Package Details: pulledpork 0.7.2-1

Git Clone URL: https://aur.archlinux.org/pulledpork.git (read-only)
Package Base: pulledpork
Description: Tool to automatically update rules for snort
Upstream URL: https://github.com/shirkdog/pulledpork
Licenses: GPL
Submitter: SirPenguins
Maintainer: amish
Last Packager: amish
Votes: 14
Popularity: 0.487304
First Submitted: 2012-06-07 16:35
Last Updated: 2015-12-13 08:12

Required by (0)

Sources (4)

Latest Comments

jakkin commented on 2016-05-15 17:18

Please add perl-bytes-random-secure as a dependency. My pulledpork would error out unless it was installed. Error included below.

Can't locate Bytes/Random/Secure.pm in @INC (you may need to install the Bytes::Random::Secure module) (@INC contains: /usr/lib/perl5/site_perl /usr/share/perl5/site_perl /usr/lib/perl5/vendor_perl /usr/share/perl5/vendor_perl /usr/lib/perl5/core_perl /usr/share/perl5/core_perl .) at /usr/lib/perl5/vendor_perl/Crypt/SSLeay.pm line 8.
BEGIN failed--compilation aborted at /usr/lib/perl5/vendor_perl/Crypt/SSLeay.pm line 8.
Compilation failed in require at /usr/sbin/pulledpork.pl line 28.
BEGIN failed--compilation aborted at /usr/sbin/pulledpork.pl line 28.

amish commented on 2014-05-10 11:27

Yes -P option is needed. (Esp. if you change /etc/pulledpork/*sid.conf)

I had noticed this but forgot to put it in script. Thanks for pointing out.

Also added suricata restart option.

tpreissler commented on 2014-05-10 07:12

Oh, sorry, I forgot to add that I am using Suricata, maybe that's the problem why mine doesn't process the rules.

If you could add

# restart suricata
if systemctl is-active suricata &>/dev/null
then
systemctl restart suricata
fi

to /usr/bin/pulledpork_update.sh that would be great. I have already asked the maintainer of suricata about an updated package.


T

tpreissler commented on 2014-05-10 07:10

There seems to be a little bug within /usr/bin/pulledpork_update.sh as it doesn't process rules:

The line

( ulimit -t 60; /usr/bin/pulledpork.pl -c /etc/pulledpork/pulledpork.conf )

should be

( ulimit -t 60; /usr/bin/pulledpork.pl -P -c /etc/pulledpork/pulledpork.conf )


But thanks anyway. Works great.

amish commented on 2014-05-09 07:21

Package updated to latest version - 0.7.0

Added cron file to auto-update every week. By default it runs only if /etc/snort/rules/snort.rules file exists. (which is default file name for pulledpork anyway)

conf file also uses dropsid, enablesid, disablesid and modifysid features of pulledpork (by default they are empty hence does nothing).

By default conf uses emergingthreats OPEN rules. Change if you want something else (like VRT or ETpro rules)

include /etc/snort/rules/snort.rules files in your snort.conf. In most cases you may also comment all other include xxxx.rules lines.

Anonymous comment on 2013-09-18 11:28

pulledpork-0.7.0 is out. Here is a patch to update the PKGBUILD accordingly:

diff -ruN pulledpork.orig/PKGBUILD pulledpork/PKGBUILD
--- pulledpork.orig/PKGBUILD 2012-09-21 17:47:41.000000000 +0200
+++ pulledpork/PKGBUILD 2013-09-18 13:25:50.412171650 +0200
@@ -1,19 +1,19 @@
# Maintainer: Isaac C. Aronson <i@pingas.org>

pkgname=pulledpork
-pkgver=0.6.1
-pkgrel=3
+pkgver=0.7.0
+pkgrel=1
pkgdesc="Tool to automatically update rules for snort"
arch=('any')
-url="http://code.google.com/p/pulledpork"
+url="https://code.google.com/p/pulledpork"
license=('GPL')
depends=('perl' 'perl-lwp-protocol-https' 'perl-crypt-ssleay' 'perl-archive-tar' 'perl-switch')
optdepends=('snort')
-source=(http://pulledpork.googlecode.com/files/pulledpork-0.6.1.tar.gz)
-md5sums=('a35c5c89d1f631ade1a2cd4e5c3a8778')
+source=(http://pulledpork.googlecode.com/files/pulledpork-$pkgver.tar.gz)
+md5sums=('98d5825556a2ae461f179d52fc79ccad')

package() {
cd $srcdir/$pkgname-$pkgver
install -Dm644 etc/pulledpork.conf $pkgdir/etc/pulledpork.conf
- install -Dm755 pulledpork.pl $pkgdir/usr/sbin/pulledpork.pl
+ install -Dm755 pulledpork.pl $pkgdir/usr/bin/pulledpork.pl
}

dack commented on 2013-06-09 18:43

This should be updated to install to /usr/bin instead of /usr/sbin.

SirPenguins commented on 2012-09-21 15:51

Updated, thanks!

Anonymous comment on 2012-09-20 20:18

please add perl-switch as dependency