Snort mailing list archives

Previous By Date Next
Previous By Thread Next

PulledPork Stopped Working

From: Keith Pachulski <keith.pachulski () healthnetworklabs com>
Date: Mon, 9 Jan 2017 18:59:24 +0000
Pulledpork was working fine for me until this latest snort update so looking for some advice on how to correct the 
error:

$ ./pulledpork.pl -c /home/snort/pulledpork/etc/pulledpork.conf -I security -P -e 
/home/snort/pulledpork/etc/enablesid.conf -vv
    https://github.com/shirkdog/pulledpork
      _____ ____
     `----,\    )
      `--==\\  /    PulledPork v0.7.3 - Making signature updates great again!
       `--==\\/
     .-~~~~-.Y|\\_  Copyright (C) 2009-2016 JJ Cummings
  @_/        /  66\_  cummingsj () gmail com
    |    \   \   _(")
     \   /-| ||'--'  Rules give me wings!
      \_\  \_\\
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Config File Variable Debug /home/snort/pulledpork/etc/pulledpork.conf
        sid_msg_version = 1
        IPRVersion = /home/snort/rules/iplists
        ignore = deleted.rules,experimental.rules,local.rules
        snort_path = /usr/local/bin/snort
        temp_path = /tmp
        sorule_path = /usr/local/lib/snort_dynamicrules/
        sid_msg = /home/snort/rules/etc/sid-msg.map
        local_rules = /home/snort/rules/local.rules
        rule_path = /home/snort/rules/snort.rules
        distro = Ubuntu-12-04
       sid_changelog = /home/snort/rules/pullpork-sid_changes.log
        rule_url = ARRAY(0x1bf0a70)
        config_path = /home/snort/rules/snort.conf
        version = 0.7.3
        black_list = /home/snort/rules/black_list.rules
MISC (CLI and Autovar) Variable Debug:
        Process flag specified!
        arch Def is: x86-64
        Operating System is: linux
        CA Certificate File is: OS Default
        Config Path is: /home/snort/pulledpork/etc/pulledpork.conf
        Distro Def is: Ubuntu-12-04
        security policy specified
        local.rules path is: /home/snort/rules/local.rules
        Rules file is: /home/snort/rules/snort.rules
        Path to enablesid file: /home/snort/pulledpork/etc/enablesid.conf
        sid changes will be logged to: /home/snort/rules/pullpork-sid_changes.log
        sid-msg.map Output Path is: /home/snort/rules/etc/sid-msg.map
        Snort Version is: 2.9.9.0
        Snort Config File: /home/snort/rules/snort.conf
        Snort Path is: /usr/local/bin/snort
        SO Output Path is: /usr/local/lib/snort_dynamicrules/
        Will process SO rules
        Extra Verbose Flag is Set
        Verbose Flag is Set
        File(s) to ignore = deleted.rules,experimental.rules,local.rules
        Base URL is: https://www.snort.org/rules/|snortrules-snapshot.tar.gz| 
http://talosintelligence.com/feeds/ip-filter.blf|IPBLACKLIST|open
Checking latest MD5 for snortrules-snapshot-2990.tar.gz....
        Fetching md5sum for: snortrules-snapshot-2990.tar.gz.md5
** GET https://www.snort.org/reg-rules/snortrules-snapshot-2990.tar.gz.md5/ ==> 501 Protocol scheme 'https' is not 
supported (LWP::Protocol::https not installed) (1s)
        Error 501 when fetching https://www.snort.org/rules/snortrules-snapshot-2990.tar.gz.md5 at 
/home/snort/pulledpork/pulledpork.pl line 534.
        main::md5file("", "snortrules-snapshot-2990.tar.gz", "/tmp/", "https://www.snort.org/rules/";) called at 
/home/snort/pulledpork/pulledpork.pl line 2007

$ locate https.pm
/usr/local/share/perl/5.22.1/LWP/Protocol/https.pm
/usr/share/perl5/URI/https.pm

This message (including any attachments) is intended only for
the use of the individual or entity to which it is addressed and
may contain information that is non-public, proprietary,
privileged, confidential, and exempt from disclosure under
applicable law or may constitute as attorney work product.
If you are not the intended recipient, you are hereby notified
that any use, dissemination, distribution, or copying of this
communication is strictly prohibited. If you have received this
communication in error, notify us immediately by telephone and
(i) destroy this message if a facsimile or (ii) delete this message
immediately if this is an electronic communication.

------------------------------------------------------------------------------
Developer Access Program for Intel Xeon Phi Processors
Access to Intel Xeon Phi processor-based developer platforms.
With one year of Intel Parallel Studio XE.
Training and support from Colfax.
Order your platform today. http://sdm.link/xeonphi
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!
Previous By Date Next
Previous By Thread Next

Current thread: