PulledPork找不到Snort二进制文件

时间:2015-06-28 06:43:12

标签: linux networking centos snort

我有一个问题。 我在我的CentOS 7服务器上安装了Snort,并希望使用PulledPork作为规则来源。非常基本的东西......

配置PulledPork conf:

# What path you want the .so files to actually go to *i.e. where is it
# defined in your snort.conf, needs a trailing slash
sorule_path=/usr/lib64/snort-2.9.7.3_dynamicpreprocessor/

# Path to the snort binary, we need this to generate the stub files
snort_path=/usr/sbin/snort/

# We need to know where your snort.conf file lives so that we can
# generate the stub files
config_path=/etc/snort/snort.conf

然后我运行了我的PulledPork脚本:

./pulledpork.pl -c /etc/pulledpork/etc/pulledpork.conf

它给了我一个错误:

The specified Snort binary does not exist!
Please correct the value or specify the FULL rules tarball name in the pulledpork.conf!
 at ./pulledpork.pl line 1816.

我尝试安装不同的snort(来自snort二进制文件部分:snort-openappid-2.9.7.3-1.centos7.x86_64.rpm),更改了pullerpork conf文件。没有改变。也不能谷歌,所以现在我在这里寻求帮助。谢谢!

以下是我的snort文件位置:

