Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Snort package v3.2.9.1_14 Update – Release Notes

    IDS/IPS
    3
    5
    1.9k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • bmeeksB
      bmeeks
      last edited by

      Snort is back!  This updates the Snort GUI package to support the new 2.9.8.3 binary and the corresponding 2.9.8.3 VRT rules.

      New Features
      1. Option added on GLOBAL SETTINGS tab to allow disabling the SSL Peer Verify function when downloading rule updates. This will help users utilizing self-signed certs on proxies. The new feature defaults to "off" (which is the old behavior).  If you are having SSL certificate problems during rule updates, try checking (enabling) this new option.

      2. For better international support, the display of the date for alerts was changed to the ISO-8601 format of YYYY-mm-dd on the ALERTS and BLOCKED tabs.

      Bug Fixes
      1. Sensitive Data alert data types are saving correctly, but selected alert types are not marked as "selected" in drop-down on PREPROCESSORS tab.

      2. On SUPPRESS tab, when editing a suppression list line wrapping should be disabled.

      When editing a suppression list on the SUPPRESS tab, you can use the little handle in the lower right-hand corner of the control window to expand the control horizontally to make it wider (so as to make the horizontal scrollbar disappear).

      Bill

      1 Reply Last reply Reply Quote 0
      • D
        dread
        last edited by

        Hi,

        Sounds great, many many thanks!

        But I still see no update available.

        I'm running pfSense on pfSense/Netgate hardware and have Snort paid subscription.

        Should I just wait or consider reinstalling the package? Currenty since EOL I have been running Snort with ET and free community rules as a fallback option.

        1 Reply Last reply Reply Quote 0
        • B
          battles
          last edited by

          Really nice, thanks for your work.  Update installed correctly after I figured out how to do it (was in Installed Packages).  First time I have seen anything in Snort VRT Rules.  I am adding all the install diagnostics below.

          Installed Rule Set MD5 Signature
          Rule Set Name/Publisher MD5 Signature Hash MD5 Signature Date
          """Snort VRT Rules 533a35c27d0f9e6b3c5d2bcfee881d36 Thursday, 07-Jul-16 16:53:56 CDT"""
          Snort GPLv2 Community Rules 24d67c23e8463a05f98791c165064b66 Thursday, 07-Jul-16 16:53:58 CDT
          Emerging Threats Open Rules f9945b8d845222b374598f0e7fb1e621 Thursday, 07-Jul-16 16:54:02 CDT
          Snort OpenAppID Detectors 5ffa8d252cb15ccd52f1a25c41f00049 Thursday, 07-Jul-16 16:53:56 CDT

          Upgrading pfSense-pkg-snort…
          Updating pfSense-core repository catalogue...
          pfSense-core repository is up-to-date.
          Updating pfSense repository catalogue...
          pfSense repository is up-to-date.
          All repositories are up-to-date.
          The following 2 package(s) will be affected (of 0 checked):

          Installed packages to be UPGRADED:
          pfSense-pkg-snort: 3.2.9.1_13 -> 3.2.9.1_14 [pfSense]
          snort: 2.9.8.0_1 -> 2.9.8.3 [pfSense]

