Hi.
I have been getting this message for some time:
/bin/sh: /usr/bin/pulledpork.pl: No such file or directory
It is every day at 2:30, so I know is a cron job.
[root@gate ~]# ll /etc/cron.d
total 36
-rw-r--r--. 1 root root 128 Mar 31 2016 0hourly
-rw-r--r-- 1 root root 89 Jan 16 10:38 backup-config
-rw-r--r-- 1 root root 426 Oct 3 09:38 backup-data
-rw-r--r-- 1 root root 667 Jul 20 2015 clamav-unofficial-sigs
-rw------- 1 root root 203 Jun 13 2016 clamav-update
-rw-r--r--. 1 root root 159 Jul 21 2016 ptrack_purge
-rw-r--r-- 1 root root 83 Sep 28 02:12 pulledpork
-rw-r--r-- 1 root root 459 Jun 24 2015 sa-update
-rw-r--r-- 1 root root 61 Jan 17 10:59 shorewall-update-dst
[root@gate ~]# cat /etc/cron.d/pulledpork
30 2 * * * root /usr/bin/pulledpork.pl -c /etc/snort/pulledpork.conf -l >/dev/null
[root@gate ~]# /usr/bin/pulledpork.pl -c /etc/snort/pulledpork.conf -l
-bash: /usr/bin/pulledpork.pl: No such file or directory
[root@gate ~]# yum provides pulledpork.pl
Loaded plugins: changelog, fastestmirror, nethserver_events
Loading mirror speeds from cached hostfile
* base: mirror.steadfast.net
* epel: mirror.nodesdirect.com
* extras: mirror.steadfast.net
* nethforge: mirror.nethserver.org
* nethserver-base: mirror.nethserver.org
* nethserver-updates: mirror.nethserver.org
* updates: mirror.steadfast.net
pulledpork-0.7.2-1.ns7.noarch : Pulled_Pork is tool written in perl for managing Snort rule sets.
Repo : nethserver-base
Matched from:
Filename : /usr/bin/pulledpork.pl
[root@gate ~]# yum info pulledpork
Loaded plugins: changelog, fastestmirror, nethserver_events
Loading mirror speeds from cached hostfile
* base: mirror.steadfast.net
* epel: mirror.nodesdirect.com
* extras: mirror.steadfast.net
* nethforge: mirror.nethserver.org
* nethserver-base: mirror.nethserver.org
* nethserver-updates: mirror.nethserver.org
* updates: mirror.steadfast.net
Installed Packages
Name : pulledpork
Arch : noarch
Version : 0.7.2
Release : 2.el7
Size : 139 k
Repo : installed
From repo : epel
Summary : Pulled Pork for Snort and Suricata rule management
URL : https://github.com/shirkdog/pulledpork
License : GPLv2+
Description : Pulled Pork for Snort and Suricata rule management (from Google code).
In conclusion, the pulledpork.pl file is in the pulledpork package form nethserver repo, but apparently there is a newer version in epel. So I tried to install the one from nethserver repo:
yum remove pulledpork
yum --disablerepo=epel install pulledpork
yum install nethserver-pulledpork
yum install nethserver-snort
The script pulledpork.pl fails again because suricata is not installed. so I just did “yum install suricata” and It worked:
[root@gate ~]# /usr/bin/pulledpork.pl -c /etc/snort/pulledpork.conf -l
https://github.com/shirkdog/pulledpork
_____ ____
`----,\ )
`--==\\ / PulledPork v0.7.2 - E.Coli in your water bottle!
`--==\\/
.-~~~~-.Y|\\_ Copyright (C) 2009-2015 JJ Cummings
@_/ / 66\_ cummingsj@gmail.com
| \ \ _(")
\ /-| ||'--' Rules give me wings!
\_\ \_\\
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Rules tarball download of community-rules.tar.gz....
IP Blacklist download of http://talosintelligence.com/feeds/ip-filter.blf....
Reading IP List...
Checking latest MD5 for emerging.rules.tar.gz....
They Match
Done!
Prepping rules from emerging.rules.tar.gz for work....
Done!
Prepping rules from community-rules.tar.gz for work....
