VRT rules failed

Soonie

Hi ,

After the pfSense update 2.3.1-RELEASE-p5 (amd64)

Snort VTR rules download failed

MD5 Signature Hash not downloaded , MD5 Signature Date not downloaded

Snort GPLv2 Community Rules is OK

Emerging Threats Open Rules is OK

Can anybody help me solve this problem ?

MikeV7896

Known issue… Snort EOL'ed the current pfSense version.

bmeeks has submitted pull requests for updates to be made available... just waiting on pfSense to make it available.

https://forum.pfsense.org/index.php?topic=114449.msg636406#msg636406

Soonie

Thx very much  8)

Soonie

By the way , can anybody tel me why is Snort 2.9.8.0 so quick E.O.L ?

Normally we get a few weeks time to upgrade to the new version.

Now we get the message "and we should upgrade immediately."

Any reasons for this quick upgrade ?

cciechad

It's not a quick EoL. The we were on a legacy version so there was an announcement 3 months before support was dropped. Snort expects everyone to stay on the current version or the prior version.

https://www.snort.org/eol

Snort Version Snort Certified Rule Set
Current Version Updates Provided
Prior Version Updates Provided*
Legacy Versions Updates cease 90 days following the release date of the Current Version*

Chad

Soonie

ok thx , i think i missed a announcement email  :o

bmeeks

Sorry guys … my fault for being late submitting the update pull request.  The Snort 2.9.8.3 update was a little late getting into the FreeBSD ports tree, and then I missed my own deadline posting the update for review by the pfSense team.  I did not get the update posted until very late this past Friday evening.  The updated package is posted to the DEVEL tree of pfSense and should be in the RELEASE tree in a day or two.  The Independence Day holiday weekend here in the U.S. is another contributor to the delay.

Once the updated 3.2.9.1_14 package appears, then Snort will work again.  That update includes the new 2.9.8.3 Snort binary and will use the 2.9.8.3 rules.  Suricata will work with any VRT rules version, but the Snort binary is locked to only matching rules versions.  This is a decision made by the Snort developers.

Bill