Snort mailing list archives
Re: Pulledpork: please verify that you have recently updated your root certificates!
From: "Joel Esler (jesler)" <jesler () cisco com>
Date: Thu, 19 Feb 2015 22:50:01 +0000
I didn’t forget. Hectic day. Still working.
On Feb 19, 2015, at 6:30 AM, C. L. Martinez <carlopmart () gmail com> wrote: Uhmm ... same problem here this morning: Checking latest MD5 for snortrules-snapshot-2970.tar.gz.... Fetching md5sum for: snortrules-snapshot-2970.tar.gz.md5 most recent rules file digest: b1583e298e07ace6460dd985d94729f0 Rules tarball download of snortrules-snapshot-2970.tar.gz.... Fetching rules file: snortrules-snapshot-2970.tar.gz A 500 error occurred, please verify that you have recently updated your root certificates! On Wed, Feb 18, 2015 at 4:21 PM, Joel Esler (jesler) <jesler () cisco com> wrote:Nothing has been change from our side in quite awhile. -- Joel Esler Open Source Manager Threat Intelligence Team Lead Talos On Feb 18, 2015, at 11:12 AM, Shirkdog <shirkdog () gmail com> wrote: In 0.7.1 an option to ignore the certificate check "-w" was added. Try that, but normally this is an issue on the back end. --- Michael Shirk On Wed, Feb 18, 2015 at 8:33 AM, Lawrence Decker <lld0227 () gmail com> wrote: I'm running fedora core 20, I've updated my ca-certs, tried installing the cert from amazonaws, but I still get "500 Can't connect to s3.amazonaws.com:443 (certificate verify failed) (1s)" If I take the link, I can plug it into my browser and it saves the snapshot, but running pulledpork, it keeps erroring out... I've changed my distro from FC-20 -> FC-19 -> FC-14, no difference Any suggestions??? Lawrence frwg01:~># yum install ca-certificates Loaded plugins: langpacks, refresh-packagekit Package ca-certificates-2014.2.2-1.0. fc20.noarch already installed and latest version Nothing to do frwg01:~># /usr/scripts/pulledpork/pulledpork.pl -vv -c /etc/snort/pulledpork.conf -T -l http://code.google.com/p/pulledpork/ _____ ____ `----,\ ) `--==\\ / PulledPork v0.7.1 - Swine Flu with a side of Ebola! `--==\\/ .-~~~~-.Y|\\_ Copyright (C) 2009-2014 JJ Cummings @_/ / 66\_ cummingsj () gmail com | \ \ _(") \ /-| ||'--' Rules give me wings! \_\ \_\\ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Config File Variable Debug /etc/snort/pulledpork.conf rule_path = /etc/snort/rules sorule_path = /usr/local/lib/snort_dynamicrules/ version = 0.7.1 rule_url = ARRAY(0x2675e50) ignore = deleted.rules,experimental.rules,local.rules config_path = /etc/snort/snort.conf sid_msg_version = 1 dropsid = /etc/snort/dropsid.conf sid_msg = /etc/snort/sid-msg.map snort_path = /usr/sbin/snort temp_path = /tmp distro = FC-14 snort_control = /usr/sbin/snort_control disablesid = /etc/snort/disablesid.conf sid_changelog = /var/log/sid_changes.log local_rules = /etc/snort/rules/rules/local.rules modifysid = /etc/snort/modifysid.conf enablesid = /etc/snort/enablesid.conf black_list = /etc/snort/rules/black_list.rules MISC (CLI and Autovar) Variable Debug: arch Def is: x86-64 Config Path is: /etc/snort/pulledpork.conf Distro Def is: FC-14 Disabled policy specified local.rules path is: /etc/snort/rules/rules/local.rules Rules file is: /etc/snort/rules Path to disablesid file: /etc/snort/disablesid.conf Path to dropsid file: /etc/snort/dropsid.conf Path to enablesid file: /etc/snort/enablesid.conf Path to modifysid file: /etc/snort/modifysid.conf sid changes will be logged to: /var/log/sid_changes.log sid-msg.map Output Path is: /etc/snort/sid-msg.map Snort Version is: 2.9.7.0 Snort Config File: /etc/snort/snort.conf Snort Path is: /usr/sbin/snort Logging Flag is Set Text Rules only Flag is Set Extra Verbose Flag is Set Verbose Flag is Set Base URL is: https://www.snort.org/reg-rules/|snortrules-snapshot.tar.gz|<oinkcode> http://labs.snort.org/feeds/ip-filter.blf|IPBLACKLIST|open Checking latest MD5 for snortrules-snapshot-2970.tar.gz.... Fetching