Re: 403 error
152 views
Skip to first unread message
JJC
May 31, 2013, 9:08:08 AM5/31/13
to pulledpo...@googlegroups.com
Can you pull manually using the oinkcode and wget... "wget https://www.snort.org/reg-rules/snortrules-snapshot-2940.tar.gz/oinkcode -O snortrules-2940.tgz" kinda thing?
On Fri, May 31, 2013 at 3:44 AM, Jorge Pinto <jorge...@gmail.com> wrote:
Hi,
I'm having the below issue when trying to update snort rules with pulledpork. This was working perfectly until a week ago. Can someone please help?
http://code.google.com/p/pulledpork/
_____ ____
`----,\ )
`--==\\ / PulledPork v0.6.1 the Smoking Pig <////~
`--==\\/
.-~~~~-.Y|\\_ Copyright (C) 2009-2011 JJ Cummings
@_/ / 66\_ cumm...@gmail.com
| \ \ _(")
\ /-| ||'--' Rules give me wings!
\_\ \_\\
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Config File Variable Debug /etc/pulledpork/pulledpork.conf
snort_path = /usr/sbin/snort
enablesid = /etc/pulledpork/enablesid.conf
modifysid = /etc/pulledpork/modifysid.conf
rule_path = /etc/snort/rules/snort.rules
ignore = deleted.rules,experimental.rules,local.rules,sensitive-data.preproc,preprocessor.rules,decoder.rules
state_order = disable,drop,enable
rule_url = ARRAY(0x27c48c8)
sid_changelog = /var/log/sid_changes.log
sid_msg = /etc/snort/sid-msg.map
config_path = /etc/snort/snort.conf
sostub_path = /etc/snort/rules/so_rules.rules
temp_path = /tmp
distro = RHEL-5.0
version = 0.6.0
sorule_path = /usr/lib64/snort-2.9.4_dynamicrules/
disablesid = /etc/pulledpork/disablesid.conf
dropsid = /etc/pulledpork/dropsid.conf
local_rules = /etc/snort/rules/local.rules
MISC (CLI and Autovar) Variable Debug:
arch Def is: x86-64
Config Path is: /etc/pulledpork/pulledpork.conf
Distro Def is: RHEL-5.0
Disabled policy specified
local.rules path is: /etc/snort/rules/local.rules
Rules file is: /etc/snort/rules/snort.rules
Path to disablesid file: /etc/pulledpork/disablesid.conf
Path to dropsid file: /etc/pulledpork/dropsid.conf
Path to enablesid file: /etc/pulledpork/enablesid.conf
Path to modifysid file: /etc/pulledpork/modifysid.conf
sid changes will be logged to: /var/log/sid_changes.log
sid-msg.map Output Path is: /etc/snort/sid-msg.map
Snort Version is: 2.9.4.0
Snort Config File: /etc/snort/snort.conf
Snort Path is: /usr/sbin/snort
SO Output Path is: /usr/lib64/snort-2.9.4_dynamicrules/
SO Stub File is: /etc/snort/rules/so_rules.rules
Extra Verbose Flag is Set
Verbose Flag is Set
Base URL is: http://www.snort.org/reg-rules/|snortrules-snapshot.tar.gz|oinkcodehttp://rules.emergingthreats.net/|emerging.rules.tar.gz|open
MY HTTPS PROXY = http://myhttpsproxy:8080
Checking latest MD5 for snortrules-snapshot-2940.tar.gz....
Fetching md5sum for: snortrules-snapshot-2940.tar.gz.md5
** GET https://www.snort.org/reg-rules/snortrules-snapshot-2940.tar.gz.md5/oinkcode ==> SSL_connect:before/connect initialization
SSL_connect:SSLv2/v3 write client hello A
SSL_connect:SSLv3 read server hello A
SSL_connect:SSLv3 read server certificate A
SSL_connect:SSLv3 read server done A
SSL_connect:SSLv3 write client key exchange A
SSL_connect:SSLv3 write change cipher spec A
SSL_connect:SSLv3 write finished A
SSL_connect:SSLv3 flush data
SSL_connect:SSLv3 read finished A
200 OK (2s)
most recent rules file digest: 45fef90cc17bb4281073bb35ce5ed56e
current local rules file digest: 501dda4e1cd5236b43f56f435f07c67d
The MD5 for snortrules-snapshot-2940.tar.gz did not match the latest digest... so I am gonna fetch the latest rules file!
Rules tarball download of snortrules-snapshot-2940.tar.gz....
Fetching rules file: snortrules-snapshot-2940.tar.gz
** GET https://www.snort.org/reg-rules/snortrules-snapshot-2940.tar.gz/oinkcode ==> SSL_connect:before/connect initialization
SSL_connect:SSLv2/v3 write client hello A
SSL_connect:SSLv3 read server hello A
SSL_connect:SSLv3 read server certificate A
SSL_connect:SSLv3 read server done A
SSL_connect:SSLv3 write client key exchange A
SSL_connect:SSLv3 write change cipher spec A
SSL_connect:SSLv3 write finished A
SSL_connect:SSLv3 flush data
SSL_connect:SSLv3 read finished A
302 Found (1s)
** GET https://s3.amazonaws.com/snort-org/www/rules/20130430/snortrules-snapshot-2940.tar.gz?AWSAccessKeyId=AKIAJ65S5YX6KA26VRJQ&Expires=1369993293&Signature=gI5VqowuiS44%2FeKRzruQR2LL%2Br0%3D ==> SSL_connect:before/connect initialization
SSL_connect:SSLv2/v3 write client hello A
SSL_connect:SSLv3 read server hello A
SSL_connect:SSLv3 read server certificate A
SSL_connect:SSLv3 read server done A
SSL_connect:SSLv3 write client key exchange A
SSL_connect:SSLv3 write change cipher spec A
SSL_connect:SSLv3 write finished A
SSL_connect:SSLv3 flush data
SSL_connect:SSLv3 read finished A
200 OK (44s)
storing file at: /tmp/snortrules-snapshot-2940.tar.gz
current local rules file digest: a937604ccfe78ecb55c6f14aec76a840
The MD5 for snortrules-snapshot-2940.tar.gz did not match the latest digest... so I am gonna fetch the latest rules file!
Rules tarball download of snortrules-snapshot-2940.tar.gz....
Fetching rules file: snortrules-snapshot-2940.tar.gz
** GET https://www.snort.org/reg-rules/snortrules-snapshot-2940.tar.gz/oinkcode ==> SSL_connect:before/connect initialization
SSL_connect:SSLv2/v3 write client hello A
SSL_connect:SSLv3 read server hello A
SSL_connect:SSLv3 read server certificate A
SSL_connect:SSLv3 read server done A
SSL_connect:SSLv3 write client key exchange A
SSL_connect:SSLv3 write change cipher spec A
SSL_connect:SSLv3 write finished A
SSL_connect:SSLv3 flush data
SSL_connect:SSLv3 read finished A
403 Forbidden (1s)
A 403 error occurred, please wait for the 15 minute timeout
to expire before trying again or specify the -n runtime switch
You may also wish to verfiy your oinkcode, tarball name, and other configuration options
http://code.google.com/p/pulledpork/
--
You received this message because you are subscribed to the Google Groups "pulledpork users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to pulledpork-use...@googlegroups.com.
To post to this group, send email to pulledpo...@googlegroups.com.
Visit this group at http://groups.google.com/group/pulledpork-users?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.
Reply all
Reply to author
Forward
0 new messages