Thursday, October 29, 2015

Are you getting 404 errors attempting to download the community ruleset?

Yesterday, it came to our attention during some routine cleanup and maintenance that there were about 15,000 people attempting to download a Community Rule file directly from an older S3 Bucket. (Which hadn't been updated in over a year.)

The link directly into the S3 bucket was apparently in use by the default pulledpork.conf, and many people had not updated it to the newest link now available on Snort.org.

I have submitted a pull request against the pulledpork.conf to correct that link, and that should be fixed shortly.

However, for those of you that need to change your installation, please find this line in your PulledPork.conf:

https://github.com/shirkdog/pulledpork/blob/master/etc/pulledpork.conf#L21

Which looks like this:

rule_url=https://s3.amazonaws.com/snort-org/www/rules/community/|community-rules.tar.gz|Community

and change it to:

rule_url=https://snort.org/downloads/community/|community-rules.tar.gz|Community

This will ensure that you are pulling the correct community rules file.

Sorry for any lack of notice, we figured these were old installations without any updates, and didn't realize that it was actually in the default pulledpork.conf.

Please update to the new rule file and join the hundreds of thousands of users that download that rule file on a daily basis!

As always, if you'd like to contribute to the community ruleset, please send your rules to either the Snort-sigs or directly to Talos.