shirkdog
commented
3 years ago Part of the output will tell you how many rules pulledpork processed. What is the output from this? You can also add "-vvv" for more verbose output and errors.
Closed hubkae closed 3 years ago
shirkdog
commented
3 years ago Part of the output will tell you how many rules pulledpork processed. What is the output from this? You can also add "-vvv" for more verbose output and errors.
hubkae
commented
3 years ago Hi, this is the verbose version ...
onfig File Variable Debug /etc/snort/pulledpork.conf ignore = deleted.rules,experimental.rules,local.rules version = 0.8.0 local_rules = /etc/snort/rules/local.rules sid_msg = /etc/snort/sid-msg.map distro = Ubuntu-10-4 temp_path = /tmp rule_path = /etc/snort/rules/snort.rules sid_msg_version = 2 config_path = /etc/snort/snort.conf block_list = /etc/snort/rules/iplists/default.blocklist snort_path = /usr/local/bin/snort rule_url = ARRAY(0x561d276d3358) sorule_path = /usr/local/lib/snort_dynamicrules/ sid_changelog = /var/log/sid_changes.log snort_control = /usr/local/bin/snort_control IPRVersion = /etc/snort/rules/iplists MISC (CLI and Autovar) Variable Debug: arch Def is: x86-64 Operating System is: linux CA Certificate File is: OS Default Config Path is: /etc/snort/pulledpork.conf Distro Def is: Ubuntu-10-4 Disabled policy specified local.rules path is: /etc/snort/rules/local.rules Rules file is: /etc/snort/rules/snort.rules sid changes will be logged to: /var/log/sid_changes.log sid-msg.map Output Path is: /etc/snort/sid-msg.map Snort Version is: 2.9.17.0 Snort Config File: /etc/snort/snort.conf Snort Path is: /usr/local/bin/snort SO Output Path is: /usr/local/lib/snort_dynamicrules/ Will process SO rules Logging Flag is Set Verbose Flag is Set File(s) to ignore = deleted.rules,experimental.rules,local.rules Base URL is: https://www.snort.org/reg-rules/|snortrules-snapshot.tar.gz|OINKCODE|https://snort.org/downloads/community/|community-rules.tar.gz|Community https://snort.org/downloads/ip-block-list|IPBLOCKLIST|open Checking latest MD5 for snortrules-snapshot-29170.tar.gz.... Fetching md5sum for: snortrules-snapshot-29170.tar.gz.md5 ** GET https://www.snort.org/rules/snortrules-snapshot-29170.tar.gz.md5?oinkcode=OINKCODE ==> 200 OK (1s) most recent rules file digest: 810587db24702138d3fddd6303e72cc0 current local rules file digest: 810587db24702138d3fddd6303e72cc0 The MD5 for snortrules-snapshot-29170.tar.gz matched 810587db24702138d3fddd6303e72cc0
Checking latest MD5 for community-rules.tar.gz.... Fetching md5sum for: community-rules.tar.gz.md5 ** GET https://snort.org/downloads/community/community-rules.tar.gz.md5 ==> 200 OK most recent rules file digest: 646feb7e8c9c2321a5be222046eafbbf current local rules file digest: 646feb7e8c9c2321a5be222046eafbbf The MD5 for community-rules.tar.gz matched 646feb7e8c9c2321a5be222046eafbbf
IP Blocklist download of https://snort.org/downloads/ip-block-list.... GET https://snort.org/downloads/ip-block-list ==> 302 Found (1s) GET https://snort-org-site.s3.amazonaws.com/production/document_files/files/000/003/804/original/ip_filter.blf?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAIXACIED2SPMSC7GA%2F20210113%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20210113T160823Z&X-Amz-Expires=3600&X-Amz-SignedHeaders=host&X-Amz-Signature=b2a76694a91832b90d5160c512a6ebb924353d51e0f6547f3d2b23a35fd1909a ==> 200 OK Reading IP List... Cleanup.... removed 0 temporary snort files or directories from /tmp/tha_rules! Writing Blocklist File /etc/snort/rules/iplists/default.blocklist.... Writing Blocklist Version 828530994 to /etc/snort/rules/iplists/IPRVersion.dat.... Fly Piggy Fly!
shirkdog
commented
3 years ago Make sure to not post your OINKCODE...I removed it from the issue.
What is in /etc/snort/rules/snort.rules ?
also try run pulledpork.pl with "-P" just in case to process the rules even if they are not new
hubkae
commented
3 years ago If i try it with -P it works ... Thank You !!!
Hi, my pulledpork.conf File seems to work without Errors, but it does not create a "snort.rules" file in the specified Directory. Any Help or Hints would be highly appreciated. Thank You!
/etc/snort$ sudo /usr/local/bin/pulledpork.pl -c /etc/snort/pulledpork.conf -l
@/ / 66_ and the PulledPork Team! | \ \ (") \ /-| ||'--' Rules give me wings! _\ _\