IPS: Error downloading rules

isrcharles · August 22, 2020, 3:56pm

Hi!

I recently got an error trying to download the rules from the IPS module. Checking the logs, I found this error:
Aug 22 09:57:03 ns esmith::event[5993]: Error downloading http://talosintelligence.com/feeds/ip-filter.blf: 404 Not Found [ 404 ]

The pulledpork.con file from the github repo has the correct url:

rule_url=https://talosintelligence.com/documents/ip-blacklist|IPBLACKLIST|open

I modified the file /etc/e-smith/templates/etc/pulledpork/pulledpork.conf/10rules, I tried again and now everything works great.

NS version: 7.8.2003
Version of the packages involved:

pulledpork-0.7.3-6.ns7.noarch
nethserver-pulledpork-2.1.5-1.ns7.noarch
nethserver-suricata-2.1.1-1.ns7.noarch
suricata-4.1.8-1.el7.x86_64

Regards

filippo_carletti · August 24, 2020, 6:57am

It is a know issue: https://github.com/NethServer/dev/issues/6255
I’d prefer to disable the download of that unused list.
An update will be released later this week.

isrcharles · August 24, 2020, 9:59pm

Thank you Filippo. I will be waiting for the update.

filippo_carletti · August 25, 2020, 12:07pm

An update is ready to be tested:
yum --enablerepo=nethserver-testing install nethserver-pulledpork

isrcharles · August 26, 2020, 3:46pm

After updating from the testing repository, I was able to download the rules without a problem.

I enable the IPS module with the default configuration and until now, there is no negative effect on the operation.