Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: 403 Error from PulledPork

From: "Rick Darsey" <rdarsey () ne-tel com>
Date: Fri, 23 May 2014 15:39:03 -0500
Steve,

I was able to resolve this by putting the version of snort in the
pulledpork.conf file that matches the currently available registered
user download, i.e. 2.9.6.0.  This is not a fix, just a work around.

Thank you,

Rick



-----Original Message-----
From: Steve Crow [mailto:scrow () amarilloheartgroup com] 
Sent: Friday, May 23, 2014 9:55 AM
To: snort-users () lists sourceforge net
Subject: Re: [Snort-users] 403 Error from PulledPork

Did you find an answer to this problem? I have the same problem.
Thanks!

Steve Crow

-----Original Message-----
From: Rick Darsey [mailto:rdarsey () ne-tel com]
Sent: Wednesday, April 30, 2014 4:58 PM
To: snort-users () lists sourceforge net
Subject: [Snort-users] 403 Error from PulledPork

I am attempting to configure my Snort server to use pulledpork.  I am a
registered user.  When I run pulledpork I receive a 403 error not matter
how long I wait.  See the output below. 


    http://code.google.com/p/pulledpork/
      _____ ____
     `----,\    )
      `--==\\  /    PulledPork v0.7.0 - Swine Flu!
       `--==\\/
     .-~~~~-.Y|\\_  Copyright (C) 2009-2013 JJ Cummings
  @_/        /  66\_  cummingsj () gmail com
    |    \   \   _(")
     \   /-| ||'--'  Rules give me wings!
      \_\  \_\\
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Config File Variable Debug
/usr/local/snort/pulledpork/etc/pulledpork.conf
        snort_path = /usr/local/snort/bin/snort
        black_list = /usr/local/snort/rules/black_list.rules
        distro = FreeBSD-8.1
        temp_path = /tmp
        version = 0.7.0
        sorule_path = /usr/local/snort/so_rules
        IPRVersion = /usr/local/snort/rules/
        rule_path = /usr/local/snort/rules/snort.rules
        ignore = deleted.rules,experimental.rules,local.rules
        rule_url = ARRAY(0x903e43c)
        sid_msg_version = 1
        sid_changelog = /var/log/sid_changes.log
        sid_msg = /usr/local/snort/sid-msg.map
        local_rules = /usr/local/snort/rules/local.rules
        config_path = /usr/local/snort/etc/snort.conf MISC (CLI and
Autovar) Variable Debug:
        arch Def is: i386
        Config Path is: /usr/local/snort/pulledpork/etc/pulledpork.conf
        Distro Def is: FreeBSD-8.1
        Disabled policy specified
        local.rules path is: /usr/local/snort/rules/local.rules
        Rules file is: /usr/local/snort/rules/snort.rules
        sid changes will be logged to: /var/log/sid_changes.log
        sid-msg.map Output Path is: /usr/local/snort/sid-msg.map
        Snort Version is: 2.9.6.1
        Snort Config File: /usr/local/snort/etc/snort.conf
        Snort Path is: /usr/local/snort/bin/snort
        SO Output Path is: /usr/local/snort/so_rules/
        Will process SO rules
        Extra Verbose Flag is Set
        Verbose Flag is Set
        Base URL is:
http://www.snort.org/reg-rules/|snortrules-snapshot.tar.gz|6ed4deb7de7f9
ed0b3311a45278cd5aaba818130
https://s3.amazonaws.com/snort-org/www/rules/community/|community-rules.
tar.gz|Community
http://labs.snort.org/feeds/ip-filter.blf|IPBLACKLIST|open
https://www.snort.org/reg-rules/|opensource.gz|6ed4deb7de7f9ed0b3311a452
78cd5aaba818130
Checking latest MD5 for snortrules-snapshot-2961.tar.gz....
        Fetching md5sum for: snortrules-snapshot-2961.tar.gz.md5
** GET
https://www.snort.org/reg-rules/snortrules-snapshot-2961.tar.gz.md5/6ed4
deb7de7f9ed0b3311a45278cd5aaba818130 ==> 403 Forbidden (2s)
        A 403 error occurred, please wait for the 15 minute timeout
        to expire before trying again or specify the -n runtime switch
        You may also wish to verfiy your oinkcode, tarball name, and
other configuration options
        Error 403 when fetching
http://www.snort.org/reg-rules/snortrules-snapshot-2961.tar.gz.md5 at
/usr/local/snort/pulledpork/pulledpork.pl line 463
        main::md5file('6ed4deb7de7f9ed0b3311a45278cd5aaba818130',
'snortrules-snapshot-2961.tar.gz', '/tmp/',
'http://www.snort.org/reg-rules/&apos;) called at
/usr/local/snort/pulledpork/pulledpork.pl line 1847

I have checked everything that I know of and cannot find the cause of
the
403 error.

Thank you,



Rick Darsey
Director of Network Operations
NortheastTel


------------------------------------------------------------------------
----
--
"Accelerate Dev Cycles with Automated Cross-Browser Testing - For FREE
Instantly run your Selenium tests across 300+ browser/OS combos.  Get
unparalleled scalability from the best Selenium testing platform
available.
Simple to use. Nothing to install. Get started now for free."
http://p.sf.net/sfu/SauceLabs
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest
Snort news!


------------------------------------------------------------------------
------
"Accelerate Dev Cycles with Automated Cross-Browser Testing - For FREE
Instantly run your Selenium tests across 300+ browser/OS combos.
Get unparalleled scalability from the best Selenium testing platform
available Simple to use. Nothing to install. Get started now for free."
http://p.sf.net/sfu/SauceLabs
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest
Snort news!

------------------------------------------------------------------------------
"Accelerate Dev Cycles with Automated Cross-Browser Testing - For FREE
Instantly run your Selenium tests across 300+ browser/OS combos.
Get unparalleled scalability from the best Selenium testing platform available
Simple to use. Nothing to install. Get started now for free."
http://p.sf.net/sfu/SauceLabs
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!
Previous By Date Next
Previous By Thread Next

Current thread: