* Bug report - Snort
@ 2014-10-26 3:21 R. W. Rodolico
2014-10-28 0:45 ` Michael Tremer
0 siblings, 1 reply; 2+ messages in thread
From: R. W. Rodolico @ 2014-10-26 3:21 UTC (permalink / raw)
To: development
[-- Attachment #1: Type: text/plain, Size: 1931 bytes --]
Occurs in at least Core Update 84 and 85. When setting up Snort, and
choosing 'Sourcefire VRT rules for registered users', the following
error comes up. This is with a valid oinkcode which I've replaced below
with xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.:
======================================================================
--2014-10-25 21:50:26--
http://www.snort.org/reg-rules/snortrules-snapshot-2960.tar.gz/xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Resolving www.snort.org (www.snort.org)... 50.19.124.119,
54.225.152.149, 54.243.242.66
Connecting to www.snort.org (www.snort.org)|50.19.124.119|:80... connected.
HTTP request sent, awaiting response... 301 Moved Permanently
Location:
https://www.snort.org/reg-rules/snortrules-snapshot-2960.tar.gz/xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
[following]
--2014-10-25 21:50:26--
https://www.snort.org/reg-rules/snortrules-snapshot-2960.tar.gz/xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Connecting to www.snort.org (www.snort.org)|50.19.124.119|:443... connected.
WARNING: cannot verify www.snort.org's certificate, issued by
'/C=US/O=Thawte, Inc./CN=Thawte SSL CA':
Self-signed certificate encountered.
HTTP request sent, awaiting response... 422 Unprocessable Entity
2014-10-25 21:50:26 ERROR 422: Unprocessable Entity.
======================================================================
Visiting the URL's individually (with the oinkcode) results in the error
message:
["File not found by name 'snortrules-snapshot-2960.tar.gz'"]
These entries appear to be hard coded on line 265 of ids.cgi
(/srv/web/ipfire/cgi-bin/ids.cgi)
Updating with "Snort/VRT GPLv2 Community Rules" and "Emergingtrheats.net
Community Rules" appear to work (I was not able to test the
"Subscription" set since I do not have a subscription.
Rod
--
"Rod" Rodolico
Daily Data, Inc.
POB 140465
Dallas TX 75214-0465
214.827.2170
http://www.dailydata.net
^ permalink raw reply [flat|nested] 2+ messages in thread
* Re: Bug report - Snort
2014-10-26 3:21 Bug report - Snort R. W. Rodolico
@ 2014-10-28 0:45 ` Michael Tremer
0 siblings, 0 replies; 2+ messages in thread
From: Michael Tremer @ 2014-10-28 0:45 UTC (permalink / raw)
To: development
[-- Attachment #1: Type: text/plain, Size: 2274 bytes --]
Hi,
this hasn't been reported to me before.
The error message does not make much sense to me. It says that a
certificate issued by Thawte was also self-signed. This may just have
been a misconfiguration on their web server.
If that occurs to you again, feel free to open a bug report on our
Bugzilla.
-Michael
On Sat, 2014-10-25 at 22:21 -0500, R. W. Rodolico wrote:
> Occurs in at least Core Update 84 and 85. When setting up Snort, and
> choosing 'Sourcefire VRT rules for registered users', the following
> error comes up. This is with a valid oinkcode which I've replaced below
> with xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.:
> ======================================================================
> --2014-10-25 21:50:26--
> http://www.snort.org/reg-rules/snortrules-snapshot-2960.tar.gz/xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
> Resolving www.snort.org (www.snort.org)... 50.19.124.119,
> 54.225.152.149, 54.243.242.66
> Connecting to www.snort.org (www.snort.org)|50.19.124.119|:80... connected.
> HTTP request sent, awaiting response... 301 Moved Permanently
> Location:
> https://www.snort.org/reg-rules/snortrules-snapshot-2960.tar.gz/xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
> [following]
> --2014-10-25 21:50:26--
> https://www.snort.org/reg-rules/snortrules-snapshot-2960.tar.gz/xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
> Connecting to www.snort.org (www.snort.org)|50.19.124.119|:443... connected.
> WARNING: cannot verify www.snort.org's certificate, issued by
> '/C=US/O=Thawte, Inc./CN=Thawte SSL CA':
> Self-signed certificate encountered.
> HTTP request sent, awaiting response... 422 Unprocessable Entity
> 2014-10-25 21:50:26 ERROR 422: Unprocessable Entity.
> ======================================================================
>
> Visiting the URL's individually (with the oinkcode) results in the error
> message:
> ["File not found by name 'snortrules-snapshot-2960.tar.gz'"]
> These entries appear to be hard coded on line 265 of ids.cgi
> (/srv/web/ipfire/cgi-bin/ids.cgi)
>
> Updating with "Snort/VRT GPLv2 Community Rules" and "Emergingtrheats.net
> Community Rules" appear to work (I was not able to test the
> "Subscription" set since I do not have a subscription.
>
> Rod
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 819 bytes --]
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2014-10-28 0:45 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2014-10-26 3:21 Bug report - Snort R. W. Rodolico
2014-10-28 0:45 ` Michael Tremer
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox