[Solved] Snort GPLv2 Community Rules - Unable to download checksum file
-
@monotypetattoo
I've been same identical issue from this morning, on two different PFSense platforms. The first one with version "2.4.4-RELEASE-p1" and the second one with latest version available "2.5.0-RELEASE".When I try to do "Update rules" or "Force update rules" manually I receive error HTTP404:
Feb 25 12:31:20 php 90254 [Snort] Server returned error code 404...
This's complete log:
Starting rules update... Time: 2021-02-25 12:58:37
Downloading Snort Subscriber rules md5 file snortrules-snapshot-29170.tar.gz.md5...
Checking Snort Subscriber rules md5 file...
Snort Subscriber rules are up to date.
Downloading Snort GPLv2 Community Rules md5 file community-rules.tar.gz.md5...
Snort GPLv2 Community Rules md5 download failed.
Server returned error code 404.
Server error message was: 404 Not Found
Snort GPLv2 Community Rules will not be updated.
Downloading Emerging Threats Open rules md5 file emerging.rules.tar.gz.md5...
Checking Emerging Threats Open rules md5 file...
There is a new set of Emerging Threats Open rules posted.
Downloading file 'emerging.rules.tar.gz'...
Done downloading rules file.
Extracting and installing Emerging Threats Open rules...
Installation of Emerging Threats Open rules completed.
Copying new config and map files...
Updating rules configuration for: WAN ...
Restarting Snort to activate the new set of rules...
Snort has restarted with your new set of rules.
The Rules update has finished. Time: 2021-02-25 12:59:40 -
This is a known issue. The Snort team has renamed the file on their website to snort3-community-rules.tar.gz. I am first checking to ascertain if this new version is even compatible with the Snort 2.9.x binary used on pfSense. It might be compatible with the new Snort3 binary only.
If it is compatible with the older 2.9.x binary, then I will need to make several changes in the Snort and Suricata GUI code to accomodate this filename change. Until then, you may as well disable use of the Snort GPLv2 Community Rules as they will not update.
I will post updates as I have them.
-
@bmeeks
So will it be available an update for Snort to apply through "Package Manager" ?
Thanks and regards ! -
@ddepaolis said in Snort GPLv2 Community Rules - Unable to download checksum file:
@bmeeks
So will it be available an update for Snort to apply through "Package Manager" ?
Thanks and regards !If the new snort3-community-rules file is compatible, then yes, I will update the GUI code to work with it. That will take several days to make the change and have the pfSense developers review and post it to the Package Manager.
However, if it turns out the new file is really only designed for the Snort3 binary, then "no", there will not be an update to allow its use. Snort on pfSense uses the 2.9.x binary version, not the Snort3 binary.
I've sent an email to the Talos team asking about compatibility and if the filename change is an oversight or a planned migration.
-
@bmeeks thank you for the swift update.
-
I've heard back from the Talos/Snort team. They are investigating. I think this was just a mistake on their part. Hopefully it self-corrects soon.
I will post further updates as I have them.
-
I disabled use custom URL and performed a manual update.
seems to have download and v2 snort rules now.
-
It is fixed now. It was a problem on the Snort/Talos side. They have restored the older Community Rules file now.
I've marked this thread as [Solved].
-
I confirm, I finished to update once again all my rules, GPLv2 too, and I completed on both my PFSense platforms. Really thanks so much for this quick support !
-
Hello,
Just wondering if anyone else has this problem again?
"pfSense CE 2.5.0" "Snort Package Version 4.1.3_2"
https://www.snort.org/downloads/community/snort-community-rules.tar.gz.md5 returns 404 (File not found)
https://www.snort.org/downloads/community/snort3-community-rules.tar.gz.md5 returns 200 and is a thing.I'm sorry to post in a resolved topic, but I believe we have the problem again.
Thanks.
-
@crsesilva
yes same here:Starting rules update... Time: 2021-03-27 11:07:31 [...] Downloading Snort GPLv2 Community Rules md5 file community-rules.tar.gz.md5... Snort GPLv2 Community Rules md5 download failed. Server returned error code 404. Server error message was: 404 Not Found Snort GPLv2 Community Rules will not be updated.
-
Today, in a new download attempt, I was successful.
Looking at the download options page for snort.org in the community, Snort v2.9 appeared again. Yesterday, only Snort v3.0 available.
I want to believe that it is a one-off mistake and not forcing us to go immediately to Snort 3.0.
Thanks.
Cheers. -
This seems to be back:
Downloading Snort GPLv2 Community Rules md5 file community-rules.tar.gz.md5... Snort GPLv2 Community Rules md5 download failed. Server returned error code 404. Server error message was: 404 Not Found
It looks like the Snort v2.9 community rules have been removed again?
-
Once again the Snort v2.9 community rules have been removed:
Excerpt from update log:
Downloading Snort GPLv2 Community Rules md5 file community-rules.tar.gz.md5... Snort GPLv2 Community Rules md5 download failed. Server returned error code 404. Server error message was: 404 Not Found Snort GPLv2 Community Rules will not be updated.
-
Yes, I noticed this as well during some Suricata testing in a VM. This is a problem the Snort team will have to resolve.
Do NOT attempt to use the Snort3 rules with the 2.9.x binary! If you use any Snort3 rules with either Snort or Suricata, you will break your installation to the point the only recovery method is to remove the package and reinstall it.
-
This issue has once again been solved by the Snort Rules Team. The GPLv2 Community Rules for Snort 2.9.x are available.
-
@bmeeks Thank you.
I did send an email enquiry linking to this thread and describing the problem. I received a very brief reply effectively denying the problem.
I suspect the process that creates the
community-rules.tar.gz
file possibly breaks on occasion? -
@monotypetattoo said in [Solved] Snort GPLv2 Community Rules - Unable to download checksum file:
@bmeeks Thank you.
I did send an email enquiry linking to this thread and describing the problem. I received a very brief reply effectively denying the problem.
I suspect the process that creates the
community-rules.tar.gz
file possibly breaks on occasion?From the little bit I understand via previous email conversations with some of the Snort team members, this is an automated process. It sometimes hiccups, and I guess now that Snort3 is their main focus, they don't always notice if the 2.9.x rules packages fail to build and post correctly.
-
-
Hi all, I'm new to pfSense.
I just installed it over the weekend and have this very issue from the start. My gateway has never seen the GPLv2 Community Rules for Snort 2.0.x. I find that it has happened a few times in years past. Seems to be back.
Do we need to keep reminding someone to fix this automated process?
Thanks! -
@xperttech said in [Solved] Snort GPLv2 Community Rules - Unable to download checksum file:
Hi all, I'm new to pfSense.
I just installed it over the weekend and have this very issue from the start. My gateway has never seen the GPLv2 Community Rules for Snort 2.0.x. I find that it has happened a few times in years past. Seems to be back.
Do we need to keep reminding someone to fix this automated process?
Thanks!This would be something you should take up with the Snort team. Perhaps by joining their mailing list here: https://seclists.org/snort/.
You should also be aware that if you have a Snort VRT subscription
(or are registered for their free 30-day aged rules), then you do not need to download the GPL v2 Community Rules separately as they are included within the subscriberand registeredpackages.Edited: found out only paid subscribers have the GPLv2 Community Rules included within that archive. Registered users (non-paying) get an archive that does not include the GPLv2 Rules.