New pp doesn't seem to be creating rules
840 views
Skip to first unread message
DigiAngel
Oct 9, 2013, 6:06:37 PM10/9/13
to pulledpo...@googlegroups.com
Topic says it. /opt/etc/snort/rules/lan.rules isn't created. Any help would be appreciated.
Runtime:
sudo ./pulledpork.pl -vv -l -n -c /opt/etc/snort/pulledpork/lan/pulledpork.conf
http://code.google.com/p/pulledpork/
_____ ____
`----,\ )
`--==\\ / PulledPork v0.7.0 - Swine Flu!
`--==\\/
.-~~~~-.Y|\\_ Copyright (C) 2009-2013 JJ Cummings
@_/ / 66\_ cumm...@gmail.com
| \ \ _(")
\ /-| ||'--' Rules give me wings!
\_\ \_\\
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Config File Variable Debug /opt/etc/snort/pulledpork/lan/pulledpork.conf
snort_path = /opt/bin/snort
enablesid = /opt/etc/snort/pulledpork/lan/enablesid.conf
black_list = /opt/etc/snort/rules/iplists/black_list.rules
modifysid = /opt/etc/snort/pulledpork/lan/modifysid.conf
IPRVersion = /opt/etc/snort/rules/iplists
rule_path = /opt/etc/snort/rules/lan.rules
ignore = deleted.rules,experimental.rules,local.rules
rule_url = ARRAY(0x8e66164)
sid_msg_version = 1
sid_changelog = /opt/var/log/sid_changes.log
sid_msg = /opt/etc/snort/sid-msg.map
config_path = /opt/etc/snort/lan.conf
sostub_path = /opt/etc/snort/so_rules/so_rules.rules
temp_path = /tmp
distro = Ubuntu-10-4
version = 0.7.0
sorule_path = /opt/lib/snort_dynamicrules/
disablesid = /opt/etc/snort/pulledpork/lan/disablesid.conf
dropsid = /opt/etc/snort/pulledpork/lan/dropsid.conf
out_path = /opt/etc/snort/rules
MISC (CLI and Autovar) Variable Debug:
arch Def is: i386
Config Path is: /opt/etc/snort/pulledpork/lan/pulledpork.conf
Distro Def is: Ubuntu-10-4
Disabled policy specified
No Download Flag is Set
Rules file is: /opt/etc/snort/rules/lan.rules
Path to disablesid file: /opt/etc/snort/pulledpork/lan/disablesid.conf
Path to dropsid file: /opt/etc/snort/pulledpork/lan/dropsid.conf
Path to enablesid file: /opt/etc/snort/pulledpork/lan/enablesid.conf
Path to modifysid file: /opt/etc/snort/pulledpork/lan/modifysid.conf
sid changes will be logged to: /opt/var/log/sid_changes.log
sid-msg.map Output Path is: /opt/etc/snort/sid-msg.map
Snort Version is: 2.9.5.3
Snort Config File: /opt/etc/snort/lan.conf
Snort Path is: /opt/bin/snort
SO Output Path is: /opt/lib/snort_dynamicrules/
Will process SO rules
Logging Flag is Set
Extra Verbose Flag is Set
Verbose Flag is Set
Prepping rules from snortrules-snapshot-2953.tar.gz for work....
extracting contents of /tmp/snortrules-snapshot-2953.tar.gz...
Ignoring plaintext rules: deleted.rules
Ignoring plaintext rules: experimental.rules
Ignoring plaintext rules: local.rules
Extracted: /opt/lib/snort_dynamicrules/imap.so
Prepping rules from emerging.rules.tar.gz for work....
extracting contents of /tmp/emerging.rules.tar.gz...
Ignoring plaintext rules: deleted.rules
Ignoring plaintext rules: experimental.rules
Ignoring plaintext rules: local.rules
Extracted: /tha_rules/ET-emerging-dns.rules
Extracted: /tha_rules/ET-emerging-deleted.rules
Extracted: /tha_rules/ET-emerging-snmp.rules
Cleanup....
removed 165 temporary snort files or directories from /tmp/tha_rules!
Writing /opt/var/log/sid_changes.log....
Done
No Rule Changes
No IP Blacklist Changes
Done
Please review /opt/var/log/sid_changes.log for additional details
Fly Piggy Fly!
sid_changes.log
-=BEGIN PULLEDPORK SNORT RULES CHANGELOG, Tracking started on Wed Oct 9 21:53:13 2013 GMT=-
-=Begin Changes Logged for Wed Oct 9 21:53:13 2013 GMT=-
No Rule Changes
No IP Blacklist Changes
-=End Changes Logged for Wed Oct 9 21:53:13 2013 GMT=-
snort.conf
var RULE_PATH /opt/etc/snort/rules
var SO_RULE_PATH /opt/etc/snort/so_rules
var PREPROC_RULE_PATH /opt/etc/snort/preproc_rules
var WHITE_LIST_PATH /opt/etc/snort/rules/iplists
var BLACK_LIST_PATH /opt/etc/snort/rules/iplists
pp.conf
ignore=deleted.rules,experimental.rules,local.rules
temp_path=/tmp
out_path=/opt/etc/snort/rules
rule_path=/opt/etc/snort/rules/lan.rules
sid_msg_version=1
sid_msg=/opt/etc/snort/sid-msg.map
sid_changelog=/opt/var/log/sid_changes.log
sorule_path=/opt/lib/snort_dynamicrules/
snort_path=/opt/bin/snort
config_path=/opt/etc/snort/lan.conf
sostub_path=/opt/etc/snort/so_rules/so_rules.rules
distro=Ubuntu-10-4
black_list=/opt/etc/snort/rules/iplists/black_list.rules
IPRVersion=/opt/etc/snort/rules/iplists
enablesid=/opt/etc/snort/pulledpork/lan/enablesid.conf
modifysid=/opt/etc/snort/pulledpork/lan/modifysid.conf
dropsid=/opt/etc/snort/pulledpork/lan/dropsid.conf
disablesid=/opt/etc/snort/pulledpork/lan/disablesid.conf
Runtime:
sudo ./pulledpork.pl -vv -l -n -c /opt/etc/snort/pulledpork/lan/pulledpork.conf
http://code.google.com/p/pulledpork/
_____ ____
`----,\ )
`--==\\ / PulledPork v0.7.0 - Swine Flu!
`--==\\/
.-~~~~-.Y|\\_ Copyright (C) 2009-2013 JJ Cummings
@_/ / 66\_ cumm...@gmail.com
| \ \ _(")
\ /-| ||'--' Rules give me wings!
\_\ \_\\
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Config File Variable Debug /opt/etc/snort/pulledpork/lan/pulledpork.conf
snort_path = /opt/bin/snort
enablesid = /opt/etc/snort/pulledpork/lan/enablesid.conf
black_list = /opt/etc/snort/rules/iplists/black_list.rules
modifysid = /opt/etc/snort/pulledpork/lan/modifysid.conf
IPRVersion = /opt/etc/snort/rules/iplists
rule_path = /opt/etc/snort/rules/lan.rules
ignore = deleted.rules,experimental.rules,local.rules
rule_url = ARRAY(0x8e66164)
sid_msg_version = 1
sid_changelog = /opt/var/log/sid_changes.log
sid_msg = /opt/etc/snort/sid-msg.map
config_path = /opt/etc/snort/lan.conf
sostub_path = /opt/etc/snort/so_rules/so_rules.rules
temp_path = /tmp
distro = Ubuntu-10-4
version = 0.7.0
sorule_path = /opt/lib/snort_dynamicrules/
disablesid = /opt/etc/snort/pulledpork/lan/disablesid.conf
dropsid = /opt/etc/snort/pulledpork/lan/dropsid.conf
out_path = /opt/etc/snort/rules
MISC (CLI and Autovar) Variable Debug:
arch Def is: i386
Config Path is: /opt/etc/snort/pulledpork/lan/pulledpork.conf
Distro Def is: Ubuntu-10-4
Disabled policy specified
No Download Flag is Set
Rules file is: /opt/etc/snort/rules/lan.rules
Path to disablesid file: /opt/etc/snort/pulledpork/lan/disablesid.conf
Path to dropsid file: /opt/etc/snort/pulledpork/lan/dropsid.conf
Path to enablesid file: /opt/etc/snort/pulledpork/lan/enablesid.conf
Path to modifysid file: /opt/etc/snort/pulledpork/lan/modifysid.conf
sid changes will be logged to: /opt/var/log/sid_changes.log
sid-msg.map Output Path is: /opt/etc/snort/sid-msg.map
Snort Version is: 2.9.5.3
Snort Config File: /opt/etc/snort/lan.conf
Snort Path is: /opt/bin/snort
SO Output Path is: /opt/lib/snort_dynamicrules/
Will process SO rules
Logging Flag is Set
Extra Verbose Flag is Set
Verbose Flag is Set
Prepping rules from snortrules-snapshot-2953.tar.gz for work....
extracting contents of /tmp/snortrules-snapshot-2953.tar.gz...
