I was created a local rule “/var/lib/suricata/rules/otx_file_rules.rules” with content:
alert http any any → $HOME_NET any (msg:“OTX - FILE MD5 from pulse COMpfun successor Reductor infects files on the fly to compromise TLS traffic”; filemd5:6103d52622c707d847e0cf41.txt; reference: url, AlienVault - Open Threat Exchange sid:411933; rev:1;)
and file “6103d52622c707d847e0cf41.txt” a put in path: /var/lib/suricata/rules/.
When I run: suricata-update --local /var/lib/suricata/rules/otx_file_rules.rules. I get error: – filemd5 file 6103d52622c707d847e0cf41.txt was not found
My machine is Centos 7. How can I fix my problems? Please
Could you please tell the suricata-update version that you are using? suricata-update --version
We added filehash handling sometime ago but I’m not sure if I tested it with --local argument. Please provide me the version info so I can look into it for you.
@khangnguyen99 I can reproduce this issue with suricata-update. Could you please open a ticket on our redmine so we can fix this and make it a part of our next release?
JFYI, it would work if the rule file is loaded from the default location and not with --local option.
