我那里有问题。
我已经在CentOS 7服务器上安装了Snort,并希望使用PulledPork作为规则源。很基本的东西...

配置的PulledPork conf:

# What path you want the .so files to actually go to *i.e. where is it
# defined in your snort.conf, needs a trailing slash
sorule_path=/usr/lib64/snort-2.9.7.3_dynamicpreprocessor/

# Path to the snort binary, we need this to generate the stub files
snort_path=/usr/sbin/snort/

# We need to know where your snort.conf file lives so that we can
# generate the stub files
config_path=/etc/snort/snort.conf


然后我运行了PulledPork脚本:

./pulledpork.pl -c /etc/pulledpork/etc/pulledpork.conf

它给了我一个错误:

The specified Snort binary does not exist!
Please correct the value or specify the FULL rules tarball name in the pulledpork.conf!
 at ./pulledpork.pl line 1816.


我尝试安装其他snort(从snort二进制文件部分:snort-openappid-2.9.7.3-1.centos7.x86_64.rpm),更改了pullerpork conf文件。没有改变。也无法在Google上搜索,所以现在我在这里寻求帮助。谢谢!

这是我的snort文件位置:

/home/aivanov/snort-2.9.7.3-1.centos7.x86_64.rpm
/home/aivanov/snort-openappid-2.9.7.3-1.centos7.x86_64.rpm
/home/aivanov/snort-2.9.7.3-1.src.rpm
/home/aivanov/snort-openappid-2.9.7.3-1.centos7.x86_64.rpm.1
/run/lock/subsys/snort
/sys/fs/cgroup/systemd/system.slice/snortd.service
/sys/fs/cgroup/systemd/system.slice/snortd.service/cgroup.clone_children
/sys/fs/cgroup/systemd/system.slice/snortd.service/cgroup.event_control
/sys/fs/cgroup/systemd/system.slice/snortd.service/notify_on_release
/sys/fs/cgroup/systemd/system.slice/snortd.service/cgroup.procs
/sys/fs/cgroup/systemd/system.slice/snortd.service/tasks
/etc/selinux/targeted/modules/active/modules/snort.pp
/etc/logrotate.d/snort
/etc/sysconfig/snort
/etc/rc.d/init.d/snortd.rpmsave
/etc/rc.d/init.d/snortd
/etc/rc.d/rc0.d/K60snortd
/etc/rc.d/rc1.d/K60snortd
/etc/rc.d/rc2.d/S40snortd
/etc/rc.d/rc3.d/S40snortd
/etc/rc.d/rc4.d/S40snortd
/etc/rc.d/rc5.d/S40snortd
/etc/rc.d/rc6.d/K60snortd
/etc/snort
/etc/snort/rules
/etc/snort/rules/snort-2.9.7.3-1.src.rpm
/etc/snort/rules/snort-2.9.7.3-1.centos7.x86_64.rpm
/etc/snort/rules/snort-openappid-2.9.7.3-1.centos7.x86_64.rpm
/etc/snort/snort.conf.rpmsave
/etc/snort/classification.config
/etc/snort/gen-msg.map
/etc/snort/reference.config
/etc/snort/snort.conf
/etc/snort/threshold.conf
/etc/snort/unicode.map
/var/lib/yum/yumdb/s/bbf08ea2dbaff9bcfb7095d8dfcf486e694aa1cf-snort-openappid-2.9.7.3-1-x86_64
/var/lib/yum/yumdb/s/bbf08ea2dbaff9bcfb7095d8dfcf486e694aa1cf-snort-openappid-2.9.7.3-1-x86_64/from_repo
/var/lib/yum/yumdb/s/bbf08ea2dbaff9bcfb7095d8dfcf486e694aa1cf-snort-openappid-2.9.7.3-1-x86_64/reason
