search

Quantalytics / pulledpork

Automatically exported from code.google.com/p/pulledpork
GNU General Public License v2.0
0 stars 0 forks source link

update rules not working, md5 error #157

Closed GoogleCodeExporter closed 9 years ago

GoogleCodeExporter commented 9 years ago 
What steps will reproduce the problem?
Following this guide on latest stable version 
http://www.aldeid.com/wiki/Pulledpork
1. notice that snort has changed some things which I have applied
PulledPork.conf
   "PulledPork is a helper script that will automatically download the latest rules for you. PulledPork will determine your version of snort

    rule_url=https://snort.org/rules/|snortrules-snapshot.tar.gz|?oinkcode=<oinkcode>

    To get the docs if you want them, create a second rule_url entry

     rule_url=https://snort.org/rules/|opensource.gz|?oinkcode=<oinkcode>"
Also
As you can see there are other changes to snort.org

2. applied that to pulledpork.conf sent to you
3.as root run command # perl /usr/local/bin/pulledpork.pl   \
-c /usr/local/etc/pulledpork/pulledpork.conf   
I have provided pulledpork.conf

4. my snort rules and conf are /etc/snort
snortconf.txt

6.snort compiled for source is in folder /usr/local/snort/
snortcomp.txt

What is the expected output?
First time trying to use pulled pork, expecting to update rules in folder 
/etc/snort/rules
What do you see instead?
# perl /usr/local/bin/pulledpork.pl   -c 
/usr/local/etc/pulledpork/pulledpork.conf 

    http://code.google.com/p/pulledpork/
      _____ ____
     `----,\    )
      `--==\\  /    PulledPork v0.7.0 - Swine Flu!
       `--==\\/
     .-~~~~-.Y|\\_  Copyright (C) 2009-2013 JJ Cummings
  @_/        /  66\_  cummingsj@gmail.com
    |    \   \   _(")
     \   /-| ||'--'  Rules give me wings!
      \_\  \_\\

Checking latest MD5 for snortrules-snapshot-2961.tar.gz.... A 404 error occurred, please verify your filenames and urls for your tarball! Error 404 when fetching https://www.snort.org/rules/snortrules-snapshot-2961.tar.gz.md5 at /usr/local/bin/pulledpork.pl line 463. main::md5file('?oinkcode', 'snortrules-snapshot-2961.tar.gz', '/tmp/', 'https://www.snort.org/rules/') called at /usr/local/bin/pulledpork.pl line 1847 What version of the product are you using? Snort 2.9.6.1, Pulled 0.7.0 On what operating system? Ubuntu 14.04-64 bit

Please provide any additional information below. I suspect snort.org changed md5 location 


Original issue reported on code.google.com by `nivuk...@gmail.com` on 10 Jul 2014 at 12:56

Attachments:
* [snortconf.txt](https://storage.googleapis.com/google-code-attachments/pulledpork/issue-157/comment-0/snortconf.txt)
* [snortcomp.txt](https://storage.googleapis.com/google-code-attachments/pulledpork/issue-157/comment-0/snortcomp.txt)
* [pulledpork.conf](https://storage.googleapis.com/google-code-attachments/pulledpork/issue-157/comment-0/pulledpork.conf)
* [Screenshot from 2014-07-10 14:52:18.png](https://storage.googleapis.com/google-code-attachments/pulledpork/issue-157/comment-0/Screenshot from 2014-07-10 14:52:18.png)
GoogleCodeExporter commented 9 years ago 
Use the original value noted in the pulledpork.conf.  The snort.org site is 
incorrect at this time and will be updated soon.

Original comment by Cummin...@gmail.com on 10 Jul 2014 at 8:05