Project

General

Profile

Actions

Feature #3100

closed

Allow indicating sources /wo remote checksum

Added by Kenneth Kolano over 5 years ago. Updated about 5 years ago.

Status:
Closed
Priority:
Low
Assignee:
Target version:
Effort:
Difficulty:
Label:

Description

Currently the tool will output warnings when pulling rules without remote checksums...

2019-07-29 12:10:09,351 - <INFO> - Checking https://rules.emergingthreats.net/blockrules/emerging-ciarmy.suricata.rules.md5.
2019-07-29 12:11:09,444 - <WARNING> - Failed to check remote checksum: <urlopen error timed out>

...which seems to be the case for even the default Emerging Threats rules.

It would be nice if the existence of remote checksum could be set for each source to allow avoiding those download attempts / warnings.

Actions #1

Updated by Shivani Bhardwaj over 5 years ago

  • Status changed from New to Assigned
  • Assignee changed from Shivani Bhardwaj to Vagisha Gupta
  • Target version set to TBD
Actions #2

Updated by Jason Ish about 5 years ago

  • Target version changed from TBD to 1.1.0rc1
Actions #3

Updated by Jason Ish about 5 years ago

  • Status changed from Assigned to Feedback
Actions #4

Updated by Jason Ish about 5 years ago

  • Status changed from Feedback to Closed
Actions #5

Updated by Kenneth Kolano about 5 years ago

This change seemed to omit...

  • Setting this option for the default lists that require it...
Sep 10 04:04:52 demo2 updateIDSRules[5341]: 2019-09-10 04:04:52,165 - <INFO> - Checking https://raw.githubusercontent.com/travisbgreen/hunting-rules/master/hunting.rules.md5.
Sep 10 04:04:52 demo2 updateIDSRules[5341]: 2019-09-10 04:04:52,295 - <WARNING> - Failed to check remote checksum: HTTP Error 404: Not Found
Sep 10 04:05:11 demo2 updateIDSRules[5341]: 2019-09-10 04:05:11,695 - <INFO> - Checking https://sslbl.abuse.ch/blacklist/sslblacklist.rules.md5.
Sep 10 04:05:11 demo2 updateIDSRules[5341]: 2019-09-10 04:05:11,794 - <WARNING> - Failed to check remote checksum: HTTP Error 404: Not Found
Sep 10 04:05:12 demo2 updateIDSRules[5341]: 2019-09-10 04:05:12,127 - <INFO> - Checking https://sslbl.abuse.ch/blacklist/ja3_fingerprints.rules.md5.
Sep 10 04:05:12 demo2 updateIDSRules[5341]: 2019-09-10 04:05:12,290 - <WARNING> - Failed to check remote checksum: HTTP Error 404: Not Found
Sep 10 04:05:15 demo2 updateIDSRules[5341]: 2019-09-10 04:05:15,943 - <INFO> - Checking https://rules.emergingthreats.net/blockrules/emerging-drop.suricata.rules.md5.
Sep 10 04:05:16 demo2 updateIDSRules[5341]: 2019-09-10 04:05:16,176 - <WARNING> - Failed to check remote checksum: HTTP Error 404: Not Found
Sep 10 04:05:16 demo2 updateIDSRules[5341]: 2019-09-10 04:05:16,467 - <INFO> - Checking https://openinfosecfoundation.org/rules/trafficid/trafficid.rules.md5.
Sep 10 04:05:16 demo2 updateIDSRules[5341]: 2019-09-10 04:05:16,610 - <WARNING> - Failed to check remote checksum: HTTP Error 404: Not Found
Sep 10 04:05:16 demo2 updateIDSRules[5341]: 2019-09-10 04:05:16,737 - <INFO> - Checking https://security.etnetera.cz/feeds/etn_aggressive.rules.md5.
Sep 10 04:05:18 demo2 updateIDSRules[5341]: 2019-09-10 04:05:18,055 - <WARNING> - Failed to check remote checksum: HTTP Error 404: Not Found
  • Enabling this option for the enable-source command (i.e. to allow skipping MD5 downloads for default options where they do exist)
Actions #6

Updated by Kenneth Kolano about 5 years ago

Opened Bug #3161 regarding that.

Actions

Also available in: Atom PDF