Snort mailing list archives
Re: PulledPork error 422 when fetching ruleset
From: Orion Christopher <orionquest44 () gmail com>
Date: Mon, 16 Nov 2015 20:59:57 -0500
I'm getting a similar error with PulledPork, error 404. I recently updated to the new version of snort, so decided to build from scratch following the directions on the snort site. Made these changes to pulledpork.conf: Line 19 & 26: enter your oinkcode Line 27 & 30: leave alone (un-commented) to use the Emerging Threats rule set Line 72: change to: rule_path=/etc/snort/rules/snort.rules Line 87: change to: local_rules=/etc/snort/rules/local.rules Line 90: change to: sid_msg=/etc/snort/sid-msg.map Line 117: change to: config_path=/etc/snort/snort.conf Line 131: change to: distro=Ubuntu-10-4 Line 139: change to: black_list=/etc/snort/rules/iplists/default.blacklist Line 148: change to: IPRVersion=/etc/snort/rules/iplists Line 194: Uncomment and change to: enablesid=/etc/snort/enablesid.conf Line 195: Uncomment and change to: dropsid=/etc/snort/dropsid.conf Line 196: Uncomment and change to: disablesid=/etc/snort/disablesid.conf Line 197: Uncomment and change to: modifysid=/etc/snort/modifysid.conf Here is the error: Checking latest MD5 for snortrules-snapshot-2976.tar.gz.... They Match Done! Checking latest MD5 for community-rules.tar.gz.... A 404 error occurred, please verify your filenames and urls for your tarball! Error 404 when fetching https://s3.amazonaws.com/snort-org/www/rules/community/community-rules.tar.gz.md5 at /usr/local/bin/pulledpork.pl line 463. main::md5file('Community', 'community-rules.tar.gz', '/tmp/', ' https://s3.amazonaws.com/snort-org/www/rules/community/') called at /usr/local/bin/pulledpork.pl line 1847 On Mon, Nov 16, 2015 at 4:00 PM, Joel Esler (jesler) <jesler () cisco com> wrote:
The version Snort needs to be updated. PulledPork figures out what version of Snort you have installed, and then pulls the corresponding ruleset. -- *Joel Esler* Manager, Talos Group Sent from my iPad On Nov 16, 2015, at 12:55 PM, Chris Odd <chris () chrisodd com> wrote: Hi, I received the notice from Joel a few weeks ago indicating that I was attempting to download an outdated Snort ruleset (2.9.7.0). I had a look at my config today; when I run pulled pork, here’s the result (I’ve manually replaced my oinkcode with <oinkcode>): Checking latest MD5 for snortrules-snapshot-2970.tar.gz.... Error 422 when fetching https://www.snort.org/reg-rules/snortrules-snapshot-2970.tar.gz.md5 at /usr/local/bin/pulledpork.pl line 482. main::md5file(‘<oinkcode>', 'snortrules-snapshot-2970.tar.gz', '/tmp/', 'https://www.snort.org/reg-rules/') called at /usr/local/bin/pulledpork.pl line 1875 However, my pulledpork config does not reference that rules tarball, here’s how my rules are defined in pulledpork.conf: rule_url= https://www.snort.org/reg-rules/|snortrules-snapshot.tar.gz|<oinkcode> rule_url=https://www.snort.org/reg-rules/|opensource.gz|<oinkcode> rule_url= https://rules.emergingthreatspro.com/|emerging.rules.tar.gz|open-nogpl Which matches what it should be, according to https://www.snort.org/oinkcodes Any ideas on what I should be changing? Thanks ------------------------------------------------------------------------------ Presto, an open source distributed SQL query engine for big data, initially developed by Facebook, enables you to easily query your data on Hadoop in a more interactive manner. Teradata is also now providing full enterprise support for Presto. Download a free open source copy now. http://pubads.g.doubleclick.net/gampad/clk?id=250295911&iu=/4140 _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news! ------------------------------------------------------------------------------ Presto, an open source distributed SQL query engine for big data, initially developed by Facebook, enables you to easily query your data on Hadoop in a more interactive manner. Teradata is also now providing full enterprise support for Presto. Download a free open source copy now. http://pubads.g.doubleclick.net/gampad/clk?id=250295911&iu=/4140 _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
------------------------------------------------------------------------------
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- PulledPork error 422 when fetching ruleset Chris Odd (Nov 16)
- Re: PulledPork error 422 when fetching ruleset Joel Esler (jesler) (Nov 16)
- Re: PulledPork error 422 when fetching ruleset Orion Christopher (Nov 16)
- Re: PulledPork error 422 when fetching ruleset wkitty42 (Nov 16)
- Re: PulledPork error 422 when fetching ruleset Orion Christopher (Nov 16)
- Re: PulledPork error 422 when fetching ruleset wkitty42 (Nov 16)
- Re: PulledPork error 422 when fetching ruleset Joel Esler (jesler) (Nov 16)