Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Snort IP blacklist issue

From: Shirkdog <shirkdog () gmail com>
Date: Thu, 27 Aug 2015 17:13:14 -0400
I am not seeing this issue, with the correct permissions with the
latest code (about to release 0.7.2):


    https://github.com/shirkdog/pulledpork
      _____ ____
     `----,\    )
      `--==\\  /    PulledPork v0.7.2 - E.Coli in your water bottle!
       `--==\\/
     .-~~~~-.Y|\\_  Copyright (C) 2009-2015 JJ Cummings
  @_/        /  66\_  cummingsj () gmail com
    |    \   \   _(")
     \   /-| ||'--'  Rules give me wings!
      \_\  \_\\
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Checking latest MD5 for snortrules-snapshot-2975.tar.gz....
Rules tarball download of snortrules-snapshot-2975.tar.gz....
        They Match
        Done!
Checking latest MD5 for community-rules.tar.gz....
Rules tarball download of community-rules.tar.gz....
        They Match
        Done!
IP Blacklist download of
http://talosintel.com/files/additional_resources/ips_blacklist/ip-filter.blf....
Reading IP List...
Checking latest MD5 for opensource.gz....
Rules tarball download of opensource.gz....
        They Match
        Done!
Prepping rules from opensource.gz for work....
        Done!
Prepping rules from community-rules.tar.gz for work....
        Done!
Prepping rules from snortrules-snapshot-2975.tar.gz for work....
        Done!
Reading rules...
Reading rules...
Writing Blacklist File /usr/local/etc/snort/rules/iplists/default.blacklist....
Writing Blacklist Version 825308466 to
/usr/local/etc/snort/rules/iplistsIPRVersion.dat....
Setting Flowbit State....
        Enabled 16 flowbits
        Done
Writing /usr/local/etc/snort/rules/snort.rules....
        Done
Generating sid-msg.map....
        Done
Writing v1 /usr/local/etc/snort/sid-msg.map....
        Done
Writing /var/log/sid_changes.log....
        Done
Rule Stats...
        New:-------0
        Deleted:---0
        Enabled Rules:----8695
        Dropped Rules:----0
        Disabled Rules:---17344
        Total Rules:------26039
IP Blacklist Stats...
        Total IPs:-----6312

Done
Please review /var/log/sid_changes.log for additional details
Fly Piggy Fly!

---
Michael Shirk


On Thu, Aug 27, 2015 at 1:26 PM, ha dinhphu <hadinhphu () gmail com> wrote:

It's been a while since I asked about this problem. Does anyone has solution
for it?

On Fri, Aug 14, 2015 at 1:12 PM, ha dinhphu <hadinhphu () gmail com> wrote:


Hi kitty,

Yes my /tmp directory is available with rwx permission by all user. I ran
the command as root, so i don't think that's the problem.
https://code.google.com/p/pulledpork/issues/detail?id=166 -- another user
has the same problem.
http://sourceforge.net/p/snort/mailman/message/32913112/  --snort-user

On Fri, Aug 14, 2015 at 1:04 PM, waldo kitty <wkitty42 () windstream net>
wrote:


On 08/14/2015 12:21 PM, ha dinhphu wrote:

IP Blacklist download of

http://talosintel.com/files/additional_resources/ips_blacklist/ip-filter.blf....
Reading IP List...
Couldn't read /tmp/296.170136981772-black_list.rules - No such file or
directory


what linux are you using? does it have a working /tmp directory that is
writable
by all users?

both of your reports have been failures to read a file that should have
been
downloaded into /tmp... these failures seem to point to /tmp not existing
or it
is not writable by the user your pulledpork is running as...

--
  NOTE: No off-list assistance is given without prior approval.
        *Please keep mailing list traffic on the list* unless
        private contact is specifically requested and granted.


------------------------------------------------------------------------------
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest
Snort news!






------------------------------------------------------------------------------

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort
news!


------------------------------------------------------------------------------
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!
Previous By Date Next
Previous By Thread Next

Current thread: