Feature #3100: Allow indicating sources /wo remote checksum - Suricata-Update - Open Information Security Foundation

Actions

Copy link

Feature #3100

closed

Allow indicating sources /wo remote checksum

Added by Kenneth Kolano over 5 years ago. Updated over 5 years ago.

Status:

Closed

Priority:

Low

Assignee:

Vagisha Gupta

Target version:

1.1.0rc1

Effort:

Difficulty:

Label:

Description

Currently the tool will output warnings when pulling rules without remote checksums...

2019-07-29 12:10:09,351 - <INFO> - Checking https://rules.emergingthreats.net/blockrules/emerging-ciarmy.suricata.rules.md5.
2019-07-29 12:11:09,444 - <WARNING> - Failed to check remote checksum: <urlopen error timed out>

...which seems to be the case for even the default Emerging Threats rules.

It would be nice if the existence of remote checksum could be set for each source to allow avoiding those download attempts / warnings.

Updated by Shivani Bhardwaj over 5 years ago

Status changed from New to Assigned
Assignee changed from Shivani Bhardwaj to Vagisha Gupta
Target version set to TBD

Updated by Jason Ish over 5 years ago

Target version changed from TBD to 1.1.0rc1

Updated by Jason Ish over 5 years ago

Status changed from Assigned to Feedback

Updated by Jason Ish over 5 years ago

Status changed from Feedback to Closed

Updated by Kenneth Kolano over 5 years ago

This change seemed to omit...

Setting this option for the default lists that require it...

Sep 10 04:04:52 demo2 updateIDSRules[5341]: 2019-09-10 04:04:52,165 - <INFO> - Checking https://raw.githubusercontent.com/travisbgreen/hunting-rules/master/hunting.rules.md5.
Sep 10 04:04:52 demo2 updateIDSRules[5341]: 2019-09-10 04:04:52,295 - <WARNING> - Failed to check remote checksum: HTTP Error 404: Not Found
Sep 10 04:05:11 demo2 updateIDSRules[5341]: 2019-09-10 04:05:11,695 - <INFO> - Checking https://sslbl.abuse.ch/blacklist/sslblacklist.rules.md5.
Sep 10 04:05:11 demo2 updateIDSRules[5341]: 2019-09-10 04:05:11,794 - <WARNING> - Failed to check remote checksum: HTTP Error 404: Not Found
Sep 10 04:05:12 demo2 updateIDSRules[5341]: 2019-09-10 04:05:12,127 - <INFO> - Checking https://sslbl.abuse.ch/blacklist/ja3_fingerprints.rules.md5.
Sep 10 04:05:12 demo2 updateIDSRules[5341]: 2019-09-10 04:05:12,290 - <WARNING> - Failed to check remote checksum: HTTP Error 404: Not Found
Sep 10 04:05:15 demo2 updateIDSRules[5341]: 2019-09-10 04:05:15,943 - <INFO> - Checking https://rules.emergingthreats.net/blockrules/emerging-drop.suricata.rules.md5.
Sep 10 04:05:16 demo2 updateIDSRules[5341]: 2019-09-10 04:05:16,176 - <WARNING> - Failed to check remote checksum: HTTP Error 404: Not Found
Sep 10 04:05:16 demo2 updateIDSRules[5341]: 2019-09-10 04:05:16,467 - <INFO> - Checking https://openinfosecfoundation.org/rules/trafficid/trafficid.rules.md5.
Sep 10 04:05:16 demo2 updateIDSRules[5341]: 2019-09-10 04:05:16,610 - <WARNING> - Failed to check remote checksum: HTTP Error 404: Not Found
Sep 10 04:05:16 demo2 updateIDSRules[5341]: 2019-09-10 04:05:16,737 - <INFO> - Checking https://security.etnetera.cz/feeds/etn_aggressive.rules.md5.
Sep 10 04:05:18 demo2 updateIDSRules[5341]: 2019-09-10 04:05:18,055 - <WARNING> - Failed to check remote checksum: HTTP Error 404: Not Found

Enabling this option for the enable-source command (i.e. to allow skipping MD5 downloads for default options where they do exist)

Actions

Copy link

Also available in: Atom PDF

Project

General

Profile

Suricata » Suricata-Update

Feature #3100

Allow indicating sources /wo remote checksum

Updated by Shivani Bhardwaj over 5 years ago

Updated by Jason Ish over 5 years ago

Updated by Jason Ish over 5 years ago

Updated by Jason Ish over 5 years ago

Updated by Kenneth Kolano over 5 years ago

Updated by Kenneth Kolano over 5 years ago