Closed rgctoo closed 6 years ago
I need to see the command line you are using to launch pulledpork, and the value of snort_version in your pulledpork.conf
root@xxx:/opt/snort/buildrules# ./pulledpork.pl -P -v -c pulledpork.conf
snort_version=2.9.11.0
root@xxx:/opt/snort/buildrules# /opt/snort/bin/snort --version
,,_ -> Snort! <- o" )~ Version 2.9.11 GRE (Build 125) '''' By Martin Roesch & The Snort Team: http://www.snort.org/contact#team Copyright (C) 2014-2017 Cisco and/or its affiliates. All rights reserved. Copyright (C) 1998-2013 Sourcefire, Inc., et al. Using libpcap version 1.1.1 Using PCRE version: 8.36 2014-09-26 Using ZLIB version: 1.2.5
root@xxx:/opt/snort/buildrules#
Something goes wrong with this Web-Interface. Bold Oversized lines?
I will take a look, might be another place this new version of Snort has broke in the script, as pulledpork does makes an assumption to pull down the emerging threats rules.
i have problem, help me please... Checking latest MD5 for community-rules.tar.gz.... They Match Done! IP Blacklist download of https://talosintelligence.com/documents/ip-blacklist.... Reading IP List... Checking latest MD5 for opensource.tar.gz.... They Match Done! Checking latest MD5 for emerging.rules.tar.gz.... A 404 error occurred, please verify your filenames and urls for your tarball! Error 404 when fetching https://rules.emergingthreats.net/emerging.rules.tar.gz.md5 at /usr/local/bin/pulledpork.pl line 547. No such file or directory at /usr/local/bin/pulledpork.pl line 551. readline() on closed filehandle FILE at /usr/local/bin/pulledpork.pl line 553. Use of uninitialized value $md5 in scalar chomp at /usr/local/bin/pulledpork.pl line 554. Use of uninitialized value $md5 in pattern match (m//) at /usr/local/bin/pulledpork.pl line 556. Rules tarball download of emerging.rules.tar.gz.... A 404 error occurred, please verify your filenames and urls for your tarball!
I am seeing this as well, let me know if there is additional information you need.
Thanks in advance!
There is an issue with the versioning necessary to pull files for emergingthreats and emergingthreatspro plus a new change in the way the signatures are forked for suricata. I will have a fix today or a workaround until the code is correct.
Seeing this as well here:
Checking latest MD5 for emerging.rules.tar.gz....
Fetching md5sum for: emerging.rules.tar.gz.md5
** GET http://rules.emergingthreats.net/emerging.rules.tar.gz.md5 ==> 404 Not Found (1s)
A 404 error occurred, please verify your filenames and urls for your tarball!
Error 404 when fetching http://rules.emergingthreats.net/emerging.rules.tar.gz.md5 at /opt/bin/pulledpork.pl line 547.
No such file or directory at /opt/bin/pulledpork.pl line 551.
readline() on closed filehandle FILE at /opt/bin/pulledpork.pl line 553.
Use of uninitialized value $md5 in scalar chomp at /opt/bin/pulledpork.pl line 554.
Use of uninitialized value $md5 in pattern match (m//) at /opt/bin/pulledpork.pl line 556.
most recent rules file digest: emergingthreats.net
Rules tarball download of emerging.rules.tar.gz....
Fetching rules file: emerging.rules.tar.gz
** GET http://rules.emergingthreats.net/emerging.rules.tar.gz ==> 404 Not Found
A 404 error occurred, please verify your filenames and urls for your tarball!
This is working for me with the current version. Reopen the issue if it still does not work for you.
Confirming working now with latest git...nice work.
It works. what about #283
separate issue.
Download of emergingthreats.tar.gz failes. The following error is reported:
Checking latest MD5 for emerging.rules.tar.gz.... Fetching md5sum for: emerging.rules.tar.gz.md5 GET https://rules.emergingthreats.net/emerging.rules.tar.gz.md5 ==> 404 Not Found (1s) A 404 error occurred, please verify your filenames and urls for your tarball! Error 404 when fetching https://rules.emergingthreats.net/emerging.rules.tar.gz.md5 at** ./pulledpork.pl line 546. most recent rules file digest: d7dfc205d04b3a4ebe284ef6aca542d3 current local rules file digest: d7dfc205d04b3a4ebe284ef6aca542d3 The MD5 for emerging.rules.tar.gz matched d7dfc205d04b3a4ebe284ef6aca542d3
There is something missing in the URL. My old implementation of pulledpork reported:
Checking latest MD5 for emerging.rules.tar.gz.... Fetching md5sum for: emerging.rules.tar.gz.md5 ** GET https://rules.emergingthreats.net/open-nogpl/snort-2.9.9/emerging.rules.tar.gz.md5 ==> 200 OK (2s) most recent rules file digest: 544c0f0f2dfe03c8e3c0263397d25523 current local rules file digest: a38255755464c83c68ccdf5b795cc8e3 The MD5 for emerging.rules.tar.gz did not match the latest digest... so I am gonna fetch the latest rules file!
--8<-- current pulledpork.conf -->8-- ...
THE FOLLOWING URL is for emergingthreats downloads, note the tarball name change!
and open-nogpl, to avoid conflicts.
rule_url=https://rules.emergingthreats.net/|emerging.rules.tar.gz|open-nogpl ... version=0.7.3 --8<-- current pulledpork.conf -->8--
Claus Regelmann