Snort Updating issue (SSL)
-
You are having an SSL cURL error:
Apr 11 18:14:59 php-fpm 12254 /snort/snort_download_updates.php: [Snort] Rules download error: SSL certificate problem: self signed certificate in certificate chain
Maybe you need to make an exception in squid? It's failing on a "self-signed certificate".
i have Block rule as shown in pic which allows direct connection , I am using squid with wpad (Non transparent ) so there shouldnt b self signed cert error
Rule Set Name/Publisher MD5 Signature Hash MD5 Signature Date Snort VRT Rules b93880acfbcdd064ad894a1bfb9bc500 Wednesday, 20-Apr-16 00:09:30 IST Snort GPLv2 Community Rules fb7314e7d71c8cd3fcdf821fec9e01bc Friday, 15-Apr-16 14:53:43 IST Emerging Threats Open Rules 8ccb168cfdb2fe0d4a4f805b840e345d Sunday, 24-Apr-16 00:07:15 IST Snort OpenAppID Detectors 6575e2e2d2ae00cfd2d6726538f8deaa Friday, 15-Apr-16 14:53:43 IST
for me issue started after upgrading to 2.3
then due to this issue i even did a fresh install and still i am facing the same issue on fresh install , help
Time Process PID Message Apr 25 10:00:10 php [pfBlockerNG] No changes to Firewall rules, skipping Filter Reload Apr 25 10:00:00 php [pfBlockerNG] Starting cron process. Apr 25 09:45:23 check_reload_status Syncing firewall Apr 25 09:45:23 php-cgi snort_check_for_rule_updates.php: [Snort] The Rules update has finished. Apr 25 09:45:23 php-cgi snort_check_for_rule_updates.php: [Snort] Removed 0 obsoleted rules category files. Apr 25 09:45:23 php-cgi snort_check_for_rule_updates.php: [Snort] Hide Deprecated Rules is enabled. Removing obsoleted rules categories. Apr 25 09:45:23 php-cgi snort_check_for_rule_updates.php: [Snort] Emerging Threats Open rules are up to date... Apr 25 09:45:22 php-cgi snort_check_for_rule_updates.php: [Snort] Snort GPLv2 Community Rules file download failed... server returned error '0'... Apr 25 09:45:22 php-cgi snort_check_for_rule_updates.php: File 'community-rules.tar.gz' download attempts: 4 ... Apr 25 09:45:07 php-cgi snort_check_for_rule_updates.php: [Snort] Will retry in 15 seconds... Apr 25 09:45:07 php-cgi snort_check_for_rule_updates.php: [Snort] Rules download error: SSL certificate problem: self signed certificate in certificate chain Apr 25 09:44:52 php-cgi snort_check_for_rule_updates.php: [Snort] Will retry in 15 seconds... Apr 25 09:44:52 php-cgi snort_check_for_rule_updates.php: [Snort] Rules download error: SSL certificate problem: self signed certificate in certificate chain Apr 25 09:44:37 php-cgi snort_check_for_rule_updates.php: [Snort] Will retry in 15 seconds... Apr 25 09:44:37 php-cgi snort_check_for_rule_updates.php: [Snort] Rules download error: SSL certificate problem: self signed certificate in certificate chain Apr 25 09:44:22 php-cgi snort_check_for_rule_updates.php: [Snort] Will retry in 15 seconds... Apr 25 09:44:22 php-cgi snort_check_for_rule_updates.php: [Snort] Rules download error: SSL certificate problem: self signed certificate in certificate chain Apr 25 09:44:20 php-cgi snort_check_for_rule_updates.php: [Snort] There is a new set of Snort GPLv2 Community Rules posted. Downloading community-rules.tar.gz... Apr 25 09:44:19 php-cgi snort_check_for_rule_updates.php: [Snort] Snort OpenAppID detectors are up to date... Apr 25 09:44:18 php-cgi snort_check_for_rule_updates.php: [Snort] Snort VRT rules file download failed... server returned error '0'... Apr 25 09:44:18 php-cgi snort_check_for_rule_updates.php: File 'snortrules-snapshot-2980.tar.gz' download attempts: 4 ... Apr 25 09:44:03 php-cgi snort_check_for_rule_updates.php: [Snort] Will retry in 15 seconds... Apr 25 09:44:03 php-cgi snort_check_for_rule_updates.php: [Snort] Rules download error: SSL certificate problem: self signed certificate in certificate chain Apr 25 09:43:48 php-cgi snort_check_for_rule_updates.php: [Snort] Will retry in 15 seconds... Apr 25 09:43:48 php-cgi snort_check_for_rule_updates.php: [Snort] Rules download error: SSL certificate problem: self signed certificate in certificate chain Apr 25 09:43:45 php-cgi servicewatchdog_cron.php: Could not send the message to info@cbdatasource.com -- Error: 535 Incorrect authentication data Apr 25 09:43:33 php-cgi snort_check_for_rule_updates.php: [Snort] Will retry in 15 seconds... Apr 25 09:43:33 php-cgi snort_check_for_rule_updates.php: [Snort] Rules download error: SSL certificate problem: self signed certificate in certificate chain Apr 25 09:43:15 php-cgi snort_check_for_rule_updates.php: [Snort] Will retry in 15 seconds... Apr 25 09:43:15 php-cgi snort_check_for_rule_updates.php: [Snort] Rules download error: SSL certificate problem: self signed certificate in certificate chain Apr 25 09:43:14 php-cgi snort_check_for_rule_updates.php: [Snort] There is a new set of Snort VRT rules posted. Downloading snortrules-snapshot-2980.tar.gz... Apr 25 09:43:07 xinetd 22114 Reconfigured: new=0 old=1 dropped=0 (services)
-
Firewall rules have nothing at all to do with your Snort rules update problem. It is complaining about the certificate trust chain. There either is, or your configuration makes cURL think there is, a self-signed certificate in the chain.
Have you tried removing Squid entirely for a test to see if the rules download then? The Snort code uses the built-in system function cURL() to download updates. That function is called with a parameter set to verify SSL peers (in other words, check the certification trust chain). That check is failing on your system because of the some specific configuration you have. My bet is the problem is with Squid.
Bill