Re: manual update of rules using pulledpork

[tadios tefera <ttefera () gmail com>]

Thanks JJC, that worked!
 On Jul 12, 2012 1:41 AM, "JJC" <cummingsj () gmail com> wrote:

> You have to pull the file from a URL, otherwise simply bypass this process
> by copying the tarball to the "temp" location that you have specified
> pulledpork to use, that would be "c:\windows\temp" in your case.  Once you
> copy that file to the specified location run pulledpork with the nodownload
> flag.. make sense?
>
> JJC
>
> On Wed, Jul 11, 2012 at 2:29 PM, tadios tefera <ttefera () gmail com> wrote:
>
> > Hi all,
> >
> > As my snort box is not connected to the internet, I need to be able to
> > update rules using pulledpork but only mannually.
> > By that I mean i will be downloading snortrules-snapshot-2923.tar.gz file
> > to my D drive, then have pulledpork grab it from D drive as opposed to
> > going to https://www.snort.org/reg-rules...
> > Is that possible?
> >
> > When doing what I described above, the error I am getting is:
> >
> > *** GET c:%5Cwin-ids%5Csnort%5Crules%5C/snortrules-snapshot-2923.tar.gz
> > ==> 500 A
> > ccess to 'c' URIs has been disabled
> > A 500 error occurred, please verify that you have recently updated your
> > root certificates!*
> >
> > The whole output is below.
> >
> > Thanks
> >
> > Tad.
> >
> >
> > Config File Variable Debug c:\win-ids\pulledpork\etc\pulledpork.conf
> >         temp_path = c:\windows\temp
> >         version = 0.6.0
> >         rule_path = c:\win-ids\snort\rules\winids.rules
> >         ignore = deleted.rules,experimental.rules,local.rules
> >         rule_url = ARRAY(0x2d1136c)
> >         snort_version = 2.9.2.3
> >         sid_changelog = c:\win-ids\snort\log\sid_changes.log
> >         sid_msg = c:\win-ids\snort\etc\sid-msg.map
> >         local_rules = c:\win-ids\snort\rules\local.rules
> >         docs = \\lv8civweb\c$\inetpub\wwwroot\snort_base\signatures
> > Use of uninitialized value $Snort_path in -B at
> > c:\win-ids\pulledpork\pulledpork
> > .pl line 1565.
> > 'uname' is not recognized as an internal or external command,
> > operable program or batch file.
> > MISC (CLI and Autovar) Variable Debug:
> >         Config Path is: c:\win-ids\pulledpork\etc\pulledpork.conf
> >         Docs Reference Location is:
> > \\lv8civweb-01\c$\inetpub\wwwroot\snort_ba
> > se\signatures
> >         Disabled policy specified
> >         local.rules path is: c:\win-ids\snort\rules\local.rules
> >         Rules file is: c:\win-ids\snort\rules\winids.rules
> >         sid changes will be logged to:
> > c:\win-ids\snort\log\sid_changes.log
> >         sid-msg.map Output Path is: c:\win-ids\snort\etc\sid-msg.map
> >         Snort Version is: 2.9.2.3
> >         Text Rules only Flag is Set
> >         Verbose Flag is Set
> >         Base URL is:
> > c:\win-ids\snort\rules\|snortrules-snapshot-2923.tar.gz|<75
> > 65f2172c3399402aead7c8cd20b8985d1974c0>
> > Rules tarball download of snortrules-snapshot-2923.tar.gz....
> >         Fetching rules file: snortrules-snapshot-2923.tar.gz
> > But not verifying MD5
> > *** GET c:%5Cwin-ids%5Csnort%5Crules%5C/snortrules-snapshot-2923.tar.gz
> > ==> 500 A
> > ccess to 'c' URIs has been disabled
> >         A 500 error occurred, please verify that you have recently
> > updated your
> > root certificates!*
> >
> >
> > ------------------------------------------------------------------------------
> > Live Security Virtual Conference
> > Exclusive live event will cover all the ways today's security and
> > threat landscape has changed and how IT managers can respond. Discussions
> > will include endpoint security, mobile security and the latest in malware
> > threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
> > _______________________________________________
> > Snort-users mailing list
> > Snort-users () lists sourceforge net
> > Go to this URL to change user options or unsubscribe:
> > https://lists.sourceforge.net/lists/listinfo/snort-users
> > Snort-users list archive:
> > http://www.geocrawler.com/redir-sf.php3?list=snort-users
> >
> > Please visit http://blog.snort.org to stay current on all the latest
> > Snort news!
------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and 
threat landscape has changed and how IT managers can respond. Discussions 
will include endpoint security, mobile security and the latest in malware 
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!