# Pulledpork installation and configuration


# apt-get install libcrypt-ssleay-perl liblwp-protocol-https-perl
# cd /usr/local/bin
# curl --silent --location --output pulledpork.pl http://pulledpork.googlecode.com/svn/trunk/pulledpork.pl
# vi pulledpork.pl
---
"$Snort_path -c $Snort_config --dump-dynamic-rules=$Sostubs 2>&1|"
+++
"$Snort_path -Q -c $Snort_config --dump-dynamic-rules=$Sostubs 2>&1|"
# chmod 755 pulledpork.pl
# mkdir /etc/pulledpork
# cd /etc/pulledpork
# sed -i '/^include $RULE_PATH/d' /usr/local/snort/etc/snort.conf
# echo "include \$RULE_PATH/snort.rules" >> /usr/local/snort/etc/snort.conf
# echo "include \$RULE_PATH/local.rules" >> /usr/local/snort/etc/snort.conf
# rm /usr/local/snort/rules/*.rules
# touch /usr/local/snort/rules/snort.rules
# touch /usr/local/snort/rules/local.rules
# touch /usr/local/snort/rules/white_list.rules
# cat pulledpork.conf
rule_url=https://www.snort.org/reg-rules/|snortrules-snapshot.tar.gz|<oinkcode>
rule_url=https://s3.amazonaws.com/snort-org/www/rules/community/|community-rules.tar.gz|Community
rule_url=http://labs.snort.org/feeds/ip-filter.blf|IPBLACKLIST|open
rule_url=https://www.snort.org/reg-rules/|opensource.gz|<oinkcode>
rule_url=https://rules.emergingthreatspro.com/|emerging.rules.tar.gz|open
ignore=deleted.rules,experimental.rules,local.rules
temp_path=/tmp
rule_path=/usr/local/snort/rules/snort.rules
local_rules=/usr/local/snort/rules/local.rules
sid_msg=/usr/local/snort/etc/sid-msg.map
sid_msg_version=1
sid_changelog=/var/log/snort/sid_changes.log
sorule_path=/usr/local/snort/lib/snort_dynamicrules
snort_path=/usr/local/snort/bin/snort
config_path=/usr/local/snort/etc/snort.conf
# Ubuntu-8.04, Ubuntu-10-4
distro=Ubuntu-12-04
black_list=/usr/local/snort/rules/black_list.rules
IPRVersion=/usr/local/snort/rules/iplists
#snort_control=/usr/local/bin/snort_control
version=0.7.0
# pulledpork.pl -c /etc/pulledpork/pulledpork.conf

No comments: