Pulledpork package. wrong version?

Hi.

I have been getting this message for some time:

/bin/sh: /usr/bin/pulledpork.pl: No such file or directory

It is every day at 2:30, so I know is a cron job.

[root@gate ~]# ll /etc/cron.d
total 36
-rw-r--r--. 1 root root 128 Mar 31  2016 0hourly
-rw-r--r--  1 root root  89 Jan 16 10:38 backup-config
-rw-r--r--  1 root root 426 Oct  3 09:38 backup-data
-rw-r--r--  1 root root 667 Jul 20  2015 clamav-unofficial-sigs
-rw-------  1 root root 203 Jun 13  2016 clamav-update
-rw-r--r--. 1 root root 159 Jul 21  2016 ptrack_purge
-rw-r--r--  1 root root  83 Sep 28 02:12 pulledpork
-rw-r--r--  1 root root 459 Jun 24  2015 sa-update
-rw-r--r--  1 root root  61 Jan 17 10:59 shorewall-update-dst



[root@gate ~]# cat /etc/cron.d/pulledpork
30 2 * * * root /usr/bin/pulledpork.pl -c /etc/snort/pulledpork.conf -l >/dev/null


[root@gate ~]# /usr/bin/pulledpork.pl -c /etc/snort/pulledpork.conf -l
-bash: /usr/bin/pulledpork.pl: No such file or directory



[root@gate ~]# yum provides pulledpork.pl
Loaded plugins: changelog, fastestmirror, nethserver_events
Loading mirror speeds from cached hostfile
 * base: mirror.steadfast.net
 * epel: mirror.nodesdirect.com
 * extras: mirror.steadfast.net
 * nethforge: mirror.nethserver.org
 * nethserver-base: mirror.nethserver.org
 * nethserver-updates: mirror.nethserver.org
 * updates: mirror.steadfast.net
pulledpork-0.7.2-1.ns7.noarch : Pulled_Pork is tool written in perl for managing Snort rule sets.
Repo        : nethserver-base
Matched from:
Filename    : /usr/bin/pulledpork.pl


[root@gate ~]# yum info pulledpork
Loaded plugins: changelog, fastestmirror, nethserver_events
Loading mirror speeds from cached hostfile
 * base: mirror.steadfast.net
 * epel: mirror.nodesdirect.com
 * extras: mirror.steadfast.net
 * nethforge: mirror.nethserver.org
 * nethserver-base: mirror.nethserver.org
 * nethserver-updates: mirror.nethserver.org
 * updates: mirror.steadfast.net
Installed Packages
Name        : pulledpork
Arch        : noarch
Version     : 0.7.2
Release     : 2.el7
Size        : 139 k
Repo        : installed
From repo   : epel
Summary     : Pulled Pork for Snort and Suricata rule management
URL         : https://github.com/shirkdog/pulledpork
License     : GPLv2+
Description : Pulled Pork for Snort and Suricata rule management (from Google code).

In conclusion, the pulledpork.pl file is in the pulledpork package form nethserver repo, but apparently there is a newer version in epel. So I tried to install the one from nethserver repo:

yum remove pulledpork

yum --disablerepo=epel install pulledpork

yum install nethserver-pulledpork

yum install nethserver-snort

The script pulledpork.pl fails again because suricata is not installed. so I just did “yum install suricata” and It worked:

[root@gate ~]# /usr/bin/pulledpork.pl -c /etc/snort/pulledpork.conf -l
 
    https://github.com/shirkdog/pulledpork
      _____ ____
     `----,\    )
      `--==\\  /    PulledPork v0.7.2 - E.Coli in your water bottle!
       `--==\\/
     .-~~~~-.Y|\\_  Copyright (C) 2009-2015 JJ Cummings
  @_/        /  66\_  cummingsj@gmail.com
    |    \   \   _(")
     \   /-| ||'--'  Rules give me wings!
      \_\  \_\\
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Rules tarball download of community-rules.tar.gz....
IP Blacklist download of http://talosintelligence.com/feeds/ip-filter.blf....
Reading IP List...
Checking latest MD5 for emerging.rules.tar.gz....
	They Match
	Done!
Prepping rules from emerging.rules.tar.gz for work....
	Done!
Prepping rules from community-rules.tar.gz for work....
	Done!
Reading rules...
Blacklist version is unchanged, not updating!
Activating balanced rulesets....
	Done
Processing /etc/snort/enablesid.conf....
	Modified 0 rules
	Done
Processing /etc/snort/dropsid.conf....
	Modified 843 rules
	Done
Processing /etc/snort/disablesid.conf....
	Modified 0 rules
	Done
Setting Flowbit State....
	Enabled 4 flowbits
	Enabled 1 flowbits
	Done
Writing /etc/suricata/rules/suricata.rules....
	Done
Generating sid-msg.map....
	Done
Writing v1 /etc/snort/sid-msg.map....
	Done
Writing /var/log/sid_changes.log....
	Done
Rule Stats...
	New:-------25460
	Deleted:---0
	Enabled Rules:----11
	Dropped Rules:----843
	Disabled Rules:---24606
	Total Rules:------25460
No IP Blacklist Changes

Done
Please review /var/log/sid_changes.log for additional details
Fly Piggy Fly!

But now I have the problem that “yum update” tries to replace pulledpork with the epel version.

Is this a bug?

1 Like

https://github.com/orgs/NethServer/projects/1#card-1315860

Not found.

Can you access this?

1 Like

And:

Ok, fixed with:

yum --enablerepo=nethserver-testing update pulledpork

Thank you.

1 Like

Hi. Sorry I’m bringing this back to life, but I’m getting this problem again.

I know what is causing the error and how to fix. But I need to be clear about a couple of things here:

  1. There is a package named “pulledpork” in nethserver-base repo and in EPEL repo. Which of them should I have installed?

  2. The “yum update” command installs the EPEL version of pulledpork because is “greater” than the one of nethserver-base. Is this right? Is there a bug in the repo?

  3. Does EPEL need to be enabled? It was enabled since I first installed nethserver, and I have assumed it is a essential part of the system. But some say it should be disabled:

Please guide me here. Thank you.

From nethserver-base.

EPEL began to offer pulledpork some weeks ago, their version can’t work on NS6.8.

EPEL must be disabled on NS6.8

On NS7 EPEL is enabled by default.

So you should:

  1. disable epel
  2. yum downgrade pulledpork

I’m using NS7. I see a lot of packages installed from EPEL:

[root@gate ~]# yum list installed | grep @epel
altermime.x86_64                    0.3.10-10.el7            @epel              
amavisd-new.noarch                  2.10.1-5.el7             @epel              
arj.x86_64                          3.10.22-22.el7           @epel              
cabextract.x86_64                   1.5-1.el7                @epel              
certbot.noarch                      0.9.3-1.el7              @epel              
clamav.x86_64                       0.99.2-1.el7             @epel              
clamav-data-empty.noarch            0.99.2-1.el7             @epel              
clamav-filesystem.noarch            0.99.2-1.el7             @epel              
clamav-lib.x86_64                   0.99.2-1.el7             @epel              
clamav-server.x86_64                0.99.2-1.el7             @epel              
clamav-server-systemd.noarch        0.99.2-1.el7             @epel              
clamav-unofficial-sigs.noarch       3.7.2-1.el7              @epel              
clamav-update.x86_64                0.99.2-1.el7             @epel              
collectd.x86_64                     5.7.1-1.el7              @epel              
collectd-ping.x86_64                5.7.1-1.el7              @epel              
collectd-rrdtool.x86_64             5.7.1-1.el7              @epel              
daq.x86_64                          2.0.6-1.el7              @epel              
                                                             @epel              
duplicity.x86_64                    0.7.11-2.el7             @epel              
epel-release.noarch                 7-9                      @epel              
freeze.x86_64                       2.5.0-16.el7             @epel              
hddtemp.x86_64                      0.3-0.31.beta15.el7      @epel              
hiredis.x86_64                      0.12.1-1.el7             @epel              
inxi.noarch                         2.3.8-1.el7              @epel              
jemalloc.x86_64                     3.6.0-1.el7              @epel              
libnetfilter_queue.x86_64           1.0.2-2.el7              @epel              
liboping.x86_64                     1.6.2-2.el7              @epel              
librsync.x86_64                     1.0.0-1.el7              @epel              
libsodium.x86_64                    1.0.5-1.el7              @epel              
libtomcrypt.x86_64                  1.17-23.el7              @epel              
libtommath.x86_64                   0.42.0-4.el7             @epel              
lrzip.x86_64                        0.616-5.el7              @epel              
luajit.x86_64                       2.0.4-3.el7              @epel              
ncftp.x86_64                        2:3.2.5-7.el7            @epel              
nomarch.x86_64                      1.4-11.el7               @epel              
openpgm.x86_64                      5.2.122-2.el7            @epel              
p7zip.x86_64                        16.02-2.el7              @epel              
p7zip-plugins.x86_64                16.02-2.el7              @epel              
perl-BerkeleyDB.x86_64              0.51-4.el7               @epel              
perl-Convert-BinHex.noarch          1.119-20.el7             @epel              
perl-Convert-TNEF.noarch            0.18-2.el7               @epel              
perl-Convert-UUlib.x86_64           2:1.5-1.el7              @epel              
perl-GDGraph.noarch                 1:1.44-15.el7            @epel              
perl-GDGraph3d.noarch               0.63-23.el7              @epel              
perl-GDTextUtil.noarch              0.86-23.el7              @epel              
perl-MIME-tools.noarch              5.505-1.el7              @epel              
perl-Razor-Agent.x86_64             2.85-15.el7              @epel              
perl-Sys-Hostname-Long.noarch       1.5-1.el7                @epel              
perl-Unix-Syslog.x86_64             1.1-17.el7               @epel              
pulledpork.noarch                   0.7.2-2.el7              @epel              
python-GnuPGInterface.noarch        0.3.2-11.el7             @epel              
python2-acme.noarch                 0.9.3-1.el7              @epel              
python2-boto.noarch                 2.44.0-1.el7             @epel              
python2-certbot.noarch              0.9.3-1.el7              @epel              
python2-configargparse.noarch       0.11.0-1.el7             @epel              
python2-crypto.x86_64               2.6.1-13.el7             @epel              
python2-ecdsa.noarch                0.13-4.el7               @epel              
python2-paramiko.noarch             1.16.1-2.el7             @epel              
python2-rsa.noarch                  3.4.1-1.el7              @epel              
python2-simplejson.x86_64           3.10.0-1.el7             @epel              
redis.x86_64                        2.8.19-2.el7             @epel              
shorewall.noarch                    5.0.14.1-2.el7           @epel              
shorewall-core.noarch               5.0.14.1-2.el7           @epel              
suricata.x86_64                     3.2.1-1.el7              @epel              
unzoo.x86_64                        4.4-16.el7               @epel              
zeromq.x86_64                       4.1.4-5.el7              @epel

I know that disabling EPEL won’t remove the packages. Should I downgrade them too?

I was referring only to NS 6.8.

Since you’re on NS7 you shouldn’t follow my instructions above.

I can’t reproduce you issue on NS7:

# /usr/bin/pulledpork -c /etc/pulledpork/pulledpork.conf -l
 
    https://github.com/shirkdog/pulledpork
      _____ ____
     `----,\    )
      `--==\\  /    PulledPork v0.7.2 - E.Coli in your water bottle!
       `--==\\/
     .-~~~~-.Y|\\_  Copyright (C) 2009-2016 JJ Cummings
  @_/        /  66\_  cummingsj@gmail.com
    |    \   \   _(")
     \   /-| ||'--'  Rules give me wings!
      \_\  \_\\
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Checking latest MD5 for community-rules.tar.gz....
	They Match
	Done!
IP Blacklist download of http://talosintelligence.com/feeds/ip-filter.blf....
Reading IP List...
Checking latest MD5 for emerging.rules.tar.gz....
	They Match
	Done!
Writing Blacklist File /etc/suricata/rules/iplists/default.blacklist....
Writing Blacklist Version 876110436 to /etc/suricata/rules/iplistsIPRVersion.dat....
Writing /var/log/sid_changes.log....
	Done

No Rule Changes

IP Blacklist Stats...
	Total IPs:-----24165

Done
Please review /var/log/sid_changes.log for additional details
Fly Piggy Fly!

Ok, so to be clear, in NS7 the “pulledpork” package should come from EPEL?

Yes, NS7 use pulledpork from EPEL.
When we developed NS 6.8, pulledpork was not available from EPEL, so we had to build our own and we still use it only on 6.8.

1 Like