Snort mailing list archives

Re: rule download problem

From: JJC <cummingsj () gmail com>
Date: Tue, 29 Jun 2010 09:37:25 -0600

Parker,

I'll look into it.. of course I can't reproduce the issue.  Are you doing
any type of egress filtering / blocking of sites etc?

JJC

On Tue, Jun 29, 2010 at 9:35 AM, Crook, Parker <Parker_Crook () reyrey com>wrote:

 JJ,



I’ve waited the morning out to see if this would clear up, but I’ve been
ping-ponging back and forth between 501 and 403 errors when using the Pulled
Pork svn to try and download the new rules.  Below is the verbose output…
any words of advice here?



snort-lab:/etc/snort/pulledpork# ./pulledpork.pl -c etc/pulledpork.conf
-vv



    http://code.google.com/p/pulledpork/

      _____ ____

     `----,\    )

      `--==\\  /    Pulled_Pork v0.4.2

       `--==\\/

     .-~~~~-.Y|\\_  Copyright (C) 2009-2010 JJ Cummings

  @_/        /  66\_  cummingsj () gmail com

    |    \   \   _(")

     \   /-| ||'--'  Rules give me wings!

      \_\  \_\\

 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~



Command Line Variable Debug:

        Config Path is: etc/pulledpork.conf

        Verbose Flag is Set

        Extra Verbose Flag is Set

Config File Variable Debug etc/pulledpork.conf

        snort_path = /usr/local/bin/snort

        pid_path = /var/run/snort_eth0.pid

        rule_path = /etc/snort/rules/snort.rules

        ignore = deleted,experimental,local

        rule_file = snortrules-snapshot-2860.tar.gz

        sid_changelog = /var/log/sid_changes.log

        sid_msg = /etc/snort/sid-msg.map

        config_path = /etc/snort/snort.conf

        sostub_path = /etc/snort/rules/so_rules.rules

        oinkcode = <oinkcode obfuscated>

        temp_path = /tmp

        distro = Debian-Lenny

        base_url = http://www.snort.org/

        sorule_path = /usr/local/lib/snort_dynamicrules/

        version = 0.4.2

        disablesid = /usr/local/etc/snort/disablesid.conf

        local_rules = /etc/snort/rules/local.rules

Checking latest MD5....

        Fetching md5sum for: snortrules-snapshot-2860.tar.gz.md5

        most recent rules file digest: b3cb777fac21999675e8cf5696865fa5

        current local rules file  digest: 4a7877208481756881a66f7cadcff98b

        The MD5 for snortrules-snapshot-2860.tar.gz did not match the
latest digest... so I am gonna fetch the latest rules file!

Rules tarball download....

        Fetching rules file: snortrules-snapshot-2860.tar.gz

        Error 501 when fetching snortrules-snapshot-2860.tar.gz at ./
pulledpork.pl line 262.



-Parker
 ------------------------------

*From:* JJC [mailto:cummingsj () gmail com]
*Sent:* Tuesday, June 29, 2010 10:32 AM
*To:* John York
*Cc:* snort-users () lists sourceforge net
*Subject:* Re: [Snort-users] rule download problem



The rule download location has changed, you will want to get the latest
version of pulledpork from svn (0.4.2) or wait until the tarball is released
shortly.



JJC

On Tue, Jun 29, 2010 at 7:25 AM, John York <YorkJ () brcc edu> wrote:

I've been using PulledPork (v 0.4.1 Stumbling Leprechaun) to get my rules,
but in the last week or so it has started giving this error:
Error 403 when fetching
http://www.snort.org/pub-bin/oinkmaster.cgi/snortrules-snapshot-2860_s.tar.gz.md5at /home/xxxx/snortrules/pulledpork/
pulledpork.pl line 306

It does this even if I wait several hours between attempts, so I don't
think the 15 min limit is involved.

These are the applicable lines from the conf file:
base_url=http://www.snort.org/pub-bin/oinkmaster.cgi
rule_file=snortrules-snapshot-2860_s.tar.gz

My subscription is up to date--I can log in to the web site and download
the rules ok.  Any ideas?

Thanks
John



------------------------------------------------------------------------------
This SF.net email is sponsored by Sprint
What will you do first with EVO, the first 4G phone?
Visit sprint.com/first -- http://p.sf.net/sfu/sprint-com-first
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

------------------------------------------------------------------------------
This SF.net email is sponsored by Sprint
What will you do first with EVO, the first 4G phone?
Visit sprint.com/first -- http://p.sf.net/sfu/sprint-com-first

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

rule download problem John York (Jun 29)
- Re: rule download problem JJC (Jun 29)
  - Re: rule download problem Crook, Parker (Jun 29)
    - Re: rule download problem JJC (Jun 29)
    - Re: rule download problem Crook, Parker (Jun 29)
    - Re: rule download problem Jefferson, Shawn (Jun 30)
    - Re: rule download problem Joel Esler (Jun 30)
    - Re: rule download problem Jefferson, Shawn (Jun 30)
    - Re: rule download problem Joel Esler (Jun 30)
    - Re: rule download problem Jefferson, Shawn (Jun 30)
    - Re: rule download problem Joel Esler (Jun 30)