Monday, May 13, 2013

Another quick post - fix to aanval installer script

Hello AS users,

A recent message from an Autosnort user, sm00th brought a problem to my attention regarding the aanval installer script. I've discovered that there is a problem with the wget command used to download the aanval installer. This is what happens when I attempt to wget the file manually:

root@CG:~# wget https://www.aanval.com/download/pickup -O aanval.tar.gz
--2013-05-13 16:13:59--  https://www.aanval.com/download/pickup
Resolving www.aanval.com (www.aanval.com)... 173.160.180.147
Connecting to www.aanval.com (www.aanval.com)|173.160.180.147|:443... connected.
ERROR: no certificate subject alternative name matches
        requested host name `www.aanval.com'.
To connect to www.aanval.com insecurely, use `--no-check-certificate'.

There is some sort of a certificate problem with aanval.com. The wget command says to try using --no-check-certificate:

root@CG:~# wget https://www.aanval.com/download/pickup -O aanval.tar.gz --no-check-certificate
--2013-05-13 16:14:27--  https://www.aanval.com/download/pickup
Resolving www.aanval.com (www.aanval.com)... 173.160.180.147
Connecting to www.aanval.com (www.aanval.com)|173.160.180.147|:443... connected.
WARNING: no certificate subject alternative name matches
        requested host name `www.aanval.com'.
HTTP request sent, awaiting response... 200 OK
Length: 6703589 (6.4M) [application/octet-stream]
Saving to: `aanval.tar.gz'

100%[=========================================================================================================================================================>] 6,703,589    586K/s   in 12s

2013-05-13 16:14:40 (529 KB/s) - `aanval.tar.gz' saved [6703589/6703589]

root@CG:~# echo $?
0

good news: This allows you to pick up the tarball for installing aanval
bad news: The certificate for aanval.com isn't being checked -- this means we're still using SSL to connect to aanval.com and pick up the package, but we aren't checking the certificate to see who signed it, and/or what site it was signed for.

Unfortnately, the problem is out of my hands. I submitted a quick fix to github.com that adds the --no-check-certificate option to allow us to fix the package.

Regards,

DA_667

p.s. Yes, I'm still working on snorby. Hit a bit of a road bump. I thought I had the full installation down, and now, for some reason the snorby database refuses to update. at all. So, as I said before, I want to run through the entire snorby installation process without a single error. Once I can do that... I'll release the Ubuntu snorby script, then Debian, Then probably CentOS last.

Cheers!



Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)