Project

General

Profile

Actions
Copy link

Feature #3100

closed

Allow indicating sources /wo remote checksum

Added by Kenneth Kolano over 4 years ago. Updated over 4 years ago.

Status:
Closed
Priority:
Low
Assignee:
Vagisha Gupta
Target version:
1.1.0rc1
Effort:
Difficulty:
Label:

Description

Currently the tool will output warnings when pulling rules without remote checksums...

2019-07-29 12:10:09,351 - <INFO> - Checking https://rules.emergingthreats.net/blockrules/emerging-ciarmy.suricata.rules.md5.
2019-07-29 12:11:09,444 - <WARNING> - Failed to check remote checksum: <urlopen error timed out>

...which seems to be the case for even the default Emerging Threats rules.

It would be nice if the existence of remote checksum could be set for each source to allow avoiding those download attempts / warnings.

Actions
Copy link
 #1

Updated by Shivani Bhardwaj over 4 years ago

  • Status changed from New to Assigned
  • Assignee changed from Shivani Bhardwaj to Vagisha Gupta
  • Target version set to TBD
Actions
Copy link
 #2

Updated by Jason Ish over 4 years ago

  • Target version changed from TBD to 1.1.0rc1
Actions
Copy link
 #3

Updated by Jason Ish over 4 years ago

  • Status changed from Assigned to Feedback
Actions
Copy link
 #4

Updated by Jason Ish over 4 years ago

  • Status changed from Feedback to Closed
Actions
Copy link
 #5

Updated by Kenneth Kolano over 4 years ago

This change seemed to omit...

  • Setting this option for the default lists that require it...
Sep 10 04:04:52 demo2 updateIDSRules[5341]: 2019-09-10 04:04:52,165 - <INFO> - Checking https://raw.githubusercontent.com/travisbgreen/hunting-rules/master/hunting.rules.md5.
Sep 10 04:04:52 demo2 updateIDSRules[5341]: 2019-09-10 04:04:52,295 - <WARNING> - Failed to check remote checksum: HTTP Error 404: Not Found
Sep 10 04:05:11 demo2 updateIDSRules[5341]: 2019-09-10 04:05:11,695 - <INFO> - Checking https://sslbl.abuse.ch/blacklist/sslblacklist.rules.md5.
Sep 10 04:05:11 demo2 updateIDSRules[5341]: 2019-09-10 04:05:11,794 - <WARNING> - Failed to check remote checksum: HTTP Error 404: Not Found
Sep 10 04:05:12 demo2 updateIDSRules[5341]: 2019-09-10 04:05:12,127 - <INFO> - Checking https://sslbl.abuse.ch/blacklist/ja3_fingerprints.rules.md5.
Sep 10 04:05:12 demo2 updateIDSRules[5341]: 2019-09-10 04:05:12,290 - <WARNING> - Failed to check remote checksum: HTTP Error 404: Not Found
Sep 10 04:05:15 demo2 updateIDSRules[5341]: 2019-09-10 04:05:15,943 - <INFO> - Checking https://rules.emergingthreats.net/blockrules/emerging-drop.suricata.rules.md5.
Sep 10 04:05:16 demo2 updateIDSRules[5341]: 2019-09-10 04:05:16,176 - <WARNING> - Failed to check remote checksum: HTTP Error 404: Not Found
Sep 10 04:05:16 demo2 updateIDSRules[5341]: 2019-09-10 04:05:16,467 - <INFO> - Checking https://openinfosecfoundation.org/rules/trafficid/trafficid.rules.md5.
Sep 10 04:05:16 demo2 updateIDSRules[5341]: 2019-09-10 04:05:16,610 - <WARNING> - Failed to check remote checksum: HTTP Error 404: Not Found
Sep 10 04:05:16 demo2 updateIDSRules[5341]: 2019-09-10 04:05:16,737 - <INFO> - Checking https://security.etnetera.cz/feeds/etn_aggressive.rules.md5.
Sep 10 04:05:18 demo2 updateIDSRules[5341]: 2019-09-10 04:05:18,055 - <WARNING> - Failed to check remote checksum: HTTP Error 404: Not Found
  • Enabling this option for the enable-source command (i.e. to allow skipping MD5 downloads for default options where they do exist)
Actions
Copy link
 #6

Updated by Kenneth Kolano over 4 years ago

Opened Bug #3161 regarding that.

Actions
Copy link

Also available in: Atom PDF