Snort mailing list archives
Re: 403 Error when attempting to pull rules using Pulled-Pork
From: Joel Esler <jesler () sourcefire com>
Date: Wed, 20 Feb 2013 09:06:09 -0500
Send me your oinkcode off list, and I'll look into your code. -- Joel Esler Senior Research Engineer, VRT OpenSource Community Manager Sourcefire On Wednesday, February 20, 2013 at 8:56 AM, Tamara Fisher wrote:
Thanks for the response Joel. Updated snort_version and reran after timeout expired. Getting same error. Base URL is: https://www.snort.org/sub-rules/|snortrules-snapshot.tar.gz|<my_oinkcode> Checking latest MD5 for snortrules-snapshot-2940.tar.gz.... Fetching md5sum for: snortrules-snapshot-2940.tar.gz.md5 ** GET https://www.snort.org/reg-rules/snortrules-snapshot-2940.tar.gz.md5/<my_oinkcode> ==> SSL_connect:before/connect initialization SSL_connect:SSLv2/v3 write client hello A SSL_connect:SSLv3 read server hello A SSL_connect:SSLv3 read server certificate A SSL_connect:SSLv3 read server done A SSL_connect:SSLv3 write client key exchange A SSL_connect:SSLv3 write change cipher spec A SSL_connect:SSLv3 write finished A SSL_connect:SSLv3 flush data SSL_connect:SSLv3 read server session ticket A SSL_connect:SSLv3 read finished A 403 Forbidden A 403 error occurred, please wait for the 15 minute timeout to expire before trying again or specify the -n runtime switch You may also wish to verfiy your oinkcode, tarball name, and other configuration options Error 403 when fetching https://www.snort.org/sub-rules/snortrules-snapshot-2940.tar.gz.md5 at /usr/local/bin/pulledpork.pl (http://pulledpork.pl) line 453 main::md5file('<my_oinkcode>', 'snortrules-snapshot-2940.tar.gz', '/tmp/', 'https://www.snort.org/sub-rules/') called at /usr/local/bin/pulledpork.pl (http://pulledpork.pl) line 1758 On Wed, Feb 20, 2013 at 8:46 AM, Joel Esler <jesler () sourcefire com (mailto:jesler () sourcefire com)> wrote:Add a 0 to the end of the "294" line. 2940.tar.gz. It'll work. -- Joel Esler Senior Research Engineer, VRT OpenSource Community Manager Sourcefire On Wednesday, February 20, 2013 at 8:41 AM, Tamara Fisher wrote:Hi. I'm having issues when attempting to fetch subscriber rules and have questions. I use the following rule path: https://www.snort.org/sub-rules/|snortrules-snapshot.tar.gz| (https://www.snort.org/sub-rules/%7Csnortrules-snapshot.tar.gz%7C)<my_oinkcode> but I notice that the GET request that is submitted is: GET https://www.snort.org/reg-rules/snortrules-snapshot-294.tar.gz.md5/<my_oinkcode> ==> SSL_connect:before/connect initialization Is it normal that the rule path shows sub-rules and GET request shows reg-rules? Can anyone see any issues with my config or have any suggestions? I have checked that ca-certificates is installed and updated. I continue to wait 30 minutes between attempts, reconfigs and re-attempts but having same 403 error each time. Google is no longer helpful. Any help appreciated. My extra verbose error: Config File Variable Debug /etc/snort/pulledpork.conf snort_path = /usr/local/bin/snort enablesid = /etc/snort/enablesid.conf modifysid = /etc/snort/modifysid.conf rule_path = /etc/snort/rules/snort.rules ignore = deleted.rules,experimental.rules,local.rules rule_url = ARRAY(0x22e5400) snort_version = 2.9.4 sid_changelog = /var/log/sid_changes.log sid_msg = /etc/snort/sid-msg.map ips_policy = security config_path = /etc/snort/snort.conf sostub_path = /etc/snort/so_rules temp_path = /tmp distro = RHEL-6.0 version = 0.6.0 sorule_path = /usr/local/lib/snort_dynamicrules/ disablesid = /etc/snort/disablesid.conf local_rules = /etc/snort/rules/local.rules MISC (CLI and Autovar) Variable Debug: arch