search

chrisdevette / pulledpork

Automatically exported from code.google.com/p/pulledpork
GNU General Public License v2.0
0 stars 0 forks source link

Can't use an undefined value as an ARRAY reference at ./pulledpork.pl line 1516. #107

Closed GoogleCodeExporter closed 9 years ago

GoogleCodeExporter commented 9 years ago 
What steps will reproduce the problem?
1. Running: ./pulledpork.pl -c /usr/local/snort/pulledpork.conf

What is the expected output? What do you see instead?

- Receiving:  "Can't use an undefined value as an ARRAY reference at 
./pulledpork.pl line 1516."

What version of the product are you using? On what operating system?

v0.6.1 --- Ubuntu Server 10.04

Please provide any additional information below.

root@server01:/usr/local/snort# ./pulledpork.pl -c 
/usr/local/snort/pulledpork.conf -vv

    http://code.google.com/p/pulledpork/
      _____ ____
     `----,\    )
      `--==\\  /    PulledPork v0.6.1 the Smoking Pig <////~
       `--==\\/
     .-~~~~-.Y|\\_  Copyright (C) 2009-2011 JJ Cummings
  @_/        /  66\_  cummingsj@gmail.com
    |    \   \   _(")
     \   /-| ||'--'  Rules give me wings!
      \_\  \_\\

Config File Variable Debug /usr/local/snort/pulledpork.conf distro = Ubuntu-8.04 temp_path = /tmp version = 0.6.0 rule_url = http://rules.emergingthreats.net/open/snort-2.9.0/emerging.rules.tar.gz disablesid = /usr/local/snort/ppconfs/disablesid.conf rule_path = /usr/local/snort/rules/snort.rules ignore = deleted.rules,experimental.rules,local.rules snort_version = 2.9.2.1 sid_changelog = /usr/local/snort/logs/sid_changes.log sid_msg = /usr/local/snort/sid-msg.map backup_file = /usr/local/snort/backup backup = /usr/local/snort/rules,/usr/local/snort/global/rules local_rules = /usr/local/snort/globalrules/local.rules Can't use an undefined value as an ARRAY reference at ./pulledpork.pl line 1516.


Original issue reported on code.google.com by `aver...@gmail.com` on 22 Feb 2012 at 8:40
GoogleCodeExporter commented 9 years ago 
I had commented out

"# get the rule docs!

#        rule_url=http://www.snort.org/reg-rules/|opensource.gz|'myoinkcode'
#       rule_url=http://rules.emergingthreats.net/|emerging.rules.tar.gz|open"

When I removed the #'s, it is throwing:

root@server01:/usr/local/snort# ./pulledpork.pl -c 
/usr/local/snort/pulledpork.conf -vv

    http://code.google.com/p/pulledpork/
      _____ ____
     `----,\    )
      `--==\\  /    PulledPork v0.6.1 the Smoking Pig <////~
       `--==\\/
     .-~~~~-.Y|\\_  Copyright (C) 2009-2011 JJ Cummings
  @_/        /  66\_  cummingsj@gmail.com
    |    \   \   _(")
     \   /-| ||'--'  Rules give me wings!
      \_\  \_\\

Config File Variable Debug /usr/local/snort/pulledpork.conf distro = Ubuntu-8.04 temp_path = /tmp version = 0.6.0 rule_url = http://rules.emergingthreats.net/open/snort-2.9.0/emerging.rules.tar.gz disablesid = /usr/local/snort/ppconfs/disablesid.conf rule_path = /usr/local/snort/rules/snort.rules ignore = deleted.rules,experimental.rules,local.rules rule_url = ARRAY(0x1d2e428) snort_version = 2.9.2.1 sid_changelog = /usr/local/snort/logs/sid_changes.log sid_msg = /usr/local/snort/sid-msg.map backup_file = /usr/local/snort/backup backup = /usr/local/snort/rules,/usr/local/snort/global/rules local_rules = /usr/local/snort/globalrules/local.rules Use of uninitialized value $Snort_path in -B at ./pulledpork.pl line 1563. MISC (CLI and Autovar) Variable Debug: arch Def is: x86-64 Config Path is: /usr/local/snort/pulledpork.conf Distro Def is: Ubuntu-8.04 Disabled policy specified local.rules path is: /usr/local/snort/globalrules/local.rules Rules file is: /usr/local/snort/rules/snort.rules Path to disablesid file: /usr/local/snort/ppconfs/disablesid.conf sid changes will be logged to: /usr/local/snort/logs/sid_changes.log sid-msg.map Output Path is: /usr/local/snort/sid-msg.map Snort Version is: 2.9.2.1 Extra Verbose Flag is Set Verbose Flag is Set Base URL is: http://www.snort.org/reg-rules/|opensource.gz|myoinkcode http://rules.emergingthreats.net/|emerging.rules.tar.gz|open Checking latest MD5 for opensource.gz.... Fetching md5sum for: opensource.gz.md5 \ GET https://www.snort.org/reg-rules/opensource.gz.md5/myoinkcode ==> SSL_connect:before/connect initialization SSL_connect:SSLv2/v3 write client hello A SSL_connect:SSLv3 read server hello A SSL_connect:SSLv3 read server certificate A SSL_connect:SSLv3 read server done A SSL_connect:SSLv3 write client key exchange A SSL_connect:SSLv3 write change cipher spec A SSL_connect:SSLv3 write finished A SSL_connect:SSLv3 flush data SSL_connect:SSLv3 read finished A 500 Internal Server Error (2s) Error 500 when fetching http://www.snort.org/reg-rules/opensource.gz.md5 at ./pulledpork.pl line 453 main::md5file('myoinkcode', 'opensource.gz', '/tmp/', 'http://www.snort.org/reg-rules/') called at ./pulledpork.pl line 1758


