Re: Pulledpork: please verify that you have recently updated your root certificates!

[Shirkdog <shirkdog () gmail com>]

In 0.7.1 an option to ignore the certificate check "-w" was added.

Try that, but normally this is an issue on the back end.

---
Michael Shirk


On Wed, Feb 18, 2015 at 8:33 AM, Lawrence Decker <lld0227 () gmail com> wrote:
> I'm running fedora core 20, I've updated my ca-certs, tried installing the
> cert from amazonaws, but I still get
>
> "500 Can't connect to s3.amazonaws.com:443 (certificate verify failed) (1s)"
>
> If I take the link, I can plug it into my browser and it saves the snapshot,
> but running pulledpork, it keeps erroring out...  I've changed my distro
> from FC-20 -> FC-19 -> FC-14, no difference
>
> Any suggestions???
>
> Lawrence
>
>
>
> frwg01:~># yum install ca-certificates
> Loaded plugins: langpacks, refresh-packagekit
> Package ca-certificates-2014.2.2-1.0.
> fc20.noarch already installed and latest version
> Nothing to do
>
>
>
> frwg01:~># /usr/scripts/pulledpork/pulledpork.pl -vv -c
> /etc/snort/pulledpork.conf -T -l
>
>     http://code.google.com/p/pulledpork/
>       _____ ____
>      `----,\    )
>       `--==\\  /    PulledPork v0.7.1 - Swine Flu with a side of Ebola!
>        `--==\\/
>      .-~~~~-.Y|\\_  Copyright (C) 2009-2014 JJ Cummings
>   @_/        /  66\_  cummingsj () gmail com
>     |    \   \   _(")
>      \   /-| ||'--'  Rules give me wings!
>       \_\  \_\\
>  ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
>
> Config File Variable Debug /etc/snort/pulledpork.conf
>     rule_path = /etc/snort/rules
>     sorule_path = /usr/local/lib/snort_dynamicrules/
>     version = 0.7.1
>     rule_url = ARRAY(0x2675e50)
>     ignore = deleted.rules,experimental.rules,local.rules
>     config_path = /etc/snort/snort.conf
>     sid_msg_version = 1
>     dropsid = /etc/snort/dropsid.conf
>     sid_msg = /etc/snort/sid-msg.map
>     snort_path = /usr/sbin/snort
>     temp_path = /tmp
>     distro = FC-14
>     snort_control = /usr/sbin/snort_control
>     disablesid = /etc/snort/disablesid.conf
>     sid_changelog = /var/log/sid_changes.log
>     local_rules = /etc/snort/rules/rules/local.rules
>     modifysid = /etc/snort/modifysid.conf
>     enablesid = /etc/snort/enablesid.conf
>     black_list = /etc/snort/rules/black_list.rules
> MISC (CLI and Autovar) Variable Debug:
>     arch Def is: x86-64
>     Config Path is: /etc/snort/pulledpork.conf
>     Distro Def is: FC-14
>     Disabled policy specified
>     local.rules path is: /etc/snort/rules/rules/local.rules
>     Rules file is: /etc/snort/rules
>     Path to disablesid file: /etc/snort/disablesid.conf
>     Path to dropsid file: /etc/snort/dropsid.conf
>     Path to enablesid file: /etc/snort/enablesid.conf
>     Path to modifysid file: /etc/snort/modifysid.conf
>     sid changes will be logged to: /var/log/sid_changes.log
>     sid-msg.map Output Path is: /etc/snort/sid-msg.map
>     Snort Version is: 2.9.7.0
>     Snort Config File: /etc/snort/snort.conf
>     Snort Path is: /usr/sbin/snort
>     Logging Flag is Set
>     Text Rules only Flag is Set
>     Extra Verbose Flag is Set
>     Verbose Flag is Set
>     Base URL is:
> https://www.snort.org/reg-rules/|snortrules-snapshot.tar.gz|<oinkcode>
> http://labs.snort.org/feeds/ip-filter.blf|IPBLACKLIST|open
> Checking latest MD5 for snortrules-snapshot-2970.tar.gz....
>     Fetching md5sum for: snortrules-snapshot-2970.tar.gz.md5
> ** GET
> https://www.snort.org/reg-rules/snortrules-snapshot-2970.tar.gz.md5/<oinkcode>
> ==> 200 OK (1s)
>     most recent rules file digest: b1583e298e07ace6460dd985d94729f0
> Rules tarball download of snortrules-snapshot-2970.tar.gz....
>     Fetching rules file: snortrules-snapshot-2970.tar.gz
> ** GET
> https://www.snort.org/reg-rules/snortrules-snapshot-2970.tar.gz/<oinkcode>
> ==> 302 Found
> ** GET
> https://s3.amazonaws.com/snort-org-site/production/release_files/files/000/001/327/original/snortrules-snapshot-2970.tar.gz?AWSAccessKeyId=<TRIMMED>&Expires=1424221083&Signature=<TRIMMED>
> ==> 500 Can't connect to s3.amazonaws.com:443 (certificate verify failed)
>     A 500 error occurred, please verify that you have recently updated your
> root certificates!
>
> Message from syslogd@frwg01 at Feb 17 18:56:36 ...
>  pulledpork[2232]:FATAL: 500 error occured
>
> ------------------------------------------------------------------------------
> Download BIRT iHub F-Type - The Free Enterprise-Grade BIRT Server
> from Actuate! Instantly Supercharge Your Business Reports and Dashboards
> with Interactivity, Sharing, Native Excel Exports, App Integration & more
> Get technology previously reserved for billion-dollar corporations, FREE
> http://pubads.g.doubleclick.net/gampad/clk?id=190641631&iu=/4140/ostg.clktrk
> _______________________________________________
> Snort-users mailing list
> Snort-users () lists sourceforge net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users
>
> Please visit http://blog.snort.org to stay current on all the latest Snort
> news!

------------------------------------------------------------------------------
Download BIRT iHub F-Type - The Free Enterprise-Grade BIRT Server
from Actuate! Instantly Supercharge Your Business Reports and Dashboards
with Interactivity, Sharing, Native Excel Exports, App Integration & more
Get technology previously reserved for billion-dollar corporations, FREE
http://pubads.g.doubleclick.net/gampad/clk?id=190641631&iu=/4140/ostg.clktrk
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!