2.0 RC1 - SNORT Rules



  • First things first…

    Name pfsense.localdomain
    Version 2.0-RC1 (i386)
    built on Fri Apr 1 21:22:49 EDT 2011
    You are on the latest version.

    I installed SNORT via the package and entered my OinkCode.  Assigned WAN to SNORT and started it.  I then went to Updates and forced an update.  When I go to Services -->  Snort --> Updates, this is what I see:

    INSTALLED SIGNATURE RULESET

    SNORT.ORG >>>  N/A
    EMERGINGTHREATS.NET >>>  N/A
    PFSENSE.ORG >>>  102

    Should there be some kind of version listed for SNORT.ORG?

    TIA,

    John



  • i can also confirm this on:
    2.0-RC1 (i386)
    built on Sat Feb 26 16:33:51 EST 2011



  • I just ried to force another update…same result.

    I am seeing the following in the system log but I am not sure if it is importance:

    Apr 2 16:13:22 SnortStartup[43509]: Snort HARD Reload For 19427_bge0…
    Apr 2 16:13:22 snort[43237]: FATAL ERROR: Failed to Lock PID File "/var/log/snort/run/snort_bge019427.pid" for PID "43237"
    Apr 2 16:13:22 snort[43237]: FATAL ERROR: Failed to Lock PID File "/var/log/snort/run/snort_bge019427.pid" for PID "43237"
    Apr 2 16:13:22 snort[43237]: PID path stat checked out ok, PID path set to /var/log/snort/run
    Apr 2 16:13:22 snort[43237]: PID path stat checked out ok, PID path set to /var/log/snort/run
    Apr 2 16:13:22 snort[43237]: Checking PID path…
    Apr 2 16:13:22 snort[43237]: Checking PID path…
    Apr 2 16:13:22 snort[43237]: Daemon initialized, signaled parent pid: 42837
    Apr 2 16:13:22 snort[43237]: Daemon initialized, signaled parent pid: 42837
    Apr 2 16:13:22 snort[42837]: Daemon parent exiting
    Apr 2 16:13:22 snort[42837]: Daemon parent exiting
    Apr 2 16:13:22 snort[42837]: Initializing daemon mode
    Apr 2 16:13:22 snort[42837]: Initializing daemon mode
    Apr 2 16:13:22 snort[42837]: Initializing Network Interface bge0
    Apr 2 16:13:22 snort[42837]: Initializing Network Interface bge0
    Apr 2 16:13:22 snort[42837]: Verifying Preprocessor Configurations!
    Apr 2 16:13:22 snort[42837]: Verifying Preprocessor Configurations!
    Apr 2 16:13:22 snort[42837]: Rule application order: activation->dynamic->pass->drop->alert->log
    Apr 2 16:13:22 snort[42837]: Rule application order: activation->dynamic->pass->drop->alert->log



  • Looks like I got an update overnight:

    SNORT.ORG >>>  "4e65d3dfa6cf8f804d053d7fa0c44c2e"
    EMERGINGTHREATS.NET >>>  N/A
    PFSENSE.ORG >>>  102
    

    John



  • Same here.  Seems like the Oink/Snort db service was offline etc. when I tried to connect.  Last night mine updated as well.

    Now the big question becomes - how many of those rules to turn on? :)

    Dayblade


Log in to reply