Original comment by `aver...@gmail.com` on 22 Feb 2012 at 8:56
GoogleCodeExporter commented 9 years ago 
Looks like your config file is not setup correctly... you need to provide an 
oinkcode for "myoinkcode" etc etc...

Original comment by Cummin...@gmail.com on 22 Feb 2012 at 9:01

GoogleCodeExporter commented 9 years ago 
Hi,

Sorry, I erased the oinkcode out of what I had pasted you.

I think the problem was related to having a space between the rule_url and the 
'=' sign --- when I removed those spaces it seems to generate a 403 error 
occurred issue.  Still looking into it. I will post an update if I can figure 
out more.

Thanks

Original comment by aver...@gmail.com on 22 Feb 2012 at 9:26

GoogleCodeExporter commented 9 years ago 
Cool, keep me posted.. marking this as invalid for now.

Original comment by Cummin...@gmail.com on 22 Feb 2012 at 9:28

GoogleCodeExporter commented 9 years ago 
Hey JJ -

Got a little further, but when trying to specify the emerging threats link in 
the rules_url... it's looking for an oinkcode, which there should not be a need 
for any:

root@server01:/usr/local/snort/ppconfs# ./pulledpork.pl -c 
/usr/local/snort/ppconfs/pulledpork.conf -L /usr/local/snort/rules/local.rules

    http://code.google.com/p/pulledpork/
      _____ ____
     `----,\    )
      `--==\\  /    PulledPork v0.6.1 the Smoking Pig <////~
       `--==\\/
     .-~~~~-.Y|\\_  Copyright (C) 2009-2011 JJ Cummings
  @_/        /  66\_  cummingsj@gmail.com
    |    \   \   _(")
     \   /-| ||'--'  Rules give me wings!
      \_\  \_\\

Use of uninitialized value $Snort_path in -B at ./pulledpork.pl line 1563. Checking latest MD5 for snortrules-snapshot-2920.tar.gz.... They Match Done! Prepping rules from snortrules-snapshot-2920.tar.gz for work.... Done! You need to define an oinkcode, please review the rule_url section of the pulledpork config file! at ./pulledpork.pl line 1721

Here is the rules URL:

rule_url=https://www.snort.org/reg-rules/|snortrules-snapshot-2920.tar.gz|f3fa(r est of the oinkmaster code)...,https://rules.emergingthreats.net/open/snort-2.9.0/$

The script works fine without the additional URL, but not so much when adding another. Any thoughts?

Thanks.


Original comment by `aver...@gmail.com` on 23 Feb 2012 at 4:48
GoogleCodeExporter commented 9 years ago 
each url should be specified on it's own line

rule_url=http://foo
rule_url=http://bar

Additionally the oinkcode is important in the ET rulesets also.. you need to 
specify open for the opensource ones.. or an actual code for the ET PRO or open 
or open-nogpl etc...

The format of the config for PP is much different than that of oinkmaster.. 
this allows for more automation in terms of rule specific versioning etc...

Original comment by Cummin...@gmail.com on 23 Feb 2012 at 5:23

GoogleCodeExporter commented 9 years ago 
JJ -

I think I've figured it out.  Had to massage the configuration file but it 
seems OK now.

Thanks for your help

Original comment by aver...@gmail.com on 23 Feb 2012 at 5:24