search

shirkdog / pulledpork

Pulled Pork for Snort and Suricata rule management (from Google code)
GNU General Public License v2.0
417 stars 134 forks source link

Version 8 - Error: does not exist, please create this directory #353

Closed ghost closed 3 years ago

ghost commented 3 years ago

I'm on Windows. The error is happening in a new routine that was added for 8.0

Use of uninitialized value $dir_check in concatenation (.) or string at d:\winids\pulledpork\pulledpork.pl line 1720.
Error:  does not exist, please create this directory
at d:\winids\pulledpork\pulledpork.pl line 1720.
        main::check_file_dir("d:\\winids\\snort\\rules\\winids.rules") called at d:\winids\pulledpork\pulledpork.pl line 1872

The routine where the error is happening:

## Verify if directories or files actually exist
sub check_file_dir {
    my ($filedir_input) = @_;
    my ($dir_check, $file_check) = ($filedir_input =~ /(^.*)\/(.*)$/);
    if (!-d $dir_check && !-w $file_check) {
        croak
            "Error: $dir_check does not exist, please create this directory\n";
        exit(1);
    }
}

I have removed the winids.rules from my pulledpork.conf file thinking PP was just looking for a path, but no change in the error except it removed the winids.rules from the error message.

# What path you want the .rules file containing all of the processed 
# rules? (this value has changed as of 0.4.0, previously we copied 
# all of the rules, now we are creating a single large rules file
# but still keeping a separate file for your so_rules!
rule_path=d:\winids\snort\rules\winids.rules

The path does exist.

C:\Windows\system32>tree /F d:\winids\snort\rules
Folder PATH listing for volume Storage
Volume serial number is BAC6-CCE2
D:\WINIDS\SNORT\RULES
    black_list.rules
    experimental.rules
    local.rules
    white_list.rules
    winids.rules

No subfolders exist
shirkdog commented 3 years ago

Stupid Windows :) I will get this fixed up to work with various paths.

shirkdog commented 3 years ago

Try the latest pulledpork.pl and let me know if that works for you on windows.

ghost commented 3 years ago

I will give it a try and get back to you.

I have a question because you may have changed the rule_path option.

This below is what I have set for rule_path. I’ve named the rules file, Is it still that way, or do I need to remove the name leaving - rule_path=d:\winids\snort\rules\

rule_path=d:\winids\snort\rules\winids.rules

Best regards,

Michael...

From: Michael Shirk notifications@github.com Sent: Monday, January 11, 2021 2:40 PM To: shirkdog/pulledpork pulledpork@noreply.github.com Cc: mesteele101 michaels@go2dds.com; Author author@noreply.github.com Subject: Re: [shirkdog/pulledpork] Version 8 - Error: does not exist, please create this directory (#353)

Try the latest pulledpork.pl and let me know if that works for you on windows.

— You are receiving this because you authored the thread. Reply to this email directly, https://github.com/shirkdog/pulledpork/issues/353#issuecomment-758177659 view it on GitHub, or https://github.com/notifications/unsubscribe-auth/AAJWQ6VDBPP7YTIP55SOULTSZNHX5ANCNFSM4V4RUCBA unsubscribe. https://github.com/notifications/beacon/AAJWQ6SCJPPESY2NL364D6LSZNHX5A5CNFSM4V4RUCBKYY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOFUYN66Y.gif

shirkdog commented 3 years ago

The "\" is escaped to be "\" in the statement, so what I have added should fix it. I just do not have windows setup with ActiveState at the moment to test. You need to keep the file name as it is verifying the path and the filename exist.

ghost commented 3 years ago

I’m getting this:

Prepping rules from snortrules-snapshot-29170.tar.gz for work....

    Done!

Reading rules...

Can't find Unicode property definition "u" in regex; marked by <-- HERE in m/^d:\winids\pu <-- HERE lledpork\temp/tha_rules/.$/ at d:\winids\pulledpork\pulledpork.pl line 705.

Best regards,

Michael...

From: Michael Shirk notifications@github.com Sent: Monday, January 11, 2021 3:10 PM To: shirkdog/pulledpork pulledpork@noreply.github.com Cc: mesteele101 michaels@go2dds.com; Author author@noreply.github.com Subject: Re: [shirkdog/pulledpork] Version 8 - Error: does not exist, please create this directory (#353)

The "" is escaped to be "\" in the statement, so what I have added should fix it. I just do not have windows setup with ActiveState at the moment to test.

— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub https://github.com/shirkdog/pulledpork/issues/353#issuecomment-758194059 , or unsubscribe https://github.com/notifications/unsubscribe-auth/AAJWQ6TSMNPWUISYZGEIUD3SZNLLBANCNFSM4V4RUCBA . https://github.com/notifications/beacon/AAJWQ6X4WX6D2YD2A7CHELDSZNLLBA5CNFSM4V4RUCBKYY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOFUYR7CY.gif

shirkdog commented 3 years ago

Weird thing to appear, may be windows specific for the PCRE...try the latest latest.

ghost commented 3 years ago

Here is the latest run. I’m just updating the pulledpork.pl file.

The uname is not an issue.

'uname' is not recognized as an internal or external command,

operable program or batch file.

Checking latest MD5 for snortrules-snapshot-29170.tar.gz....

Rules tarball download of snortrules-snapshot-29170.tar.gz....

    They Match

    Done!

Prepping rules from snortrules-snapshot-29170.tar.gz for work....

    Done!

Reading rules...

Can't find Unicode property definition "u" in regex; marked by <-- HERE in m/^d:\winids\pu <-- HERE lledpork\temp/tha_rules/.$/ at d:\winids\pulledpork\pulledpork.pl line 706.

Best regards,

Michael...

From: Michael Shirk notifications@github.com Sent: Monday, January 11, 2021 3:40 PM To: shirkdog/pulledpork pulledpork@noreply.github.com Cc: mesteele101 michaels@go2dds.com; Author author@noreply.github.com Subject: Re: [shirkdog/pulledpork] Version 8 - Error: does not exist, please create this directory (#353)

Weird thing to appear, may be windows specific for the PCRE...try the latest latest.

— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub https://github.com/shirkdog/pulledpork/issues/353#issuecomment-758209515 , or unsubscribe https://github.com/notifications/unsubscribe-auth/AAJWQ6U6VCTI7YHH6G52SG3SZNO2FANCNFSM4V4RUCBA . https://github.com/notifications/beacon/AAJWQ6SXAALI6GG75OJR6QLSZNO2FA5CNFSM4V4RUCBKYY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOFUYVX2Y.gif

shirkdog commented 3 years ago

Can you try two variations of the rule_path in your pulledpork.conf?

rule_path=d:\\winids\\snort\\rules\\winids.rules and rule_path=d:/winids/snort/rules/winids.rules

If the top one works, than it was the slashes causing the filepath in the PCRE to be interpreted as UNICODE.

If the bottom one works, that is going to be the recommended path, and I will make note in the documentation.

ghost commented 3 years ago

The same error both ways:

rule_path=d:/winids/snort/rules/winids.rules

'uname' is not recognized as an internal or external command,

operable program or batch file.

Checking latest MD5 for snortrules-snapshot-29170.tar.gz....

Rules tarball download of snortrules-snapshot-29170.tar.gz....

    They Match

    Done!

Prepping rules from snortrules-snapshot-29170.tar.gz for work....

    Done!

Reading rules...

Can't find Unicode property definition "u" in regex; marked by <-- HERE in m/^d:\winids\pu <-- HERE lledpork\temp/tha_rules/.$/ at d:\winids\pulledpork\pulledpork.pl line 706.

rule_path=d:\winids\snort\rules\winids.rules

'uname' is not recognized as an internal or external command,

operable program or batch file.

Checking latest MD5 for snortrules-snapshot-29170.tar.gz....

Rules tarball download of snortrules-snapshot-29170.tar.gz....

    They Match

    Done!

Prepping rules from snortrules-snapshot-29170.tar.gz for work....

    Done!

Reading rules...

Can't find Unicode property definition "u" in regex; marked by <-- HERE in m/^d:\winids\pu <-- HERE lledpork\temp/tha_rules/.$/ at d:\winids\pulledpork\pulledpork.pl line 706.

