NOTICE: Snort or Suricata users with ET-Pro subscriptions or using ET-Open rules
-
UPDATE: You may or may not be impacted by this. I have one user who reported a problem, but I tested a virtual machine I have and it still works fine. Both versions of the URL still resolve and work on my testing VM. So if you are not noticing a problem with ET rule updates, ignore this post.
Users of Emerging Threats rules with the Snort package may encounter issues downloading rule updates. It seems the download URL construction recently changed. The URL includes a Snort version string that was "2.9.0" but appears to have recently changed to "2.9.7".
If you are not getting Emerging Threats rule updates, you can make the following file edit on your system while awaiting a patch.
Edit the file /usr/local/pkg/snort/snort_defs.inc.
Find this section of code:
if (!defined("ET_VERSION")) define("ET_VERSION", "2.9.0");and change it to read as follows:
if (!defined("ET_VERSION")) define("ET_VERSION", "2.9.7");I will push a permanent fix for this soon.
Bill
-
Working fine for me with the ET open rules. Just tried it again manually to make sure and it's working.
-
Working fine for me with the ET open rules. Just tried it again manually to make sure and it's working.
Thanks for the verification. It may be an isolated problem. The user who reported it had just recently renewed his ET-Pro subscription (but his subscriber code did not change). Don't know if that had anything to do with it or not. He is working with Emerging Threats tech support.
If your ET rules are continuing to update normally, then no file edit is necessary. Usually the ET rules have an update daily.
Bill
-
Mine had updated automatically last might at midnight as schedule but I did a manual update just to check it and see.
Both seem to be functioning normally for me.