/var/lib/yum/yumdb/s/bbf08ea2dbaff9bcfb7095d8dfcf486e694aa1cf-snort-openappid-2.9.7.3-1-x86_64/releasever
/var/lib/yum/yumdb/s/bbf08ea2dbaff9bcfb7095d8dfcf486e694aa1cf-snort-openappid-2.9.7.3-1-x86_64/var_uuid
/var/lib/yum/yumdb/s/bbf08ea2dbaff9bcfb7095d8dfcf486e694aa1cf-snort-openappid-2.9.7.3-1-x86_64/var_infra
/var/lib/yum/yumdb/s/bbf08ea2dbaff9bcfb7095d8dfcf486e694aa1cf-snort-openappid-2.9.7.3-1-x86_64/command_line
/var/lib/yum/yumdb/s/bbf08ea2dbaff9bcfb7095d8dfcf486e694aa1cf-snort-openappid-2.9.7.3-1-x86_64/checksum_type
/var/lib/yum/yumdb/s/bbf08ea2dbaff9bcfb7095d8dfcf486e694aa1cf-snort-openappid-2.9.7.3-1-x86_64/checksum_data
/var/lib/yum/yumdb/s/bbf08ea2dbaff9bcfb7095d8dfcf486e694aa1cf-snort-openappid-2.9.7.3-1-x86_64/from_repo_revision
/var/lib/yum/yumdb/s/bbf08ea2dbaff9bcfb7095d8dfcf486e694aa1cf-snort-openappid-2.9.7.3-1-x86_64/from_repo_timestamp
/var/lib/yum/yumdb/s/bbf08ea2dbaff9bcfb7095d8dfcf486e694aa1cf-snort-openappid-2.9.7.3-1-x86_64/installed_by
/var/log/snort
/var/spool/mail/snort
/var/tmp/yum-root-3bDmpR/snort-2.9.7.3-1.centos7.x86_64.rpm
/usr/bin/snort_control
/usr/sbin/snort
/usr/sbin/snort-openappid
/usr/lib64/snort-2.9.7.3_dynamicengine
/usr/lib64/snort-2.9.7.3_dynamicengine/libsf_engine.so
/usr/lib64/snort-2.9.7.3_dynamicengine/libsf_engine.so.0
/usr/lib64/snort-2.9.7.3_dynamicpreprocessor
/usr/lib64/snort-2.9.7.3_dynamicpreprocessor/libsf_appid_preproc.so
/usr/lib64/snort-2.9.7.3_dynamicpreprocessor/libsf_appid_preproc.so.0
/usr/lib64/snort-2.9.7.3_dynamicpreprocessor/libsf_appid_preproc.so.0.0.0
/usr/lib64/snort-2.9.7.3_dynamicpreprocessor/libsf_dce2_preproc.so
/usr/lib64/snort-2.9.7.3_dynamicpreprocessor/libsf_dce2_preproc.so.0
/usr/lib64/snort-2.9.7.3_dynamicpreprocessor/libsf_dce2_preproc.so.0.0.0
/usr/lib64/snort-2.9.7.3_dynamicpreprocessor/libsf_dnp3_preproc.so
/usr/lib64/snort-2.9.7.3_dynamicpreprocessor/libsf_dnp3_preproc.so.0
/usr/lib64/snort-2.9.7.3_dynamicpreprocessor/libsf_dnp3_preproc.so.0.0.0
/usr/lib64/snort-2.9.7.3_dynamicpreprocessor/libsf_dns_preproc.so
/usr/lib64/snort-2.9.7.3_dynamicpreprocessor/libsf_dns_preproc.so.0
/usr/lib64/snort-2.9.7.3_dynamicpreprocessor/libsf_dns_preproc.so.0.0.0
/usr/lib64/snort-2.9.7.3_dynamicpreprocessor/libsf_ftptelnet_preproc.so
/usr/lib64/snort-2.9.7.3_dynamicpreprocessor/libsf_ftptelnet_preproc.so.0
/usr/lib64/snort-2.9.7.3_dynamicpreprocessor/libsf_ssl_preproc.so
/usr/lib64/snort-2.9.7.3_dynamicpreprocessor/libsf_ftptelnet_preproc.so.0.0.0
/usr/lib64/snort-2.9.7.3_dynamicpreprocessor/libsf_gtp_preproc.so
