Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: [Snort-openappid] Snort rule management ubuntu

From: "Joel Esler \(jesler\) via Snort-users" <snort-users () lists snort org>
Date: Thu, 25 Jan 2018 18:58:23 +0000
Moving this from the openappid list to users.

True, we did move to https, but but oinkmaster (which you should stop using) and pulledpork support https.  Sounds like 
an issue that needs to be troubleshot for pulledpork.




--
Joel Esler | Talos: Manager | jesler () cisco com<mailto:jesler () cisco com>






On Jan 24, 2018, at 6:36 PM, DElboux, Nathan J via Snort-openappid <snort-openappid () lists snort 
org<mailto:snort-openappid () lists snort org>> wrote:

Hi all,

I have a few sensors that I have just purchased VRT rule subscriptions for. Up until now they were using the emerging 
threats free ruleset. They are based on Ubuntu and live behind a proxy.

I have discovered an issue with pulled pork within https via a proxy uses CONNECT method which is causing errors and 
not downloading the rules. So for the emerging threats ruleset I have switched to HTTP and it works fine.

I read somewhere that HTTP has been cut off from the VRT url “www.snort.org<http://www.snort.org/>” “ so I must use 
HTTPS. Is anyone using a rule management utility like oinkmaster on Ubuntu behind a proxy that has had success?

I can download the rules manually and inset them but with more sensors being on boarded I would prefer to have as much 
of it automated as I can.

Thanks!
Nathan

_______________________________________________
Snort-openappid mailing list
Snort-openappid () lists snort org<mailto:Snort-openappid () lists snort org>
https://lists.snort.org/mailman/listinfo/snort-openappid

Please visit http://blog.snort.org<http://blog.snort.org/> to stay current on all the latest Snort news!


_______________________________________________
Snort-users mailing list
Snort-users () lists snort org
Go to this URL to change user options or unsubscribe:
https://lists.snort.org/mailman/listinfo/snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!

Please follow these rules: https://snort.org/faq/what-is-the-mailing-list-etiquette
Previous By Date Next
Previous By Thread Next

Current thread: