Snort Updating problems !!!

djnicofun · Jul 25, 2010, 8:50 PM

hi,

Ok thanck you, but i have already read this post, i would like know if an official update of this package will be done or not ?

best regards.

jimp · Jul 26, 2010, 9:57 PM

Well they're tricky guys there at Sourcefire. There were a couple things wrong with the rule downloads:

1. The URL changed.
2. They now redirect you to an Amazon s3 URL to get the actual rules
3. The Amazon url is HTTPS.

So I fixed the URL, changed a redirect option, and I had to disable cURL's SSL validation, but now the rules download for me.

The new package version is up now, give it a try and see if it works.

c0urier · Jul 26, 2010, 9:54 PM

Giving it a try now. Will post back soon!

Update:
Seems to be working just fine - Rules updated and Snort running. Thanks jimp!!!

netmethods · Jul 27, 2010, 12:48 AM

I tried it on all 3 of my pfSense boxes and is working fine. Thanks again Jim!

-Jason

DigitalJer · Jul 27, 2010, 1:13 AM

Looking good here!

Many thanks…

A Former User · Jul 27, 2010, 1:45 AM

I uninstalled the old package and installed the new one and updated it no problem did a port scan test and all is working (fingers crossed) . ;D

tester_02 · Jul 27, 2010, 2:45 AM

Question for those brave people that updated (no going back) :)
Premium rules or basic rules?

Hoping people have tested both…

LostInIgnorance · Jul 27, 2010, 3:06 AM

I used the subscribed rules and everything is working great over here

DigitalJer · Jul 27, 2010, 3:37 AM

Basic working fine for me.

tester_02 · Jul 27, 2010, 5:01 AM

Thanks for the feedback! I'll give it a whirl…

chowtamah · Jul 27, 2010, 7:09 AM

Thanks Jimp.

Snort now updates and works fine. (with Basic rules)

Guest · Jul 27, 2010, 1:06 PM

The updates are working fine now when I manually click update button, the version info states it is still package v 1.27 when it is actually 1.30.

Also, there is still that issue with rules getting enabled after updates. This is starting to become a pain. I know that this was discussed before and not sure if there is a fix.

I have a lot of rules that need to be disabled in certain categories I have to run, but everytime I get updates, it will enable the rules I disabled. Also it appears that the systems I am running are not getting updates automatically on the set time frame. I have a premium VRT license and currently running 8 PFsense boxes that all have the same issue.

Thanks for any help.

jimp · Jul 27, 2010, 1:11 PM

@darklogic82:

The updates are working fine now when I manually click update button, the version info states it is still package v 1.27 when it is actually 1.30.

Also, there is still that issue with rules getting enabled after updates. This is starting to become a pain. I know that this was discussed before and not sure if there is a fix.

I have a lot of rules that need to be disabled in certain categories I have to run, but everytime I get updates, it will enable the rules I disabled. Also it appears that the systems I am running are not getting updates automatically on the set time frame. I have a premium VRT license and currently running 8 PFsense boxes that all have the same issue.

Thanks for any help.

Those are separate issues from this thread, really. You might start a new thread for each of those issues separately, unless one already exists. I think there may already be some threads out there for the rules getting disabled.

Hopefully the normal package maintainer returns soon and can work on this a bit. I stepped in to fix the updates mentioned in this thread at the request of a commercial support customer, I'd have to spend quite a bit more time looking at the package to even speculate on fixes for the other issues.

Hugovsky · Jul 27, 2010, 1:21 PM

Working good on 2.0. Thanks for the fix jimp.

tehtrk · Jul 27, 2010, 2:59 PM

It works great. ;D

You da man, JimP

dszp · Jul 27, 2010, 10:31 PM

I will try this soon, thanks JimP! The man who "wrote the book" wrote the snort fix :-) And probably quite a bit of pfSense itself, though I don't know the full extent of his contributions :-)

nocer · Jul 28, 2010, 11:54 PM

thanks jimp, fix that you provided makes my daily update jobs very easy, because I have been fetch/extract/install every single day by hand which is, annoying.

now that my concern is how you can conpromise longer i/f names that looks like 2.0 specific issue which won't snort from starting at the booting, or any other attempt. i tricked some diy for i/f naming but none of those were permanent fix, system will assign a new name, everytime reload the box.

any thoughts and ideas appreciated.

cheers,

jimp · Jul 29, 2010, 12:19 AM

@nocer:

now that my concern is how you can conpromise longer i/f names that looks like 2.0 specific issue which won't snort from starting at the booting, or any other attempt. i tricked some diy for i/f naming but none of those were permanent fix, system will assign a new name, everytime reload the box.

That's a matter for a separate thread.

Since the updates now work for everyone (so far) this particular issue is closed. If it breaks again, it'll be a new issue, and other problems should be in new threads.

Locking the topic. :-)