/home/aivanov/snort-2.9.7.3-1.centos7.x86_64.rpm
/home/aivanov/snort-openappid-2.9.7.3-1.centos7.x86_64.rpm
/home/aivanov/snort-2.9.7.3-1.src.rpm
/home/aivanov/snort-openappid-2.9.7.3-1.centos7.x86_64.rpm.1
/run/lock/subsys/snort
/sys/fs/cgroup/systemd/system.slice/snortd.service
/sys/fs/cgroup/systemd/system.slice/snortd.service/cgroup.clone_children
/sys/fs/cgroup/systemd/system.slice/snortd.service/cgroup.event_control
/sys/fs/cgroup/systemd/system.slice/snortd.service/notify_on_release
/sys/fs/cgroup/systemd/system.slice/snortd.service/cgroup.procs
/sys/fs/cgroup/systemd/system.slice/snortd.service/tasks
/etc/selinux/targeted/modules/active/modules/snort.pp
/etc/logrotate.d/snort
/etc/sysconfig/snort
/etc/rc.d/init.d/snortd.rpmsave
/etc/rc.d/init.d/snortd
/etc/rc.d/rc0.d/K60snortd
/etc/rc.d/rc1.d/K60snortd
/etc/rc.d/rc2.d/S40snortd
/etc/rc.d/rc3.d/S40snortd
/etc/rc.d/rc4.d/S40snortd
/etc/rc.d/rc5.d/S40snortd
/etc/rc.d/rc6.d/K60snortd
/etc/snort
/etc/snort/rules
/etc/snort/rules/snort-2.9.7.3-1.src.rpm
/etc/snort/rules/snort-2.9.7.3-1.centos7.x86_64.rpm
/etc/snort/rules/snort-openappid-2.9.7.3-1.centos7.x86_64.rpm
/etc/snort/snort.conf.rpmsave
/etc/snort/classification.config
/etc/snort/gen-msg.map
/etc/snort/reference.config
/etc/snort/snort.conf
/etc/snort/threshold.conf
/etc/snort/unicode.map
/var/lib/yum/yumdb/s/bbf08ea2dbaff9bcfb7095d8dfcf486e694aa1cf-snort-openappid-2.9.7.3-1-x86_64
/var/lib/yum/yumdb/s/bbf08ea2dbaff9bcfb7095d8dfcf486e694aa1cf-snort-openappid-2.9.7.3-1-x86_64/from_repo
/var/lib/yum/yumdb/s/bbf08ea2dbaff9bcfb7095d8dfcf486e694aa1cf-snort-openappid-2.9.7.3-1-x86_64/reason
/var/lib/yum/yumdb/s/bbf08ea2dbaff9bcfb7095d8dfcf486e694aa1cf-snort-openappid-2.9.7.3-1-x86_64/releasever
/var/lib/yum/yumdb/s/bbf08ea2dbaff9bcfb7095d8dfcf486e694aa1cf-snort-openappid-2.9.7.3-1-x86_64/var_uuid
/var/lib/yum/yumdb/s/bbf08ea2dbaff9bcfb7095d8dfcf486e694aa1cf-snort-openappid-2.9.7.3-1-x86_64/var_infra
/var/lib/yum/yumdb/s/bbf08ea2dbaff9bcfb7095d8dfcf486e694aa1cf-snort-openappid-2.9.7.3-1-x86_64/command_line
/var/lib/yum/yumdb/s/bbf08ea2dbaff9bcfb7095d8dfcf486e694aa1cf-snort-openappid-2.9.7.3-1-x86_64/checksum_type
/var/lib/yum/yumdb/s/bbf08ea2dbaff9bcfb7095d8dfcf486e694aa1cf-snort-openappid-2.9.7.3-1-x86_64/checksum_data
/var/lib/yum/yumdb/s/bbf08ea2dbaff9bcfb7095d8dfcf486e694aa1cf-snort-openappid-2.9.7.3-1-x86_64/from_repo_revision
/var/lib/yum/yumdb/s/bbf08ea2dbaff9bcfb7095d8dfcf486e694aa1cf-snort-openappid-2.9.7.3-1-x86_64/from_repo_timestamp
/var/lib/yum/yumdb/s/bbf08ea2dbaff9bcfb7095d8dfcf486e694aa1cf-snort-openappid-2.9.7.3-1-x86_64/installed_by
/var/log/snort
/var/spool/mail/snort
/var/tmp/yum-root-3bDmpR/snort-2.9.7.3-1.centos7.x86_64.rpm
/usr/bin/snort_control
/usr/sbin/snort
/usr/sbin/snort-openappid
/usr/lib64/snort-2.9.7.3_dynamicengine
/usr/lib64/snort-2.9.7.3_dynamicengine/libsf_engine.so
/usr/lib64/snort-2.9.7.3_dynamicengine/libsf_engine.so.0
/usr/lib64/snort-2.9.7.3_dynamicpreprocessor
/usr/lib64/snort-2.9.7.3_dynamicpreprocessor/libsf_appid_preproc.so
/usr/lib64/snort-2.9.7.3_dynamicpreprocessor/libsf_appid_preproc.so.0
