search

mateodx / pulledpork

Automatically exported from code.google.com/p/pulledpork
GNU General Public License v2.0
0 stars 0 forks source link

Use of uninitialized value $Config_info{"IPRVersion"} in concatenation (.) or string #142

Open GoogleCodeExporter opened 8 years ago

GoogleCodeExporter commented 8 years ago 
What steps will reproduce the problem?
1. sudo perl pulledpork.pl -c /mypath/pulledpork.conf -m /etc/snort/sid-msg.map 

What is the expected output? What do you see instead?
Though I am getting my rules updated properly, but still I am getting an error 
- Use of uninitialized value $Config_info{"IPRVersion"} in concatenation (.) or 
string at pulledpork.pl line 1091.

What version of the product are you using? On what operating system?
0.70. I am on CentOS Kernel version2.6.32-358.14.1.el6.x86_64

Please provide any additional information below.
a. I have attached my pulledpork.pl, pulledpork.conf
b. I have all my rules in one single file named snort.rules
c. Currently I am testing snort in my test environment and hence snort is not 
running in daemon mode
d. My perl version details:
This is perl, v5.10.1 (*) built for x86_64-linux-thread-multi
Copyright 1987-2009, Larry Wall
e. I am on snort version 2.9.5 GRE (Build 103)
f. I am on Barnyard version: 2.1.9 (Build 263) - XFF patch (version 2)

Kindly let me know in case you need any other information on this issue.

Regards,
Anshuman

Original issue reported on code.google.com by deshmukh...@gmail.com on 22 Oct 2013 at 5:53

Attachments:

GoogleCodeExporter commented 8 years ago 
There is one more error seen which is "Use of uninitialized value $bin in -f at 
pulledpork.pl line 986." with same configuration.

Kindly check.

Original comment by deshmukh...@gmail.com on 1 Nov 2013 at 5:52

GoogleCodeExporter commented 8 years ago 
# This should be the same path where your black_list lives!
##IPRVersion=/usr/local/etc/snort/rules/iplists

Set this in your conf to:
IPRVersion=/etc/snort/rules/iplists

See if this resolves both of your issues.

Original comment by shirk...@gmail.com on 18 Mar 2014 at 7:56

GoogleCodeExporter commented 8 years ago 
I'll handle this one.

Original comment by shirk...@gmail.com on 18 Mar 2014 at 7:57

GoogleCodeExporter commented 8 years ago 
I made these changes. The first error has gone, but the second one still 
remain. I have attached the latest pulledpork.conf 

Here is the output-

**Start of output
[root@sec-snort pulledpork-0.7.0]#  sudo perl pulledpork.pl -c 
/etc/pulledpork070/pulledpork-0.7.0/etc/pulledpork.conf -m 
/etc/snort/sid-msg.map -I security -P -vv | mail -s "Daily report for snort 
rule update" <e-mail id removed>

Use of uninitialized value $Value in pattern match (m//) at pulledpork.pl line 
108, <CONFIG> line 175.
** GET 
https://www.snort.org/reg-rules/snortrules-snapshot-2950.tar.gz.md5/e5454e32094d
d017be5907b5cacb387eb55d2152 ==> 200 OK (2s)
** GET 
https://www.snort.org/reg-rules/opensource.gz.md5/e5454e32094dd017be5907b5cacb38
7eb55d2152 ==> 200 OK (1s)
** GET 
https://rules.emergingthreats.net/open/snort-2.9.5/emerging.rules.tar.gz.md5 
==> 200 OK (2s)
** GET https://rules.emergingthreats.net/open/snort-2.9.5/emerging.rules.tar.gz 
==> 200 OK (8s)
** GET 
https://s3.amazonaws.com/snort-org/www/rules/community/community-rules.tar.gz.md
5 ==> 200 OK (1s)
** GET 
https://s3.amazonaws.com/snort-org/www/rules/community/community-rules.tar.gz 
==> 200 OK (2s)
** GET http://labs.snort.org/feeds/ip-filter.blf ==> 200 OK (1s)
Use of uninitialized value $bin in -f at pulledpork.pl line 986.

**End of output

Original comment by deshmukh...@gmail.com on 22 Apr 2014 at 7:58

Attachments:

GoogleCodeExporter commented 8 years ago 
Your build of snort does not contain /usr/local/bin/snort_control, so pulled 
pork is failing.

Did you do a default build of snort with the default prefix?

Original comment by shirk...@gmail.com on 23 Apr 2014 at 11:34