search

shirkdog / pulledpork

Pulled Pork for Snort and Suricata rule management (from Google code)
GNU General Public License v2.0
419 stars 133 forks source link

Generating Stub Rules | CentOS7 #289

Closed ghost closed 6 years ago

ghost commented 6 years ago

Hi, i'm kinda new to pulledpork and tried to install it on CentOS 7 (CentOS Linux release 7.4.1708 (Core)).

If i now run "/usr/local/bin/pulledpork.pl -c /etc/snort/pulledpork.conf -P" the following errors are displayed:

Generating Stub Rules....
        An error occurred: WARNING: ip4 normalizations disabled because not inline.

        An error occurred: WARNING: tcp normalizations disabled because not inline.

        An error occurred: WARNING: icmp4 normalizations disabled because not inline.

        An error occurred: WARNING: ip6 normalizations disabled because not inline.

        An error occurred: WARNING: icmp6 normalizations disabled because not inline.

My config file:

rule_url=https://www.snort.org/rules/|snortrules-snapshot-29110.tar.gz|<mycode>
rule_url=https://snort.org/downloads/community/|community-rules.tar.gz|Community
rule_url=https://talosintelligence.com/documents/ip-blacklist|IPBLACKLIST|open
rule_url=https://snort.org/downloads/community/|opensource.gz|Opensource
ignore=deleted.rules,experimental.rules,local.rules
temp_path=/tmp
rule_path=/etc/snort/rules/snort.rules
local_rules=/etc/snort/rules/local.rules
sid_msg=/etc/snort/sid-msg.map
sid_msg_version=1
sid_changelog=/var/log/sid_changes.log
sorule_path=/etc/snort/rules/snort_dynamicrules/
snort_path=/usr/sbin/snort
config_path=/etc/snort/snort.conf
sostub_path=/etc/snort/rules/snort_dynamicrules/so_rules.rules
distro=RHEL-6-0
black_list=/etc/snort/rules/iplists/default.blacklist
IPRVersion=/etc/snort/rules/iplists
snort_control=/usr/bin/snort_control
version=0.7.3

Thank you for your help!

shirkdog commented 6 years ago

I think this may be safe to ignore...

ghost commented 6 years ago

hm.. okay, but the SO rules are not being processed (so_rules.rules is empty).

shirkdog commented 6 years ago

Was your issue resolved? If not reopen this issue so it will be resolved.

ghost commented 6 years ago

With try and error i have resolved the issue. Now i'm not quite sure why my "so_rules.rules" file is empty i thought they would be bundled together in this file? All my .so files are in my directory.

Or have i misunderstood something?