Best regards,

Michael...

From: Michael Shirk notifications@github.com Sent: Monday, January 11, 2021 5:00 PM To: shirkdog/pulledpork pulledpork@noreply.github.com Cc: mesteele101 michaels@go2dds.com; Author author@noreply.github.com Subject: Re: [shirkdog/pulledpork] Version 8 - Error: does not exist, please create this directory (#353)

Can you try two variations of the rule_path in your pulledpork.conf?

rule_path=d:\winids\snort\rules\winids.rules and rule_path=d:/winids/snort/rules/winids.rules

If the top one works, than it was the slashes causing the filepath in the PCRE to be interpreted as UNICODE.

If the bottom one works, that is going to be the recommended path, and I will make note in the documentation.

— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub https://github.com/shirkdog/pulledpork/issues/353#issuecomment-758251834 , or unsubscribe https://github.com/notifications/unsubscribe-auth/AAJWQ6W3NNBB2WFV4MK3JM3SZNYHXANCNFSM4V4RUCBA . https://github.com/notifications/beacon/AAJWQ6WWYQHYCTHFCZMJ4HLSZNYHXA5CNFSM4V4RUCBKYY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOFUZACOQ.gif

ghost commented 3 years ago

I was looking at the line with the error; could it be the “grep” that is causing the issue, as this is Windows?

Best regards,

Michael...

From: Michael Shirk notifications@github.com Sent: Monday, January 11, 2021 5:00 PM To: shirkdog/pulledpork pulledpork@noreply.github.com Cc: mesteele101 michaels@go2dds.com; Author author@noreply.github.com Subject: Re: [shirkdog/pulledpork] Version 8 - Error: does not exist, please create this directory (#353)

Can you try two variations of the rule_path in your pulledpork.conf?

rule_path=d:\winids\snort\rules\winids.rules and rule_path=d:/winids/snort/rules/winids.rules

If the top one works, than it was the slashes causing the filepath in the PCRE to be interpreted as UNICODE.

If the bottom one works, that is going to be the recommended path, and I will make note in the documentation.

— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub https://github.com/shirkdog/pulledpork/issues/353#issuecomment-758251834 , or unsubscribe https://github.com/notifications/unsubscribe-auth/AAJWQ6W3NNBB2WFV4MK3JM3SZNYHXANCNFSM4V4RUCBA . https://github.com/notifications/beacon/AAJWQ6WWYQHYCTHFCZMJ4HLSZNYHXA5CNFSM4V4RUCBKYY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOFUZACOQ.gif

shirkdog commented 3 years ago

Hmm...can you move your directory to d:\winids\script instead of d:\winids\pulledpork.

If that works, its an issue where your path running on Windows must be escaped...that will be a different fix and it will be a different bug.

ghost commented 3 years ago

Just to get clarification:

you want me to move ALL the contents of the d:\winids\pulledpork folder, files and folders to the d:\winids\script folder?

You want me to put the UNTOUCHED pulledpork.pl file in the d:\winids\script folder, and not the one that I removed the problem code?

Best regards,

Michael...

From: Michael Shirk notifications@github.com Sent: Tuesday, January 12, 2021 9:17 AM To: shirkdog/pulledpork pulledpork@noreply.github.com Cc: mesteele101 michaels@go2dds.com; Author author@noreply.github.com Subject: Re: [shirkdog/pulledpork] Version 8 - Error: does not exist, please create this directory (#353)

Hmm...can you move your directory to d:\winids\script instead of d:\winids\pulledpork.

If that works, its an issue where your path running on Windows must be escaped...that will be a different fix.

— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub https://github.com/shirkdog/pulledpork/issues/353#issuecomment-758683259 , or unsubscribe https://github.com/notifications/unsubscribe-auth/AAJWQ6RY3HZ7GJI3SC3O3TDSZRKXDANCNFSM4V4RUCBA . https://github.com/notifications/beacon/AAJWQ6X6ERHCHBSNQG7FF43SZRKXDA5CNFSM4V4RUCBKYY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOFU4JM6Y.gif

shirkdog commented 3 years ago

Correct, as a test. You opened this issue due to a bug in the check_file_dir subroutine...I have fixed that issue. Now it appears that on Windows the path is being interpreted as \p{} for unicode within the PCRE. If this test works, I will open another bug and close this out.

ghost commented 3 years ago

Weird that pullepork doesn’t work but script does. New setup and it works without altering the pulledpork.pl.

