Package Details: pulledpork 0.7.3-1

Git Clone URL: (read-only)
Package Base: pulledpork
Description: Tool to automatically update rules for snort
Upstream URL:
Licenses: GPL
Submitter: SirPenguins
Maintainer: amish
Last Packager: amish
Votes: 19
Popularity: 0.008223
First Submitted: 2012-06-07 16:35
Last Updated: 2017-12-08 01:22

Latest Comments

1 2 Next › Last »

jnbrains commented on 2017-11-15 08:51


The 'emergingthreats' download url has changed:
and 'emergingthreatspro' now requires registration (oinkcode):
rule_url=|etpro.rules.tar.gz|<et oinkcode>

The urls above can be obtained from the git master (0.7.3-ish)

cryptocodez commented on 2016-11-11 17:07

in PKGBUILD change the sha256sums to this:


saez0pub commented on 2016-10-23 07:51


sha256sum has changed for the github archive.

jakkin commented on 2016-05-15 17:18

Please add perl-bytes-random-secure as a dependency. My pulledpork would error out unless it was installed. Error included below.

Can't locate Bytes/Random/ in @INC (you may need to install the Bytes::Random::Secure module) (@INC contains: /usr/lib/perl5/site_perl /usr/share/perl5/site_perl /usr/lib/perl5/vendor_perl /usr/share/perl5/vendor_perl /usr/lib/perl5/core_perl /usr/share/perl5/core_perl .) at /usr/lib/perl5/vendor_perl/Crypt/ line 8.
BEGIN failed--compilation aborted at /usr/lib/perl5/vendor_perl/Crypt/ line 8.
Compilation failed in require at /usr/sbin/ line 28.
BEGIN failed--compilation aborted at /usr/sbin/ line 28.

amish commented on 2014-05-10 11:27

Yes -P option is needed. (Esp. if you change /etc/pulledpork/*sid.conf)

I had noticed this but forgot to put it in script. Thanks for pointing out.

Also added suricata restart option.

tpreissler commented on 2014-05-10 07:12

Oh, sorry, I forgot to add that I am using Suricata, maybe that's the problem why mine doesn't process the rules.

If you could add

# restart suricata
if systemctl is-active suricata &>/dev/null
systemctl restart suricata

to /usr/bin/ that would be great. I have already asked the maintainer of suricata about an updated package.


tpreissler commented on 2014-05-10 07:10

There seems to be a little bug within /usr/bin/ as it doesn't process rules:

The line

( ulimit -t 60; /usr/bin/ -c /etc/pulledpork/pulledpork.conf )

should be

( ulimit -t 60; /usr/bin/ -P -c /etc/pulledpork/pulledpork.conf )

But thanks anyway. Works great.

amish commented on 2014-05-09 07:21

Package updated to latest version - 0.7.0

Added cron file to auto-update every week. By default it runs only if /etc/snort/rules/snort.rules file exists. (which is default file name for pulledpork anyway)

conf file also uses dropsid, enablesid, disablesid and modifysid features of pulledpork (by default they are empty hence does nothing).

By default conf uses emergingthreats OPEN rules. Change if you want something else (like VRT or ETpro rules)

include /etc/snort/rules/snort.rules files in your snort.conf. In most cases you may also comment all other include xxxx.rules lines.

Anonymous comment on 2013-09-18 11:28

pulledpork-0.7.0 is out. Here is a patch to update the PKGBUILD accordingly:

diff -ruN pulledpork.orig/PKGBUILD pulledpork/PKGBUILD
--- pulledpork.orig/PKGBUILD 2012-09-21 17:47:41.000000000 +0200
+++ pulledpork/PKGBUILD 2013-09-18 13:25:50.412171650 +0200
@@ -1,19 +1,19 @@
# Maintainer: Isaac C. Aronson <>

pkgdesc="Tool to automatically update rules for snort"
depends=('perl' 'perl-lwp-protocol-https' 'perl-crypt-ssleay' 'perl-archive-tar' 'perl-switch')

package() {
cd $srcdir/$pkgname-$pkgver
install -Dm644 etc/pulledpork.conf $pkgdir/etc/pulledpork.conf
- install -Dm755 $pkgdir/usr/sbin/
+ install -Dm755 $pkgdir/usr/bin/

dack commented on 2013-06-09 18:43

This should be updated to install to /usr/bin instead of /usr/sbin.