chrisdevette / pulledpork

Automatically exported from code.google.com/p/pulledpork
GNU General Public License v2.0
0 stars 0 forks source link

Error 500 when fetching https://www.snort.org/reg-rules/snortrules-snapshot-2912.tar.gz.md5 #113

Closed GoogleCodeExporter closed 9 years ago

GoogleCodeExporter commented 9 years ago
What steps will reproduce the problem?
1. ./pulledpork.pl -vv -c etc/pulledpork.conf

What is the expected output? What do you see instead?

    http://code.google.com/p/pulledpork/
      _____ ____
     `----,\    )
      `--==\\  /    PulledPork v0.6.1 the Smoking Pig <////~
       `--==\\/
     .-~~~~-.Y|\\_  Copyright (C) 2009-2011 JJ Cummings
  @_/        /  66\_  cummingsj@gmail.com
    |    \   \   _(")
     \   /-| ||'--'  Rules give me wings!
      \_\  \_\\

Config File Variable Debug etc/pulledpork.conf snort_path = /usr/sbin/snort rule_url = ARRAY(0x8baa0ac) temp_path = /tmp version = 0.6.0 sid_changelog = /var/log/sid_changes.log sid_msg = /opt/snort/conf/sid-msg.map rule_path = /opt/snort/conf/rules/snort.rules local_rules = /opt/snort/conf/local.rules ignore = deleted.rules,experimental.rules,local.rules MISC (CLI and Autovar) Variable Debug: arch Def is: i386 Config Path is: etc/pulledpork.conf Disabled policy specified local.rules path is: /opt/snort/conf/local.rules Rules file is: /opt/snort/conf/rules/snort.rules sid changes will be logged to: /var/log/sid_changes.log sid-msg.map Output Path is: /opt/snort/conf/sid-msg.map Snort Version is: 2.9.1.2 Snort Path is: /usr/sbin/snort Extra Verbose Flag is Set Verbose Flag is Set Base URL is: https://www.snort.org/reg-rules|snortrules-snapshot-2912.tar.gz|my-oink-code

MY HTTPS PROXY = http://10.254.72.3:8080/ Checking latest MD5 for snortrules-snapshot-2912.tar.gz.... Fetching md5sum for: snortrules-snapshot-2912.tar.gz.md5 \ GET https://www.snort.org/reg-rules/snortrules-snapshot-2912.tar.gz.md5/my-oink-code ==> 500 Can't connect to www.snort.org:443 (Bad hostname) Error 500 when fetching https://www.snort.org/reg-rules/snortrules-snapshot-2912.tar.gz.md5 at ./pulledpork.pl line 453 main::md5file('my-oink-code', 'snortrules-snapshot-2912.tar.gz', '/tmp/', 'https://www.snort.org/reg-rules') called at ./pulledpork.pl line 1758

What version of the product are you using? On what operating system? (0.6.0) or (0.6.1) depends if you see the "-v parameter" or the flying pig.

We are using SLES 10 SP4.

Please provide any additional information below.

We have seen the conections to proxy and there is'nt any while using PP. The env variables are OK. And there is no problem using perl cpan shell.

env | grep proxy http_proxy=http://10.254.72.3:8080/ https_proxy=http://10.254.72.3:8080/ no_proxy=localhost, 127.0.0.1

Thanks for all!!!


Original issue reported on code.google.com by `memojoel...@gmail.com` on 31 Jul 2012 at 12:28
GoogleCodeExporter commented 9 years ago
We are thinking that probably the problem is in the perl module that make the 
https GET method.

Original comment by memojoel...@gmail.com on 31 Jul 2012 at 1:03

GoogleCodeExporter commented 9 years ago
Yeah, please make sure that your perl modules are all updated.. specifically 
LWP::UserAgent and all those related to ssl: Crypt::SSLeay, 
LWP::Protocol::https etc

For now I'm going to mark this as invalid, as this appears to be a PM issue 
rather than a PP code issue.  Please update us with your findings and I'll 
happily plug it into the FAQ.  You might also note that there is a comment in 
the FAQ about 500s

JJC

Original comment by Cummin...@gmail.com on 31 Jul 2012 at 2:19

GoogleCodeExporter commented 9 years ago
I had have to give up looking for the error, but for sure its is related with 
PM and certs in SLES. We have configured PP for working by http instead of 
https (it should be a good idea to use an URL variable instead of hard coping 
it).

I will try in near future, with other PP deployments.

Thanks for your time.

Original comment by memojoel...@gmail.com on 6 Aug 2012 at 7:58

GoogleCodeExporter commented 9 years ago
Same error here. With https PP try to fetch the rule over port 443 and ignores 
the proxy, it works by changing all URLs to http. I use an updated Ubuntu 
Server 12.04 LTS

Original comment by gebl...@gmail.com on 7 Feb 2013 at 1:46

GoogleCodeExporter commented 9 years ago
Same issue as well.   Environment variables correctly set, wget, cpan, etc all 
work and are proxied.    Changing the script to use plain http does work, but 
it isn't a certificate issue as the proxy isn't even attempted when SSL is used.

All related modules seem to be current, specifically those mentioned:

LWP::UserAgent 6.04
Crypt::SSLeay .64
LWP::Protocol::https 6.03

Original comment by brianjs...@gmail.com on 11 Feb 2013 at 7:05

GoogleCodeExporter commented 9 years ago
I believe I found the same issue and upon debugging it is down to the trailing 
slash in your "https_proxy" line:
eg.
export https_proxy='http://1.2.3.4:3128/'  <-- bad
export https_proxy='http://1.2.3.4:3128'  <-- good

Try this and see if it resolves your issue. It did for me

Original comment by elfl...@faerie.cx on 16 May 2013 at 11:25