Snort mailing list archives

Re: Pulled Pork - 403 error for subscriber

From: "Vona, Steven A CIV NSWCCD Philadelphia, 34117" <steven.vona () navy mil>
Date: Mon, 7 Apr 2014 21:28:54 +0000

I have verified this by copying it into a browser window and it works fine.

Thanks
-steve

-----Original Message-----
From: Joe Evango [mailto:Joe.Evango () annaslinens com] 
Sent: Monday, April 07, 2014 4:31 PM
To: Vona, Steven A CIV NSWCCD Philadelphia, 34117
Cc: snort-users () lists sourceforge net
Subject: RE: [Snort-users] Pulled Pork - 403 error for subscriber

The site will return a 403 error if your oinkcode isn't entered correctly. Disregard if you have already verified this.

-Joe

-----Original Message-----
From: Vona, Steven A CIV NSWCCD Philadelphia, 34117 [mailto:steven.vona () navy mil] 
Sent: Monday, April 07, 2014 12:58 PM
To: Teo En Ming
Cc: snort-users () lists sourceforge net
Subject: Re: [Snort-users] Pulled Pork - 403 error for subscriber

I am a registered user and I also have an oinkcode in order to download the VRT rules.  

Am I misunderstanding you?

Steve

-----Original Message-----
From: Teo En Ming [mailto:teo.en.ming () gmail com] 
Sent: Monday, April 07, 2014 3:56 PM
To: Vona, Steven A CIV NSWCCD Philadelphia, 34117
Cc: snort-users () lists sourceforge net; Teo En Ming
Subject: Re: [Snort-users] Pulled Pork - 403 error for subscriber

Dear Steven,


You need to be a registered user to download Snort rules (snortrules-snapshot-2960.tar.
gz) and its md5 checksum file (snortrules-snapshot-2960.tar.
gz.md5). You need to create an account at the Snort official website and log in to download all these files. A log in 
to the Snort server is required. That is why you are experiencing a 403 Forbidden error with pulled-pork. The 
pulled-pork perl script cannot log in to the Snort server with your username and password and the md5 checksum file may 
not be available on the Snort server.


Teo En Ming

. 



On Tue, Apr 8, 2014 at 3:34 AM, Vona, Steven A CIV NSWCCD Philadelphia, 34117 <steven.vona () navy mil> wrote:


        Hello,
        I have a current subscription for the latest snort rules but seem to be having issues with pulled pork.  I was 
unable to get any help from the pulled pork user group and was hoping I can get some here.
        
        I receive a 403 error everytime I try to run pulled pork.  Verbose output below (some information was changed 
for security reasons).
        
        /usr/local/bin/pulledpork.pl -c /etc/snort/pulledpork.conf -vv
        
            http://code.google.com/p/pulledpork/
              _____ ____
             `----,\    )
              `--==\\  /    PulledPork v0.7.0 - Swine Flu!
               `--==\\/
             .-~~~~-.Y|\\_  Copyright (C) 2009-2013 JJ Cummings
          @_/        /  66\_  cummingsj () gmail com
            |    \   \   _(")
             \   /-| ||'--'  Rules give me wings!
              \_\  \_\\
         ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
        
        Config File Variable Debug /etc/snort/pulledpork.conf
                snort_path = /usr/local/bin/snort
                black_list = /etc/snort/rules/iplists/default.blacklist
                IPRVersion = /etc/snort/rules/iplists
                rule_path = /etc/snort/rules/snort.rules
                ignore = deleted.rules,experimental.rules,local.rules
                snort_control = /usr/local/bin/snort_control
                rule_url = ARRAY(0x125f388)
                sid_msg_version = 1
                sid_changelog = /var/log/sid_changes.log
                sid_msg = /etc/snort/sid-msg.map
                config_path = /etc/snort/snort.conf
                temp_path = /tmp
                distro = RHEL-6-0
                version = 0.7.0
                sorule_path = /usr/local/lib/snort_dynamicrules/
                out_path = /etc/snort/rules/
                local_rules = /etc/snort/rules/local.rules
        MISC (CLI and Autovar) Variable Debug:
                arch Def is: x86-64
                Config Path is: /etc/snort/pulledpork.conf
                Distro Def is: RHEL-6-0
                Disabled policy specified
                local.rules path is: /etc/snort/rules/local.rules
                Rules file is: /etc/snort/rules/snort.rules
                sid changes will be logged to: /var/log/sid_changes.log
                sid-msg.map Output Path is: /etc/snort/sid-msg.map
                Snort Version is: 2.9.6.0
                Snort Config File: /etc/snort/snort.conf
                Snort Path is: /usr/local/bin/snort
                SO Output Path is: /usr/local/lib/snort_dynamicrules/
                Will process SO rules
                Extra Verbose Flag is Set
                Verbose Flag is Set
                Base URL is: http://www.snort.org/reg-rules/|snortrules-snapshot.tar.gz|<MY OINKCODE>
        
        
        MY HTTPS PROXY = http://webcache.mydomain.com:80
        
        
        MY HTTP PROXY = http://webcache.mydomain.com:80
        Checking latest MD5 for snortrules-snapshot-2960.tar.gz....
                Fetching md5sum for: snortrules-snapshot-2960.tar.gz.md5
        ** GET https://www.snort.org/reg-rules/snortrules-snapshot-2960.tar.gz.md5/<MY OINKCODE> ==> 403 Access Denied
                A 403 error occurred, please wait for the 15 minute timeout
                to expire before trying again or specify the -n runtime switch
                You may also wish to verfiy your oinkcode, tarball name, and other configuration options
                Error 403 when fetching http://www.snort.org/reg-rules/snortrules-snapshot-2960.tar.gz.md5 at 
/usr/local/bin/pulledpork.pl line 463
                main::md5file('<MY OINKCODE>', 'snortrules-snapshot-2960.tar.gz', '/tmp/', 
'http://www.snort.org/reg-rules/&apos;) called at /usr/local/bin/pulledpork.pl line 1847
        
        ------------------------------------------------------------------------------
        Put Bad Developers to Shame
        Dominate Development with Jenkins Continuous Integration
        Continuously Automate Build, Test & Deployment
        Start a new project now. Try Jenkins in the cloud.
        http://p.sf.net/sfu/13600_Cloudbees
        _______________________________________________
        Snort-users mailing list
        Snort-users () lists sourceforge net
        Go to this URL to change user options or unsubscribe:
        https://lists.sourceforge.net/lists/listinfo/snort-users
        Snort-users list archive:
        http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users
        
        Please visit http://blog.snort.org to stay current on all the latest Snort news!

Attachment: smime.p7s
Description:

------------------------------------------------------------------------------
Put Bad Developers to Shame
Dominate Development with Jenkins Continuous Integration
Continuously Automate Build, Test & Deployment 
Start a new project now. Try Jenkins in the cloud.
http://p.sf.net/sfu/13600_Cloudbees

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!

Current thread:

Pulled Pork - 403 error for subscriber Vona, Steven A CIV NSWCCD Philadelphia, 34117 (Apr 07)
- Re: Pulled Pork - 403 error for subscriber Teo En Ming (Apr 07)
  - Re: Pulled Pork - 403 error for subscriber Vona, Steven A CIV NSWCCD Philadelphia, 34117 (Apr 07)
    - Re: Pulled Pork - 403 error for subscriber Joe Evango (Apr 07)
    - Re: Pulled Pork - 403 error for subscriber Vona, Steven A CIV NSWCCD Philadelphia, 34117 (Apr 07)
    - Re: Pulled Pork - 403 error for subscriber Joel Esler (jesler) (Apr 07)