Snort mailing list archives

Previous By Date Next
Previous By Thread Next

pulledpork help

From: "Tony Reusser" <treusser () filertel com>
Date: Fri, 12 Oct 2012 12:03:34 -0600
My snort box:

 

CentOS 6.3

Snort vers 2.9.3

Standard barnyard/pulledpork/mysql/BASE setup

 

I'm fairly new to Snort.  I've had it up and running for a couple of months
now.  About a month ago I downloaded the 2930 ruleset and successfully
installed it using pulledpork.  I am not a subscriber, so I only get the
'registered user' rulesets 30 days late.  I'm fine with that as this whole
thing is a learning process for me anyway.

 

Because of that, I download the rule tarballs manually and place them in my
/tmp folder on the snort machine.  I run pulledpork with the /n option to
process without downloading.  With the latest rule tarball in /tmp, this
should work right?  It seemed to function properly with 2930.  However, now
that I've downloaded the 2931 ruleset, I get the following error when I run
pulledpork.  Why is it still looking for the 2930 file?  I'm not a PERL guy,
but line 1798 just refers to a variable $rule_file.  Where is this actually
defined?  And why doesn't it reflect the current rule tarball file I have?

 

Any help would be appreciated.

 

                -Tony Reusser

 

 

[root@briareos pp]# ./pulledpork.pl -c ./etc/pulledpork.conf -E -n

 

    http://code.google.com/p/pulledpork/

      _____ ____

     `----,\    )

      `--==\\  /    PulledPork v0.6.1 the Smoking Pig <////~

       `--==\\/

     .-~~~~-.Y|\\_  Copyright (C) 2009-2011 JJ Cummings

  @_/        /  66\_  cummingsj () gmail com

    |    \   \   _(")

     \   /-| ||'--'  Rules give me wings!

      \_\  \_\\

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

file /tmp//snortrules-snapshot-2930.tar.gz does not exist!

at ./pulledpork.pl line 1798

 

 

file listing of /tmp:

[root@briareos pp]# ls -al /tmp

total 23280

drwxrwxrwt. 13 root     root         4096 Oct 12 11:39 .

dr-xr-xr-x. 26 root     root         4096 Oct 12 11:04 ..

-rw-r--r--.  1 root     root      1272869 Oct 12 09:32 emerging.rules.tar.gz

-rw-r--r--.  1 root     root            0 Oct 12 10:53 etpro.rules.tar.gz

srwxrwxr-x.  1 notroot  notroot         0 Jul 31 11:46
gnome-system-monitor.treusser.2837431554

drwxrwxrwt.  2 root     root         4096 Oct 12 11:05 .ICE-unix

drwx------.  2 gdm      gdm          4096 Oct 12 11:06 orbit-gdm

-rw-rw-r--.  1 notroot  notroot  22487562 Oct 12 11:19
snortrules-snapshot-2931.tar.gz

-r--r--r--.  1 root     root           11 Oct 12 11:05 .X0-lock

drwxrwxrwt.  2 root     root         4096 Oct 12 11:05 .X11-unix

-r--r--r--.  1 notroot  notroot        11 Oct 12 11:05 .X1-lock

-rw-------.  1 root     root         1671 Oct  3 15:24
yum_save_tx-2012-10-03-15-24H0Dg_g.yumtx

-rw-------.  1 root     root         3856 Oct  8 08:56
yum_save_tx-2012-10-08-08-56ONmnWM.yumtx

-rw-------.  1 root     root         1204 Oct 11 11:20
yum_save_tx-2012-10-11-11-20aPV3jH.yumtx


------------------------------------------------------------------------------
Don't let slow site performance ruin your business. Deploy New Relic APM
Deploy New Relic app performance management and know exactly
what is happening inside your Ruby, Python, PHP, Java, and .NET app
Try New Relic at no cost today and get our sweet Data Nerd shirt too!
http://p.sf.net/sfu/newrelic-dev2dev
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!
Previous By Date Next
Previous By Thread Next

Current thread: