search

DevGoals / pulledpork

Automatically exported from code.google.com/p/pulledpork
GNU General Public License v2.0
0 stars 0 forks source link

HTTPS use when HTTP urls used for snort.org #149

Open GoogleCodeExporter opened 8 years ago

GoogleCodeExporter commented 8 years ago 
What steps will reproduce the problem?
1. define HTTP URL's for your snort rule downloads when you have no outbound 
443 access (oink code)
2. execute pulledpork
3.
What is the expected output? What do you see instead?

expected output is for pulled pork to download the HTTP URL's
however
pulled pork fails to update stating the snapshot could not be found in 
/tmp//filename.tgz

What version of the product are you using? On what operating system?

tested on 0.6.1 and 0.7.0

Please provide any additional information below.

Lines 373 and 440 against pulled pork v0.6.1.

Original issue reported on code.google.com by petersch...@gmail.com on 19 Dec 2013 at 7:01

GoogleCodeExporter commented 8 years ago 
should have added that I worked around the issue by modifiying the hard coded 
https lines in the pulledpork.pl file as per above.

suggest using http or https as a boolean switch or actually obey the url's that 
are defined in the configuration file

Original comment by petersch...@gmail.com on 19 Dec 2013 at 7:03

GoogleCodeExporter commented 8 years ago 
i had the same issue As work around i had to use http as describe, also it 
seems that the url has been change in snort side i had to modify pullepork.pl 
and modify the var url adding ?oinkcode= and modify the path from reg-rules to 
rules to avoid the error 404 and 422 after those change i was able to pull the 
rules. 

I guess snort did some change on their side. I am using Pulledpork 0.7.0 and 
snort 2.9.6.1

Mounir Adghoughi

Original comment by mounir.a...@gmail.com on 29 Jul 2014 at 10:29

GoogleCodeExporter commented 8 years ago 
Always redirects to https but certificate verification fails.

Fetching rules file: snortrules-snapshot-2970.tar.gz
But not verifying MD5
** GET http://www.snort.org/rules/snortrules-snapshot-2970.tar.gz/[edit: 
removed] ==> 301 Moved Permanently
** GET https://www.snort.org/rules/snortrules-snapshot-2970.tar.gz/[edit: 
removed] ==> 500 Can't connect to www.snort.org:443 (certificate verify failed) 
(1s)
    A 500 error occurred, please verify that you have recently updated your root certificates!

Original comment by Sty...@gmail.com on 13 Dec 2014 at 6:49