[Solved] Snort GPLv2 Community Rules - Unable to download checksum file

bmeeks · Feb 25, 2021, 2:20 PM

@ddepaolis said in Snort GPLv2 Community Rules - Unable to download checksum file:

@bmeeks
So will it be available an update for Snort to apply through "Package Manager" ?
Thanks and regards !

If the new snort3-community-rules file is compatible, then yes, I will update the GUI code to work with it. That will take several days to make the change and have the pfSense developers review and post it to the Package Manager.

However, if it turns out the new file is really only designed for the Snort3 binary, then "no", there will not be an update to allow its use. Snort on pfSense uses the 2.9.x binary version, not the Snort3 binary.

I've sent an email to the Talos team asking about compatibility and if the filename change is an oversight or a planned migration.

monotypeTattoo · Feb 25, 2021, 2:39 PM

@bmeeks thank you for the swift update.

bmeeks · Feb 25, 2021, 2:57 PM

I've heard back from the Talos/Snort team. They are investigating. I think this was just a mistake on their part. Hopefully it self-corrects soon.

I will post further updates as I have them.

elvisimprsntr · Feb 25, 2021, 3:35 PM

@bmeeks

I disabled use custom URL and performed a manual update.

seems to have download and v2 snort rules now.

bmeeks · Feb 25, 2021, 3:40 PM

It is fixed now. It was a problem on the Snort/Talos side. They have restored the older Community Rules file now.

I've marked this thread as [Solved].

ddepaolis · Feb 25, 2021, 4:14 PM

I confirm, I finished to update once again all my rules, GPLv2 too, and I completed on both my PFSense platforms. Really thanks so much for this quick support !

crsesilva · Mar 26, 2021, 11:31 PM

Hello,

Just wondering if anyone else has this problem again?

"pfSense CE 2.5.0" "Snort Package Version 4.1.3_2"

https://www.snort.org/downloads/community/snort-community-rules.tar.gz.md5 returns 404 (File not found)
https://www.snort.org/downloads/community/snort3-community-rules.tar.gz.md5 returns 200 and is a thing.

I'm sorry to post in a resolved topic, but I believe we have the problem again.

Thanks.

slu · Mar 27, 2021, 8:50 PM

@crsesilva
yes same here:

Starting rules update...  Time: 2021-03-27 11:07:31
        [...]
	Downloading Snort GPLv2 Community Rules md5 file community-rules.tar.gz.md5...
	Snort GPLv2 Community Rules md5 download failed.
	Server returned error code 404.
	Server error message was: 404 Not Found
	Snort GPLv2 Community Rules will not be updated.

crsesilva · Mar 27, 2021, 8:50 PM

@slu

Today, in a new download attempt, I was successful.

Looking at the download options page for snort.org in the community, Snort v2.9 appeared again. Yesterday, only Snort v3.0 available.

I want to believe that it is a one-off mistake and not forcing us to go immediately to Snort 3.0.

Thanks.
Cheers.

monotypeTattoo · Apr 23, 2021, 6:35 AM

This seems to be back:

Downloading Snort GPLv2 Community Rules md5 file community-rules.tar.gz.md5...
	Snort GPLv2 Community Rules md5 download failed.
	Server returned error code 404.
	Server error message was: 404 Not Found

It looks like the Snort v2.9 community rules have been removed again?

monotypeTattoo · Jul 21, 2021, 8:01 AM

Once again the Snort v2.9 community rules have been removed:

Excerpt from update log:

	Downloading Snort GPLv2 Community Rules md5 file community-rules.tar.gz.md5...
	Snort GPLv2 Community Rules md5 download failed.
	Server returned error code 404.
	Server error message was: 404 Not Found
	Snort GPLv2 Community Rules will not be updated.

bmeeks · Jul 21, 2021, 12:58 PM

Yes, I noticed this as well during some Suricata testing in a VM. This is a problem the Snort team will have to resolve.

