Rooted Your {0x2E} Com

Has there been an update to this issue? modifysid workaround yet? Thanks

Is this issue still occurring, I can't reproduce

Status: Invalid

Will add to warn output for stdout and syslog, possibly changelog
Status: Accepted

Fix Committed Rev #237
Status: Fixed

Going to set to allow trailing comments only.. i.e. no comments in-between entries on a single line.

Good catch, I'll mark this as closed, if you want to file a DOC bug, feel free but I will be changing that wording now. Specifying that variable will work as you would expect, not as it is noted.. stubs WILL still be generated... Committed Fix Rev #236
Status: Fixed

Fixed, Rev #235
Status: Fixed

I did not set snort_version in pulledpork.conf because the instructions say it will disable .so rules, which would defeat the whole purpose of this bug report...

Closing this, I am unable to reproduce.... Checking latest MD5 for emerging.rules.tar.gz.... Fetching md5sum for: emerging.rules.tar.gz.md5 ** GET http://rules.emergingthreats.net/open/snort-2.9.0/emerging.rules.tar.gz.md5 ==> 200 OK most recent rules file digest: 63687b9f2911f077948d9f08658aabbe Rules tarball download of emerging.rules.tar.gz.... Fetching rules file: emerging.rules.tar.gz ** GET http://rules.emergingthreats.net/open/snort-2.9.0/emerging.rules.tar.gz ==> 200 OK (2s) storing file at: /tmp/emerging.rules.tar.gz current local rules file digest: 63687b9f2911f077948d9f08658aabbe The MD5 for emerging.rules.tar.gz matched 63687b9f2911f077948d9f08658aabbe so I'm not gonna download the rules file again suckas! Prepping rules from emerging.rules.tar.gz for work.... extracting contents of /tmp/emerging.rules.tar.gz...
Status: Invalid

Bug Scrub Bump

Labels: -Priority-Medium Priority-High

Issue 104 has been merged into this issue.

This appears to be related to 101 and the "keep" flag being set. Marking as a dupe of that and elevating status
Status: Duplicate
Labels: -Priority-Medium Priority-High
Mergedinto: 101

I verified this with the keep option specified
Status: Accepted

What steps will reproduce the problem? 1. Execute sudo pulledpork.pl -vv -c /etc/pulledpork/pulledpork.conf -i disablesid.conf -b dropsid.conf -e enablesid.conf -m /etc/snort/sid-msg.map -h /var/log/sid_changes.log -I security -H -K /etc/snort/rules/ What is the expected output? What do you see instead? The expected output would not have "Use of uninitialized value in concatenation (.) or string at /usr/local/bin/pulledpork.pl line 257." What version of the product are you using? On what operating system? 0.6.1 on Mac OS X v10.4.11 Please provide any additional information below. Output of command from step 1 attached as output.txt. Is this related to issue 75 or issue 85?

Damn mistype: "It gets me the latest snapshot for my release, I thought." Should have been It gets me the latest snapshot that I am entitled to. But you got that. I'm using the 2.9.1.2 rules from snortrules-snapshot-2912.tar.gz with Snort 2.9.2 and I thought it worked just fine. But you are saying if I used rules created for 2.9.2 with 2.9.1.2 it with would break 2.9.1.2 That is handy to know if I'm having a crappy morning with snort someday. Thanks.

I see what you are talking about, it doesn't get you the latest snapshot for your release, it gets you the latest that you are entitled to.. that is bad because many people will still be running 2.9.1.2.. so when they can get 2.9.2 it will break their 2.9.1.2 install..

I mentioned snortrules-snapshot-edge.tar.gz because if I do wget http://www.snort.org/reg-rules/snortrules-snapshot-edge.tar.gz/<oinkcode here> -O snortrules-snapshot-edge.tar.gz It gets me the latest snapshot for my release, I thought. It's mentioned at foot of page here: http://www.snort.org/snort-rules/cli It'll be Monday 10-ish GMT before I can get you my actual pulledpork.conf

That is potentially a different issue that we can look into.