Snort mailing list archives
PulledPork 403 Forbidden error
From: "Kurzawa, Kevin" <kkurzawa () co pinellas fl us>
Date: Fri, 18 Apr 2014 13:32:48 -0400
PulledPork 0.7.0 Snort 2960 Archlinux Switching over from Oinkmaster to PulledPork. I want the ability to automatically switch between the connectivity, balanced, and security rulesets easily (if this is do-able in Oinkmaster, someone please enlighten me). Running sudo pulledpork.pl -c /etc/pulledpork/pulledpork.conf -T -vv Base URL is: https://www.snort.org/reg-rules/|snortrules-snapshot-2960.tar.gz|83c886d030bc3d56e56d69488c456404xxxx Checking latest MD5 for snortrules-snapshot-2960.tar.gz.... Fetching md5sum for: snortrules-snapshot-2960.tar.gz.md5 ** GET https://www.snort.org/reg-rules/snortrules-snapshot-2960.tar.gz.md5/83c886d030bc3d56e56d69488c456404xxxx ==> 403 Forbidden (1s) A 403 error occurred, please wait for the 15 minute timeout to expire before trying again or specify the -n runtime switch You may also wish to verfiy your oinkcode, tarball name, and other configuration options Error 403 when fetching https://www.snort.org/reg-rules/snortrules-snapshot-2960.tar.gz.md5 at /usr/local/bin/pulledpork.pl line 463. main::md5file('83c886d030bc3d56e56d69488c456404xxxx ', 'snortrules-snapshot-2960.tar.gz', '/tmp/', 'https://www.snort.org/reg-rules/') called at /usr/local/bin/pulledpork.pl line 1847 If I use a base URL without the version in yells at me and tells me I have to specify it. Base URL is: https://www.snort.org/reg-rules/|snortrules-snapshot.tar.gz|83c886d030bc3d56e56d69488c456404xxxx I get this 403 error after waiting for 20 minutes, 30 minutes, whenever minutes. I verified my oinkcode, it is correct. I got the tarball name from the Snort.org site where it references downloading via the command line. As for other configuration options, I do not know what else it could be. My pulledpork.conf file: # RULE URI #rule_url=https://www.snort.org/reg-rules/|snortrules-snapshot.tar.gz|83c886d030bc3d56e56d69488c456404xxxx rule_url=https://www.snort.org/reg-rules/|snortrules-snapshot-2960.tar.gz|83c886d030bc3d56e56d69488c456404xxxx #rule_url=http://labs.snort.org/feeds/ip-filter.blf|IPBLACKLIST|open #rule_url=https://www.snort.org/reg-rules/|opensource.gz|<oinkcode> #rule_url=https://rules.emergingthreatspro.com/|emerging.rules.tar.gz|open #rule_url=https://rules.emergingthreatspro.com/|etpro.rules.tar.gz|<et oinkcode> ips_policy=security ignore=deleted.rules,experimental.rules,local.rules temp_path=/tmp rule_path=/etc/pulledpork/rules/snort.rules # out_path=/usr/local/etc/snort/rules/ local_rules=/etc/pulledpork/rules/local.rules sid_msg=/etc/pulledpork/sid-msg.map sid_msg_version=1 sid_changelog=/var/log/pulledpork/sid_changes.log # SHARED OBJECT (SO) RULES #sorule_path=/usr/local/lib/snort_dynamicrules/ snort_path=/usr/bin/snort #sostub_path= #config_path=/etc/snort/snort.conf # Define your distro, this is for the precompiled shared object libs! # Valid Distro Types: # Debian-5-0, Debian-6-0, # Ubuntu-8.04, Ubuntu-10-4 # Centos-4-8, Centos-5-4 # FC-12, FC-14, RHEL-5-5, RHEL-6-0 # FreeBSD-7-3, FreeBSD-8-1 # OpenBSD-4-8 # Slackware-13-1 #distro=FreeBSD-8.1 black_list=/etc/pulledpork/rules/default.blacklist IPRVersion=/etc/pulledpork/rules/iplists #snort_control=/usr/bin/snort_control # backup=/usr/local/etc/snort,/usr/local/etc/pulledpork,/usr/local/lib/snort_dynamicrules/ # backup_file=/tmp/pp_backup # docs=/path/to/base/www # state_order=disable,drop,enable # pid_path=/var/run/snort.pid,/var/run/barnyard.pid,/var/run/barnyard2.pid # snort_version=2.9.0.0 enablesid=/etc/pulledpork/enablesid.conf dropsid=/etc/pulledpork/dropsid.conf disablesid=/etc/pulledpork/disablesid.conf modifysid=/etc/pulledpork/modifysid.conf version=0.7.0
------------------------------------------------------------------------------ Learn Graph Databases - Download FREE O'Reilly Book "Graph Databases" is the definitive new guide to graph databases and their applications. Written by three acclaimed leaders in the field, this first edition is now available. Download your free book today! http://p.sf.net/sfu/NeoTech
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- PulledPork 403 Forbidden error Kurzawa, Kevin (Apr 18)
- Re: PulledPork 403 Forbidden error Joel Esler (jesler) (Apr 18)
- Re: PulledPork 403 Forbidden error Steve Crow (May 23)
- Re: PulledPork 403 Forbidden error Joel Esler (jesler) (May 23)
- Re: PulledPork 403 Forbidden error Steve Crow (May 23)
- Re: PulledPork 403 Forbidden error Kurzawa, Kevin (May 23)
- Re: PulledPork 403 Forbidden error Steve Crow (May 23)
- Re: PulledPork 403 Forbidden error Joel Esler (jesler) (Apr 18)