search

aleksibovellan / opnsense-suricata-nmaps

OPNSense's Suricata IDS/IPS Detection Rules Against NMAP Scans
MIT License
55 stars 4 forks source link

Error parsing signature #4

Closed Arien02 closed 1 month ago

Arien02 commented 3 months ago

Hi!

I'm having error message when trying this local.rules with OPNsense 24.7.2-amd64.

Just download file with "curl -O https://raw.githubusercontent.com/aleksibovellan/opnsense-suricata-nmaps/main/local.rules" Take a look to the file and the first line it's ok: # OPNsense's Suricata IDS/IPS Detection Rules Against NMAP Scans

Go to Administration --> Rules, and click Apply

And just after that, I can see this error in Log File:

<Error> -- error parsing signature "PNsense's Suricata IDS/IPS Detection Rules Against NMAP Scans" from file /usr/local/etc/suricata/opnsense.rules/local.rules at line 1
<Error> -- no terminating ";" found

Now take a look again to local.rules and voila: PNsense's Suricata IDS/IPS Detection Rules Against NMAP Scans

Something is truncating the file after clicking Apply.

Has anyone faced this problem?

aleksibovellan commented 2 months ago

Hi, thanks for your post. Unfortunately that is the first time I have seen such error regarding these rules.

Perhaps try getting them without using curl? For example, click-copy the rules straight from the file opened in Github, or just clone the GitHub rep and use the file from that package? Because something about using curl there gets my spider senses going. Who knows if curl might add something unwanted to write the file.

Anyway, good luck, and all the best. :-)

Arien02 commented 1 month ago

I just donwloaded the rules from another server and then transfered them via sftp, and voila! They are running fine.

Thank you for your time Aleksi!