Version 8 - Error: does not exist, please create this directory

[ghost]

I'm on Windows. The error is happening in a new routine that was added for 8.0

Use of uninitialized value $dir_check in concatenation (.) or string at d:\winids\pulledpork\pulledpork.pl line 1720.
Error:  does not exist, please create this directory
at d:\winids\pulledpork\pulledpork.pl line 1720.
        main::check_file_dir("d:\\winids\\snort\\rules\\winids.rules") called at d:\winids\pulledpork\pulledpork.pl line 1872

The routine where the error is happening:

## Verify if directories or files actually exist
sub check_file_dir {
    my ($filedir_input) = @_;
    my ($dir_check, $file_check) = ($filedir_input =~ /(^.*)\/(.*)$/);
    if (!-d $dir_check && !-w $file_check) {
        croak
            "Error: $dir_check does not exist, please create this directory\n";
        exit(1);
    }
}

I have removed the winids.rules from my pulledpork.conf file thinking PP was just looking for a path, but no change in the error except it removed the winids.rules from the error message.

# What path you want the .rules file containing all of the processed 
# rules? (this value has changed as of 0.4.0, previously we copied 
# all of the rules, now we are creating a single large rules file
# but still keeping a separate file for your so_rules!
rule_path=d:\winids\snort\rules\winids.rules

The path does exist.

C:\Windows\system32>tree /F d:\winids\snort\rules
Folder PATH listing for volume Storage
Volume serial number is BAC6-CCE2
D:\WINIDS\SNORT\RULES
    black_list.rules
    experimental.rules
    local.rules
    white_list.rules
    winids.rules

No subfolders exist

[shirkdog]

Stupid Windows :) I will get this fixed up to work with various paths.

[shirkdog]

Try the latest pulledpork.pl and let me know if that works for you on windows.

[ghost]

I will give it a try and get back to you. I have a question because you may have changed the rule_path option. This below is what I have set for rule_path. I’ve named the rules file, Is it still that way, or do I need to remove the name leaving - rule_path=d:\winids\snort\rules\ rule_path=d:\winids\snort\rules\winids.rules Best regards, Michael... From: Michael Shirk <notifications@github.com> Sent: Monday, January 11, 2021 2:40 PM To: shirkdog/pulledpork <pulledpork@noreply.github.com> Cc: mesteele101 <michaels@go2dds.com>; Author <author@noreply.github.com> Subject: Re: [shirkdog/pulledpork] Version 8 - Error: does not exist, please create this directory (#353) Try the latest pulledpork.pl and let me know if that works for you on windows. — You are receiving this because you authored the thread. Reply to this email directly, <#353 (comment)> view it on GitHub, or <https://github.com/notifications/unsubscribe-auth/AAJWQ6VDBPP7YTIP55SOULTSZNHX5ANCNFSM4V4RUCBA> unsubscribe. <https://github.com/notifications/beacon/AAJWQ6SCJPPESY2NL364D6LSZNHX5A5CNFSM4V4RUCBKYY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOFUYN66Y.gif>

[shirkdog]

The "" is escaped to be "\" in the statement, so what I have added should fix it. I just do not have windows setup with ActiveState at the moment to test. You need to keep the file name as it is verifying the path and the filename exist.

[ghost]

I’m getting this: Prepping rules from snortrules-snapshot-29170.tar.gz for work.... Done! Reading rules... Can't find Unicode property definition "u" in regex; marked by <-- HERE in m/^d:\winids\pu <-- HERE lledpork\temp/tha_rules/.$/ at d:\winids\pulledpork\pulledpork.pl line 705. Best regards, Michael... From: Michael Shirk <notifications@github.com> Sent: Monday, January 11, 2021 3:10 PM To: shirkdog/pulledpork <pulledpork@noreply.github.com> Cc: mesteele101 <michaels@go2dds.com>; Author <author@noreply.github.com> Subject: Re: [shirkdog/pulledpork] Version 8 - Error: does not exist, please create this directory (#353) The "" is escaped to be "\" in the statement, so what I have added should fix it. I just do not have windows setup with ActiveState at the moment to test. — You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub <#353 (comment)> , or unsubscribe <https://github.com/notifications/unsubscribe-auth/AAJWQ6TSMNPWUISYZGEIUD3SZNLLBANCNFSM4V4RUCBA> . <https://github.com/notifications/beacon/AAJWQ6X4WX6D2YD2A7CHELDSZNLLBA5CNFSM4V4RUCBKYY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOFUYR7CY.gif>

[shirkdog]

Weird thing to appear, may be windows specific for the PCRE...try the latest latest.

