pulledpork
pulledpork copied to clipboard
shirkdog
Pulled Pork for Snort and Suricata rule management (from Google code)
``` I want pulledpork to send the HUP signal to snort and as such have defined the pid_path=/var/run/snort_em1.pid parameter in its config file. The problem is that snort creates this...
running pulled pork 0.7.4 generates a lot of duplicated rules. This happens even if the old rule file is deleted beforehand the newly generated rule file will already contain the...
Using pulledpork 0.7.3 under FreeBSD 11.1 amd64 and using a simple config: rule_url=http://rules.emergingthreats.net/open/suricata|emerging.rules.tar.gz|open-nogpl ignore=deleted.rules,experimental.rules,local.rules temp_path=/tmp rule_path=/tmp/suricata.rules sid_msg=/tmp/sid-msg.map sid_msg_version=1 sid_changelog=/tmp/sid_changes.log version=0.7.3 Pulledpork makes incorrect modifications for ET rules to use them...
I am running pulled pork with the -k parameter and ignore=local.rules in the configuration file. I have observed that my local.rules file is being updated by pulled pork to delete...
Fedora 23, I'm not sure this is the expected behavior. `/etc/snort/rules/iplists/default.blacklist` are not updated when -n option is used, ` /etc/snort/rules/snort.rules` are updated. # pulledpork -V PulledPork v0.7.2 - E.Coli...
Handle openappid downloads for Snort
Hi, The proper log file should include timestamp of each log record. I would kindly ask to add timestamps. Thanks.
I have this error with PulledPork version 0.7.3 and -W option: Checking latest MD5 for snortrules-snapshot-2990.tar.gz.... Fetching md5sum for: snortrules-snapshot-2990.tar.gz.md5 ** CONNECT https://www.snort.org/rules/snortrules-snapshot-2990.tar.gz.md5?oinkcode=MYOINKCODE==> 500 Can't connect to 172.16.1.5:3128 Error 500...
``` Hello All, In reviewing an email and having a IRC chat with Joel Esler, he suggests that Pulled Pork should update/scrub outdated SO (Shared Object) rulesets to prevent the...
For those that use command line arguments that override pulledpork.conf and that use multiple rules files sources, all used rules aren't necessarily always updated or processed at the same time....
