[Emerging-Sigs] Anyone else having pulledpork update issues?

Kevin Ross kevross33 at googlemail.com
Wed Oct 26 10:44:16 EDT 2011


On 26 October 2011 15:43, Kevin Ross <kevross33 at googlemail.com> wrote:

> I will just set it to http for the time being for the ET rules :-) Strange
> though; I am wondering if it was perhaps an update in Fedora or something
> that made it not happy (I know there was a perl update for security and I
> did see Crypt::SSLeay was updated too when yum finished.
>
> On 26 October 2011 15:34, JJC <cummingsj at gmail.com> wrote:
>
>> you can try changing the url to what Victor said and / or.. though I'm
>> more inclined to go with what Victor said.. well atleast look at the cert
>> and see ;-)
>>
>> :SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
>>
>> from the PP faq:
>>
>> *When I run PP, I get a 500 error and something about Certificate
>> Authority or verification about SSL Peers*
>>
>>    - install or update Mozilla::CA IO::Socket::SSL
>>       - Will fix it most times. The Mozilla::CA installs/updates the perl
>>       root certificates and IO::Socket::SSL enables ssl verification by hostname
>>       in Crypt::SSLeay.
>>    - Update your trusted root certificates on your OS, consult the
>>    documentation for your OS to do this.
>>    - Alternately you can change the url to http from https for your
>>    snortrules tarball.
>>
>> On Wed, Oct 26, 2011 at 8:27 AM, Kevin Ross <kevross33 at googlemail.com>wrote:
>>
>>> Hmmm actually it is now working on VRT but not ET:
>>>
>>> Checking latest MD5 for emerging.rules.tar.gz....
>>>         Fetching md5sum for: emerging.rules.tar.gz.md5
>>> ** GET
>>> https://rules.emergingthreats.net/open-nogpl/snort-2.9.0/emerging.rules.tar.gz.md5==> 500 Can't connect to
>>> rules.emergingthreats.net:443 (SSL connect attempt failed with unknown
>>> errorerror:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate
>>> verify failed)
>>>         Error 500 when fetching
>>> https://rules.emergingthreats.net/open-nogpl/snort-2.9.0/emerging.rules.tar.gz.md5at /etc/snort/pulledpork/
>>> pulledpork.pl line 453
>>>         main::md5file('open-nogpl', 'emerging.rules.tar.gz', '/tmp/', '
>>> https://rules.emergingthreats.net/open-nogpl/snort-2.9.0/') called at
>>> /etc/snort/pulledpork/pulledpork.pl line 1758
>>>
>>>
>>>
>>>
>>>
>>> On 26 October 2011 15:23, JJC <cummingsj at gmail.com> wrote:
>>>
>>>> Sweet, thanks for letting us know!
>>>>
>>>>
>>>> On Wed, Oct 26, 2011 at 8:17 AM, Kevin Ross <kevross33 at googlemail.com>wrote:
>>>>
>>>>> Got it, it wanted IO::Socket:SSL though never warned until I used
>>>>> verbose mode. Strange thing is one of the sensors this started happening on
>>>>> was updating happily last week and wasn't changed (though the others were
>>>>> and stopped working so I thought I was being stupid and missed something out
>>>>> then other one stopped).
>>>>>
>>>>> Oh well it is working now. Thanks :D
>>>>>
>>>>>
>>>>> On 26 October 2011 15:09, JJC <cummingsj at gmail.com> wrote:
>>>>>
>>>>>> Generally this is attributable to a certificate issue.  I would run in
>>>>>> extra verbose mode (-vv) and there should be some more specific errors about
>>>>>> the connection issue.
>>>>>>
>>>>>> JJC
>>>>>>
>>>>>>
>>>>>> On Wed, Oct 26, 2011 at 2:58 AM, Kevin Ross <kevross33 at googlemail.com
>>>>>> > wrote:
>>>>>>
>>>>>>> Anyone else having similar issues? Strange thing is this was working
>>>>>>> only the other week. Same thing happens if ET only, if using HTTP etc and it
>>>>>>> was updating successfully before.
>>>>>>>
>>>>>>>     http://code.google.com/p/pulledpork/
>>>>>>>       _____ ____
>>>>>>>      `----,\    )
>>>>>>>       `--==\\  /    PulledPork v0.6.1 the Smoking Pig <////~
>>>>>>>        `--==\\/
>>>>>>>      .-~~~~-.Y|\\_  Copyright (C) 2009-2011 JJ Cummings
>>>>>>>   @_/        /  66\_  cummingsj at gmail.com
>>>>>>>     |    \   \   _(")
>>>>>>>      \   /-| ||'--'  Rules give me wings!
>>>>>>>       \_\  \_\\
>>>>>>>  ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
>>>>>>>
>>>>>>> Checking latest MD5 for snortrules-snapshot-2910.tar.gz....
>>>>>>>     Error 500 when fetching
>>>>>>> https://www.snort.org/reg-rules/snortrules-snapshot-2910.tar.gz.md5at /etc/snort/pulledpork/
>>>>>>> pulledpork.pl line 453
>>>>>>>     main::md5file('d9ac73ada9e6a80d442704b17b127d1c38f41200',
>>>>>>> 'snortrules-snapshot-2910.tar.gz', '/tmp/', '
>>>>>>> https://www.snort.org/reg-rules/') called at /etc/snort/pulledpork/
>>>>>>> pulledpork.pl line 1758
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>
>>>>>
>>>>
>>>
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.emergingthreats.net/pipermail/emerging-sigs/attachments/20111026/bd8ef61c/attachment.html


More information about the Emerging-sigs mailing list