Snort GPLv2 community rules expected MD5 checksum blank.
-
Is there a reason you cannot update the problem firewall to version 2.0.3? There are some differences in the versions, and the last two Snort package updates have been aimed at 2.0.3 and higher. It is very possible the latest Snort package is making a call to a pfSense core function that is maybe different in 2.0.3 as opposed to 2.0.2.
Bill
-
Is there a reason you cannot update the problem firewall to version 2.0.3? There are some differences in the versions, and the last two Snort package updates have been aimed at 2.0.3 and higher. It is very possible the latest Snort package is making a call to a pfSense core function that is maybe different in 2.0.3 as opposed to 2.0.2.
Bill
Thanks for the suggestion, I did not realize the latest package was intended for 2.0.3. I will be trying this out as soon as possible and will report back.
-
Thanks for the suggestion, I did not realize the latest package was intended for 2.0.3. I will be trying this out as soon as possible and will report back.
Oh…and one other thing I forgot to mention. Make sure that for some reason Snort or something else has not blocked the Amazon S3 web services site the GPLv2 rules download from. Have you verified that you can download the rules manually on the firewall using this URL?
https://s3.amazonaws.com/snort-org/www/rules/community/
Bill
-
Long delay in getting back, had to wait for approval to update the firewall. After updating to pfSense 2.0.3 it is updating the community rules perfectly fine.
-
Long delay in getting back, had to wait for approval to update the firewall. After updating to pfSense 2.0.3 it is updating the community rules perfectly fine.
Thanks for the feedback.
Bill
-
I'm having the same issue here on a fresh install of pfSense 2.1-Release (amd64). Reinstalled using the LiveCD earlier today. Snort version is 2.9.4.6 pkg v. 2.6.0.
Here is the update log:
Starting rules update... Time: 2013-10-22 01:35:38 Downloading Snort VRT md5 file 'snortrules-snapshot-2946.tar.gz.md5'... Checking Snort VRT md5 file... Snort VRT rules are up to date. Downloading Snort GPLv2 Community Rules md5 file 'community-rules.tar.gz.md5'... Checking Snort GPLv2 Community Rules md5. There is a new set of Snort GPLv2 Community Rules posted. Downloading file 'community-rules.tar.gz'... Snort GPLv2 Community Rules file download failed. Community Rules will not be updated. Downloaded Snort GPLv2 file MD5: ab0cccfa35521644db9fcad742424748 Expected Snort GPLv2 file MD5: Downloading EmergingThreats md5 file 'emerging.rules.tar.gz.md5'... Checking EmergingThreats md5. Emerging Threats rules are up to date. The Rules update has finished. Time: 2013-10-22 01:35:40Bill, I tried going to the s3.amazonaws.com link you posted earlier, and it reports the following:
<error>`NoSuchKey` <message>The specified key does not exist.</message> <key>www/rules/community/</key> <requestid>D3BA1644E61E45D6</requestid> <hostid>5okCu9GW2t1rmGIBv3H2i83YqrBRmvTe+37Fq0cdJa9WJTvqjRC3YQmie8tL/pLL</hostid></error>Any thoughts?
Thanks so much in advance, and thank you for all you do contributing to this package.
-Greg -
I'm having the same issue here on a fresh install of pfSense 2.1-Release (amd64). Reinstalled using the LiveCD earlier today. Snort version is 2.9.4.6 pkg v. 2.6.0.
Any thoughts?
Thanks so much in advance, and thank you for all you do contributing to this package.
-GregLet me take a look. I don't use the Community Rules since I have a paid subscription. I can check one of my test VMs to see what's going on. Could be the URL changed or something. I hope that's not it, though, because that is currently hard-coded in the PHP code.
Bill
-
One of my test virtual machines I leave running all the time downloaded the latest Snort GPLv2 Community Rules just fine today. Here is the log file entry from the update:
Starting rules update... Time: 2013-10-22 15:15:01 Downloading Snort VRT md5 file 'snortrules-snapshot-2955.tar.gz.md5'... Checking Snort VRT md5 file... There is a new set of Snort VRT rules posted. Downloading file 'snortrules-snapshot-2955.tar.gz'... Done downloading rules file. Downloading Snort GPLv2 Community Rules md5 file 'community-rules.tar.gz.md5'... Checking Snort GPLv2 Community Rules md5. There is a new set of Snort GPLv2 Community Rules posted. Downloading file 'community-rules.tar.gz'... Done downloading Snort GPLv2 Community Rules file. Extracting and installing Snort GPLv2 Community Rules... Installation of Snort GPLv2 Community Rules completed. Downloading Emerging Threats Pro md5 file 'etpro.rules.tar.gz.md5'... Checking Emerging Threats Pro md5. Emerging Threats Pro rules are up to date. Extracting and installing Snort VRT rules... Using Snort VRT precompiled SO rules for FreeBSD-8-1 ... Installation of Snort VRT rules completed. Copying new config and map files... Updating rules configuration for: WAN ... Updating rules configuration for: LAN ... Restarting Snort to activate the new set of rules... Snort has restarted with your new set of rules. The Rules update has finished. Time: 2013-10-22 15:15:59So it looks like things are OK, or at least they were at 15:15 U.S. Eastern Time today.
INFO: An astute review of the log file above will reveal this test VM downloaded the Snort 2.9.5.5 rules package. That's because it is loaded with the newest Snort package version I have running on pfSense in test mode. Hope to release this update to the public early in November. It has lots of new capability in the preprocessors area plus a few cosmetic tweaks in the GUI. It will be Snort 2.9.5.5 pkg v.3.0.0 when released.
Bill
-
You're right, I just looked and it downloaded. Must have been a hiccup.
Thanks so much for the quick response. Sorry it ended up being nothing (but then again, very glad it was nothing). ;D
-
You're right, I just looked and it downloaded. Must have been a hiccup.
Thanks so much for the quick response. Sorry it ended up being nothing (but then again, very glad it was nothing). ;D
I tried to make the newest rules update code as robust as possible. It will try 4 times, with a 15-second pause in between each try, before it gives up completely and bails on any given ruleset to move on to the next one. The idea was to get past any temporary Internet glitches. Of course if the site is unavailable for more than 60 seconds, those rules will not download until the next scheduled update.
Bill
