Project

General

Profile

Actions
Copy link

Bug #2688

closed
KK SB

filemd5 files are not migrated /w rules

Bug #2688: filemd5 files are not migrated /w rules

Added by Kenneth Kolano over 7 years ago. Updated over 5 years ago.

Status:
Closed
Priority:
High
Assignee:
Shivani Bhardwaj
Target version:
1.2.0rc1
Affected Versions:
1.0.0
Effort:
Difficulty:
Label:

Description

When rules using a filemd5 directive are imported the rules are migrated to /var/lib/suricata/rules/suricata.rules, but the related files are left in their original location (likely /etc/suricata/rules), which breaks the references.

alert http any any -> $HOME_NET any (msg:"OTX - FILE MD5 from pulse Threats Targeted against Civil Society";  filemd5:5bedad78bb5ab60a53de19a4.txt; reference: url, otx.alienvault.com/pulse/5bedad78bb5ab60a53de19a4; sid:411683; rev:1;)

Referenced files should be migrated along with their related rules.

To work around this I currently run the following command prior to Suricata-Update to generate hard links on relevant files between the two locations:

sudo cp -l /etc/suricata/rules/???????????*.txt /var/lib/suricata/rules

Files

Download all files
otx_file_rules.rules (226 KB) otx_file_rules.rules OTX Rules file example Kenneth Kolano, 08/08/2019 12:27 AM
546ce8eb11d40838dc6e43f1.txt (264 Bytes) 546ce8eb11d40838dc6e43f1.txt MD5 Hashes file example Kenneth Kolano, 08/08/2019 12:27 AM

Related issues 2 (1 open1 closed)

Related to Suricata-Update - Bug #3528: dataset files are not migrated /w rulesClosedShivani BhardwajActions
Blocks Suricata-Update - Bug #2691: Error thrown with -o optionAssignedOISF DevActions
Actions
Copy link

Also available in: PDF Atom