Snort mailing list archives

Re: Using PP

From: "Michael Steele" <michaels () winsnort com>
Date: Thu, 13 Sep 2012 12:05:30 -0400

Pulledpork.pl has a list of packages it uses not too far down in the code
with 'use' if front of the packages. I believe Perl will throw an error if
any are missing.

 

Kindest regards,

Michael...

 

WINSNORT.com Management

--

****************** Established ~ 2001 *******************

*          Visit Us @  <http://www.winsnort.com> http://www.winsnort.com
*

*      ~~ FREE WinIDS Snort installation guides ~~      *

*               ~~ FREE support forums ~~               *

* Snort: Open Source Network IDS -  <http://www.snort.org>
http://www.snort.org *

*********************************************************

 

From: John York [mailto:YorkJ () brcc edu] 
Sent: Thursday, September 13, 2012 11:04 AM
To: 'Pratik Narang'; Heine Lysemose
Cc: snort-users () lists sourceforge net
Subject: Re: [Snort-users] Using PP

 

You are missing some perl modules.  If you are using Ubuntu, the quickest
way to get them is this:

 

sudo apt-get install libssl-dev libcrypt-ssleay-perl libio-all-lwp-perl

 

Otherwise you can test your Fu with CPAN.  See the part in
http://code.google.com/p/pulledpork/wiki/FAQ about LWP::Simple

 

Thanks

John

 

From: Pratik Narang [mailto:pratik.cse.bits () gmail com] 
Sent: Thursday, September 13, 2012 5:15 AM
To: Heine Lysemose
Cc: snort-users () lists sourceforge net
Subject: Re: [Snort-users] Using PP

 

With 'sudo', it says:

sudo /usr/local/bin/pulledpork.pl -c
/usr/local/snort/etc/pulledpork/pulledpork.conf -C
/usr/local/snort/etc/snort.conf -I security

Can't locate Crypt/SSLeay.pm in @INC (@INC contains: /etc/perl
/usr/local/lib/perl/5.14.2 /usr/local/share/perl/5.14.2 /usr/lib/perl5
/usr/share/perl5 /usr/lib/perl/5.14 /usr/share/perl/5.14
/usr/local/lib/site_perl .) at /usr/local/bin/pulledpork.pl line 28.

BEGIN failed--compilation aborted at /usr/local/bin/pulledpork.pl line 28.

 

 

On Thu, Sep 13, 2012 at 1:46 PM, Heine Lysemose <lysemose () gmail com> wrote:

Hi

Try running the command with sudo.
sudo /usr/local/bin/pulledpork.pl -c
/usr/local/snort/etc/pulledpork/pulledpork.conf -C
/usr/local/snort/etc/snort.conf -I security

/Lysemose



On Thu, Sep 13, 2012 at 9:11 AM, Pratik Narang <pratik.cse.bits () gmail com>
wrote:

Well on the advice of few Snort experts on the list I decided to start

using

Pulled Pork.
But I couldn't really make it run yet! Here's the dump from the console.

Any

help will be appreciated...

$  /usr/local/bin/pulledpork.pl -c
/usr/local/snort/etc/pulledpork/pulledpork.conf -C
/usr/local/snort/etc/snort.conf -I security
 
    http://code.google.com/p/pulledpork/
      _____ ____
     `----,\    )
      `--==\\  /    PulledPork v0.6.1 the Smoking Pig <////~
       `--==\\/
     .-~~~~-.Y|\\_  Copyright (C) 2009-2011 JJ Cummings
  @_/        /  66\_  cummingsj () gmail com
    |    \   \   _(")
     \   /-| ||'--'  Rules give me wings!
      \_\  \_\\
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Can't create /usr/local/snort/etc/pulledpork/so_rules.rules - Permission
denied
 at /usr/local/bin/pulledpork.pl line 1548
readline() on closed filehandle FH at /usr/local/bin/pulledpork.pl line
1327.
Checking latest MD5 for snortrules-snapshot-2931.tar.gz....
No such file or directory at /usr/local/bin/pulledpork.pl line 457
main::md5file('c475af39408e0e7ad0f4f6d961543b1e7b989c3b',
'snortrules-snapshot-2931.tar.gz', '/usr/local/snort/tmp/',
'https://www.snort.org/reg-rules/&apos;) called at /usr/local/bin/pulledpork.pl
line 1758

----------------------------------------------------------------------------
--

Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and
threat landscape has changed and how IT managers can respond. Discussions
will include endpoint security, mobile security and the latest in malware
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort
news!

------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and 
threat landscape has changed and how IT managers can respond. Discussions 
will include endpoint security, mobile security and the latest in malware 
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!

Current thread:

Using PP Pratik Narang (Sep 13)
- Re: Using PP Heine Lysemose (Sep 13)
  - Re: Using PP Pratik Narang (Sep 13)
    - Re: Using PP Heine Lysemose (Sep 13)
    - Re: Using PP Pratik Narang (Sep 13)
    - Re: Using PP Peter Bates (Sep 13)
    - Re: Using PP John York (Sep 13)
    - Re: Using PP Michael Steele (Sep 13)