pulledpork3
pulledpork3 copied to clipboard
Published
20 hours ago •
shirkdog
shirkdog
WARNING: More than one official ruleset is selected; not recommended since there is a lot of overlap
hello,
i am happening error following :
sudo /usr/local/bin/pulledpork3/pulledpork.py -c /usr/local/etc/pulledpork3/pulledpork.conf
https://github.com/shirkdog/pulledpork3
_____ ____
`----,\ ) PulledPork v3.0.0.4
`--==\\ / Lowcountry yellow mustard bbq sauce is the best bbq sauce. Fight me.
`--==\\/
.-~~~~-.Y|\\_ Copyright (C) 2021 Noah Dietrich, Colin Grady, Michael Shirk
@_/ / 66\_ and the PulledPork Team!
| \ \ _(")
\ /-| ||'--' Rules give me wings!
\_\ \_\\
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Loading configuration file: /usr/local/etc/pulledpork3/pulledpork.conf
WARNING: More than one official ruleset is selected; not recommended since there is a lot of overlap
the file puledpork.conf below :
# Which Snort/Talos rulesets do you want to download (recomended: choose only one)
community_ruleset = false
registered_ruleset = true
LightSPD_ruleset = true
# Your Snort oinkcode is required for snort/talos Subscription, Light_SPD, and Registered rulesets
oinkcode = myoinkcode
# which blocklists to download
snort_blocklist = true
et_blocklist = true
# additional blocklists to download from a URL, comma-separated
#blocklist_urls = http://a.b.com/list.list
# Where to write the blocklist file (single file containing all blocklists downloaded)
blocklist_path = /usr/local/etc/lists/default.blocklist
# PulledPork needs to know which version of Snort you are running in most instances.
# you can do this by giving an explict snort_version or by providing the path (snort_path)
# to the snort binary. If you don't do either of these, PulledPork will try to determine
# the version of snort by searching for the the binary on your system path.
# This is used to know which registere ruleset to download, the correct files from the LightSPD
# ruleset, and will be used to compile .so rules if you don't provide the distro.
# Where is the Snort Executable located (if not on the system path)
snort_path = /usr/local/bin/snort
# Which version of snort are you running (optional, not usually needed.). This version will over-rule snort_path
snort_version = 3.1.31.0
# Where is the PID file for your running snort process/daemon (required to tell snort to reload the
# new rules after rules are modified) This is optional, but recomended.
# the pid file is written by snort in Daemon mode or if you run snort with the --create-pidfile flag.
# the pid file is named snort.pid and is saved in the logging directory (-l flag)
# (no windows support at this time for this feature)
#pid_path=/var/log/snort/snort.pid
# Enable / Disable rules based on the level of functionality/security you want.
# must be one of: connectivity, balanced, security, max-detect, none
# default is connectivity. Will not work with community ruleset.
# https://www.snort.org/faq/why-are-rules-commented-out-by-default
ips_policy = balanced
# Rule Output mode:
# simple (just a single .rules file, with any rule that's not commented out enabled)
# policy (rules file with all rules enabled, using a policy file to enable/disable rules)
rule_mode = simple
# policy path is reqiured if you are using rule_mode = policy
#policy_path = c:\snort\rules\pulledpork.states
# where to save our single combined rule file (This is required, and needs to be an absolute path):
rule_path = /usr/local/etc/rules/pulledpork.rules
# Local Rules files
# Specify local rules files, comma-separated
local_rules = /usr/local/etc/rules/local.rules
# Rules files to ignore
# includes.rules and snort3-deleted.rules are recommended to always be ignored
# NOTE: the old "ignore" setting name (from Perl PulledPork) is also accepted here
# if both are used, the values are combined and de-duped
ignored_files = includes.rules, snort3-deleted.rules
# do you want rules that are disabled to be included when writing rules to rule_path?
# defaults to false. This is ignored if rule_mode = policy, since the policy determines which
# rules are written
include_disabled_rules = false
# where should so rules be saved
# so rules will only be processed if this is uncommented
sorule_path = /usr/local/etc/so_rules/
# What Distro are you running? This must match one of the supported distros:
# centos-x64, debian-x64, fc-x64, opensuse-x64, ubuntu-x64
# disable this entry to compile rules manually (not yet supported)
distro = ubuntu-x64
# do you want all the different policys files written to a local directory (for advanced users)
policies_path = /usr/local/etc/rules/
# WARNING: RULE MODIFICATION WITH THESE FILES IS PARTIALLY IMPMEMENTED
# The code for this functionality is experimental, and does not handle GID:SID Ranges
# or CATEGORIES yet (VRT- or ET- or Custom-)
# you can use PulledPork2 compatable files / formatting for these files
#
# Here you can specify what rule modification files to run automatically.
# simply uncomment and specify the apt path.
enablesid=/usr/local/etc/snort/enablesid.conf
dropsid=/usr/local/etc/snort/dropsid.conf
disablesid=/usr/local/etc/snort/disablesid.conf
# WARNING: RULE MODIFICATION with modifysid IS NOT IMPLEMENTED YET
modifysid=/usr/local/etc/snort/modifysid.conf
# WARNING: RULE MODIFICATION IS NOT IMPLEMENTED YET
# The following option, state_order, allows you to more finely control the order
# that pulledpork performs the modify operations, specifically the enablesid
# disablesid and dropsid functions. An example use case here would be to
# disable an entire category and later enable only a rule or two out of it.
# the valid values are disable, drop, and enable.
state_order=disable,drop,enable
# PulledPork will use the system default temporary working directory, unless you specify a different one below.
# (this is not common). PulledPork will create a working folder named PulledPork-YYYY.MM.DD-HH.MM.SS in the
# temp location. This is useful during troubleshooting PulledPork3 with the -k (keep temp directory) flag
temp_path = /tmp
# Pulledpork3 configuration version variable: may be used in future
CONFIGURATION_NUMBER = 3.0.0.4
thank you in advance to help myself fully work pulledpork3,
regards.
Azaretdodo.
