pulledpork3 - Trimmed down pulledpork.conf

pulledpork.conf

LightSPD_ruleset = true
oinkcode = [your oinkcode here]
snort_blocklist = true
et_blocklist = true
blocklist_path = /usr/local/etc/lists/default.blocklist
pid_path = /var/log/snort/snort.pid
ips_policy = security
rule_mode = simple
rule_path = /usr/local/etc/rules/snort.rules
local_rules = /usr/local/etc/rules/local.rules
ignored_files = includes.rules, snort3-deleted.rules
include_disabled_rules = true
sorule_path = /usr/local/etc/so_rules/
distro = ubuntu-x64
CONFIGURATION_NUMBER = 3.0.0.3

Hey folks! I wrote up a guide on how to install snort3, and pulledpork3 (among many other tools) manually. This is a trimmed down pulledpork.conf meant to help get readers started.

You'll need to modify the oinkcode on line 2 with an actual oinkcode from creating an account and either getting a registered or subscriber oinkcode for this configuration file to be complete.

Additionally, pay attention to line 15, and the value of CONFIGURATION_NUMBER. Currently the default pulledpork.conf says that this number does nothing, but with pulledpork2, if the version string of the config file didn't match the script's version number, the script would refuse to run. Compare this value to the value in the original pulledpork.conf that ships with pulledpork3.

If you're following my install guide, we backed this up to /usr/local/etc/snort/pulledpork/etc/pulledpork.conf.orig

But you can also check this value in the github repo for pulledpork3
This file is released under the MIT license