md5sum for: snortrules-snapshot-2970.tar.gz.md5 ** GET https://www.snort.org/reg-rules/snortrules-snapshot-2970.tar.gz.md5/<oinkcode> ==> 200 OK (1s) most recent rules file digest: b1583e298e07ace6460dd985d94729f0 Rules tarball download of snortrules-snapshot-2970.tar.gz.... Fetching rules file: snortrules-snapshot-2970.tar.gz ** GET https://www.snort.org/reg-rules/snortrules-snapshot-2970.tar.gz/<oinkcode> ==> 302 Found ** GET https://s3.amazonaws.com/snort-org-site/production/release_files/files/000/001/327/original/snortrules-snapshot-2970.tar.gz?AWSAccessKeyId=<TRIMMED>&Expires=1424221083&Signature=<TRIMMED> ==> 500 Can't connect to s3.amazonaws.com:443 (certificate verify failed) A 500 error occurred, please verify that you have recently updated your root certificates! Message from syslogd@frwg01 at Feb 17 18:56:36 ... pulledpork[2232]:FATAL: 500 error occured ------------------------------------------------------------------------------ Download BIRT iHub F-Type - The Free Enterprise-Grade BIRT Server from Actuate! Instantly Supercharge Your Business Reports and Dashboards with Interactivity, Sharing, Native Excel Exports, App Integration & more Get technology previously reserved for billion-dollar corporations, FREE http://pubads.g.doubleclick.net/gampad/clk?id=190641631&iu=/4140/ostg.clktrk _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news! ------------------------------------------------------------------------------ Download BIRT iHub F-Type - The Free Enterprise-Grade BIRT Server from Actuate! Instantly Supercharge Your Business Reports and Dashboards with Interactivity, Sharing, Native Excel Exports, App Integration & more Get technology previously reserved for billion-dollar corporations, FREE http://pubads.g.doubleclick.net/gampad/clk?id=190641631&iu=/4140/ostg.clktrk _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news! ------------------------------------------------------------------------------ Download BIRT iHub F-Type - The Free Enterprise-Grade BIRT Server from Actuate! Instantly Supercharge Your Business Reports and Dashboards with Interactivity, Sharing, Native Excel Exports, App Integration & more Get technology previously reserved for billion-dollar corporations, FREE http://pubads.g.doubleclick.net/gampad/clk?id=190641631&iu=/4140/ostg.clktrk _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
------------------------------------------------------------------------------ Download BIRT iHub F-Type - The Free Enterprise-Grade BIRT Server from Actuate! Instantly Supercharge Your Business Reports and Dashboards with Interactivity, Sharing, Native Excel Exports, App Integration & more Get technology previously reserved for billion-dollar corporations, FREE http://pubads.g.doubleclick.net/gampad/clk?id=190641631&iu=/4140/ostg.clktrk _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- Pulledpork: please verify that you have recently updated your root certificates! Lawrence Decker (Feb 18)
- Re: Pulledpork: please verify that you have recently updated your root certificates! Shirkdog (Feb 18)
- Re: Pulledpork: please verify that you have recently updated your root certificates! Joel Esler (jesler) (Feb 18)
- Re: Pulledpork: please verify that you have recently updated your root certificates! C. L. Martinez (Feb 19)
- Re: Pulledpork: please verify that you have recently updated your root certificates! Joel Esler (jesler) (Feb 19)
- Re: Pulledpork: please verify that you have recently updated your root certificates! Joel Esler (jesler) (Feb 23)
- Re: Pulledpork: please verify that you have recently updated your root certificates! Joel Esler (jesler) (Feb 18)
- Re: Pulledpork: please verify that you have recently updated your root certificates! Shirkdog (Feb 18)
- Re: Pulledpork: please verify that you have recently updated your root certificates! Lawrence Decker (Feb 20)