Snort mailing list archives
Re: PulledPork 403 Forbidden error
From: "Kurzawa, Kevin" <kkurzawa () co pinellas fl us>
Date: Fri, 23 May 2014 13:17:52 -0400
Yes, after I provide Joel my account name it worked. My name and username were not matching which he changed to match, I believe. More might have been done, but after he contacted me, it worked fine. From: Steve Crow [mailto:scrow () amarilloheartgroup com] Sent: Friday, May 23, 2014 10:51 AM To: snort-users () lists sourceforge net Subject: Re: [Snort-users] PulledPork 403 Forbidden error Kevin, were you able to get this issue resolved? Thank you! Steve Crow From: Joel Esler (jesler) [mailto:jesler () cisco com] Sent: Friday, April 18, 2014 1:03 PM To: Kurzawa, Kevin Cc: snort-users () lists sourceforge net<mailto:snort-users () lists sourceforge net> Subject: Re: [Snort-users] PulledPork 403 Forbidden error Dear Kevin, In order to look into this issue, I am going to need your Snort.org<http://Snort.org> username and email address. Please feel free to email me directly with that information. -- Joel Esler Open Source Manager Threat Intelligence Team Lead Vulnerability Research Team On Apr 18, 2014, at 1:32 PM, Kurzawa, Kevin <kkurzawa () co pinellas fl us<mailto:kkurzawa () co pinellas fl us>> wrote: PulledPork 0.7.0 Snort 2960 Archlinux Switching over from Oinkmaster to PulledPork. I want the ability to automatically switch between the connectivity, balanced, and security rulesets easily (if this is do-able in Oinkmaster, someone please enlighten me). Running sudo pulledpork.pl -c /etc/pulledpork/pulledpork.conf -T -vv Base URL is: https://www.snort.org/reg-rules/|snortrules-snapshot-2960.tar.gz|83c886d030bc3d56e56d69488c456404xxxx Checking latest MD5 for snortrules-snapshot-2960.tar.gz.... Fetching md5sum for: snortrules-snapshot-2960.tar.gz.md5 ** GET https://www.snort.org/reg-rules/snortrules-snapshot-2960.tar.gz.md5/83c886d030bc3d56e56d69488c456404xxxx ==> 403 Forbidden (1s) A 403 error occurred, please wait for the 15 minute timeout to expire before trying again or specify the -n runtime switch You may also wish to verfiy your oinkcode, tarball name, and other configuration options Error 403 when fetching https://www.snort.org/reg-rules/snortrules-snapshot-2960.tar.gz.md5 at /usr/local/bin/pulledpork.pl line 463. main::md5file('83c886d030bc3d56e56d69488c456404xxxx ', 'snortrules-snapshot-2960.tar.gz', '/tmp/', 'https://www.snort.org/reg-rules/') called at /usr/local/bin/pulledpork.pl line 1847 If I use a base URL without the version in yells at me and tells me I have to specify it. Base URL is: https://www.snort.org/reg-rules/|snortrules-snapshot.tar.gz|83c886d030bc3d56e56d69488c456404xxxx I get this 403 error after waiting for 20 minutes, 30 minutes, whenever minutes. I verified my oinkcode, it is correct. I got the tarball name from the Snort.org<http://snort.org/> site where it references downloading via the command line. As for other configuration options, I do not know what else it could be. My pulledpork.conf file: # RULE URI #rule_url=https://www.snort.org/reg-rules/|snortrules-snapshot.tar.gz|83c886d030bc3d56e56d69488c456404xxxx rule_url=https://www.snort.org/reg-rules/|snortrules-snapshot-2960.tar.gz|83c886d030bc3d56e56d69488c456404xxxx #rule_url=http://labs.snort.org/feeds/ip-filter.blf|IPBLACKLIST|open #rule_url=https://www.snort.org/reg-rules/|opensource.gz|<oinkcode><https://www.snort.org/reg-rules/|opensource.gz|%3Coinkcode%3E> #rule_url=https://rules.emergingthreatspro.com/|emerging.rules.tar.gz|open #rule_url=https://rules.emergingthreatspro.com/|etpro.rules.tar.gz|<et oinkcode> ips_policy=security ignore=deleted.rules,experimental.rules,local.rules temp_path=/tmp rule_path=/etc/pulledpork/rules/snort.rules # out_path=/usr/local/etc/snort/rules/ local_rules=/etc/pulledpork/rules/local.rules sid_msg=/etc/pulledpork/sid-msg.map sid_msg_version=1 sid_changelog=/var/log/pulledpork/sid_changes.log # SHARED OBJECT (SO) RULES #sorule_path=/usr/local/lib/snort_dynamicrules/ snort_path=/usr/bin/snort #sostub_path= #config_path=/etc/snort/snort.conf # Define your distro, this is for the precompiled shared object libs! # Valid Distro Types: # Debian-5-0, Debian-6-0, # Ubuntu-8.04, Ubuntu-10-4 # Centos-4-8, Centos-5-4 # FC-12, FC-14, RHEL-5-5, RHEL-6-0 # FreeBSD-7-3, FreeBSD-8-1 # OpenBSD-4-8 # Slackware-13-1 #distro=FreeBSD-8.1 black_list=/etc/pulledpork/rules/default.blacklist IPRVersion=/etc/pulledpork/rules/iplists #snort_control=/usr/bin/snort_control # backup=/usr/local/etc/snort,/usr/local/etc/pulledpork,/usr/local/lib/snort_dynamicrules/ # backup_file=/tmp/pp_backup # docs=/path/to/base/www # state_order=disable,drop,enable # pid_path=/var/run/snort.pid,/var/run/barnyard.pid,/var/run/barnyard2.pid # snort_version=2.9.0.0 enablesid=/etc/pulledpork/enablesid.conf dropsid=/etc/pulledpork/dropsid.conf disablesid=/etc/pulledpork/disablesid.conf modifysid=/etc/pulledpork/modifysid.conf version=0.7.0 ------------------------------------------------------------------------------ Learn Graph Databases - Download FREE O'Reilly Book "Graph Databases" is the definitive new guide to graph databases and their applications. Written by three acclaimed leaders in the field, this first edition is now available. Download your free book today! http://p.sf.net/sfu/NeoTech_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net<mailto:Snort-users () lists sourceforge net> Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org<http://blog.snort.org/> to stay current on all the latest Snort news!
------------------------------------------------------------------------------ "Accelerate Dev Cycles with Automated Cross-Browser Testing - For FREE Instantly run your Selenium tests across 300+ browser/OS combos. Get unparalleled scalability from the best Selenium testing platform available Simple to use. Nothing to install. Get started now for free." http://p.sf.net/sfu/SauceLabs
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- PulledPork 403 Forbidden error Kurzawa, Kevin (Apr 18)
- Re: PulledPork 403 Forbidden error Joel Esler (jesler) (Apr 18)
- Re: PulledPork 403 Forbidden error Steve Crow (May 23)
- Re: PulledPork 403 Forbidden error Joel Esler (jesler) (May 23)
- Re: PulledPork 403 Forbidden error Steve Crow (May 23)
- Re: PulledPork 403 Forbidden error Kurzawa, Kevin (May 23)
- Re: PulledPork 403 Forbidden error Steve Crow (May 23)
- Re: PulledPork 403 Forbidden error Joel Esler (jesler) (Apr 18)