Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss
[Snort-users] Snort IP blacklist issue
72 views
Skip to first unread message
ha dinhphu
Aug 14, 2015, 10:28:39 AM8/14/15
to
Good morning,
I followed the post on this webpage to install Snort on my linux box.http://sublimerobots.com/2014/12/installing-snort-part-1/
http://sublimerobots.com/2014/12/installing-snort-part-5/
sudo /usr/local/bin/pulledpork.pl -c /etc/snort/pulledpork.conf -l"
--------------------------
Checking latest MD5 for snortrules-snapshot-2975.tar.gz....
Rules tarball download of snortrules-snapshot-2975.tar.gz....
They Match
Done!
Checking latest MD5 for community-rules.tar.gz....
Rules tarball download of community-rules.tar.gz....
They Match
Done!
IP Blacklist download of http://labs.snort.org/feeds/ip-filter.blf....
Reading IP List...
Couldn't read /tmp/621.416477111296-black_list.rules - No such file or directory
at /usr/local/bin/pulledpork.pl line 487.
main::read_iplist('HASH(0x1dd8148)', '/tmp/621.416477111296-black_list.rules') called at /usr/local/bin/pulledpork.pl line 378
main::rulefetch('open', 'IPBLACKLIST0', '/tmp/', 'http://labs.snort.org/feeds/ip-filter.blf') called at /usr/local/bin/pulledpork.pl line 1856
------------------------------
I searched the internet for solution but did not find any. Any help would be greatly appreciated!
Joel Esler (jesler)
Aug 14, 2015, 11:06:06 AM8/14/15
to
You might want to update your copy of pulledpork to the latest version in git. We’re moving the blacklist off of
labs.snort.org
------------------------------------------------------------------------------
_______________________________________________
Snort-users mailing list
Snort...@lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users
Please visit http://blog.snort.org to stay current on all the latest Snort news!
ha dinhphu
Aug 14, 2015, 12:24:00 PM8/14/15
to
Hello Joel
I did as you said. Downloaded a new
copy from github and replace my current set up of pulledpork on my box. I
followed the instruction from the site("http://sublimerobots.com/2014/12/installing-snort-part-5/")Checking latest MD5 for snortrules-snapshot-2975.tar.gz....
They Match
Done!
Checking latest MD5 for community-rules.tar.gz....
Done!
Checking latest MD5 for community-rules.tar.gz....
They Match
Done!
IP Blacklist download of http://talosintel.com/files/additional_resources/ips_blacklist/ip-filter.blf....
Reading IP List...
Couldn't read /tmp/296.170136981772-black_list.rules - No such file or directory
at /usr/local/bin/pulledpork.pl line 540.
main::read_iplist('HASH(0x15bd080)', '/tmp/296.170136981772-black_list.rules') called at /usr/local/bin/pulledpork.pl line 431
main::rulefetch('open', 'IPBLACKLIST0', '/tmp/', 'http://talosintel.com/files/additional_resources/ips_blacklis...') called at /usr/local/bin/pulledpork.pl line 1946
Done!
IP Blacklist download of http://talosintel.com/files/additional_resources/ips_blacklist/ip-filter.blf....
Reading IP List...
Couldn't read /tmp/296.170136981772-black_list.rules - No such file or directory
at /usr/local/bin/pulledpork.pl line 540.
main::read_iplist('HASH(0x15bd080)', '/tmp/296.170136981772-black_list.rules') called at /usr/local/bin/pulledpork.pl line 431
main::rulefetch('open', 'IPBLACKLIST0', '/tmp/', 'http://talosintel.com/files/additional_resources/ips_blacklis...') called at /usr/local/bin/pulledpork.pl line 1946
waldo kitty
Aug 14, 2015, 2:05:34 PM8/14/15
to
On 08/14/2015 12:21 PM, ha dinhphu wrote:
> IP Blacklist download of
> http://talosintel.com/files/additional_resources/ips_blacklist/ip-filter.blf....
> Reading IP List...
> Couldn't read /tmp/296.170136981772-black_list.rules - No such file or directory
what linux are you using? does it have a working /tmp directory that is writable
> IP Blacklist download of
> http://talosintel.com/files/additional_resources/ips_blacklist/ip-filter.blf....
> Reading IP List...
> Couldn't read /tmp/296.170136981772-black_list.rules - No such file or directory
by all users?
both of your reports have been failures to read a file that should have been
downloaded into /tmp... these failures seem to point to /tmp not existing or it
is not writable by the user your pulledpork is running as...
--
NOTE: No off-list assistance is given without prior approval.
*Please keep mailing list traffic on the list* unless
private contact is specifically requested and granted.
ha dinhphu
Aug 14, 2015, 2:14:03 PM8/14/15
to
Hi kitty,
Yes my /tmp directory is available with rwx permission by all user. I ran the command as root, so i don't think that's the problem.https://code.google.com/p/pulledpork/issues/detail?id=166 -- another user has the same problem.
http://sourceforge.net/p/snort/mailman/message/32913112/ --snort-user
0 new messages