Snort mailing list archives
Re: PulledPork 403 Forbidden error
From: "Joel Esler (jesler)" <jesler () cisco com>
Date: Fri, 18 Apr 2014 18:02:31 +0000
Dear Kevin, In order to look into this issue, I am going to need your Snort.org<http://Snort.org> username and email address. Please feel free to email me directly with that information. -- Joel Esler Open Source Manager Threat Intelligence Team Lead Vulnerability Research Team On Apr 18, 2014, at 1:32 PM, Kurzawa, Kevin <kkurzawa () co pinellas fl us<mailto:kkurzawa () co pinellas fl us>> wrote: PulledPork 0.7.0 Snort 2960 Archlinux Switching over from Oinkmaster to PulledPork. I want the ability to automatically switch between the connectivity, balanced, and security rulesets easily (if this is do-able in Oinkmaster, someone please enlighten me). Running sudo pulledpork.pl –c /etc/pulledpork/pulledpork.conf –T -vv Base URL is: https://www.snort.org/reg-rules/|snortrules-snapshot-2960.tar.gz|83c886d030bc3d56e56d69488c456404xxxx Checking latest MD5 for snortrules-snapshot-2960.tar.gz.... Fetching md5sum for: snortrules-snapshot-2960.tar.gz.md5 ** GET https://www.snort.org/reg-rules/snortrules-snapshot-2960.tar.gz.md5/83c886d030bc3d56e56d69488c456404xxxx ==> 403 Forbidden (1s) A 403 error occurred, please wait for the 15 minute timeout to expire before trying again or specify the -n runtime switch You may also wish to verfiy your oinkcode, tarball name, and other configuration options Error 403 when fetching https://www.snort.org/reg-rules/snortrules-snapshot-2960.tar.gz.md5 at /usr/local/bin/pulledpork.pl line 463. main::md5file('83c886d030bc3d56e56d69488c456404xxxx ', 'snortrules-snapshot-2960.tar.gz', '/tmp/', 'https://www.snort.org/reg-rules/') called at /usr/local/bin/pulledpork.pl line 1847 If I use a base URL without the version in yells at me and tells me I have to specify it. Base URL is: https://www.snort.org/reg-rules/|snortrules-snapshot.tar.gz|83c886d030bc3d56e56d69488c456404xxxx I get this 403 error after waiting for 20 minutes, 30 minutes, whenever minutes. I verified my oinkcode, it is correct. I got the tarball name from the Snort.org<http://snort.org/> site where it references downloading via the command line. As for other configuration options, I do not know what else it could be. My pulledpork.conf file: # RULE URI #rule_url=https://www.snort.org/reg-rules/|snortrules-snapshot.tar.gz|83c886d030bc3d56e56d69488c456404xxxx rule_url=https://www.snort.org/reg-rules/|snortrules-snapshot-2960.tar.gz|83c886d030bc3d56e56d69488c456404xxxx #rule_url=http://labs.snort.org/feeds/ip-filter.blf|IPBLACKLIST|open #rule_url=https://www.snort.org/reg-rules/|opensource.gz|<oinkcode><https://www.snort.org/reg-rules/|opensource.gz|%3Coinkcode%3E> #rule_url=https://rules.emergingthreatspro.com/|emerging.rules.tar.gz|open #rule_url=https://rules.emergingthreatspro.com/|etpro.rules.tar.gz|<et oinkcode> ips_policy=security ignore=deleted.rules,experimental.rules,local.rules temp_path=/tmp rule_path=/etc/pulledpork/rules/snort.rules # out_path=/usr/local/etc/snort/rules/ local_rules=/etc/pulledpork/rules/local.rules sid_msg=/etc/pulledpork/sid-msg.map sid_msg_version=1 sid_changelog=/var/log/pulledpork/sid_changes.log # SHARED OBJECT (SO) RULES #sorule_path=/usr/local/lib/snort_dynamicrules/ snort_path=/usr/bin/snort #sostub_path= #config_path=/etc/snort/snort.conf # Define your distro, this is for the precompiled shared object libs! # Valid Distro Types: # Debian-5-0, Debian-6-0, # Ubuntu-8.04, Ubuntu-10-4 # Centos-4-8, Centos-5-4 # FC-12, FC-14, RHEL-5-5, RHEL-6-0 # FreeBSD-7-3, FreeBSD-8-1 # OpenBSD-4-8 # Slackware-13-1 #distro=FreeBSD-8.1 black_list=/etc/pulledpork/rules/default.blacklist IPRVersion=/etc/pulledpork/rules/iplists #snort_control=/usr/bin/snort_control # backup=/usr/local/etc/snort,/usr/local/etc/pulledpork,/usr/local/lib/snort_dynamicrules/ # backup_file=/tmp/pp_backup # docs=/path/to/base/www # state_order=disable,drop,enable # pid_path=/var/run/snort.pid,/var/run/barnyard.pid,/var/run/barnyard2.pid # snort_version=2.9.0.0 enablesid=/etc/pulledpork/enablesid.conf dropsid=/etc/pulledpork/dropsid.conf disablesid=/etc/pulledpork/disablesid.conf modifysid=/etc/pulledpork/modifysid.conf version=0.7.0 ------------------------------------------------------------------------------ Learn Graph Databases - Download FREE O'Reilly Book "Graph Databases" is the definitive new guide to graph databases and their applications. Written by three acclaimed leaders in the field, this first edition is now available. Download your free book today! http://p.sf.net/sfu/NeoTech_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net<mailto:Snort-users () lists sourceforge net> Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org<http://blog.snort.org/> to stay current on all the latest Snort news!
------------------------------------------------------------------------------ Learn Graph Databases - Download FREE O'Reilly Book "Graph Databases" is the definitive new guide to graph databases and their applications. Written by three acclaimed leaders in the field, this first edition is now available. Download your free book today! http://p.sf.net/sfu/NeoTech
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- PulledPork 403 Forbidden error Kurzawa, Kevin (Apr 18)
- Re: PulledPork 403 Forbidden error Joel Esler (jesler) (Apr 18)
- Re: PulledPork 403 Forbidden error Steve Crow (May 23)
- Re: PulledPork 403 Forbidden error Joel Esler (jesler) (May 23)
- Re: PulledPork 403 Forbidden error Steve Crow (May 23)
- Re: PulledPork 403 Forbidden error Kurzawa, Kevin (May 23)
- Re: PulledPork 403 Forbidden error Steve Crow (May 23)
- Re: PulledPork 403 Forbidden error Joel Esler (jesler) (Apr 18)