New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

When IDS Engine is Suricata, PulledPork needs to download Suricata version of ET rules #153

Closed
GoogleCodeExporter opened this Issue Mar 24, 2015 · 4 comments

Comments

Projects
None yet
1 participant
@GoogleCodeExporter
Copy link

GoogleCodeExporter commented Mar 24, 2015

When IDS Engine is Suricata, PulledPork needs to download Suricata version of 
ET rules

Original issue reported on code.google.com by doug.bu...@gmail.com on 26 Nov 2011 at 4:50

@GoogleCodeExporter

This comment has been minimized.

Copy link
Author

GoogleCodeExporter commented Mar 24, 2015

This is a known issue with PulledPork:
http://code.google.com/p/pulledpork/issues/detail?id=68

Original comment by doug.bu...@gmail.com on 28 Nov 2011 at 12:45

  • Added labels: ****
  • Removed labels: ****
@GoogleCodeExporter

This comment has been minimized.

Copy link
Author

GoogleCodeExporter commented Mar 24, 2015

Per Comment 2 in the above link, I modified pulledpork.pl as follows:

elsif ( $base_url =~ /emergingthreats.net/ ) {
                my $Snortv = $Snort;
                $Snortv =~ s/(?<=\d\.\d\.\d)\.\d//;
        # Do we want a tarball for Snort or Suricata?
        # If Snort, keep the default PP $base_url $oinkcode/snort-$Snortv
        # If Suricata, set $base_url to suricata $oinkcode/suricata
        my $Engine = `grep ENGINE /etc/nsm/securityonion.conf | cut -d\= -f2`;
        chomp $Engine;
        if ( $Engine eq "snort" ) {
                    $base_url .= "$oinkcode/snort-$Snortv/";
        }
        elsif ( $Engine eq "suricata" ) {
            $base_url .= "$oinkcode/suricata/";
        }
        else {
            croak("Unknown ENGINE in /etc/nsm/securityonion.conf");
        }
                #$Textonly = 1;
            }

Original comment by doug.bu...@gmail.com on 28 Nov 2011 at 12:46

  • Added labels: ****
  • Removed labels: ****
@GoogleCodeExporter

This comment has been minimized.

Copy link
Author

GoogleCodeExporter commented Mar 24, 2015

Created securityonion-pulledpork_20111127_i386.deb as follows:
/var/lib/gems/1.8/bin/fpm -s dir -t deb -n securityonion-pulledpork -v 20111127 
/usr/local/bin/pulledpork.pl

Original comment by doug.bu...@gmail.com on 28 Nov 2011 at 12:53

  • Added labels: ****
  • Removed labels: ****
@GoogleCodeExporter

This comment has been minimized.

Copy link
Author

GoogleCodeExporter commented Mar 24, 2015

Published:
http://securityonion.blogspot.com/2011/11/security-onion-20111127-now-available.
html

Original comment by doug.bu...@gmail.com on 28 Nov 2011 at 2:47

  • Changed state: Verified
  • Added labels: ****
  • Removed labels: ****
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment