search

shirkdog / pulledpork

Pulled Pork for Snort and Suricata rule management (from Google code)
GNU General Public License v2.0
419 stars 133 forks source link

Error fetching MD5 for emerging.rules.tar.gz #285

Closed rgctoo closed 6 years ago

rgctoo commented 6 years ago

Download of emergingthreats.tar.gz failes. The following error is reported:

Checking latest MD5 for emerging.rules.tar.gz.... Fetching md5sum for: emerging.rules.tar.gz.md5 GET https://rules.emergingthreats.net/emerging.rules.tar.gz.md5 ==> 404 Not Found (1s) A 404 error occurred, please verify your filenames and urls for your tarball! Error 404 when fetching https://rules.emergingthreats.net/emerging.rules.tar.gz.md5 at** ./pulledpork.pl line 546. most recent rules file digest: d7dfc205d04b3a4ebe284ef6aca542d3 current local rules file digest: d7dfc205d04b3a4ebe284ef6aca542d3 The MD5 for emerging.rules.tar.gz matched d7dfc205d04b3a4ebe284ef6aca542d3

There is something missing in the URL. My old implementation of pulledpork reported:

Checking latest MD5 for emerging.rules.tar.gz.... Fetching md5sum for: emerging.rules.tar.gz.md5 ** GET https://rules.emergingthreats.net/open-nogpl/snort-2.9.9/emerging.rules.tar.gz.md5 ==> 200 OK (2s) most recent rules file digest: 544c0f0f2dfe03c8e3c0263397d25523 current local rules file digest: a38255755464c83c68ccdf5b795cc8e3 The MD5 for emerging.rules.tar.gz did not match the latest digest... so I am gonna fetch the latest rules file!

--8<-- current pulledpork.conf -->8-- ...

THE FOLLOWING URL is for emergingthreats downloads, note the tarball name change!

and open-nogpl, to avoid conflicts.

rule_url=https://rules.emergingthreats.net/|emerging.rules.tar.gz|open-nogpl ... version=0.7.3 --8<-- current pulledpork.conf -->8--

Claus Regelmann

shirkdog commented 6 years ago

I need to see the command line you are using to launch pulledpork, and the value of snort_version in your pulledpork.conf

rgctoo commented 6 years ago

root@xxx:/opt/snort/buildrules# ./pulledpork.pl -P -v -c pulledpork.conf

Suricata users - set this to 'suricata-3.x.x' to process rule files

for suricata, this mimics the -S flag on the command line.

snort_version=2.9.11.0

root@xxx:/opt/snort/buildrules# /opt/snort/bin/snort --version

,,_ -> Snort! <- o" )~ Version 2.9.11 GRE (Build 125) '''' By Martin Roesch & The Snort Team: http://www.snort.org/contact#team Copyright (C) 2014-2017 Cisco and/or its affiliates. All rights reserved. Copyright (C) 1998-2013 Sourcefire, Inc., et al. Using libpcap version 1.1.1 Using PCRE version: 8.36 2014-09-26 Using ZLIB version: 1.2.5

root@xxx:/opt/snort/buildrules#

rgctoo commented 6 years ago

Something goes wrong with this Web-Interface. Bold Oversized lines?

shirkdog commented 6 years ago

I will take a look, might be another place this new version of Snort has broke in the script, as pulledpork does makes an assumption to pull down the emerging threats rules.

rasyidaja commented 6 years ago

i have problem, help me please... Checking latest MD5 for community-rules.tar.gz.... They Match Done! IP Blacklist download of https://talosintelligence.com/documents/ip-blacklist.... Reading IP List... Checking latest MD5 for opensource.tar.gz.... They Match Done! Checking latest MD5 for emerging.rules.tar.gz.... A 404 error occurred, please verify your filenames and urls for your tarball! Error 404 when fetching https://rules.emergingthreats.net/emerging.rules.tar.gz.md5 at /usr/local/bin/pulledpork.pl line 547. No such file or directory at /usr/local/bin/pulledpork.pl line 551. readline() on closed filehandle FILE at /usr/local/bin/pulledpork.pl line 553. Use of uninitialized value $md5 in scalar chomp at /usr/local/bin/pulledpork.pl line 554. Use of uninitialized value $md5 in pattern match (m//) at /usr/local/bin/pulledpork.pl line 556. Rules tarball download of emerging.rules.tar.gz.... A 404 error occurred, please verify your filenames and urls for your tarball!

jmtaylor90 commented 6 years ago

I am seeing this as well, let me know if there is additional information you need.

Thanks in advance!

shirkdog commented 6 years ago

There is an issue with the versioning necessary to pull files for emergingthreats and emergingthreatspro plus a new change in the way the signatures are forked for suricata. I will have a fix today or a workaround until the code is correct.

DigiAngel commented 6 years ago

Seeing this as well here:

Checking latest MD5 for emerging.rules.tar.gz....
        Fetching md5sum for: emerging.rules.tar.gz.md5
** GET http://rules.emergingthreats.net/emerging.rules.tar.gz.md5 ==> 404 Not Found (1s)
        A 404 error occurred, please verify your filenames and urls for your tarball!
        Error 404 when fetching http://rules.emergingthreats.net/emerging.rules.tar.gz.md5 at /opt/bin/pulledpork.pl line 547.
No such file or directory at /opt/bin/pulledpork.pl line 551.
readline() on closed filehandle FILE at /opt/bin/pulledpork.pl line 553.
Use of uninitialized value $md5 in scalar chomp at /opt/bin/pulledpork.pl line 554.
Use of uninitialized value $md5 in pattern match (m//) at /opt/bin/pulledpork.pl line 556.
        most recent rules file digest: emergingthreats.net
Rules tarball download of emerging.rules.tar.gz....
        Fetching rules file: emerging.rules.tar.gz
** GET http://rules.emergingthreats.net/emerging.rules.tar.gz ==> 404 Not Found
        A 404 error occurred, please verify your filenames and urls for your tarball!
shirkdog commented 6 years ago

This is working for me with the current version. Reopen the issue if it still does not work for you.

DigiAngel commented 6 years ago

Confirming working now with latest git...nice work.

rgctoo commented 6 years ago

It works. what about #283

shirkdog commented 6 years ago

separate issue.