[Solved] IDS Rule Updating fails after Upgrade to Core 127

Questions to IPFire Addons.
Post Reply
User avatar
cbrown
Posts: 38
Joined: December 29th, 2017, 11:54 pm
Location: Texas

[Solved] IDS Rule Updating fails after Upgrade to Core 127

Post by cbrown » February 8th, 2019, 12:34 am

The issue stems from the switch to Snort version 2.9.12.

ids-update.pl fails to get Talos VRT rules from snort.org after upgrading to Core 127. The issue is with the file name string used to read the md5 file at the snort server. The snort server expects a five digit value for version string as part of the file name when fetching rules for Snort 2.9.12. It expects the value with a trailing zero -- "29120". The current version of ids-update.pl produces the version string as "2912" -- without the trailing zero.

/var/log/messages shows idsupdate getting error fetching fie:
  • <snort.org>/rules/snortrules-snapshot-2912.tar.gz.md5
With teak forcing a '0' to be added to the snort version in the file name, ids-update.pl succeeds when getting file:
  • <snort.org>/rules/snortrules-snapshot-29120.tar.gz.md5

To get ids updates working for me, I added this (perhaps inelegant) bit of syntax at line 1100 of my local copy of ids-update.pl

Code: Select all

# If version string is less than 5 bytes, append a '0' to it
   $vrt_v .= '0' if(length($vrt_v) < 5);
Last edited by cbrown on March 9th, 2019, 2:06 pm, edited 1 time in total.
Production
Image
Testing
Image

Hellfire
Posts: 644
Joined: November 8th, 2015, 8:54 am

Re: IDS Rule Updating fails after Upgrade to Core 127

Post by Hellfire » February 16th, 2019, 3:18 pm

Thank you so much!

This solved an issue here, too!

Michael
Image

Post Reply