VRT rules failed



  • Hi ,

    After the pfSense update 2.3.1-RELEASE-p5 (amd64)

    Snort VTR rules download failed

    MD5 Signature Hash not downloaded , MD5 Signature Date not downloaded

    Snort GPLv2 Community Rules is OK

    Emerging Threats Open Rules is OK

    Can anybody help me solve this problem ?



  • Known issue… Snort EOL'ed the current pfSense version.

    bmeeks has submitted pull requests for updates to be made available... just waiting on pfSense to make it available.

    https://forum.pfsense.org/index.php?topic=114449.msg636406#msg636406



  • Thx very much  8)



  • By the way , can anybody tel me why is Snort 2.9.8.0 so quick E.O.L ?

    Normally we get a few weeks time to upgrade to the new version.

    Now we get the message "and we should upgrade immediately."

    Any reasons for this quick upgrade ?



  • It's not a quick EoL. The we were on a legacy version so there was an announcement 3 months before support was dropped. Snort expects everyone to stay on the current version or the prior version.

    https://www.snort.org/eol

    Snort Version Snort Certified Rule Set
    Current Version Updates Provided
    Prior Version Updates Provided*
    Legacy Versions Updates cease 90 days following the release date of the Current Version*

    Chad



  • ok thx , i think i missed a announcement email  :o



  • Sorry guys … my fault for being late submitting the update pull request.  The Snort 2.9.8.3 update was a little late getting into the FreeBSD ports tree, and then I missed my own deadline posting the update for review by the pfSense team.  I did not get the update posted until very late this past Friday evening.  The updated package is posted to the DEVEL tree of pfSense and should be in the RELEASE tree in a day or two.  The Independence Day holiday weekend here in the U.S. is another contributor to the delay.

    Once the updated 3.2.9.1_14 package appears, then Snort will work again.  That update includes the new 2.9.8.3 Snort binary and will use the 2.9.8.3 rules.  Suricata will work with any VRT rules version, but the Snort binary is locked to only matching rules versions.  This is a decision made by the Snort developers.

    Bill


Log in to reply