Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Snort with PulledPork and Ubuntu 12.04 Server

From: Christian Gebler <geblerchristian () googlemail com>
Date: Thu, 24 Jul 2014 13:33:14 +0200
thx, but I think my proxy configuration is fine.:) It's something with Perl
and the HTTPS GET Method.


2014-07-24 13:27 GMT+02:00 Doug Burks <doug.burks () gmail com>:


Hi Christian,

Here are some settings you might want to try:
https://code.google.com/p/security-onion/wiki/Proxy

On Thu, Jul 24, 2014 at 3:43 AM, Christian Gebler
<geblerchristian () googlemail com> wrote:

I'm using the Ubuntu Server 12.04 standard Repository.

Perl  5.14.2
libcrypt-ssleay-perl 0.58-1
liblwp-protocol-https-perl 6.04-2

And yes, there is also a proxy. But the proxy variable http_proxy and
https_proxy is set.


2014-07-23 15:04 GMT+02:00 JJ Cummings (jjcummin) <jjcummin () cisco com>:


A 501 generally means something is not being handled correctly with SSL

in

your perl installation.  I would try validating that the following are
installed and updated:
Crypt::SSLeay
LWP::Protocol::https

Also, are you using a proxy?

JJC

On Jul 23, 2014, at 7:55 AM, Joel Esler (jesler) <jesler () cisco com>

wrote:


CC’ing JJ, as it’s not a Snort.org problem, seems to be a pulledpork
issue.

On Jul 23, 2014, at 2:03 AM, Christian Gebler
<geblerchristian () googlemail com> wrote:

manually I can download it


2014-07-22 23:53 GMT+02:00 Joel Esler (jesler) <jesler () cisco com>:


Try this:




https://www.snort.org/rules/snortrules-snapshot-2961.tar.gz?oinkcode=8b46559ee9c2faaa4464a693d2133dff62f3feaf




On Jul 22, 2014, at 2:55 AM, Christian Gebler
<geblerchristian () googlemail com> wrote:


Ah okay, the email is "itadmin () tcsgmbh de"


2014-07-22 8:41 GMT+02:00 Christian Gebler
<geblerchristian () googlemail com>:
Hi Joel,

the account is registered under the username "tcs". Now I see we need
an email address to login on the snort website...that's new?!?
I have a friend in another company, same Ubuntu Server 12.04 version
and same problem....




2014-07-21 19:25 GMT+02:00 Joel Esler (jesler) <jesler () cisco com>:

So I can view the status of your account to see if it’s a subscriber
problem or a registered problem, and the status of the account.

--
Joel Esler
Open Source Manager
Threat Intelligence Team Lead
Vulnerability Research Team




On Jul 21, 2014, at 10:39 AM, Christian Gebler
<geblerchristian () googlemail com> wrote:


Hi,

why did you need the oinkcode or the email address for my problem?

:)


I think it's a problem with the GET Method in Perl with HTTPS. With
HTTP it worked well, since the snort Page Update last week.


2014-07-21 14:11 GMT+02:00 Joel Esler (jesler) <jesler () cisco com>:



Can you write me offlist with your oinkcode or email address your
account is under?

--
Joel Esler
Sent from my iPhone

On Jul 21, 2014, at 7:43, "Christian Gebler"
<geblerchristian () googlemail com> wrote:


Hi,

I'm using Snort 2.9.6.2 with PulledPork 0.7.0 on an Ubuntu Server
12.04 LTS.

Since last week it is not possible to download the new VRT Snort
2.9.6.2 Ruleset (now with https):

Checking latest MD5 for snortrules-snapshot-2962.tar.gz....
Fetching md5sum for: snortrules-snapshot-2962.tar.gz.md5
** GET


https://www.snort.org/rules/snortrules-snapshot-2962.tar.gz.md5?oinkcode=
<my

oinkcode> ==> 501 Not Implemented
Error 501 when fetching
https://www.snort.org/rules/snortrules-snapshot-2962.tar.gz.md5 at
./pulledpork.pl line 463
main::md5file('<oinkcode>', 'snortrules-snapshot-2962.tar.gz',
'/etc/snort/rules/tmp/', 'https://www.snort.org/rules/&apos;) called at
./pulledpork.pl line 1847



Any suggestions?

thx




------------------------------------------------------------------------------

Want fast and easy access to all the code in your enterprise? Index
and
search up to 200,000 lines of code with a free copy of Black Duck
Code Sight - the same software that powers the world's largest code
search on Ohloh, the Black Duck Open Hub! Try it now.
http://p.sf.net/sfu/bds
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:


http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users


Please visit http://blog.snort.org to stay current on all the

latest

Snort news!

















------------------------------------------------------------------------------

Want fast and easy access to all the code in your enterprise? Index and
search up to 200,000 lines of code with a free copy of Black Duck
Code Sight - the same software that powers the world's largest code
search on Ohloh, the Black Duck Open Hub! Try it now.
http://p.sf.net/sfu/bds
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest

Snort

news!




--
Doug Burks
http://securityonionsolutions.com


------------------------------------------------------------------------------
Want fast and easy access to all the code in your enterprise? Index and
search up to 200,000 lines of code with a free copy of Black Duck
Code Sight - the same software that powers the world's largest code
search on Ohloh, the Black Duck Open Hub! Try it now.
http://p.sf.net/sfu/bds
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!
Previous By Date Next
Previous By Thread Next

Current thread: