Snort mailing list archives
Re: Oinkmaster can't get rules
From: Joel Esler <jesler () sourcefire com>
Date: Tue, 13 Jul 2010 14:05:27 -0400
For those of you trying to use Oinkmaster. You might want to think about converting over to PulledPork as well, as long as you are doing the work :) On Jul 13, 2010, at 2:00 PM, James Lay wrote:
I'm still having issues with Slackware 12.1. Verisign certs are in /etc/ssl/certs: /etc/ssl/certs$] ls Verisign* Verisign_Class_1_Public_Primary_Certification_Authority.crt Verisign_Class_3_Public_Primary_Certification_Authority_-_G2.crt Verisign_Class_1_Public_Primary_Certification_Authority_-_G2.crt Verisign_Class_3_Public_Primary_Certification_Authority_-_G3.crt Verisign_Class_1_Public_Primary_Certification_Authority_-_G3.crt Verisign_Class_4_Public_Primary_Certification_Authority_-_G2.crt Verisign_Class_2_Public_Primary_Certification_Authority.crt Verisign_Class_4_Public_Primary_Certification_Authority_-_G3.crt Verisign_Class_2_Public_Primary_Certification_Authority_-_G2.crt Verisign_RSA_Secure_Server_CA.crt Verisign_Class_2_Public_Primary_Certification_Authority_-_G3.crt Verisign_Time_Stamping_Authority_CA.crt Verisign_Class_3_Public_Primary_Certification_Authority.crt OpenSSL is complied to point to /etc/ssl as the default dir. Crypt::SSLeay is up to date: cpan> install Crypt::SSLeay Crypt::SSLeay is up to date. Still seeing this: wget http://www.snort.org/pub-bin/oinkmaster.cgi/code/snortrules-snapshot-2860.tar.gz --2010-07-13 11:52:15-- http://www.snort.org/pub-bin/oinkmaster.cgi/code/snortrules-snapshot-2860.tar.gz Resolving www.snort.org... 68.177.102.20 Connecting to www.snort.org|68.177.102.20|:80... connected. HTTP request sent, awaiting response... 302 Found Location: https://s3.amazonaws.com/snort.org/rules/20100610/snortrules-snapshot-2860.tar.gz?&Expires=1279043570&Signature= [following] --2010-07-13 11:52:17-- https://s3.amazonaws.com/snort.org/rules/20100610/snortrules-snapshot-2860.tar.gz?&Expires=1279043570&Signature= Resolving s3.amazonaws.com... 207.171.185.197 Connecting to s3.amazonaws.com|207.171.185.197|:443... connected. ERROR: cannot verify s3.amazonaws.com's certificate, issued by `/C=US/O=VeriSign, Inc./OU=VeriSign Trust Network/OU=Terms of use at https://www.verisign.com/rpa (c)09/CN=VeriSign Class 3 Secure Server CA - G2': Unable to locally verify the issuer's authority. To connect to s3.amazonaws.com insecurely, use `--no-check-certificate'. Unable to establish SSL connection. I'm about to just change oinkmaster.pl to --no-check-certificate, but I'd like to get this to work with SSL. Have to admit...sure would have been nice to know this was taking place..maybe I didn't look hard enough onilne. JamesI don't know how to correct these problems on Windows. Maybe another Windows user can chime in here, but I haven't used Windows since about 2003. On Jul 13, 2010, at 10:31 AM, Alejandro Cabrera Obed wrote:Now I get this error message when downloading the rules with oinkmaster.pl: Loading Perl modules. Downloading file from http://www.snort.org/pub-bin/oinkmaster.cgi/*oinkcode*/snortrules-snapshot-2853.tar.gz... Proxy must be specified as absolute URI; '10.4.1.10:8080' is not at c:\oinkmaster-2.0\oinkmaster.pl line 936 What can I do ??? My HTTP_proxy variable is an environment variable set up in Windows... Special thanks 2010/7/12 Joel Esler <jesler () sourcefire com>:The --no-check-certificate problem is a result of having old CA Certificates on your box. Please read the snort-users archive, like this: http://marc.info/?l=snort-users&m=127791856110280&w=2 Joel On Jul 12, 2010, at 9:45 PM, Alejandro Cabrera Obed wrote:In my Windows I put these two environment variables: HTTP_proxy = http://10.10.2.1 HTTPS_proxy = https://10.10.12.1 (and later http://10.10.12.1) But I continue receiveing the error: oinkmaster.pl: Error: could not download from http://www.snort.org/pub-bin/oinkmaster.cgi /*my_oinkcode*/snortrules-snapshot-2853.tar.gz: 500 Can't connect to s3.amazonaws.com:443 (Bad hostname 's3.amazonaws.com') If I download the rules from my web browser I succeed !!! Any idea ??? Thanks again. 