/usr/lib64/snort-2.9.7.3_dynamicpreprocessor/libsf_gtp_preproc.so.0
/usr/lib64/snort-2.9.7.3_dynamicpreprocessor/libsf_gtp_preproc.so.0.0.0
/usr/lib64/snort-2.9.7.3_dynamicpreprocessor/libsf_imap_preproc.so
/usr/lib64/snort-2.9.7.3_dynamicpreprocessor/libsf_imap_preproc.so.0
/usr/lib64/snort-2.9.7.3_dynamicpreprocessor/libsf_imap_preproc.so.0.0.0
/usr/lib64/snort-2.9.7.3_dynamicpreprocessor/libsf_modbus_preproc.so
/usr/lib64/snort-2.9.7.3_dynamicpreprocessor/libsf_modbus_preproc.so.0
/usr/lib64/snort-2.9.7.3_dynamicpreprocessor/libsf_modbus_preproc.so.0.0.0
/usr/lib64/snort-2.9.7.3_dynamicpreprocessor/libsf_pop_preproc.so
/usr/lib64/snort-2.9.7.3_dynamicpreprocessor/libsf_pop_preproc.so.0
/usr/lib64/snort-2.9.7.3_dynamicpreprocessor/libsf_pop_preproc.so.0.0.0
/usr/lib64/snort-2.9.7.3_dynamicpreprocessor/libsf_reputation_preproc.so
/usr/lib64/snort-2.9.7.3_dynamicpreprocessor/libsf_ssl_preproc.so.0
/usr/lib64/snort-2.9.7.3_dynamicpreprocessor/libsf_reputation_preproc.so.0
/usr/lib64/snort-2.9.7.3_dynamicpreprocessor/libsf_ssl_preproc.so.0.0.0
/usr/lib64/snort-2.9.7.3_dynamicpreprocessor/libsf_reputation_preproc.so.0.0.0
/usr/lib64/snort-2.9.7.3_dynamicpreprocessor/libsf_sdf_preproc.so
/usr/lib64/snort-2.9.7.3_dynamicpreprocessor/libsf_sdf_preproc.so.0
/usr/lib64/snort-2.9.7.3_dynamicpreprocessor/libsf_sdf_preproc.so.0.0.0
/usr/lib64/snort-2.9.7.3_dynamicpreprocessor/libsf_sip_preproc.so
/usr/lib64/snort-2.9.7.3_dynamicpreprocessor/libsf_sip_preproc.so.0
/usr/lib64/snort-2.9.7.3_dynamicpreprocessor/libsf_sip_preproc.so.0.0.0
/usr/lib64/snort-2.9.7.3_dynamicpreprocessor/libsf_smtp_preproc.so
/usr/lib64/snort-2.9.7.3_dynamicpreprocessor/libsf_smtp_preproc.so.0
/usr/lib64/snort-2.9.7.3_dynamicpreprocessor/libsf_smtp_preproc.so.0.0.0
/usr/lib64/snort-2.9.7.3_dynamicpreprocessor/libsf_ssh_preproc.so
/usr/lib64/snort-2.9.7.3_dynamicpreprocessor/libsf_ssh_preproc.so.0
/usr/lib64/snort-2.9.7.3_dynamicpreprocessor/libsf_ssh_preproc.so.0.0.0
/usr/share/doc/snort-2.9.7.3
/usr/share/doc/snort-2.9.7.3/AUTHORS
/usr/share/doc/snort-2.9.7.3/BUGS
/usr/share/doc/snort-2.9.7.3/CREDITS
/usr/share/doc/snort-2.9.7.3/INSTALL
/usr/share/doc/snort-2.9.7.3/NEWS
/usr/share/doc/snort-2.9.7.3/README.unified2
/usr/share/doc/snort-2.9.7.3/OpenDetectorDeveloperGuide.pdf
/usr/share/doc/snort-2.9.7.3/PROBLEMS
/usr/share/doc/snort-2.9.7.3/README
/usr/share/doc/snort-2.9.7.3/README.GTP
/usr/share/doc/snort-2.9.7.3/WISHLIST
/usr/share/doc/snort-2.9.7.3/README.PLUGINS
/usr/share/doc/snort-2.9.7.3/generators
