Snort mailing list archives
Re: Manually download and install Snort Rules updates
From: Y M <snort () outlook com>
Date: Mon, 20 Oct 2014 19:33:58 +0000
From: Hanson.Webster () salemfive com
To: snort-sigs () lists sourceforge net
Date: Mon, 20 Oct 2014 19:16:55 +0000
Subject: [Snort-sigs] Manually download and install Snort Rules updates
I am getting an error when downloading Snort rules updates with pulledpork:
Checking latest MD5 for snortrules-snapshot-2962.tar.gz....
Error 500 when fetching https://www.snort.org/reg-rules/snortrules-snapshot-2962.tar.gz.md5 at
/usr/local/snort/pulledpork/pulledpork.pl line 453
main::md5file('5bdefe8b8ab9de3c9b8bc4d1f85a353d96d05f36', 'snortrules-snapshot-2962.tar.gz', '/tmp/',
'https://www.snort.org/reg-rules/') called at /usr/local/snort/pulledpork/pulledpork.pl line 1758
I believe it is a network/firewall issue as this IDS is on a different segment of the network and the other SNORT
devices we have are able to successfully download the rules. Until I can get our networking guys to fix this, is
there a way to do this manually?
You can either download them directly from snort.org and scp them to the box or you can copy them from other sensors you have. In either case, you would place the rules tarball into the directory where PulledPork is configured to read the tarball from. For example, PulledPork is configured to read the tarball from /tmp; this is where you want to copy the tarball.
Could I take the rules that are downloaded to one of the other devices and copy them to this box? Where would I find the rules and where would I copy them to?
Once the tarball is copied as explained above, you will run PulledPork with some extra parameters, in addition to the ones you have already, to update the rules locally -nP -n Do everything other than download of new files (disablesid, etc) -P Process rules even if no new rules were downloaded This will force PulledPork to process the tarball from the local disk instead of downloading the tarball from the internet. YM
------------------------------------------------------------------------------ Comprehensive Server Monitoring with Site24x7. Monitor 10 servers for $9/Month. Get alerted through email, SMS, voice calls or mobile push notifications. Take corrective actions from your mobile device. http://p.sf.net/sfu/Zoho _______________________________________________ Snort-sigs mailing list Snort-sigs () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-sigs http://www.snort.org Please visit http://blog.snort.org for the latest news about Snort!
------------------------------------------------------------------------------ Comprehensive Server Monitoring with Site24x7. Monitor 10 servers for $9/Month. Get alerted through email, SMS, voice calls or mobile push notifications. Take corrective actions from your mobile device. http://p.sf.net/sfu/Zoho
_______________________________________________ Snort-sigs mailing list Snort-sigs () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-sigs http://www.snort.org Please visit http://blog.snort.org for the latest news about Snort!
Current thread:
- Manually download and install Snort Rules updates Hanson.Webster (Oct 20)
- Re: Manually download and install Snort Rules updates Y M (Oct 20)
- Re: Manually download and install Snort Rules updates Hanson.Webster (Oct 20)
- <Possible follow-ups>
- Re: Manually download and install Snort Rules updates Y M (Oct 20)
- Re: Manually download and install Snort Rules updates Y M (Oct 20)