PM, ha dinhphu wrote:IP Blacklist download ofhttp://talosintel.com/files/additional_resources/ips_blacklist/ip-filter.blf.. ..Reading IP List... Couldn't read /tmp/296.170136981772-black_list.rules - No such fileordirectorywhat linux are you using? does it have a working /tmp directory that is writable by all users? both of your reports have been failures to read a file that should have been downloaded into /tmp... these failures seem to point to /tmp notexistingor it is not writable by the user your pulledpork is running as... -- NOTE: No off-list assistance is given without prior approval. *Please keep mailing list traffic on the list* unless private contact is specifically requested and granted.------------------------------------------------------------------------------_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!------------------------------------------------------------------------------_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latestSnortnews!
------------------------------------------------------------------------------
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- Re: Snort IP blacklist issue ha dinhphu (Aug 27)
- Re: Snort IP blacklist issue Shirkdog (Aug 27)
- Re: Snort IP blacklist issue ha dinhphu (Aug 27)
- Re: Snort IP blacklist issue Shirkdog (Aug 27)
- Re: Snort IP blacklist issue Dinh, Cuong (Sep 01)
- Re: Snort IP blacklist issue Joel Esler (jesler) (Sep 01)
- Re: Snort IP blacklist issue ha dinhphu (Aug 27)
- Re: Snort IP blacklist issue Shirkdog (Aug 27)