/usr/share/doc/snort-2.9.7.3/README.PerfProfiling
/usr/share/doc/snort-2.9.7.3/README.SMTP
/usr/share/doc/snort-2.9.7.3/snort_manual.tex
/usr/share/doc/snort-2.9.7.3/README.UNSOCK
/usr/share/doc/snort-2.9.7.3/README.WIN32
/usr/share/doc/snort-2.9.7.3/snort_manual.pdf
/usr/share/doc/snort-2.9.7.3/README.active
/usr/share/doc/snort-2.9.7.3/README.alert_order
/usr/share/doc/snort-2.9.7.3/README.appid
/usr/share/doc/snort-2.9.7.3/README.asn1
/usr/share/doc/snort-2.9.7.3/README.counts
/usr/share/doc/snort-2.9.7.3/README.csv
/usr/share/doc/snort-2.9.7.3/README.daq
/usr/share/doc/snort-2.9.7.3/README.dcerpc2
/usr/share/doc/snort-2.9.7.3/README.decode
/usr/share/doc/snort-2.9.7.3/README.variables
/usr/share/doc/snort-2.9.7.3/README.decoder_preproc_rules
/usr/share/doc/snort-2.9.7.3/README.dnp3
/usr/share/doc/snort-2.9.7.3/README.dns
/usr/share/doc/snort-2.9.7.3/README.event_queue
/usr/share/doc/snort-2.9.7.3/README.file
/usr/share/doc/snort-2.9.7.3/README.file_ips
/usr/share/doc/snort-2.9.7.3/README.filters
/usr/share/doc/snort-2.9.7.3/README.flowbits
/usr/share/doc/snort-2.9.7.3/README.frag3
/usr/share/doc/snort-2.9.7.3/README.ftptelnet
/usr/share/doc/snort-2.9.7.3/README.gre
/usr/share/doc/snort-2.9.7.3/README.ha
/usr/share/doc/snort-2.9.7.3/README.http_inspect
/usr/share/doc/snort-2.9.7.3/README.imap
/usr/share/doc/snort-2.9.7.3/README.ipip
/usr/share/doc/snort-2.9.7.3/README.ipv6
/usr/share/doc/snort-2.9.7.3/README.modbus
/usr/share/doc/snort-2.9.7.3/TODO
/usr/share/doc/snort-2.9.7.3/README.multipleconfigs
/usr/share/doc/snort-2.9.7.3/README.normalize
/usr/share/doc/snort-2.9.7.3/README.pcap_readmode
/usr/share/doc/snort-2.9.7.3/README.pop
/usr/share/doc/snort-2.9.7.3/README.ppm
/usr/share/doc/snort-2.9.7.3/README.reload
/usr/share/doc/snort-2.9.7.3/README.reputation
/usr/share/doc/snort-2.9.7.3/USAGE
/usr/share/doc/snort-2.9.7.3/README.sensitive_data
/usr/share/doc/snort-2.9.7.3/README.sfportscan
/usr/share/doc/snort-2.9.7.3/README.sip
/usr/share/doc/snort-2.9.7.3/README.ssh
/usr/share/doc/snort-2.9.7.3/README.ssl
/usr/share/doc/snort-2.9.7.3/README.stream5
/usr/share/doc/snort-2.9.7.3/README.tag
/usr/share/doc/snort-2.9.7.3/README.thresholding
/usr/share/man/man8/snort.8.gz
/usr/local/lib/snort_dynamicrules


谢谢你的帮助!

最佳答案

尝试sudo ./pulledpork.pl -c /etc/pulledpork/etc/pulledpork.conf您正在尝试访问您的垃圾箱。我会再次检查,这实际上是您的snort二进制文件所在的位置。也摆脱了斜杠:/ usr / sbin / snort

关于linux - PulledPork找不到Snort二进制文件,我们在Stack Overflow上找到一个类似的问题:https://stackoverflow.com/questions/31096920/

10-13 05:08