Re: PulledPork 0.7.2 errors with ETPro rules

[Andre DiMino <adimino () sempersecurus org>]

Yes, I've tried it with both, none, and either one enabled.

It only fails if the ETPro fetch is enabled, even on its own.

Thanks Will

On Mon, Nov 23, 2015 at 10:26 AM, Will Metcalf <william.metcalf () gmail com>
wrote:

> Does it still bomb out if you just enable Pro rules?  looks like maybe you
> have open and pro in the same config, think this will cause you to have
> dupe sigs etc...
>
> Regards,
>
> Will
>
> On Sun, Nov 22, 2015 at 2:42 PM, Andre DiMino <adimino () sempersecurus org>
> wrote:
>
> > Yes, I experience the same results even with the "-d" switch.
> >
> > On Sun, Nov 22, 2015 at 11:49 AM, Y M <snort () outlook com> wrote:
> >
> > > If using PulledPork with the "-d" (do not verify md5) flag, does it
> > > continue? Keep in mind that this will download the rules even if the md5
> > > matched on previous runs.
> > >
> > > Was there any changes on the etpro urls/ file names recently?
> > >
> > > YM
> > >
> > > ------------------------------
> > > *From:* Andre DiMino <adimino () sempersecurus org>
> > > *Sent:* Sunday, November 22, 2015 2:22 AM
> > > *To:* snort-users mailinglist
> > > *Subject:* [Snort-users] PulledPork 0.7.2 errors with ETPro rules
> > >
> > > I've recently noted PulledPork errors when it attempts to download ETPro
> > > rulesets.
> > > I've been speaking to the developer, and have posted an issue on
> > > PulledPork's Github.  However I wanted to put this out there in case anyone
> > > else is experiencing similar issues.
> > >
> > > Running PulledPork with ETPro enabled causes the following:
> > > ++++++++++++++++++++
> > >
> > >  ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> > >
> > > Checking latest MD5 for snortrules-snapshot-2975.tar.gz....
> > > They Match
> > > Done!
> > >
> > > Rules tarball download of community-rules.tar.gz....
> > > Checking latest MD5 for opensource.gz....
> > > They Match
> > > Done!
> > >
> > > Checking latest MD5 for emerging.rules.tar.gz....
> > > No Match
> > > Done
> > >
> > > Rules tarball download of emerging.rules.tar.gz....
> > > They Match
> > > Done!
> > >
> > > Checking latest MD5 for etpro.rules.tar.gz....
> > >
> > > Use of uninitialized value $md5 in scalar chomp at
> > > /home/snortscan/snort_src/pulledpork-read-only/pulledpork.pl line 522.
> > >
> > > Use of uninitialized value $md5 in pattern match (m//) at
> > > /home/snortscan/snort_src/pulledpork-read-only/pulledpork.pl line 524.
> > >
> > > No Match
> > > Done
> > >
> > > Rules tarball download of etpro.rules.tar.gz....
> > > No Match
> > > Done
> > >
> > > Rules tarball download of etpro.rules.tar.gz....
> > > No Match
> > > Done
> > >
> > > Rules tarball download of etpro.rules.tar.gz....
> > > No Match
> > > Done
> > >
> > > Rules tarball download of etpro.rules.tar.gz....
> > > No Match
> > > Done
> > >
> > > Rules tarball download of etpro.rules.tar.gz....
> > > No Match
> > > Done
> > >
> > > ++++++++++++++++++++
> > > This just loops until it crashes.
> > > If I comment out the ETPro ruleset download. everything completes
> > > successfully.
> > >
> > > --
> > >
> > > Andre' M. DiMino
> > > DeepEnd Research
> > > http://www.deependresearch.org <http://deependresearch.org>
> > > http://sempersecurus.org
> > >
> > > "Make sure that nobody pays back wrong for wrong, but always try to be
> > > kind to each other and to everyone else" - 1 Thess 5:15 (NIV)
> >
> >
> >
> > --
> >
> > Andre' M. DiMino
> > DeepEnd Research
> > http://www.deependresearch.org <http://deependresearch.org>
> > http://sempersecurus.org
> >
> > "Make sure that nobody pays back wrong for wrong, but always try to be
> > kind to each other and to everyone else" - 1 Thess 5:15 (NIV)
> >
> >
> > ------------------------------------------------------------------------------
> >
> > _______________________________________________
> > Snort-users mailing list
> > Snort-users () lists sourceforge net
> > Go to this URL to change user options or unsubscribe:
> > https://lists.sourceforge.net/lists/listinfo/snort-users
> > Snort-users list archive:
> > http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users
> >
> > Please visit http://blog.snort.org to stay current on all the latest
> > Snort news!


-- 

Andre' M. DiMino
DeepEnd Research
http://www.deependresearch.org <http://deependresearch.org>
http://sempersecurus.org

"Make sure that nobody pays back wrong for wrong, but always try to be
kind to each other and to everyone else" - 1 Thess 5:15 (NIV)

------------------------------------------------------------------------------
Go from Idea to Many App Stores Faster with Intel(R) XDK
Give your users amazing mobile app experiences with Intel(R) XDK.
Use one codebase in this all-in-one HTML5 development environment.
Design, debug & build mobile apps & 2D/3D high-impact games for multiple OSs.
http://pubads.g.doubleclick.net/gampad/clk?id=254741551&iu=/4140

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!