          The process will require 2 MiB more space.
          1 MiB to be downloaded.
          Fetching pfSense-pkg-snort-3.2.9.1_14.txz: …....... done
          Fetching snort-2.9.8.3.txz: .......... done
          Checking integrity... done (0 conflicting)
          [1/2] Upgrading snort from 2.9.8.0_1 to 2.9.8.3…
          [1/2] Extracting snort-2.9.8.3: …....... done
          [2/2] Upgrading pfSense-pkg-snort from 3.2.9.1_13 to 3.2.9.1_14…
          Removing snort components...
          Menu items... done.
          Services... done.
          Loading package instructions...
          [2/2] Extracting pfSense-pkg-snort-3.2.9.1_14: …....... done
          Saving updated package information...
          overwrite!
          Loading package configuration... done.
          Configuring package components...
          Loading package instructions...
          Custom commands...
          Executing custom_php_install_command()...Saved settings detected.
          Migrating settings to new configuration... done.
          Downloading Snort VRT rules md5 file... done.
          Checking Snort VRT rules md5 file... done.
          There is a new set of Snort VRT rules posted.
          Downloading snortrules-snapshot-2983.tar.gz... done.
          Downloading Snort OpenAppID detectors md5 file... done.
          Checking Snort OpenAppID detectors md5 file... done.
          There is a new set of Snort OpenAppID detectors posted.
          Downloading snort-openappid.tar.gz... done.
          Downloading Snort GPLv2 Community Rules md5 file... done.
          Checking Snort GPLv2 Community Rules md5 file... done.
          There is a new set of Snort GPLv2 Community Rules posted.
          Downloading community-rules.tar.gz... done.
          Downloading Emerging Threats Open rules md5 file... done.
          Checking Emerging Threats Open rules md5 file... done.
          There is a new set of Emerging Threats Open rules posted.
          Downloading emerging.rules.tar.gz... done.
          Installing Sourcefire VRT rules...Copying md5 signature to snort directory... done.
          Installing Snort OpenAppID detectors...Copying md5 signature to snort directory... done.
          Installing Snort GPLv2 Community Rules... done.
          Installing Emerging Threats Open rules...Copying md5 signature to snort directory... done.
          Updating rules configuration for: WAN ... done.
          Cleaning up temp dirs and files... done.
          The Rules update has finished.
          Generating snort.conf configuration file from saved settings.
          Generating configuration for WAN...
          done.
          Generating snort.sh script in /usr/local/etc/rc.d/... done.
          Finished rebuilding Snort configuration files.
          done.
          Executing custom_php_resync_config_command()...
          done.
          Menu items... done.
          Services... done.
          Writing configuration... done.
          Please visit Services - Snort - Interfaces tab first and select your desired rules. Afterwards visit the Updates tab to download your configured rulesets.Message from snort-2.9.8.3:

          Snort uses rcNG startup script and must be enabled via /etc/rc.conf
          Please see /usr/local/etc/rc.d/snort
          for list of available variables and their description.
          Configuration files are located in /usr/local/etc/snort directory.

          Please note that, by default, snort will truncate packets larger than the
          default snaplen of 15158 bytes.  Additionally, LRO may cause issues with
          Stream5 target-based reassembly.  It is recommended to disable LRO, if
          your card supports it.

          This can be done by appending '-lro' to your ifconfig_ line in rc.conf.

          Message from pfSense-pkg-snort-3.2.9.1_14:
          Please visit Services - Snort - Interfaces tab first to add an interface, then select your desired rules packages at the Services - Snort - Global tab. Afterwards visit the Updates tab to download your configured rulesets.

          Cleaning up cache... done.
          Success

          pfSense 2.3.4-RELEASE-p1 (i386)
          FreeBSD 10.3-RELEASE-p19
          pfBlockerNG 2.1.2_1
          Snort Security 3.2.9.5_3
          Intel(R) Atom(TM) CPU N270 @ 1.60GHz

          1 Reply Last reply Reply Quote 0
          • bmeeksB
            bmeeks
            last edited by

            @dread:

            Hi,

            Sounds great, many many thanks!

            But I still see no update available.

            I'm running pfSense on pfSense/Netgate hardware and have Snort paid subscription.

            Should I just wait or consider reinstalling the package? Currenty since EOL I have been running Snort with ET and free community rules as a fallback option.

            The Netgate devices have their own packages repository in order to optimize performance on that hardware – at least they used to have their own separate repository.  The Snort package update probably has not been migrated over there yet.  You can contact Netgate support directly and ask them about it.

            Bill

            1 Reply Last reply Reply Quote 0
            • D
              dread
              last edited by

              Thanks a lot for your advice.

              So I send an e-mail to Voleatech, Germany, they said that the update is not in the official update catalogue yet, and promised to look the issue.

              Very soon I got an another email that the issue will be resolved soon.

              And now the latest package is available, and I just upgraded. Everything is working well now.

              Many thanks!

              1 Reply Last reply Reply Quote 0
              • First post
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.