[ghost]

Here is the latest run. I’m just updating the pulledpork.pl file. The uname is not an issue. 'uname' is not recognized as an internal or external command, operable program or batch file. Checking latest MD5 for snortrules-snapshot-29170.tar.gz.... Rules tarball download of snortrules-snapshot-29170.tar.gz.... They Match Done! Prepping rules from snortrules-snapshot-29170.tar.gz for work.... Done! Reading rules... Can't find Unicode property definition "u" in regex; marked by <-- HERE in m/^d:\winids\pu <-- HERE lledpork\temp/tha_rules/.$/ at d:\winids\pulledpork\pulledpork.pl line 706. Best regards, Michael... From: Michael Shirk <notifications@github.com> Sent: Monday, January 11, 2021 3:40 PM To: shirkdog/pulledpork <pulledpork@noreply.github.com> Cc: mesteele101 <michaels@go2dds.com>; Author <author@noreply.github.com> Subject: Re: [shirkdog/pulledpork] Version 8 - Error: does not exist, please create this directory (#353) Weird thing to appear, may be windows specific for the PCRE...try the latest latest. — You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub <#353 (comment)> , or unsubscribe <https://github.com/notifications/unsubscribe-auth/AAJWQ6U6VCTI7YHH6G52SG3SZNO2FANCNFSM4V4RUCBA> . <https://github.com/notifications/beacon/AAJWQ6SXAALI6GG75OJR6QLSZNO2FA5CNFSM4V4RUCBKYY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOFUYVX2Y.gif>

[shirkdog]

Can you try two variations of the rule_path in your pulledpork.conf?

rule_path=d:\\winids\\snort\\rules\\winids.rules
and
rule_path=d:/winids/snort/rules/winids.rules

If the top one works, than it was the slashes causing the filepath in the PCRE to be interpreted as UNICODE.

If the bottom one works, that is going to be the recommended path, and I will make note in the documentation.

[ghost]

The same error both ways: rule_path=d:/winids/snort/rules/winids.rules 'uname' is not recognized as an internal or external command, operable program or batch file. Checking latest MD5 for snortrules-snapshot-29170.tar.gz.... Rules tarball download of snortrules-snapshot-29170.tar.gz.... They Match Done! Prepping rules from snortrules-snapshot-29170.tar.gz for work.... Done! Reading rules... Can't find Unicode property definition "u" in regex; marked by <-- HERE in m/^d:\winids\pu <-- HERE lledpork\temp/tha_rules/.$/ at d:\winids\pulledpork\pulledpork.pl line 706. rule_path=d:\winids\snort\rules\winids.rules 'uname' is not recognized as an internal or external command, operable program or batch file. Checking latest MD5 for snortrules-snapshot-29170.tar.gz.... Rules tarball download of snortrules-snapshot-29170.tar.gz.... They Match Done! Prepping rules from snortrules-snapshot-29170.tar.gz for work.... Done! Reading rules... Can't find Unicode property definition "u" in regex; marked by <-- HERE in m/^d:\winids\pu <-- HERE lledpork\temp/tha_rules/.$/ at d:\winids\pulledpork\pulledpork.pl line 706. Best regards, Michael... From: Michael Shirk <notifications@github.com> Sent: Monday, January 11, 2021 5:00 PM To: shirkdog/pulledpork <pulledpork@noreply.github.com> Cc: mesteele101 <michaels@go2dds.com>; Author <author@noreply.github.com> Subject: Re: [shirkdog/pulledpork] Version 8 - Error: does not exist, please create this directory (#353) Can you try two variations of the rule_path in your pulledpork.conf? rule_path=d:\winids\snort\rules\winids.rules and rule_path=d:/winids/snort/rules/winids.rules If the top one works, than it was the slashes causing the filepath in the PCRE to be interpreted as UNICODE. If the bottom one works, that is going to be the recommended path, and I will make note in the documentation. — You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub <#353 (comment)> , or unsubscribe <https://github.com/notifications/unsubscribe-auth/AAJWQ6W3NNBB2WFV4MK3JM3SZNYHXANCNFSM4V4RUCBA> . <https://github.com/notifications/beacon/AAJWQ6WWYQHYCTHFCZMJ4HLSZNYHXA5CNFSM4V4RUCBKYY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOFUZACOQ.gif>

[ghost]

I was looking at the line with the error; could it be the “grep” that is causing the issue, as this is Windows? Best regards, Michael... From: Michael Shirk <notifications@github.com> Sent: Monday, January 11, 2021 5:00 PM To: shirkdog/pulledpork <pulledpork@noreply.github.com> Cc: mesteele101 <michaels@go2dds.com>; Author <author@noreply.github.com> Subject: Re: [shirkdog/pulledpork] Version 8 - Error: does not exist, please create this directory (#353) Can you try two variations of the rule_path in your pulledpork.conf? rule_path=d:\winids\snort\rules\winids.rules and rule_path=d:/winids/snort/rules/winids.rules If the top one works, than it was the slashes causing the filepath in the PCRE to be interpreted as UNICODE. If the bottom one works, that is going to be the recommended path, and I will make note in the documentation. — You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub <#353 (comment)> , or unsubscribe <https://github.com/notifications/unsubscribe-auth/AAJWQ6W3NNBB2WFV4MK3JM3SZNYHXANCNFSM4V4RUCBA> . <https://github.com/notifications/beacon/AAJWQ6WWYQHYCTHFCZMJ4HLSZNYHXA5CNFSM4V4RUCBKYY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOFUZACOQ.gif>

[shirkdog]

Hmm...can you move your directory to d:\winids\script instead of d:\winids\pulledpork.