C:\Windows\system32>perl d:\winids\script\pulledpork.pl -c d:\winids\script\etc\pulledpork.conf -T

https://github.com/shirkdog/pulledpork

  _____ ____

 `----,\    )

  `--==\\  /    PulledPork v0.8.0 - The only positive thing to come out of 2020...well this and take-out liquor!

   `--==\\/

 .-~~~~-.Y|\\_  Copyright (C) 2009-2021 JJ Cummings, Michael Shirk

@/ / 66\ and the PulledPork Team!

|    \   \   _(")

 \   /-| ||'--'  Rules give me wings!

  \_\  \_\\


'uname' is not recognized as an internal or external command,

operable program or batch file.

Checking latest MD5 for snortrules-snapshot-29170.tar.gz....

Rules tarball download of snortrules-snapshot-29170.tar.gz....

        They Match

        Done!

Prepping rules from snortrules-snapshot-29170.tar.gz for work....

        Done!

Reading rules...

readline() on closed filehandle DATA at d:\winids\script\pulledpork.pl line 711.

readline() on closed filehandle DATA at d:\winids\script\pulledpork.pl line 711.

readline() on closed filehandle DATA at d:\winids\script\pulledpork.pl line 711.

Reading rules...

Activating security rulesets....

        Done

Modifying Sids....

        Done!

Processing d:\winids\script\etc\enablesid.conf....

        Modified 0 rules

        Skipped 0 rules (already disabled)

        Done

Processing d:\winids\script\etc\dropsid.conf....

        Modified 0 rules

        Skipped 0 rules (already disabled)

        Done

Processing d:\winids\script\etc\disablesid.conf....

        Modified 0 rules

        Skipped 0 rules (already disabled)

        Done

Setting Flowbit State....

        Enabled 538 flowbits

        Done

Writing d:\winids\snort\rules\winids.rules....

        Done

Generating sid-msg.map....

        Done

Writing v1 d:\winids\snort\etc\sid-msg.map....

        Done

Writing d:\winids\snort\log\sid_changes.log....

        Done

Rule Stats...

        New:-------0

        Deleted:---0

        Enabled Rules:----14996

        Dropped Rules:----0

        Disabled Rules:---26588

        Total Rules:------41584

No IP Blocklist Changes

Done

Please review d:\winids\snort\log\sid_changes.log for additional details

Fly Piggy Fly!

Best regards,

Michael...

From: Michael Shirk <notifications@github.com> 
Sent: Tuesday, January 12, 2021 10:36 AM
To: shirkdog/pulledpork <pulledpork@noreply.github.com>
Cc: mesteele101 <michaels@go2dds.com>; Author <author@noreply.github.com>
Subject: Re: [shirkdog/pulledpork] Version 8 - Error: does not exist, please create this directory (#353)

Correct, as a test. You opened this issue due to a bug in the check_file_dir subroutine...I have fixed that issue. Now it appears that on Windows the path is being interpreted as \p{} for unicode within the PCRE. If this test works, I will open another bug and close this out.

—
You are receiving this because you authored the thread.
Reply to this email directly, view it on GitHub <https://github.com/shirkdog/pulledpork/issues/353#issuecomment-758739429> , or unsubscribe <https://github.com/notifications/unsubscribe-auth/AAJWQ6VZTP3CNIVFLRFSQ53SZRT6DANCNFSM4V4RUCBA> .  <https://github.com/notifications/beacon/AAJWQ6VZEFP4R74SZFNMBZTSZRT6DA5CNFSM4V4RUCBKYY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOFU4XDZI.gif>
shirkdog commented 3 years ago

Great, so the initial bug is fixed, this is a path issue with Windows paths. I will close this and open another issue to track.