Problems downloading custom rules in Suricata
-
Snort Rules Custom Download URL work fine. Here is local log from Apache Server:
192.168.1.1 - - [16/Dec/2020:13:52:59 -0500] "GET /snortrules-snapshot-29170.tar.gz.md5 HTTP/1.1" 200 4906 "-" "pfSense/2.4.5-RELEASE : 44454c4c-4300-1032-8031-cac04f433aaa"
192.168.1.1 - - [16/Dec/2020:13:52:59 -0500] "GET /snortrules-snapshot-29170.tar.gz HTTP/1.1" 200 132593762 "-" "pfSense/2.4.5-RELEASE : 44454c4c-4300-1032-8031-cac04f433aaa"but Snort GPLv2 Custom Rule Download URL (Community rules) not download. Here is local log from Apache Server:
192.168.1.1 - - [16/Dec/2020:13:25:02 -0500] "GET /community-rules.tar.gz/md5 HTTP/1.1" 404 4961 "-" "pfSense/2.4.5-RELEASE : 44454c4c-4300-1032-8031-cac04f433aaa"in GET log i see community-rules.tar.gz/md5 and it should be community-rules.tar.gz.md5
Can someone check if this also happens in Snort...
Any fix? -
@darvin
snortrules-snapshot-29170.tar.gz.md5
Snort on pfSense 2.5 and as far as I know the latest stable branch is 2.9.16.1 so perhap's
something has changed in the 2.9.17 branch. -
[Solved]
Edit file /usr/local/pkg/suricata/suricata_check_for_rule_updates.php
Modify line 448: Remplace /md5 with .md5 -
@darvin said in Problems downloading custom rules in Suricata:
[Solved]
Edit file /usr/local/pkg/suricata/suricata_check_for_rule_updates.php
Modify line 448: Remplace /md5 with .md5Good catch. Yes, that line is incorrect. Basically what that error will cause is new GPLv2 Community Rules will be downloaded with each periodic update check, whether there are actually new rules posted or not.
Anyway, I will see that it is fixed in the next release.
-
@bmeeks
Snort has the same problem...
Edit file /usr/local/pkg/snort/snort_check_for_rule_updates.php
Modify line 476: Remplace /md5 with .md5Both need an update fix.
Update: (Snort AppID Open Text Rules)
Edit file /usr/local/pkg/snort/snort_check_for_rule_updates.php
Modify line 451: Remplace /md5 with .md5 -
@darvin said in Problems downloading custom rules in Suricata:
@bmeeks
Snort has the same problem...
Edit file /usr/local/pkg/snort/snort_check_for_rule_updates.php
Modify line 476: Remplace /md5 with .md5Both need an update fix.
Update: (Snort AppID Open Text Rules)
Edit file /usr/local/pkg/snort/snort_check_for_rule_updates.php
Modify line 451: Remplace /md5 with .md5Okay. Thanks!