Done!
Reading rules...
Blacklist version is unchanged, not updating!
Activating balanced rulesets....
Done
Processing /etc/snort/enablesid.conf....
Modified 0 rules
Done
Processing /etc/snort/dropsid.conf....
Modified 843 rules
Done
Processing /etc/snort/disablesid.conf....
Modified 0 rules
Done
Setting Flowbit State....
Enabled 4 flowbits
Enabled 1 flowbits
Done
Writing /etc/suricata/rules/suricata.rules....
Done
Generating sid-msg.map....
Done
Writing v1 /etc/snort/sid-msg.map....
Done
Writing /var/log/sid_changes.log....
Done
Rule Stats...
New:-------25460
Deleted:---0
Enabled Rules:----11
Dropped Rules:----843
Disabled Rules:---24606
Total Rules:------25460
No IP Blacklist Changes
Done
Please review /var/log/sid_changes.log for additional details
Fly Piggy Fly!
But now I have the problem that “yum update” tries to replace pulledpork with the epel version.
Is this a bug?
1 Like
Ok, fixed with:
yum --enablerepo=nethserver-testing update pulledpork
Thank you.
1 Like
Hi. Sorry I’m bringing this back to life, but I’m getting this problem again.
I know what is causing the error and how to fix. But I need to be clear about a couple of things here:
There is a package named “pulledpork” in nethserver-base repo and in EPEL repo. Which of them should I have installed?
The “yum update” command installs the EPEL version of pulledpork because is “greater” than the one of nethserver-base. Is this right? Is there a bug in the repo?
Does EPEL need to be enabled? It was enabled since I first installed nethserver, and I have assumed it is a essential part of the system. But some say it should be disabled:
Neth Server 6.8
Hello I have been getting emails from my server stating this:
/bin/sh: /usr/bin/pulledpork.pl: No such file or directory
Is their a way to stop this error from occurring?
This is live environment.
Thanks so much!!
Please guide me here. Thank you.
From nethserver-base.
EPEL began to offer pulledpork some weeks ago, their version can’t work on NS6.8.
EPEL must be disabled on NS6.8
On NS7 EPEL is enabled by default.
So you should:
disable epel
yum downgrade pulledpork
I’m using NS7. I see a lot of packages installed from EPEL:
[root@gate ~]# yum list installed | grep @epel
altermime.x86_64 0.3.10-10.el7 @epel
amavisd-new.noarch 2.10.1-5.el7 @epel
arj.x86_64 3.10.22-22.el7 @epel
cabextract.x86_64 1.5-1.el7 @epel
certbot.noarch 0.9.3-1.el7 @epel
clamav.x86_64 0.99.2-1.el7 @epel
clamav-data-empty.noarch 0.99.2-1.el7 @epel
clamav-filesystem.noarch 0.99.2-1.el7 @epel
clamav-lib.x86_64 0.99.2-1.el7 @epel
clamav-server.x86_64 0.99.2-1.el7 @epel
clamav-server-systemd.noarch 0.99.2-1.el7 @epel
clamav-unofficial-sigs.noarch 3.7.2-1.el7 @epel
clamav-update.x86_64 0.99.2-1.el7 @epel
collectd.x86_64 5.7.1-1.el7 @epel
collectd-ping.x86_64 5.7.1-1.el7 @epel
collectd-rrdtool.x86_64 5.7.1-1.el7 @epel
daq.x86_64 2.0.6-1.el7 @epel
@epel
duplicity.x86_64 0.7.11-2.el7 @epel
epel-release.noarch 7-9 @epel
freeze.x86_64 2.5.0-16.el7 @epel
hddtemp.x86_64 0.3-0.31.beta15.el7 @epel
hiredis.x86_64 0.12.1-1.el7 @epel
