From mboxrd@z Thu Jan  1 00:00:00 1970
From: "R. W. Rodolico" <rodo@dailydata.net>
To: development@lists.ipfire.org
Subject: Bug report - Snort
Date: Sat, 25 Oct 2014 22:21:49 -0500
Message-ID: <544C68CD.70505@dailydata.net>
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="===============8227826633709260226=="
List-Id: <development.lists.ipfire.org>

--===============8227826633709260226==
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable

Occurs in at least Core Update 84 and 85. When setting up Snort, and
choosing 'Sourcefire VRT rules for registered users', the following
error comes up. This is with a valid oinkcode which I've replaced below
with xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.:
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
--2014-10-25 21:50:26--
http://www.snort.org/reg-rules/snortrules-snapshot-2960.tar.gz/xxxxxxxxxxxxxx=
xxxxxxxxxxxxxxxxxxxxxxxxxxx
Resolving www.snort.org (www.snort.org)... 50.19.124.119,
54.225.152.149, 54.243.242.66
Connecting to www.snort.org (www.snort.org)|50.19.124.119|:80... connected.
HTTP request sent, awaiting response... 301 Moved Permanently
Location:
https://www.snort.org/reg-rules/snortrules-snapshot-2960.tar.gz/xxxxxxxxxxxxx=
xxxxxxxxxxxxxxxxxxxxxxxxxxxx
[following]
--2014-10-25 21:50:26--
https://www.snort.org/reg-rules/snortrules-snapshot-2960.tar.gz/xxxxxxxxxxxxx=
xxxxxxxxxxxxxxxxxxxxxxxxxxxx
Connecting to www.snort.org (www.snort.org)|50.19.124.119|:443... connected.
WARNING: cannot verify www.snort.org's certificate, issued by
'/C=3DUS/O=3DThawte, Inc./CN=3DThawte SSL CA':
  Self-signed certificate encountered.
HTTP request sent, awaiting response... 422 Unprocessable Entity
2014-10-25 21:50:26 ERROR 422: Unprocessable Entity.
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D

Visiting the URL's individually (with the oinkcode) results in the error
message:
["File not found by name 'snortrules-snapshot-2960.tar.gz'"]
These entries appear to be hard coded on line 265 of ids.cgi
(/srv/web/ipfire/cgi-bin/ids.cgi)

Updating with "Snort/VRT GPLv2 Community Rules" and "Emergingtrheats.net
Community Rules" appear to work (I was not able to test the
"Subscription" set since I do not have a subscription.

Rod
--=20
"Rod" Rodolico
Daily Data, Inc.
POB 140465
Dallas TX 75214-0465
214.827.2170
http://www.dailydata.net

--===============8227826633709260226==--