pfSense Support Subscription

Author Topic: snort signatures update issue?  (Read 7701 times)

0 Members and 1 Guest are viewing this topic.

Offline xdsl

  • Newbie
  • *
  • Posts: 6
  • Karma: +0/-0
    • View Profile
Re: snort signatures update issue?
« Reply #15 on: April 28, 2008, 08:40:20 am »
After install snort, im try to update snort. (which cannot enter the rules; need to update first).

but it keep downloading till more than an hour. i already try for 2nd time.







any clue? Thanks in advance

Offline kerim

  • Newbie
  • *
  • Posts: 8
  • Karma: +0/-0
    • View Profile
Re: snort signatures update issue?
« Reply #16 on: April 29, 2008, 04:22:07 am »
Same goes to me. after i update snort package, i try to update snort rules, waiting for about 20 minutes+- to finished,then this message came out:

Warning: file_get_contents(http://www.snort.org/pub-bin/downloads.cgi): failed to open stream: HTTP request failed! HTTP/1.1 403 Forbidden in /usr/local/www/snort_download_rules.php on line 98 You last updated the ruleset: 2008-04-29
 
Your snort rulesets are up to date.


Offline rbustos

  • Newbie
  • *
  • Posts: 1
  • Karma: +0/-0
    • View Profile
Re: snort signatures update issue?
« Reply #17 on: April 30, 2008, 02:13:41 am »
Ok,,

 This is not a snort or pfsense problem. This is a PHP issue, exactly with file_get_contents function, line 98 in /usr/local/www/snort_download_rules.php
  -->  $text = file_get_contents("$URL_SNORT");

I trying with a temporally "solution" using curl instead file_get_contents.

I have this on my script:

from /usr/local/www/snort_download_rules.php:

 
Code: [Select]
               sleep(1);
                $URL_SNORT="http://www.snort.org/pub-bin/downloads.cgi";

                $ch = curl_init();
                curl_setopt($ch, CURLOPT_HEADER, 0);
                curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
                curl_setopt($ch, CURLOPT_URL, $URL_SNORT);
                $text = curl_exec($ch);

                //$text = file_get_contents("$URL_SNORT",NULL);
                echo "<script type=\"text/javascript\">\n";
                echo "$('loading').style.visibility = 'hidden';\n";

Let me know if anyone have a solution for this issue please.

regards.

Offline mevans336

  • Full Member
  • ***
  • Posts: 140
  • Karma: +0/-0
    • View Profile
Re: snort signatures update issue?
« Reply #18 on: May 14, 2008, 09:39:19 am »
Any update on this issue?

Offline f.spierings

  • Newbie
  • *
  • Posts: 1
  • Karma: +0/-0
    • View Profile
Re: snort signatures update issue?
« Reply #19 on: May 23, 2008, 07:44:15 am »
The issue lies in the fact that file_get_contents() does not send a user agent (or empty string), in this case.
I believe you are able to set the user agent in two ways:
- Specify the user agent in the php.ini (not checked)
- Specify the user agent in the script (checked - working)

An example would be (around line 98 /usr/local/www/snort_download_rules.php):

ini_set('user_agent','snort download script');
$text=file_get_contents("http://www.snort.org/pub-bin/downloads.cgi");

« Last Edit: May 23, 2008, 07:46:26 am by f.spierings »

Offline newfirewallman

  • Jr. Member
  • **
  • Posts: 28
  • Karma: +0/-0
    • View Profile
Re: snort signatures update issue?
« Reply #20 on: May 28, 2008, 08:59:03 am »
So can i get a confirmation on what is working of the scripts, or reinstallation? I have 1.2 Release with Snort installed a week ago.
« Last Edit: May 28, 2008, 09:02:41 am by newfirewallman »

Offline brookenmire

  • Newbie
  • *
  • Posts: 1
  • Karma: +0/-0
    • View Profile
Re: snort signatures update issue?
« Reply #21 on: June 14, 2008, 09:31:58 am »
I have tried both fixes (curl and ini_set - seperatley) but finding that it takes forever to download the rules files no matter what I use.
If I download the exact same URL that /usr/local/www/snort_download_rules.php is using at the same time but on a desktop that is on the LAN net behind pfSense, it downloads in a couple of minutes. (no caches involved)

Multiple attempts on the pfSense box return the same results.
Traffic shaper is turned off and pfSense is 1.2 prod.

ls on the temp dir (eg /tmp/snortRulesJ0rIr3/) show it downloading, but very slow ..
-rw-r--r--  1 root  wheel  167363 Jun 14 20:02 snortrules-snapshot-CURRENT.tar.gz
-rw-r--r--  1 root  wheel  6637801 Jun 14 20:26 snortrules-snapshot-CURRENT.tar.gz

Once done, the rules file is a complete file, but Snort downloading seems to hang and does not download the md5 hash.

Is there any other additional hacking needs to be done to the snort_download_rules.php file to allow it to progress ?
Does anybody have the above fixes to consistently work ?

Thanks.