Snort mailing list archives

Re: Pulled Pork - 403 error for subscriber

From: Teo En Ming <teo.en.ming () gmail com>
Date: Tue, 8 Apr 2014 03:56:08 +0800

Dear Steven,

You need to be a registered user to download Snort rules
(snortrules-snapshot-2960.tar.
gz) and its md5 checksum file (snortrules-snapshot-2960.tar.
gz.md5). You need to create an account at the Snort official website and
log in to download all these files. A log in to the Snort server is
required. That is why you are experiencing a 403 Forbidden error with
pulled-pork. The pulled-pork perl script cannot log in to the Snort server
with your username and password and the md5 checksum file may not be
available on the Snort server.

Teo En Ming
.


On Tue, Apr 8, 2014 at 3:34 AM, Vona, Steven A CIV NSWCCD Philadelphia,
34117 <steven.vona () navy mil> wrote:

Hello,
I have a current subscription for the latest snort rules but seem to be
having issues with pulled pork.  I was unable to get any help from the
pulled pork user group and was hoping I can get some here.

I receive a 403 error everytime I try to run pulled pork.  Verbose output
below (some information was changed for security reasons).

/usr/local/bin/pulledpork.pl -c /etc/snort/pulledpork.conf -vv

    http://code.google.com/p/pulledpork/
      _____ ____
     `----,\    )
      `--==\\  /    PulledPork v0.7.0 - Swine Flu!
       `--==\\/
     .-~~~~-.Y|\\_  Copyright (C) 2009-2013 JJ Cummings
  @_/        /  66\_  cummingsj () gmail com
    |    \   \   _(")
     \   /-| ||'--'  Rules give me wings!
      \_\  \_\\
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Config File Variable Debug /etc/snort/pulledpork.conf
        snort_path = /usr/local/bin/snort
        black_list = /etc/snort/rules/iplists/default.blacklist
        IPRVersion = /etc/snort/rules/iplists
        rule_path = /etc/snort/rules/snort.rules
        ignore = deleted.rules,experimental.rules,local.rules
        snort_control = /usr/local/bin/snort_control
        rule_url = ARRAY(0x125f388)
        sid_msg_version = 1
        sid_changelog = /var/log/sid_changes.log
        sid_msg = /etc/snort/sid-msg.map
        config_path = /etc/snort/snort.conf
        temp_path = /tmp
        distro = RHEL-6-0
        version = 0.7.0
        sorule_path = /usr/local/lib/snort_dynamicrules/
        out_path = /etc/snort/rules/
        local_rules = /etc/snort/rules/local.rules
MISC (CLI and Autovar) Variable Debug:
        arch Def is: x86-64
        Config Path is: /etc/snort/pulledpork.conf
        Distro Def is: RHEL-6-0
        Disabled policy specified
        local.rules path is: /etc/snort/rules/local.rules
        Rules file is: /etc/snort/rules/snort.rules
        sid changes will be logged to: /var/log/sid_changes.log
        sid-msg.map Output Path is: /etc/snort/sid-msg.map
        Snort Version is: 2.9.6.0
        Snort Config File: /etc/snort/snort.conf
        Snort Path is: /usr/local/bin/snort
        SO Output Path is: /usr/local/lib/snort_dynamicrules/
        Will process SO rules
        Extra Verbose Flag is Set
        Verbose Flag is Set
        Base URL is:
http://www.snort.org/reg-rules/|snortrules-snapshot.tar.gz|<MY OINKCODE>


MY HTTPS PROXY = http://webcache.mydomain.com:80


MY HTTP PROXY = http://webcache.mydomain.com:80
Checking latest MD5 for snortrules-snapshot-2960.tar.gz....
        Fetching md5sum for: snortrules-snapshot-2960.tar.gz.md5
** GET
https://www.snort.org/reg-rules/snortrules-snapshot-2960.tar.gz.md5/<MY
OINKCODE> ==> 403 Access Denied
        A 403 error occurred, please wait for the 15 minute timeout
        to expire before trying again or specify the -n runtime switch
        You may also wish to verfiy your oinkcode, tarball name, and other
configuration options
        Error 403 when fetching
http://www.snort.org/reg-rules/snortrules-snapshot-2960.tar.gz.md5 at
/usr/local/bin/pulledpork.pl line 463
        main::md5file('<MY OINKCODE>', 'snortrules-snapshot-2960.tar.gz',
'/tmp/', 'http://www.snort.org/reg-rules/&apos;) called at /usr/local/bin/
pulledpork.pl line 1847


------------------------------------------------------------------------------
Put Bad Developers to Shame
Dominate Development with Jenkins Continuous Integration
Continuously Automate Build, Test & Deployment
Start a new project now. Try Jenkins in the cloud.
http://p.sf.net/sfu/13600_Cloudbees
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest
Snort news!

------------------------------------------------------------------------------
Put Bad Developers to Shame
Dominate Development with Jenkins Continuous Integration
Continuously Automate Build, Test & Deployment 
Start a new project now. Try Jenkins in the cloud.
http://p.sf.net/sfu/13600_Cloudbees

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!

Current thread:

Pulled Pork - 403 error for subscriber Vona, Steven A CIV NSWCCD Philadelphia, 34117 (Apr 07)
- Re: Pulled Pork - 403 error for subscriber Teo En Ming (Apr 07)
  - Re: Pulled Pork - 403 error for subscriber Vona, Steven A CIV NSWCCD Philadelphia, 34117 (Apr 07)
    - Re: Pulled Pork - 403 error for subscriber Joe Evango (Apr 07)
    - Re: Pulled Pork - 403 error for subscriber Vona, Steven A CIV NSWCCD Philadelphia, 34117 (Apr 07)
    - Re: Pulled Pork - 403 error for subscriber Joel Esler (jesler) (Apr 07)