/usr/lib64/snort-2.9.7.3_dynamicpreprocessor/libsf_appid_preproc.so.0.0.0
/usr/lib64/snort-2.9.7.3_dynamicpreprocessor/libsf_dce2_preproc.so
/usr/lib64/snort-2.9.7.3_dynamicpreprocessor/libsf_dce2_preproc.so.0
/usr/lib64/snort-2.9.7.3_dynamicpreprocessor/libsf_dce2_preproc.so.0.0.0
/usr/lib64/snort-2.9.7.3_dynamicpreprocessor/libsf_dnp3_preproc.so
/usr/lib64/snort-2.9.7.3_dynamicpreprocessor/libsf_dnp3_preproc.so.0
/usr/lib64/snort-2.9.7.3_dynamicpreprocessor/libsf_dnp3_preproc.so.0.0.0
/usr/lib64/snort-2.9.7.3_dynamicpreprocessor/libsf_dns_preproc.so
/usr/lib64/snort-2.9.7.3_dynamicpreprocessor/libsf_dns_preproc.so.0
/usr/lib64/snort-2.9.7.3_dynamicpreprocessor/libsf_dns_preproc.so.0.0.0
/usr/lib64/snort-2.9.7.3_dynamicpreprocessor/libsf_ftptelnet_preproc.so
/usr/lib64/snort-2.9.7.3_dynamicpreprocessor/libsf_ftptelnet_preproc.so.0
/usr/lib64/snort-2.9.7.3_dynamicpreprocessor/libsf_ssl_preproc.so
/usr/lib64/snort-2.9.7.3_dynamicpreprocessor/libsf_ftptelnet_preproc.so.0.0.0
/usr/lib64/snort-2.9.7.3_dynamicpreprocessor/libsf_gtp_preproc.so
/usr/lib64/snort-2.9.7.3_dynamicpreprocessor/libsf_gtp_preproc.so.0
/usr/lib64/snort-2.9.7.3_dynamicpreprocessor/libsf_gtp_preproc.so.0.0.0
/usr/lib64/snort-2.9.7.3_dynamicpreprocessor/libsf_imap_preproc.so
/usr/lib64/snort-2.9.7.3_dynamicpreprocessor/libsf_imap_preproc.so.0
/usr/lib64/snort-2.9.7.3_dynamicpreprocessor/libsf_imap_preproc.so.0.0.0
/usr/lib64/snort-2.9.7.3_dynamicpreprocessor/libsf_modbus_preproc.so
/usr/lib64/snort-2.9.7.3_dynamicpreprocessor/libsf_modbus_preproc.so.0
/usr/lib64/snort-2.9.7.3_dynamicpreprocessor/libsf_modbus_preproc.so.0.0.0
/usr/lib64/snort-2.9.7.3_dynamicpreprocessor/libsf_pop_preproc.so
/usr/lib64/snort-2.9.7.3_dynamicpreprocessor/libsf_pop_preproc.so.0
/usr/lib64/snort-2.9.7.3_dynamicpreprocessor/libsf_pop_preproc.so.0.0.0
/usr/lib64/snort-2.9.7.3_dynamicpreprocessor/libsf_reputation_preproc.so
/usr/lib64/snort-2.9.7.3_dynamicpreprocessor/libsf_ssl_preproc.so.0
/usr/lib64/snort-2.9.7.3_dynamicpreprocessor/libsf_reputation_preproc.so.0
/usr/lib64/snort-2.9.7.3_dynamicpreprocessor/libsf_ssl_preproc.so.0.0.0
/usr/lib64/snort-2.9.7.3_dynamicpreprocessor/libsf_reputation_preproc.so.0.0.0
/usr/lib64/snort-2.9.7.3_dynamicpreprocessor/libsf_sdf_preproc.so
/usr/lib64/snort-2.9.7.3_dynamicpreprocessor/libsf_sdf_preproc.so.0
/usr/lib64/snort-2.9.7.3_dynamicpreprocessor/libsf_sdf_preproc.so.0.0.0
/usr/lib64/snort-2.9.7.3_dynamicpreprocessor/libsf_sip_preproc.so
/usr/lib64/snort-2.9.7.3_dynamicpreprocessor/libsf_sip_preproc.so.0
/usr/lib64/snort-2.9.7.3_dynamicpreprocessor/libsf_sip_preproc.so.0.0.0
/usr/lib64/snort-2.9.7.3_dynamicpreprocessor/libsf_smtp_preproc.so
/usr/lib64/snort-2.9.7.3_dynamicpreprocessor/libsf_smtp_preproc.so.0
/usr/lib64/snort-2.9.7.3_dynamicpreprocessor/libsf_smtp_preproc.so.0.0.0
/usr/lib64/snort-2.9.7.3_dynamicpreprocessor/libsf_ssh_preproc.so
/usr/lib64/snort-2.9.7.3_dynamicpreprocessor/libsf_ssh_preproc.so.0
/usr/lib64/snort-2.9.7.3_dynamicpreprocessor/libsf_ssh_preproc.so.0.0.0
/usr/share/doc/snort-2.9.7.3
/usr/share/doc/snort-2.9.7.3/AUTHORS
