Bug #15033
closed
Suricata rule lists can't be manually updated unless the ETOpen Emerging Threats list is enabled
100%
Description
To reproduce on a system that's never had Suricata installed before:
- Install it, enable an interface and start the service.
- Go to Suricata's Global Settings. Enable Snort GPLv2 Community rules, Feodo Tracker, and/or Abuse.ch lists.
- Save
On the Updates tab, both the Update and Force buttons now can't be clicked on, and that section of the page says "WARNING: No rule types have been selected for download. Visit the Global Settings Tab to select rule types".
Then go back to Global Settings and enable the ETOpen list. Back at Updates, the buttons are now usable and the warning is gone. Then clicking Update or Force updates all rule lists successfully. Didn't try anything with ETPro or Snort registered rules because I don't have a subscription. Rebooting with ETOpen unselected does not make a difference.
Suricata version is 7.0.2_1
Files
| ETOpen-unselected.png (205 KB) ETOpen-unselected.png | |||
| buttons-unavailable.png (78 KB) buttons-unavailable.png | ETOpen unselected | ||
| buttons-available.png (69.2 KB) buttons-available.png | ETOpen selected |
Updated by Bill Meeks almost 2 years ago
Verified.
The check for enabled rules currently only checks for ET Open, Snort VRT, ET Pro, and Extra Rules as shown below:
<?php if ($snortdownload != 'on' && $emergingthreats != 'on' && $etpro != 'on' && $enable_extra_rules != 'on'): ?>
I will add a fix for this to the next GUI package update.
Updated by Bill Meeks almost 2 years ago
A fix for this issue has been submitted via this pull request against the RELENG_2_7_2 branch: https://redmine.pfsense.org/issues/15033.
This issue can be marked "Resolved" when the pull request is merged.
Updated by Jim Pingle almost 2 years ago
- Status changed from New to Resolved
- % Done changed from 0 to 100
PRs merged, thanks!