- The snort top level directory in the archive has been changed from community.rules to snort3-community.rules so the regex no longer finds the tarball to extract. - Modified the regex to include the current snort naming for the top level archive directory
Fixes: Bug#13203 Tested-by: Adolf Belka adolf.belka@ipfire.org Signed-off-by: Adolf Belka adolf.belka@ipfire.org --- config/cfgroot/ids-functions.pl | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/config/cfgroot/ids-functions.pl b/config/cfgroot/ids-functions.pl index d97431b4a..f2b2ffc58 100644 --- a/config/cfgroot/ids-functions.pl +++ b/config/cfgroot/ids-functions.pl @@ -572,7 +572,7 @@ sub extractruleset ($) { # Handle rules files. } elsif ($file =~ m/.rules$/) { # Skip rule files which are not located in the rules directory or archive root. - next unless(($packed_file =~ /^rules//) || ($packed_file =~ /^$provider-rules//) || ($packed_file !~ ///)); + next unless(($packed_file =~ /^rules//) || ($packed_file =~ /^$provider-rules//) || ($packed_file =~ /^snort3-$provider-rules//) || ($packed_file !~ ///));
# Skip deleted.rules. #
Reviewed-by: Bernhard Bitsch bbitsch@ipfire.org
Am 31.07.2023 um 22:46 schrieb Adolf Belka:
- The snort top level directory in the archive has been changed from community.rules to snort3-community.rules so the regex no longer finds the tarball to extract.
- Modified the regex to include the current snort naming for the top level archive directory
Fixes: Bug#13203 Tested-by: Adolf Belka adolf.belka@ipfire.org Signed-off-by: Adolf Belka adolf.belka@ipfire.org
config/cfgroot/ids-functions.pl | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/config/cfgroot/ids-functions.pl b/config/cfgroot/ids-functions.pl index d97431b4a..f2b2ffc58 100644 --- a/config/cfgroot/ids-functions.pl +++ b/config/cfgroot/ids-functions.pl @@ -572,7 +572,7 @@ sub extractruleset ($) { # Handle rules files. } elsif ($file =~ m/.rules$/) { # Skip rule files which are not located in the rules directory or archive root.
next unless(($packed_file =~ /^rules\//) || ($packed_file =~ /^$provider-rules\//) || ($packed_file !~ /\//));
next unless(($packed_file =~ /^rules\//) || ($packed_file =~ /^$provider-rules\//) || ($packed_file =~ /^snort3-$provider-rules\//) || ($packed_file !~ /\//)); # Skip deleted.rules. #
Hi All,
Please note that I have dropped this patch in Patchwork as on its own it does not fully solve the problem in bug#13203
It allows the snort community rules file to be extracted and placed into /var/lib/suricata and it can then be selected in the customise rules table. However every signature in this rules file then fails when parsed by suricata and so none of them end up loaded. So something else is different and an additional modification is still needed.
Regards,
Adolf.
On 01/08/2023 12:10, Bernhard Bitsch wrote:
Reviewed-by: Bernhard Bitsch bbitsch@ipfire.org
Am 31.07.2023 um 22:46 schrieb Adolf Belka:
- The snort top level directory in the archive has been changed from
community.rules to snort3-community.rules so the regex no longer finds the tarball to extract.
- Modified the regex to include the current snort naming for the top
level archive directory
Fixes: Bug#13203 Tested-by: Adolf Belka adolf.belka@ipfire.org Signed-off-by: Adolf Belka adolf.belka@ipfire.org
config/cfgroot/ids-functions.pl | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/config/cfgroot/ids-functions.pl b/config/cfgroot/ids-functions.pl index d97431b4a..f2b2ffc58 100644 --- a/config/cfgroot/ids-functions.pl +++ b/config/cfgroot/ids-functions.pl @@ -572,7 +572,7 @@ sub extractruleset ($) { # Handle rules files. } elsif ($file =~ m/.rules$/) { # Skip rule files which are not located in the rules directory or archive root. - next unless(($packed_file =~ /^rules//) || ($packed_file =~ /^$provider-rules//) || ($packed_file !~ ///)); + next unless(($packed_file =~ /^rules//) || ($packed_file =~ /^$provider-rules//) || ($packed_file =~ /^snort3-$provider-rules//) || ($packed_file !~ ///)); # Skip deleted.rules. #
Fixes: #13203
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org --- config/suricata/ruleset-sources | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/config/suricata/ruleset-sources b/config/suricata/ruleset-sources index 592cbedf0..14d1b865f 100644 --- a/config/suricata/ruleset-sources +++ b/config/suricata/ruleset-sources @@ -43,7 +43,7 @@ our %Providers = ( website => "https://www.snort.org", tr_string => "community rules", requires_subscription => "False", - dl_url => "https://www.snort.org/rules/community", + dl_url => "https://www.snort.org/downloads/community/community-rules.tar.gz", dl_type => "archive", },
-
Adolf Belka -
Bernhard Bitsch -
Stefan Schantl