2010/7/12 James Lay <jlay () slave-tothe-box net>:From: Fábio Ferrão <ferrao04 () gmail com> Date: Thu, 8 Jul 2010 10:07:33 -0300 To: Snort <snort-users () lists sourceforge net> Subject: [Snort-users] Oinkmaster can't get rules <snip> [prompt]# /usr/local/bin/oinkmaster -o /usr/local/snort/rules/rules > /home/suporte/oinkmaster.update Loading /usr/local/etc/oinkmaster.conf Downloading file from http://www.snort.org/pub-bin/oinkmaster.cgi/*oinkcode*/snortrules-snapshot-2853.tar.gz... /usr/local/bin/oinkmaster: Error: could not download from http://www.snort.org/pub-bin/oinkmaster.cgi/*oinkcode*/snortrules-snapshot-2853.tar.gz. Output from wget follows: http://www.snort.org/pub-bin/oinkmaster.cgi/*oinkcode*/snortrules-snapshot-2853.tar.gzResolving www.snort.org... 68.177.102.20 Connecting to www.snort.org <http://www.snort.org> |68.177.102.20|:80... connected. HTTP request sent, awaiting response... 403 Forbidden 2010-07-06 13:18:43 ERROR 403: Forbidden. <snip> I am receiving exactly the same thing, even though I’ve modified my my oinkmaster.pl to reflect the —no-check-certificate. It seems like sometime a redirect doesn’t fire since I get to 68.177.102.20, and instead of the 302 redirect, simply a 403 and dumped. Anyone else besides myself and the OP seeing this? Thanks. James ------------------------------------------------------------------------------ This SF.net email is sponsored by Sprint What will you do first with EVO, the first 4G phone? Visit sprint.com/first -- http://p.sf.net/sfu/sprint-com-first _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users-- Alejandro Cabrera Obed aco1967 () gmail com www.alejandrocabrera.com.ar ------------------------------------------------------------------------------ This SF.net email is sponsored by Sprint What will you do first with EVO, the first 4G phone? Visit sprint.com/first -- http://p.sf.net/sfu/sprint-com-first _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users-- Alejandro Cabrera Obed aco1967 () gmail com www.alejandrocabrera.com.ar------------------------------------------------------------------------------ This SF.net email is sponsored by Sprint What will you do first with EVO, the first 4G phone? Visit sprint.com/first -- http://p.sf.net/sfu/sprint-com-first _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
------------------------------------------------------------------------------ This SF.net email is sponsored by Sprint What will you do first with EVO, the first 4G phone? Visit sprint.com/first -- http://p.sf.net/sfu/sprint-com-first _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Re: Oinkmaster can't get rules, (continued)
- Re: Oinkmaster can't get rules Alejandro Cabrera Obed (Jul 07)
- Re: Oinkmaster can't get rules dan (ddp) (Jul 07)
- Oinkmaster can't get rules Fábio Ferrão (Jul 08)
- Re: Oinkmaster can't get rules Joel Esler (Jul 08)
- Re: Oinkmaster can't get rules James Lay (Jul 12)
- Re: Oinkmaster can't get rules Alejandro Cabrera Obed (Jul 12)
- Re: Oinkmaster can't get rules Joel Esler (Jul 12)
- Re: Oinkmaster can't get rules Alejandro Cabrera Obed (Jul 13)
- Re: Oinkmaster can't get rules Joel Esler (Jul 13)
- Re: Oinkmaster can't get rules James Lay (Jul 13)
- Re: Oinkmaster can't get rules Joel Esler (Jul 13)
- Re: Oinkmaster can't get rules James Lay (Jul 14)
- Re: Oinkmaster can't get rules Joel Esler (Jul 14)
- Re: Oinkmaster can't get rules JJC (Jul 14)
- Re: Oinkmaster can't get rules Jefferson, Shawn (Jul 19)
- oinkmaster vs pulledpork was (Oinkmaster can't get rules) Russell Fulton (Jul 19)
- Re: oinkmaster vs pulledpork was (Oinkmaster can't get rules) JJC (Jul 19)
- Re: oinkmaster vs pulledpork was (Oinkmaster can't get rules) Mike Lococo (Jul 19)
- Re: oinkmaster vs pulledpork was (Oinkmaster can't get rules) Joel Esler (Jul 19)
- Re: oinkmaster vs pulledpork was (Oinkmaster can't get rules) Mike Lococo (Jul 20)
- RESOLVED Re: Oinkmaster can't get rules James Lay (Jul 15)