Project

General

Profile

Actions
Copy link

Feature #3100

closed
KK VG

Allow indicating sources /wo remote checksum

Feature #3100: Allow indicating sources /wo remote checksum

Added by Kenneth Kolano over 6 years ago. Updated over 6 years ago.

Status:
Closed
Priority:
Low
Assignee:
Vagisha Gupta
Target version:
1.1.0rc1
Effort:
Difficulty:
Label:

Description

Currently the tool will output warnings when pulling rules without remote checksums...

2019-07-29 12:10:09,351 - <INFO> - Checking https://rules.emergingthreats.net/blockrules/emerging-ciarmy.suricata.rules.md5.
2019-07-29 12:11:09,444 - <WARNING> - Failed to check remote checksum: <urlopen error timed out>

...which seems to be the case for even the default Emerging Threats rules.

It would be nice if the existence of remote checksum could be set for each source to allow avoiding those download attempts / warnings.

SB Updated by Shivani Bhardwaj over 6 years ago Actions
Copy link
 #1

  • Status changed from New to Assigned
  • Assignee changed from Shivani Bhardwaj to Vagisha Gupta
  • Target version set to TBD

JI Updated by Jason Ish over 6 years ago Actions
Copy link
 #2

  • Target version changed from TBD to 1.1.0rc1

JI Updated by Jason Ish over 6 years ago Actions
Copy link
 #3

  • Status changed from Assigned to Feedback

JI Updated by Jason Ish over 6 years ago Actions
Copy link
 #4

  • Status changed from Feedback to Closed

KK Updated by Kenneth Kolano over 6 years ago Actions
Copy link
 #5

This change seemed to omit...

  • Setting this option for the default lists that require it...
Sep 10 04:04:52 demo2 updateIDSRules[5341]: 2019-09-10 04:04:52,165 - <INFO> - Checking https://raw.githubusercontent.com/travisbgreen/hunting-rules/master/hunting.rules.md5.
Sep 10 04:04:52 demo2 updateIDSRules[5341]: 2019-09-10 04:04:52,295 - <WARNING> - Failed to check remote checksum: HTTP Error 404: Not Found
Sep 10 04:05:11 demo2 updateIDSRules[5341]: 2019-09-10 04:05:11,695 - <INFO> - Checking https://sslbl.abuse.ch/blacklist/sslblacklist.rules.md5.
Sep 10 04:05:11 demo2 updateIDSRules[5341]: 2019-09-10 04:05:11,794 - <WARNING> - Failed to check remote checksum: HTTP Error 404: Not Found
Sep 10 04:05:12 demo2 updateIDSRules[5341]: 2019-09-10 04:05:12,127 - <INFO> - Checking https://sslbl.abuse.ch/blacklist/ja3_fingerprints.rules.md5.
Sep 10 04:05:12 demo2 updateIDSRules[5341]: 2019-09-10 04:05:12,290 - <WARNING> - Failed to check remote checksum: HTTP Error 404: Not Found
Sep 10 04:05:15 demo2 updateIDSRules[5341]: 2019-09-10 04:05:15,943 - <INFO> - Checking https://rules.emergingthreats.net/blockrules/emerging-drop.suricata.rules.md5.
Sep 10 04:05:16 demo2 updateIDSRules[5341]: 2019-09-10 04:05:16,176 - <WARNING> - Failed to check remote checksum: HTTP Error 404: Not Found
Sep 10 04:05:16 demo2 updateIDSRules[5341]: 2019-09-10 04:05:16,467 - <INFO> - Checking https://openinfosecfoundation.org/rules/trafficid/trafficid.rules.md5.
Sep 10 04:05:16 demo2 updateIDSRules[5341]: 2019-09-10 04:05:16,610 - <WARNING> - Failed to check remote checksum: HTTP Error 404: Not Found
Sep 10 04:05:16 demo2 updateIDSRules[5341]: 2019-09-10 04:05:16,737 - <INFO> - Checking https://security.etnetera.cz/feeds/etn_aggressive.rules.md5.
Sep 10 04:05:18 demo2 updateIDSRules[5341]: 2019-09-10 04:05:18,055 - <WARNING> - Failed to check remote checksum: HTTP Error 404: Not Found
  • Enabling this option for the enable-source command (i.e. to allow skipping MD5 downloads for default options where they do exist)

KK Updated by Kenneth Kolano over 6 years ago Actions
Copy link
 #6

Opened Bug #3161 regarding that.

Actions
Copy link

Also available in: PDF Atom