Do NOT attempt to use the Snort3 rules with the 2.9.x binary! If you use any Snort3 rules with either Snort or Suricata, you will break your installation to the point the only recovery method is to remove the package and reinstall it.

bmeeks · Jul 22, 2021, 7:54 AM

This issue has once again been solved by the Snort Rules Team. The GPLv2 Community Rules for Snort 2.9.x are available.

monotypeTattoo · Jul 22, 2021, 7:54 AM

@bmeeks Thank you.

I did send an email enquiry linking to this thread and describing the problem. I received a very brief reply effectively denying the problem.

I suspect the process that creates the community-rules.tar.gz file possibly breaks on occasion?

bmeeks · Jul 22, 2021, 12:53 PM

@monotypetattoo said in [Solved] Snort GPLv2 Community Rules - Unable to download checksum file:

@bmeeks Thank you.

I did send an email enquiry linking to this thread and describing the problem. I received a very brief reply effectively denying the problem.

I suspect the process that creates the community-rules.tar.gz file possibly breaks on occasion?

From the little bit I understand via previous email conversations with some of the Snort team members, this is an automated process. It sometimes hiccups, and I guess now that Snort3 is their main focus, they don't always notice if the 2.9.x rules packages fail to build and post correctly.

xperttech · Jul 31, 2023, 1:00 PM

Hi all, I'm new to pfSense.
I just installed it over the weekend and have this very issue from the start. My gateway has never seen the GPLv2 Community Rules for Snort 2.0.x. I find that it has happened a few times in years past. Seems to be back.
Do we need to keep reminding someone to fix this automated process?
Thanks!

bmeeks · Aug 1, 2023, 12:51 PM

@xperttech said in [Solved] Snort GPLv2 Community Rules - Unable to download checksum file:

Hi all, I'm new to pfSense.
I just installed it over the weekend and have this very issue from the start. My gateway has never seen the GPLv2 Community Rules for Snort 2.0.x. I find that it has happened a few times in years past. Seems to be back.
Do we need to keep reminding someone to fix this automated process?
Thanks!

This would be something you should take up with the Snort team. Perhaps by joining their mailing list here: https://seclists.org/snort/.

You should also be aware that if you have a Snort VRT subscription ~~(or are registered for their free 30-day aged rules)~~, then you do not need to download the GPL v2 Community Rules separately as they are included within the subscriber ~~and registered~~ packages.

Edited: found out only paid subscribers have the GPLv2 Community Rules included within that archive. Registered users (non-paying) get an archive that does not include the GPLv2 Rules.

DefenderLLC · Aug 1, 2023, 2:43 AM

@bmeeks said in [Solved] Snort GPLv2 Community Rules - Unable to download checksum file:

@xperttech said in [Solved] Snort GPLv2 Community Rules - Unable to download checksum file:

Hi all, I'm new to pfSense.
I just installed it over the weekend and have this very issue from the start. My gateway has never seen the GPLv2 Community Rules for Snort 2.0.x. I find that it has happened a few times in years past. Seems to be back.
Do we need to keep reminding someone to fix this automated process?
Thanks!

This would be something you should take up with the Snort team. Perhaps by joining their mailing list here: https://seclists.org/snort/.

You should also be aware that if you have a Snort VRT subscription (or are registered for their free 30-day aged rules), then you do not need to download the GPL v2 Community Rules separately as they are included within the subscriber and registered packages.

I’m having the same exact issue although I’m a paid subscriber, so I just disabled the community rules. Something definitely happened in the last few days.

Update: It looks like Snort removed the community ruleset for v2.9.. #Shocker

https://www.snort.org/downloads#rules

fireodo · Aug 1, 2023, 10:31 AM

@DefenderLLC said in [Solved] Snort GPLv2 Community Rules - Unable to download checksum file:

Something definitely happened in the last few days.

I guess asking Talos would bring clarity ... ;-)

slu · Aug 1, 2023, 1:04 PM

@bmeeks
any change to bring SNORT 3.x to pfSense?
I guess this is much work, otherwise you would have done it a long time ago?