Def is: x86-64 Config Path is: /etc/snort/pulledpork.conf Distro Def is: RHEL-6.0 security policy specified local.rules path is: /etc/snort/rules/local.rules Rules file is: /etc/snort/rules/snort.rules Path to disablesid file: /etc/snort/disablesid.conf Path to enablesid file: /etc/snort/enablesid.conf Path to modifysid file: /etc/snort/modifysid.conf sid changes will be logged to: /var/log/sid_changes.log sid-msg.map Output Path is: /etc/snort/sid-msg.map Snort Version is: 2.9.4 Snort Config File: /etc/snort/snort.conf Snort Path is: /usr/local/bin/snort SO Output Path is: /usr/local/lib/snort_dynamicrules/ SO Stub File is: /etc/snort/so_rules Extra Verbose Flag is Set Verbose Flag is Set Base URL is: https://www.snort.org/sub-rules/|snortrules-snapshot.tar.gz| (https://www.snort.org/sub-rules/%7Csnortrules-snapshot.tar.gz%7C)<my_oinkcode> Checking latest MD5 for snortrules-snapshot-294.tar.gz.... Fetching md5sum for: snortrules-snapshot-294.tar.gz.md5 ** GET https://www.snort.org/reg-rules/snortrules-snapshot-294.tar.gz.md5/<my_oinkcode> ==> SSL_connect:before/connect initialization SSL_connect:SSLv2/v3 write client hello A SSL_connect:SSLv3 read server hello A SSL_connect:SSLv3 read server certificate A SSL_connect:SSLv3 read server done A SSL_connect:SSLv3 write client key exchange A SSL_connect:SSLv3 write change cipher spec A SSL_connect:SSLv3 write finished A SSL_connect:SSLv3 flush data SSL_connect:SSLv3 read server session ticket A SSL_connect:SSLv3 read finished A 403 Forbidden A 403 error occurred, please wait for the 15 minute timeout to expire before trying again or specify the -n runtime switch You may also wish to verfiy your oinkcode, tarball name, and other configuration options Error 403 when fetching https://www.snort.org/sub-rules/snortrules-snapshot-294.tar.gz.md5 at /usr/local/bin/pulledpork.pl (http://pulledpork.pl) line 453 main::md5file('<my_oinkcode>', 'snortrules-snapshot-294.tar.gz', '/tmp/', 'https://www.snort.org/sub-rules/') called at /usr/local/bin/pulledpork.pl (http://pulledpork.pl) line 1758 ------------------------------------------------------------------------------ Everyone hates slow websites. So do we. Make your web apps faster with AppDynamics Download AppDynamics Lite for free today: http://p.sf.net/sfu/appdyn_d2d_feb _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net (mailto:Snort-users () lists sourceforge net) Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!------------------------------------------------------------------------------ Everyone hates slow websites. So do we. Make your web apps faster with AppDynamics Download AppDynamics Lite for free today: http://p.sf.net/sfu/appdyn_d2d_feb _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net (mailto:Snort-users () lists sourceforge net) Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
------------------------------------------------------------------------------ Everyone hates slow websites. So do we. Make your web apps faster with AppDynamics Download AppDynamics Lite for free today: http://p.sf.net/sfu/appdyn_d2d_feb
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- 403 Error when attempting to pull rules using Pulled-Pork Tamara Fisher (Feb 20)
- Re: 403 Error when attempting to pull rules using Pulled-Pork Joel Esler (Feb 20)
- Re: 403 Error when attempting to pull rules using Pulled-Pork Tamara Fisher (Feb 20)
- Re: 403 Error when attempting to pull rules using Pulled-Pork Joel Esler (Feb 20)
- Re: 403 Error when attempting to pull rules using Pulled-Pork Tamara Fisher (Feb 20)
- Re: 403 Error when attempting to pull rules using Pulled-Pork Joel Esler (Feb 20)