Snort mailing list archives
Re: Snort IP blacklist issue (Pulledprok)
From: "Nicolas Lepolard" <Nicolas.Lepolard () ejco com>
Date: Thu, 4 Feb 2016 13:50:02 +0100
Yes all it's good for me. But I have the same issue... Another idea ? Nicolas De : Shirkdog <shirkdog () gmail com> A : Nicolas Lepolard <Nicolas.Lepolard () ejco com> Cc : snort-users mailinglist <snort-users () lists sourceforge net> Date : 04/02/2016 13:26 Objet : Re: [Snort-users] Snort IP blacklist issue (Pulledprok) Does /etc/snort/rules/iplists exist? Try this and post your results running pulledpork: mkdir -p /etc/snort/rules/iplists touch /etc/snort/rules/iplists/black_list.rules On Feb 4, 2016 4:40 AM, "Nicolas Lepolard" <Nicolas.Lepolard () ejco com> wrote: Hi, Thank you for your reply ! I have checked and I think my config is OK. Here, are the variables that I have modified in my pulledpork.conf file : Line19 rule_url= https://www.snort.org/reg_rules/|snortrules-snapshot.tar.gz|<my oinkcode> Line 26 rule_url=https://www.snort.org/reg-rules/|opensource.gz|<my oinkcode> Line 61 temp_path=/opt/snort/tmp (I have changed the path cause it didn't worked with /tmp, the permissions are OK) Line 74 rule_path=/etc/snort/rules/snort.rules Line 89 local_rules=/etc/snort/rules/local.rules Line 92 sid_msg=/etc/snort/sid-msg.map Line 96 sid_msg_version=2 Line 119 config_path=/etc/snort/snort.conf Line 133 distro=Debian-6.0 Line 141 black_list=/etc/snort/rules/iplists/black_list.rules Line 150 IPRVersion=/etc/snort/rules/iplists Thank for your help. Best regards Nicolas De : Shirkdog <shirkdog () gmail com> A : Nicolas Lepolard <Nicolas.Lepolard () ejco com> Cc : snort-users mailinglist <snort-users () lists sourceforge net> Date : 03/02/2016 18:40 Objet : Re: [Snort-users] Snort IP blacklist issue (Pulledprok) Make sure the file specified in pulledpork.conf actually exists. Check the black_list variable in your config. On Feb 3, 2016 11:53 AM, "Nicolas Lepolard" <Nicolas.Lepolard () ejco com> wrote: Hi guys, I have an issue with my PulledPork's installation ! When i try this command, i've got this error message : sudo /usr/local/bin/pulledpork.pl-c /etc/snort/pulledpork.conf -l (...) Checking latest MD5 for snortrules-snapshot-2980.tar.gz.... They Match Done! Rules tarball download of community-rules.tar.gz.... IP Blacklist download of http://talosintel.com/feeds/ip-filter.blf.... Reading IP List... Couldn't read /opt/snort/tmp/648.041857729794-black_list.rules - Aucun fichier ou dossier de ce type at /usr/local/bin/pulledpork.pl line 540. main::read_iplist(HASH(0x2a281f8), "/opt/snort/tmp/648.041857729794-black_list.rules") called at /usr/local/bin/pulledpork.pl line 431 main::rulefetch("open", "IPBLACKLIST0", "/opt/snort/tmp/", " http://talosintel.com/feeds/ip-filter.blf") called at /usr/local/bin/ pulledpork.pl line 1946 I've seen other posts about this problem but i didn't find solution ! Can you help me please ? Snort : 2.9.8.0 PulledPorks : 0.7.2 Best regards Nicolas ------------------------------------------------------------------------------ Site24x7 APM Insight: Get Deep Visibility into Application Performance APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month Monitor end-to-end web transactions and take corrective actions now Troubleshoot faster and improve end-user experience. Signup Now! http://pubads.g.doubleclick.net/gampad/clk?id=267308311&iu=/4140 _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.orgto stay current on all the latest Snort news! ------------------------------------------------------------------------------ Site24x7 APM Insight: Get Deep Visibility into Application Performance APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month Monitor end-to-end web transactions and take corrective actions now Troubleshoot faster and improve end-user experience. Signup Now! http://pubads.g.doubleclick.net/gampad/clk?id=267308311&iu=/4140 _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.orgto stay current on all the latest Snort news!
------------------------------------------------------------------------------ Site24x7 APM Insight: Get Deep Visibility into Application Performance APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month Monitor end-to-end web transactions and take corrective actions now Troubleshoot faster and improve end-user experience. Signup Now! http://pubads.g.doubleclick.net/gampad/clk?id=272487151&iu=/4140
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- Snort IP blacklist issue (Pulledprok) Nicolas Lepolard (Feb 03)
- Re: Snort IP blacklist issue (Pulledprok) Shirkdog (Feb 03)
- Re: Snort IP blacklist issue (Pulledprok) Nicolas Lepolard (Feb 04)
- Re: Snort IP blacklist issue (Pulledprok) Shirkdog (Feb 04)
- Re: Snort IP blacklist issue (Pulledprok) Nicolas Lepolard (Feb 04)
- Re: Snort IP blacklist issue (Pulledprok) Shirkdog (Feb 04)
- Re: Snort IP blacklist issue (Pulledprok) Nicolas Lepolard (Feb 04)
- Fwd: Re: Snort IP blacklist issue (Pulledprok) wkitty42 (Feb 04)
- Re: Fwd: Re: Snort IP blacklist issue (Pulledprok) Shirkdog (Feb 04)
- Re: Fwd: Re: Snort IP blacklist issue (Pulledprok) Nicolas Lepolard (Feb 05)
- Re: Fwd: Re: Snort IP blacklist issue (Pulledprok) wkitty42 (Feb 05)
- Re: Fwd: Re: Snort IP blacklist issue (Pulledprok) Shirkdog (Feb 05)
- Re: Fwd: Re: Snort IP blacklist issue (Pulledprok) Nicolas Lepolard (Feb 22)
- Re: Snort IP blacklist issue (Pulledprok) Shirkdog (Feb 03)