Skip to content
This repository has been archived by the owner on Apr 16, 2021. It is now read-only.

When IDS Engine is Suricata, PulledPork needs to download Suricata version of ET rules #153

Closed
GoogleCodeExporter opened this issue Mar 24, 2015 · 4 comments
Closed

When IDS Engine is Suricata, PulledPork needs to download Suricata version of ET rules #153

GoogleCodeExporter opened this issue Mar 24, 2015 · 4 comments
Labels
auto-migrated Priority-Medium Type-Defect

Comments

@GoogleCodeExporter
Copy link 

When IDS Engine is Suricata, PulledPork needs to download Suricata version of 
ET rules

Original issue reported on code.google.com by doug.bu...@gmail.com on 26 Nov 2011 at 4:50
@GoogleCodeExporter
Copy link
Author 

This is a known issue with PulledPork:
http://code.google.com/p/pulledpork/issues/detail?id=68

Original comment by doug.bu...@gmail.com on 28 Nov 2011 at 12:45

  • Added labels: ****
  • Removed labels: ****

@GoogleCodeExporter
Copy link
Author 

Per Comment 2 in the above link, I modified pulledpork.pl as follows:

elsif ( $base_url =~ /emergingthreats.net/ ) {
                my $Snortv = $Snort;
                $Snortv =~ s/(?<=\d\.\d\.\d)\.\d//;
        # Do we want a tarball for Snort or Suricata?
        # If Snort, keep the default PP $base_url $oinkcode/snort-$Snortv
        # If Suricata, set $base_url to suricata $oinkcode/suricata
        my $Engine = `grep ENGINE /etc/nsm/securityonion.conf | cut -d\= -f2`;
        chomp $Engine;
        if ( $Engine eq "snort" ) {
                    $base_url .= "$oinkcode/snort-$Snortv/";
        }
        elsif ( $Engine eq "suricata" ) {
            $base_url .= "$oinkcode/suricata/";
        }
        else {
            croak("Unknown ENGINE in /etc/nsm/securityonion.conf");
        }
                #$Textonly = 1;
            }

Original comment by doug.bu...@gmail.com on 28 Nov 2011 at 12:46

  • Added labels: ****
  • Removed labels: ****

@GoogleCodeExporter
Copy link
Author 

Created securityonion-pulledpork_20111127_i386.deb as follows:
/var/lib/gems/1.8/bin/fpm -s dir -t deb -n securityonion-pulledpork -v 20111127 
/usr/local/bin/pulledpork.pl

Original comment by doug.bu...@gmail.com on 28 Nov 2011 at 12:53

  • Added labels: ****
  • Removed labels: ****

@GoogleCodeExporter
Copy link
Author 

Published:
http://securityonion.blogspot.com/2011/11/security-onion-20111127-now-available.
html

Original comment by doug.bu...@gmail.com on 28 Nov 2011 at 2:47

  • Changed state: Verified
  • Added labels: ****
  • Removed labels: ****

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
auto-migrated Priority-Medium Type-Defect
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@GoogleCodeExporter