Emerging Threats Open rules md5 download failed.
-
Re: Emerging Threats Open rules file download failed. Bad MD5 checksum.
Getting this error on a fresh install, tried rebooting, increased /tmp & /var folders, but no luck.
Suricata update from CLI works fine.
Any idea how to resolve this?
-
Do you have any other packages installed such as Squid or Squidguard?
Are you using RAM Disks?
What version of pfSense and the Suricata package are you using?
-
@bmeeks Squid is installed but not enabled.
RAM disks are not enabled. Installed PfSense 2.4.5-RELEASE-p1 (amd64) and Suricata at 5.0.4_2.
-
@vsp2979 said in Emerging Threats Open rules md5 download failed.:
@bmeeks Squid is installed but not enabled.
RAM disks are not enabled. Installed PfSense 2.4.5-RELEASE-p1 (amd64) and Suricata at 5.0.4_2.
Make sure that Squid is actually not running. It can definitely cause issues depending on its configuration. This issue crops up periodically and it is almost always something on the user's end. The most common issue is enabling RAM Disks and not making them large enough to hold all the files a rules update downloads. But you say you do not have RAM Disks enabled.
Do you have any other rules enabled for download such as the Snort Subscriber or Snort GPLv2 Community Rules? If so, are they downloading?
Suricata update from CLI works fine.
I'm not sure what you mean by this statement. That utility is not configured nor used on pfSense as the GUI code takes care of all updating. Did you manually set it up?
-
@bmeeks Same error/issue with other Snort rules as well. I tried to configure Suricata with Just Emerging Threat rules, same error.
Starting rules update... Time: 2021-02-04 11:39:02
Downloading Emerging Threats Open rules md5 file...
Emerging Threats Open rules md5 download failed.
Server returned error code 0.
Server error message was: Resolving timed out after 10010 milliseconds
Emerging Threats Open rules will not be updated.
Downloading Snort VRT rules md5 file...
Snort VRT rules md5 download failed.
Server returned error code 0.
Server error message was: Resolving timed out after 10006 milliseconds
Snort VRT rules will not be updated.
Downloading Snort GPLv2 Community Rules md5 file...
Snort GPLv2 Community Rules md5 download failed.
Server returned error code 0.
Server error message was: Resolving timed out after 10003 milliseconds
Snort GPLv2 Community Rules will not be updated.
The Rules update has finished. Time: 2021-02-04 11:44:04Starting rules update... Time: 2021-02-04 11:50:08
Downloading Emerging Threats Open rules md5 file...
Emerging Threats Open rules md5 download failed.
Server returned error code 0.
Server error message was: Resolving timed out after 10011 milliseconds
Emerging Threats Open rules will not be updated.
The Rules update has finished. Time: 2021-02-04 11:51:49I just ran suricata update command, not seeing same error.
-
@vsp2979 said in Emerging Threats Open rules md5 download failed.:
@bmeeks Same error/issue with other Snort rules as well. I tried to configure Suricata with Just Emerging Threat rules, same error.
Starting rules update... Time: 2021-02-04 11:39:02
Downloading Emerging Threats Open rules md5 file...
Emerging Threats Open rules md5 download failed.
Server returned error code 0.
Server error message was: Resolving timed out after 10010 milliseconds
Emerging Threats Open rules will not be updated.
Downloading Snort VRT rules md5 file...
Snort VRT rules md5 download failed.
Server returned error code 0.
Server error message was: Resolving timed out after 10006 milliseconds
Snort VRT rules will not be updated.
Downloading Snort GPLv2 Community Rules md5 file...
Snort GPLv2 Community Rules md5 download failed.
Server returned error code 0.
Server error message was: Resolving timed out after 10003 milliseconds
Snort GPLv2 Community Rules will not be updated.
The Rules update has finished. Time: 2021-02-04 11:44:04Starting rules update... Time: 2021-02-04 11:50:08
Downloading Emerging Threats Open rules md5 file...
Emerging Threats Open rules md5 download failed.
Server returned error code 0.
Server error message was: Resolving timed out after 10011 milliseconds
Emerging Threats Open rules will not be updated.
The Rules update has finished. Time: 2021-02-04 11:51:49I just ran suricata update command, not seeing same error.
I don't know what it is, but your firewall is broken if none of the MD5 files will download. It is something in your configuration.
The suricata update command is not part of the pfSense package setup. It is not configured for anything, so running it does nothing. It has no valid configuration unless you manually edited its configuration file via the command line. The GUI package completely ignores suricata update. Running it is worthless. It is not showing an error because it is most likely not doing anything.
I would completely remove Squid, and then reboot your firewall to see what happens with rule updates then.
-
@bmeeks Thanks for clarifying. Was hoping to find some resolution on these boards. Planning to delete Suricata plugin for now, will try it again in future probably next update!!