/usr/share/doc/snort-2.9.7.3/BUGS
/usr/share/doc/snort-2.9.7.3/CREDITS
/usr/share/doc/snort-2.9.7.3/INSTALL
/usr/share/doc/snort-2.9.7.3/NEWS
/usr/share/doc/snort-2.9.7.3/README.unified2
/usr/share/doc/snort-2.9.7.3/OpenDetectorDeveloperGuide.pdf
/usr/share/doc/snort-2.9.7.3/PROBLEMS
/usr/share/doc/snort-2.9.7.3/README
/usr/share/doc/snort-2.9.7.3/README.GTP
/usr/share/doc/snort-2.9.7.3/WISHLIST
/usr/share/doc/snort-2.9.7.3/README.PLUGINS
/usr/share/doc/snort-2.9.7.3/generators
/usr/share/doc/snort-2.9.7.3/README.PerfProfiling
/usr/share/doc/snort-2.9.7.3/README.SMTP
/usr/share/doc/snort-2.9.7.3/snort_manual.tex
/usr/share/doc/snort-2.9.7.3/README.UNSOCK
/usr/share/doc/snort-2.9.7.3/README.WIN32
/usr/share/doc/snort-2.9.7.3/snort_manual.pdf
/usr/share/doc/snort-2.9.7.3/README.active
/usr/share/doc/snort-2.9.7.3/README.alert_order
/usr/share/doc/snort-2.9.7.3/README.appid
/usr/share/doc/snort-2.9.7.3/README.asn1
/usr/share/doc/snort-2.9.7.3/README.counts
/usr/share/doc/snort-2.9.7.3/README.csv
/usr/share/doc/snort-2.9.7.3/README.daq
/usr/share/doc/snort-2.9.7.3/README.dcerpc2
/usr/share/doc/snort-2.9.7.3/README.decode
/usr/share/doc/snort-2.9.7.3/README.variables
/usr/share/doc/snort-2.9.7.3/README.decoder_preproc_rules
/usr/share/doc/snort-2.9.7.3/README.dnp3
/usr/share/doc/snort-2.9.7.3/README.dns
/usr/share/doc/snort-2.9.7.3/README.event_queue
/usr/share/doc/snort-2.9.7.3/README.file
/usr/share/doc/snort-2.9.7.3/README.file_ips
/usr/share/doc/snort-2.9.7.3/README.filters
/usr/share/doc/snort-2.9.7.3/README.flowbits
/usr/share/doc/snort-2.9.7.3/README.frag3
/usr/share/doc/snort-2.9.7.3/README.ftptelnet
/usr/share/doc/snort-2.9.7.3/README.gre
/usr/share/doc/snort-2.9.7.3/README.ha
/usr/share/doc/snort-2.9.7.3/README.http_inspect
/usr/share/doc/snort-2.9.7.3/README.imap
/usr/share/doc/snort-2.9.7.3/README.ipip
/usr/share/doc/snort-2.9.7.3/README.ipv6
/usr/share/doc/snort-2.9.7.3/README.modbus
/usr/share/doc/snort-2.9.7.3/TODO
/usr/share/doc/snort-2.9.7.3/README.multipleconfigs
/usr/share/doc/snort-2.9.7.3/README.normalize
/usr/share/doc/snort-2.9.7.3/README.pcap_readmode
/usr/share/doc/snort-2.9.7.3/README.pop
/usr/share/doc/snort-2.9.7.3/README.ppm
/usr/share/doc/snort-2.9.7.3/README.reload
/usr/share/doc/snort-2.9.7.3/README.reputation
/usr/share/doc/snort-2.9.7.3/USAGE
/usr/share/doc/snort-2.9.7.3/README.sensitive_data
/usr/share/doc/snort-2.9.7.3/README.sfportscan
/usr/share/doc/snort-2.9.7.3/README.sip
/usr/share/doc/snort-2.9.7.3/README.ssh
/usr/share/doc/snort-2.9.7.3/README.ssl
/usr/share/doc/snort-2.9.7.3/README.stream5
/usr/share/doc/snort-2.9.7.3/README.tag
/usr/share/doc/snort-2.9.7.3/README.thresholding
/usr/share/man/man8/snort.8.gz
/usr/local/lib/snort_dynamicrules

感谢您的帮助!

2 个答案:

答案 0 :(得分:0)

try sudo ./pulledpork.pl -c /etc/pulledpork/etc/pulledpork.conf You are trying to access your sbin. And I would double check that, that is actually where your snort binary is. also get rid of the trailing slash: /usr/sbin/snort

答案 1 :(得分:0)

由于斜杠的斜杠,你得到这个错误,删除snort后面的正斜杠,你应该很好。

snort_path=/usr/sbin/snort