Tuesday, November 3, 2009

Intrusion Detection (Snort) fixation in IPCOP Firewall 1.4.21

After installing the IPcop got the following error messages

When running update the Error is:
HTTP::Response=HASH(0x82a3c14)->code registered md5
When running download the Error is:
HTTP::Response=HASH(0x82a3c68)->code

The reason is that now snort.org publish rules now on current branch that are no more compatible with snort-2.6.1.5
We have manually add the current branch, to - date it is 2. You can find on snort if you have your account on snort.org under My Account-->My Oinkcodes along with the code (You must have account at snort to access code and use snort in IPCOP).

Here is a solution, it is a manual fixation in the code.

Open the /usr/local/bin/snortrules.pl in and editor.
root@firewall:/etc/snort # nano /usr/local/bin/snortrules.pl
Change the value to 2.8 at line no 55.
my $rulesbranch="2.8"; # version should match snort branch version

Save the change.
Remember you must have to add the oink code in IPCOP--> Services-->INTRUSION DETECTION.
Save-Apply-Refresh update list-Download Rullset.

It should work, no update rull-set failure or MD5 checksum error.

https://www.snort.org/
http://www.howtoforge.com/perfect_linux_firewall_ipcop

4 comments:

Anonymous said...

Thanks that worked.... on 1.4.21
cheers

Unknown said...

hi
after doing what you said :
root@firewall:/etc/snort # nano /usr/local/bin/snortrules.pl
Change the value to 2.8 at line no 55.
my $rulesbranch="2.8"; # version should match snort branch version

, when i am trying to restart snort, its say :
1 Snort failure(s) to start

and /var/log/messages

FATAL ERROR: /etc/snort/rules/exploit.rules(38): Cannot check flow connection for non-TCP traffic


any idea how to fix this ??

thanks

Imran Asghar said...

I fixed but very late, see post
http://imranasghar.blogspot.com/2010/08/intrusion-detection-service-in-ipcop.html

Anonymous said...

I enjoyed every little bit of it, I have you bookmarked and waiting for all the new stuff you post.

Intrusion Detection