inxi.noarch 2.3.8-1.el7 @epel
jemalloc.x86_64 3.6.0-1.el7 @epel
libnetfilter_queue.x86_64 1.0.2-2.el7 @epel
liboping.x86_64 1.6.2-2.el7 @epel
librsync.x86_64 1.0.0-1.el7 @epel
libsodium.x86_64 1.0.5-1.el7 @epel
libtomcrypt.x86_64 1.17-23.el7 @epel
libtommath.x86_64 0.42.0-4.el7 @epel
lrzip.x86_64 0.616-5.el7 @epel
luajit.x86_64 2.0.4-3.el7 @epel
ncftp.x86_64 2:3.2.5-7.el7 @epel
nomarch.x86_64 1.4-11.el7 @epel
openpgm.x86_64 5.2.122-2.el7 @epel
p7zip.x86_64 16.02-2.el7 @epel
p7zip-plugins.x86_64 16.02-2.el7 @epel
perl-BerkeleyDB.x86_64 0.51-4.el7 @epel
perl-Convert-BinHex.noarch 1.119-20.el7 @epel
perl-Convert-TNEF.noarch 0.18-2.el7 @epel
perl-Convert-UUlib.x86_64 2:1.5-1.el7 @epel
perl-GDGraph.noarch 1:1.44-15.el7 @epel
perl-GDGraph3d.noarch 0.63-23.el7 @epel
perl-GDTextUtil.noarch 0.86-23.el7 @epel
perl-MIME-tools.noarch 5.505-1.el7 @epel
perl-Razor-Agent.x86_64 2.85-15.el7 @epel
perl-Sys-Hostname-Long.noarch 1.5-1.el7 @epel
perl-Unix-Syslog.x86_64 1.1-17.el7 @epel
pulledpork.noarch 0.7.2-2.el7 @epel
python-GnuPGInterface.noarch 0.3.2-11.el7 @epel
python2-acme.noarch 0.9.3-1.el7 @epel
python2-boto.noarch 2.44.0-1.el7 @epel
python2-certbot.noarch 0.9.3-1.el7 @epel
python2-configargparse.noarch 0.11.0-1.el7 @epel
python2-crypto.x86_64 2.6.1-13.el7 @epel
python2-ecdsa.noarch 0.13-4.el7 @epel
python2-paramiko.noarch 1.16.1-2.el7 @epel
python2-rsa.noarch 3.4.1-1.el7 @epel
python2-simplejson.x86_64 3.10.0-1.el7 @epel
redis.x86_64 2.8.19-2.el7 @epel
shorewall.noarch 5.0.14.1-2.el7 @epel
shorewall-core.noarch 5.0.14.1-2.el7 @epel
suricata.x86_64 3.2.1-1.el7 @epel
unzoo.x86_64 4.4-16.el7 @epel
zeromq.x86_64 4.1.4-5.el7 @epel
I know that disabling EPEL won’t remove the packages. Should I downgrade them too?
I was referring only to NS 6.8.
Since you’re on NS7 you shouldn’t follow my instructions above.
I can’t reproduce you issue on NS7:
# /usr/bin/pulledpork -c /etc/pulledpork/pulledpork.conf -l
https://github.com/shirkdog/pulledpork
_____ ____
`----,\ )
`--==\\ / PulledPork v0.7.2 - E.Coli in your water bottle!
`--==\\/
.-~~~~-.Y|\\_ Copyright (C) 2009-2016 JJ Cummings
@_/ / 66\_ cummingsj@gmail.com
| \ \ _(")
\ /-| ||'--' Rules give me wings!
\_\ \_\\
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Checking latest MD5 for community-rules.tar.gz....
They Match
Done!
IP Blacklist download of http://talosintelligence.com/feeds/ip-filter.blf....
Reading IP List...
Checking latest MD5 for emerging.rules.tar.gz....
They Match
Done!
Writing Blacklist File /etc/suricata/rules/iplists/default.blacklist....
Writing Blacklist Version 876110436 to /etc/suricata/rules/iplistsIPRVersion.dat....
Writing /var/log/sid_changes.log....
Done
No Rule Changes
IP Blacklist Stats...
Total IPs:-----24165
Done
Please review /var/log/sid_changes.log for additional details
Fly Piggy Fly!
Ok, so to be clear, in NS7 the “pulledpork” package should come from EPEL?
Yes, NS7 use pulledpork from EPEL.
When we developed NS 6.8, pulledpork was not available from EPEL, so we had to build our own and we still use it only on 6.8.
1 Like