Snort signatures update issue?

Juve

http://www.snort.org/pub-bin/oinkmaster.cgi/[OINKCODE]/filename

The rules still downloads. The thing not working is the page giving updates information.

dalybrian

Snort still not working properly after update.

" Warning: file_get_contents(http://www.snort.org/pub-bin/oinkmaster.cgi): failed to open stream: HTTP request failed! HTTP/1.1 403 You must be a registered user with a valid oink code to download this file. in /usr/local/www/snort_download_rules.php on line 98 ".

Any further ideas on how to fix this?

rt_rex

New Version available
Current: 2.7.0.1_4

Guest

wierd..still see this when i reinstall snort

snort-2.7.0.1_1 100%

however i do see the 1_4 version when se what package that are installed

is this correct?
/F

dalybrian

Re-installed SNORT ( currently 2.7.0.1_4 ) & changed the code on line 98 ( to http://www.snort.org/pub-bin/oinkmaster.cgi from http://www.snort.org/pub-bin/download.cgi ) and currently getting:

" Warning: file_get_contents(http://www.snort.org/pub-bin/oinkmaster.cgi): failed to open stream: HTTP request failed! HTTP/1.1 403 You must be a registered user with a valid oink code to download this file. in /usr/local/www/snort_download_rules.php on line 98 "

I even got a new Oink Code & still getting the same Error. Is there any information on the SNORT website on this issue?

xdsl

After install snort, im try to update snort. (which cannot enter the rules; need to update first).

but it keep downloading till more than an hour. i already try for 2nd time.

any clue? Thanks in advance

kerim

Same goes to me. after i update snort package, i try to update snort rules, waiting for about 20 minutes+- to finished,then this message came out:

Warning: file_get_contents(http://www.snort.org/pub-bin/downloads.cgi): failed to open stream: HTTP request failed! HTTP/1.1 403 Forbidden in /usr/local/www/snort_download_rules.php on line 98 You last updated the ruleset: 2008-04-29

Your snort rulesets are up to date.

rbustos

Ok,,

This is not a snort or pfsense problem. This is a PHP issue, exactly with file_get_contents function, line 98 in /usr/local/www/snort_download_rules.php
  –>  $text = file_get_contents("$URL_SNORT");

I trying with a temporally "solution" using curl instead file_get_contents.

I have this on my script:

from /usr/local/www/snort_download_rules.php:

               sleep(1);
                $URL_SNORT="http://www.snort.org/pub-bin/downloads.cgi";

                $ch = curl_init();
                curl_setopt($ch, CURLOPT_HEADER, 0);
                curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
                curl_setopt($ch, CURLOPT_URL, $URL_SNORT);
                $text = curl_exec($ch);

                //$text = file_get_contents("$URL_SNORT",NULL);
                echo "

mevans336

Any update on this issue?

f.spierings

The issue lies in the fact that file_get_contents() does not send a user agent (or empty string), in this case.
I believe you are able to set the user agent in two ways:

• Specify the user agent in the php.ini (not checked)
• Specify the user agent in the script (checked - working)

An example would be (around line 98 /usr/local/www/snort_download_rules.php):

ini_set('user_agent','snort download script');
$text=file_get_contents("http://www.snort.org/pub-bin/downloads.cgi");

newfirewallman

So can i get a confirmation on what is working of the scripts, or reinstallation? I have 1.2 Release with Snort installed a week ago.

brookenmire

I have tried both fixes (curl and ini_set - seperatley) but finding that it takes forever to download the rules files no matter what I use.
If I download the exact same URL that /usr/local/www/snort_download_rules.php is using at the same time but on a desktop that is on the LAN net behind pfSense, it downloads in a couple of minutes. (no caches involved)

Multiple attempts on the pfSense box return the same results.
Traffic shaper is turned off and pfSense is 1.2 prod.

ls on the temp dir (eg /tmp/snortRulesJ0rIr3/) show it downloading, but very slow ..
-rw-r–r--  1 root  wheel  167363 Jun 14 20:02 snortrules-snapshot-CURRENT.tar.gz
-rw-r--r--  1 root  wheel  6637801 Jun 14 20:26 snortrules-snapshot-CURRENT.tar.gz

Once done, the rules file is a complete file, but Snort downloading seems to hang and does not download the md5 hash.

Is there any other additional hacking needs to be done to the snort_download_rules.php file to allow it to progress ?
Does anybody have the above fixes to consistently work ?

Thanks.