Closed GoogleCodeExporter closed 9 years ago
You do not understand how the rule system works, there is no longer a valid and
updated rules file with the name that you give. Regardless of what version of
snort rules you attempt to download, the age of the rules within said file is
automatically determined by the level associated with your oinkcode. You were
unable to download for 2.9.2 because there is NO tarball for the registered
users yet, since it has not yet been 30 days since 2.9.2 was released. Once it
has been 30 days then you oinkcode will work to get 2.9.2 registered rulesets.
When this happens, there is a variable in the pulledpork.conf that lets you
specify the version of snort that you are running, had you specified 2.9.1.2
then the ruleset would have downloaded and worked perfectly.
This is an invalid bug, and is being marked as such.
Original comment by Cummin...@gmail.com
on 14 Jan 2012 at 10:39
I did specify "snort_version=2.9.1.2" in the pulledpork.conf but even with my
oinkcode it still tried to download snortrules-snapshot-2920.tar.gz which
resulted in a 403 forbidden error because I'm not entitled to it.
If I hardcoded "snortrules-snapshot-2912.tar.gz" into pulledpork.conf it worked
just fine.
Sorry.
Original comment by lost....@gmail.com
on 14 Jan 2012 at 10:48
That is potentially a different issue that we can look into.
Original comment by Cummin...@gmail.com
on 14 Jan 2012 at 10:49
I mentioned snortrules-snapshot-edge.tar.gz because if I do
wget http://www.snort.org/reg-rules/snortrules-snapshot-edge.tar.gz/<oinkcode
here> -O snortrules-snapshot-edge.tar.gz
It gets me the latest snapshot for my release, I thought.
It's mentioned at foot of page here:
http://www.snort.org/snort-rules/cli
It'll be Monday 10-ish GMT before I can get you my actual pulledpork.conf
Original comment by lost....@gmail.com
on 14 Jan 2012 at 10:55
I see what you are talking about, it doesn't get you the latest snapshot for
your release, it gets you the latest that you are entitled to.. that is bad
because many people will still be running 2.9.1.2.. so when they can get 2.9.2
it will break their 2.9.1.2 install..
Original comment by Cummin...@gmail.com
on 14 Jan 2012 at 11:15
Damn mistype:
"It gets me the latest snapshot for my release, I thought." Should have been
It gets me the latest snapshot that I am entitled to. But you got that.
I'm using the 2.9.1.2 rules from snortrules-snapshot-2912.tar.gz with Snort
2.9.2 and I thought it worked just fine. But you are saying if I used rules
created for 2.9.2 with 2.9.1.2 it with would break 2.9.1.2
That is handy to know if I'm having a crappy morning with snort someday.
Thanks.
Original comment by lost....@gmail.com
on 14 Jan 2012 at 11:25
Original issue reported on code.google.com by
lost....@gmail.com
on 14 Jan 2012 at 4:44