Rooted Your {0x2E} Com

Sagan support for pulledpork is limited only by the explicit file extension matching in pulledpork's sub rule_extract Pulledpork does work to download, extract, and parse the .rule files. What does not work is that pulledpork drops the other files that are not matched in the rule_extract subroutine. Pulledpork also does not warn that unknown file types were not examined, or saved. Sagan and other similar snort based rulesets were supported by oinkmaster's "update_files" directive. update_files = \.rulebase$|\.rules$|\.config$|\.conf$|\.txt$|\.map$ Pulledpork could be updated to include a similar know file directive, or a unknown filetype write directive to directory. pullpork options: -x Keep unknown filetypes in the archive? -U Where do you want me to put unknown filetypes in the archive that are not processed by pulledpork? FYI: Sagan was supported in oinkmaster for awhile. https://wiki.softwink.com/bin/view/Main/SaganOinkmaster http://sagan.quadrantsec.com/rules/

fix for the committed version fix. -distro=FreeBSD-8.1 +distro=FreeBSD-8-1

Committed Revision 241
Status: Fixed

Changed Paths:
    Modify    /trunk/etc/pulledpork.conf

Bug #110 - it's fixed, shirk

Easy to handle, but FreeBSD-8.0 is not a default shared object directory. This just needs to be changed to FreeBSD-8-1 so people have no right to hate on FreeBSD.

I need a full debug (-vv) debug output to be pasted here, also need to know what command you used to run pp etc...

When using the form: rule_url=https://rules.emergingthreatspro.com/|etpro.rules.tar.gz|<et pro oinkcode> I get: Use of uninitialized value $getrules_md5 in numeric eq (==) at /usr/local/bin/pulledpork.pl line 444. Use of uninitialized value $getrules_md5 in numeric eq (==) at /usr/local/bin/pulledpork.pl line 449. Use of uninitialized value $getrules_md5 in concatenation (.) or string at /usr/local/bin/pulledpork.pl line 453. Error when fetching https://rules.emergingthreatspro.com/etpro.rules.tar.gz.md5 at /usr/local/bin/pulledpork.pl line 453 using 0.6.1

When using the form: rule_url=https://rules.emergingthreatspro.com/|etpro.rules.tar.gz|<et pro oinkcode> I get: Use of uninitialized value $getrules_md5 in numeric eq (==) at /usr/local/bin/pulledpork.pl line 444. Use of uninitialized value $getrules_md5 in numeric eq (==) at /usr/local/bin/pulledpork.pl line 449. Use of uninitialized value $getrules_md5 in concatenation (.) or string at /usr/local/bin/pulledpork.pl line 453. Error when fetching https://rules.emergingthreatspro.com/etpro.rules.tar.gz.md5 at /usr/local/bin/pulledpork.pl line 453 using 0.6.1

Changing to a feature request.. will review.. maybe even allow for a pcre type option in here
Labels: -Type-Defect Type-Enhancement

Changing to a feature request.. will review.. maybe even allow for a pcre type option in here
Labels: -Type-Defect Type-Enhancement

pid_path=/var/snort/*/*pid* or whatever.

pid_path=/var/snort/*/*pid* or whatever.

You should hit the mail lists with this for the fastest response... http://groups.google.com/group/pulledpork-users I would also remove my oinkcode from the output

You should hit the mail lists with this for the fastest response... http://groups.google.com/group/pulledpork-users I would also remove my oinkcode from the output

I am getting the following error using pulledpork-0.6.1: Checking latest MD5 for snortrules-snapshot-2921.tar.gz.... Error 501 when fetching http://www.snort.org/sub-rules/snortrules-snapshot-2921.tar.gz.md5 at /usr/local/pulledpork-0.6.1/pulledpork.pl line 453 main::md5file('<displays oikncode here>', 'snortrules-snapshot-2921.tar.gz', '/tmp/', 'http://www.snort.org/sub-rules/') called at /usr/local/pulledpork-0.6.1/pulledpork.pl line 1758 [root@copier etc]# Can't seem to get past this one. My pulledpork.conf file contains this: rule_url=http://www.snort.org/sub-rules/|snortrules-snapshot-2921.tar.gz|<with oinkcode here> Please advise.

I am getting the following error using pulledpork-0.6.1: Checking latest MD5 for snortrules-snapshot-2921.tar.gz.... Error 501 when fetching http://www.snort.org/sub-rules/snortrules-snapshot-2921.tar.gz.md5 at /usr/local/pulledpork-0.6.1/pulledpork.pl line 453 main::md5file('<displays oikncode here>', 'snortrules-snapshot-2921.tar.gz', '/tmp/', 'http://www.snort.org/sub-rules/') called at /usr/local/pulledpork-0.6.1/pulledpork.pl line 1758 [root@copier etc]# Can't seem to get past this one. My pulledpork.conf file contains this: rule_url=http://www.snort.org/sub-rules/|snortrules-snapshot-2921.tar.gz|<with oinkcode here> Please advise.

I am getting the following error using pulledpork-0.6.1: Checking latest MD5 for snortrules-snapshot-2921.tar.gz.... Error 501 when fetching http://www.snort.org/sub-rules/snortrules-snapshot-2921.tar.gz.md5 at /usr/local/pulledpork-0.6.1/pulledpork.pl line 453 main::md5file('ca476fa88d8150ec69ad4d68a8bc7d772e42cb30', 'snortrules-snapshot-2921.tar.gz', '/tmp/', 'http://www.snort.org/sub-rules/') called at /usr/local/pulledpork-0.6.1/pulledpork.pl line 1758 [root@copier etc]# Can't seem to get past this one. My pulledpork.conf file contains this: rule_url=http://www.snort.org/sub-rules/|snortrules-snapshot-2921.tar.gz|<with oinkcode here> Please advise.

I am getting the following error using pulledpork-0.6.1: Checking latest MD5 for snortrules-snapshot-2921.tar.gz.... Error 501 when fetching http://www.snort.org/sub-rules/snortrules-snapshot-2921.tar.gz.md5 at /usr/local/pulledpork-0.6.1/pulledpork.pl line 453 main::md5file('ca476fa88d8150ec69ad4d68a8bc7d772e42cb30', 'snortrules-snapshot-2921.tar.gz', '/tmp/', 'http://www.snort.org/sub-rules/') called at /usr/local/pulledpork-0.6.1/pulledpork.pl line 1758 [root@copier etc]# Can't seem to get past this one. My pulledpork.conf file contains this: rule_url=http://www.snort.org/sub-rules/|snortrules-snapshot-2921.tar.gz|<with oinkcode here> Please advise.

JJ - I think I've figured it out. Had to massage the configuration file but it seems OK now. Thanks for your help

JJ - I think I've figured it out. Had to massage the configuration file but it seems OK now. Thanks for your help