oinkcode/ETPRO in sosetup.conf not working
DefensiveDepth
===================
IDS_RULES="ETPRO"
# OINKCODE
# If you're running VRT or ETPRO rulesets, you'll need to supply your
# oinkcode here.
OINKCODE="xxxxxxxxxxxx"
==================
However, after the install, pullepork.conf is written as such:
===================
rule_url=https://rules.emergingthreatspro.com/|emerging.rules.tar.gz|open
===================
I can manually edit pulledpork.conf and run ruleupdate, and it sets up ETPRO just fine, but it does not appear to be working with sosetup.
The relevant log from sosetup.log:
===================
# Please wait while configuring /etc/nsm/securityonion.conf...
# Please wait while configuring IDS Ruleset...
Already configured for Emerging Threats GPL ruleset.
# Please wait while executing PulledPork to download rules...
# Please wait while initializing Snorby database...
===================
Has anybody else run into this issue?
Thanks
Shane Castle
Shane Castle
DefensiveDepth
I will submit a bug report, thanks for catching that.
Doug Burks
I've created Issue 764 for this:
https://github.com/Security-Onion-Solutions/security-onion/issues/764
On Thu, Jul 2, 2015 at 9:19 AM, DefensiveDepth <joshb...@gmail.com> wrote:
> I believe you are right. The template sosetup.conf found under /usr/share/securityonion/sosetup.conf has the variable spelled wrong.
>
> I will submit a bug report, thanks for catching that.
>
> You received this message because you are subscribed to the Google Groups "security-onion" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to security-onio...@googlegroups.com.
> To post to this group, send email to securit...@googlegroups.com.
> Visit this group at http://groups.google.com/group/security-onion.
> For more options, visit https://groups.google.com/d/optout.
--
Doug Burks
Need Security Onion Training or Commercial Support?
http://securityonionsolutions.com