If that works, its an issue where your path running on Windows must be escaped...that will be a different fix and it will be a different bug.

[ghost]

Just to get clarification: you want me to move ALL the contents of the d:\winids\pulledpork folder, files and folders to the d:\winids\script folder? You want me to put the UNTOUCHED pulledpork.pl file in the d:\winids\script folder, and not the one that I removed the problem code? Best regards, Michael... From: Michael Shirk <notifications@github.com> Sent: Tuesday, January 12, 2021 9:17 AM To: shirkdog/pulledpork <pulledpork@noreply.github.com> Cc: mesteele101 <michaels@go2dds.com>; Author <author@noreply.github.com> Subject: Re: [shirkdog/pulledpork] Version 8 - Error: does not exist, please create this directory (#353) Hmm...can you move your directory to d:\winids\script instead of d:\winids\pulledpork. If that works, its an issue where your path running on Windows must be escaped...that will be a different fix. — You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub <#353 (comment)> , or unsubscribe <https://github.com/notifications/unsubscribe-auth/AAJWQ6RY3HZ7GJI3SC3O3TDSZRKXDANCNFSM4V4RUCBA> . <https://github.com/notifications/beacon/AAJWQ6X6ERHCHBSNQG7FF43SZRKXDA5CNFSM4V4RUCBKYY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOFU4JM6Y.gif>

[shirkdog]

Correct, as a test. You opened this issue due to a bug in the check_file_dir subroutine...I have fixed that issue. Now it appears that on Windows the path is being interpreted as \p{} for unicode within the PCRE. If this test works, I will open another bug and close this out.

[ghost]

Weird that pullepork doesn’t work but script does. New setup and it works without altering the pulledpork.pl. C:\Windows\system32>perl d:\winids\script\pulledpork.pl -c d:\winids\script\etc\pulledpork.conf -T https://github.com/shirkdog/pulledpork

…

_____ ____ `----,\ ) `--==\\ / PulledPork v0.8.0 - The only positive thing to come out of 2020...well this and take-out liquor! `--==\\/ .-~~~~-.Y|\\_ Copyright (C) 2009-2021 JJ Cummings, Michael Shirk @_/ / 66\_ and the PulledPork Team! | \ \ _(") \ /-| ||'--' Rules give me wings! \_\ \_\\ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 'uname' is not recognized as an internal or external command, operable program or batch file. Checking latest MD5 for snortrules-snapshot-29170.tar.gz.... Rules tarball download of snortrules-snapshot-29170.tar.gz.... They Match Done! Prepping rules from snortrules-snapshot-29170.tar.gz for work.... Done! Reading rules... readline() on closed filehandle DATA at d:\winids\script\pulledpork.pl line 711. readline() on closed filehandle DATA at d:\winids\script\pulledpork.pl line 711. readline() on closed filehandle DATA at d:\winids\script\pulledpork.pl line 711. Reading rules... Activating security rulesets.... Done Modifying Sids.... Done! Processing d:\winids\script\etc\enablesid.conf.... Modified 0 rules Skipped 0 rules (already disabled) Done Processing d:\winids\script\etc\dropsid.conf.... Modified 0 rules Skipped 0 rules (already disabled) Done Processing d:\winids\script\etc\disablesid.conf.... Modified 0 rules Skipped 0 rules (already disabled) Done Setting Flowbit State.... Enabled 538 flowbits Done Writing d:\winids\snort\rules\winids.rules.... Done Generating sid-msg.map.... Done Writing v1 d:\winids\snort\etc\sid-msg.map.... Done Writing d:\winids\snort\log\sid_changes.log.... Done Rule Stats... New:-------0 Deleted:---0 Enabled Rules:----14996 Dropped Rules:----0 Disabled Rules:---26588 Total Rules:------41584 No IP Blocklist Changes Done Please review d:\winids\snort\log\sid_changes.log for additional details Fly Piggy Fly! Best regards, Michael... From: Michael Shirk <notifications@github.com> Sent: Tuesday, January 12, 2021 10:36 AM To: shirkdog/pulledpork <pulledpork@noreply.github.com> Cc: mesteele101 <michaels@go2dds.com>; Author <author@noreply.github.com> Subject: Re: [shirkdog/pulledpork] Version 8 - Error: does not exist, please create this directory (#353) Correct, as a test. You opened this issue due to a bug in the check_file_dir subroutine...I have fixed that issue. Now it appears that on Windows the path is being interpreted as \p{} for unicode within the PCRE. If this test works, I will open another bug and close this out. — You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub <#353 (comment)> , or unsubscribe <https://github.com/notifications/unsubscribe-auth/AAJWQ6VZTP3CNIVFLRFSQ53SZRT6DANCNFSM4V4RUCBA> . <https://github.com/notifications/beacon/AAJWQ6VZEFP4R74SZFNMBZTSZRT6DA5CNFSM4V4RUCBKYY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOFU4XDZI.gif>

[shirkdog]

Great, so the initial bug is fixed, this is a path issue with Windows paths. I will close this and open another issue to track.