Ignoring plaintext rules: deleted.rules
Ignoring plaintext rules: experimental.rules
Ignoring plaintext rules: local.rules
Extracted: /opt/lib/snort_dynamicrules/imap.so
Prepping rules from emerging.rules.tar.gz for work....
extracting contents of /tmp/emerging.rules.tar.gz...
Ignoring plaintext rules: deleted.rules
Ignoring plaintext rules: experimental.rules
Ignoring plaintext rules: local.rules
Extracted: /tha_rules/ET-emerging-dns.rules
Extracted: /tha_rules/ET-emerging-deleted.rules
Extracted: /tha_rules/ET-emerging-snmp.rules
Cleanup....
removed 165 temporary snort files or directories from /tmp/tha_rules!
Writing /opt/var/log/sid_changes.log....
Done
No Rule Changes
No IP Blacklist Changes
Done
Please review /opt/var/log/sid_changes.log for additional details
Fly Piggy Fly!
sid_changes.log
-=BEGIN PULLEDPORK SNORT RULES CHANGELOG, Tracking started on Wed Oct 9 21:53:13 2013 GMT=-
-=Begin Changes Logged for Wed Oct 9 21:53:13 2013 GMT=-
No Rule Changes
No IP Blacklist Changes
-=End Changes Logged for Wed Oct 9 21:53:13 2013 GMT=-
snort.conf
var RULE_PATH /opt/etc/snort/rules
var SO_RULE_PATH /opt/etc/snort/so_rules
var PREPROC_RULE_PATH /opt/etc/snort/preproc_rules
var WHITE_LIST_PATH /opt/etc/snort/rules/iplists
var BLACK_LIST_PATH /opt/etc/snort/rules/iplists
pp.conf
ignore=deleted.rules,experimental.rules,local.rules
temp_path=/tmp
out_path=/opt/etc/snort/rules
rule_path=/opt/etc/snort/rules/lan.rules
sid_msg_version=1
sid_msg=/opt/etc/snort/sid-msg.map
sid_changelog=/opt/var/log/sid_changes.log
sorule_path=/opt/lib/snort_dynamicrules/
snort_path=/opt/bin/snort
config_path=/opt/etc/snort/lan.conf
sostub_path=/opt/etc/snort/so_rules/so_rules.rules
distro=Ubuntu-10-4
black_list=/opt/etc/snort/rules/iplists/black_list.rules
IPRVersion=/opt/etc/snort/rules/iplists
enablesid=/opt/etc/snort/pulledpork/lan/enablesid.conf
modifysid=/opt/etc/snort/pulledpork/lan/modifysid.conf
dropsid=/opt/etc/snort/pulledpork/lan/dropsid.conf
disablesid=/opt/etc/snort/pulledpork/lan/disablesid.conf
JJ Cummings
Oct 10, 2013, 4:49:32 AM10/10/13
to pulledpo...@googlegroups.com, pulledpo...@googlegroups.com
You need to specify the force process -P flag I'm thinking....
Sent from the iRoad
Sent from the iRoad
--
You received this message because you are subscribed to the Google Groups "pulledpork users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to pulledpork-use...@googlegroups.com.
To post to this group, send email to pulledpo...@googlegroups.com.
Visit this group at http://groups.google.com/group/pulledpork-users.
For more options, visit https://groups.google.com/groups/opt_out.
DigiAngel
Oct 10, 2013, 1:14:35 PM10/10/13
to pulledpo...@googlegroups.com
That did the trick...thanks so much JJ!
On Wednesday, October 9, 2013 4:06:37 PM UTC-6, DigiAngel wrote:
On Wednesday, October 9, 2013 4:06:37 PM UTC-6, DigiAngel wrote:
Reply all
Reply to author
Forward
0 new messages