Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: PulledPork recent issue

From: James Lay <jlay () slave-tothe-box net>
Date: Thu, 09 Oct 2014 08:22:44 -0600
On 2014-10-09 07:42, Shirkdog wrote:

I updated this in svn, you can pass a "-w" option which will bypass
the check.

---
Michael Shirk


On Thu, Oct 9, 2014 at 7:18 AM, James Lay <jlay () slave-tothe-box net> 
wrote:

On Thu, 2014-10-09 at 07:01 -0400, Shirkdog wrote:

There appears to be an issue with the certificate on labs.snort.org. 
I am
going add an option to pulled pork to skip verification of the 
hostname for
SSL when something like this happens.

On Oct 9, 2014 6:57 AM, "James Lay" <jlay () slave-tothe-box net> 
wrote:

Second day in a row I've seen this....anyone else having this issue?

Checking latest MD5 for snortrules-snapshot-2962.tar.gz....
They Match
Done!
Checking latest MD5 for emerging.rules.tar.gz....
They Match
Done!
IP Blacklist download of 
http://labs.snort.org/feeds/ip-filter.blf....
Reading IP List...
Couldn't read /tmp/185.925288914831-black_list.rules - No such file 
or
directory
at /opt/bin/pulledpork.pl line 487
main::read_iplist('HASH(0xa3aa974)',
'/tmp/185.925288914831-black_list.rules') called at 
/opt/bin/pulledpork.pl
line 378
main::rulefetch('open', 'IPBLACKLIST0', '/tmp/',
'http://labs.snort.org/feeds/ip-filter.blf&apos;) called at
/opt/bin/pulledpork.pl line 1856

Thanks for any insight.

James



Thanks...that helps...I can temporarily disable getting blacklists 
and
indeed it works like a champ.

James


Confirmed svn with -w working well..thanks again.

James

[08:20:04 gateway:~/snort/pulledpork$] sudo /opt/bin/pulledpork.pl -P 
-w -l -c /opt/etc/snort/pulledpork/pulledpork.conf

     http://code.google.com/p/pulledpork/
       _____ ____
      `----,\    )
       `--==\\  /    PulledPork v0.7.1 - Swine Flu with a side of Ebola!
        `--==\\/
      .-~~~~-.Y|\\_  Copyright (C) 2009-2014 JJ Cummings
   @_/        /  66\_  cummingsj () gmail com
     |    \   \   _(")
      \   /-| ||'--'  Rules give me wings!
       \_\  \_\\
  ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Checking latest MD5 for snortrules-snapshot-2962.tar.gz....
         They Match
         Done!
Checking latest MD5 for emerging.rules.tar.gz....
         They Match
         Done!
IP Blacklist download of http://labs.snort.org/feeds/ip-filter.blf....
Reading IP List...
Prepping rules from snortrules-snapshot-2962.tar.gz for work....
         Done!
Prepping rules from emerging.rules.tar.gz for work....
         Done!
Reading rules...
Generating Stub Rules....
         Done
Reading rules...
Reading rules...
Writing Blacklist File 
/opt/etc/snort/rules/iplists/default.blacklist....
Writing Blacklist Version 1647588404 to 
/opt/etc/snort/rules/iplistsIPRVersion.dat....
Use of uninitialized value $bin in -f at /opt/bin/pulledpork.pl line 
1005.
Processing /opt/etc/snort/pulledpork/disablesid.conf....
         Modified 2 rules
         Done
Setting Flowbit State....
         Enabled 115 flowbits
         Done
Writing /opt/etc/snort/rules/snort.rules....
         Done
Generating sid-msg.map....
         Done
Writing v1 /opt/etc/snort/sid-msg.map....
         Done
Writing /var/log/sid_changes.log....
         Done
Rule Stats...
         New:-------108
         Deleted:---21
         Enabled Rules:----19996
         Dropped Rules:----0
         Disabled Rules:---19560
         Total Rules:------39556
IP Blacklist Stats...
         Total IPs:-----6990

Done
Please review /var/log/sid_changes.log for additional details
Fly Piggy Fly!


------------------------------------------------------------------------------
Meet PCI DSS 3.0 Compliance Requirements with EventLog Analyzer
Achieve PCI DSS 3.0 Compliant Status with Out-of-the-box PCI DSS Reports
Are you Audit-Ready for PCI DSS 3.0 Compliance? Download White paper
Comply to PCI DSS 3.0 Requirement 10 and 11.5 with EventLog Analyzer
http://pubads.g.doubleclick.net/gampad/clk?id=154622311&iu=/4140/ostg.clktrk
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!
Previous By Date Next
Previous By Thread Next

Current thread: