<Error> filesha256 file <filename> not found

Idanb · April 29, 2022, 1:56pm

Hi,

I’ve created a sha256 blacklist in /etc/suricata/rules/sha256chksum
As well a rule that use that file to check for a sha256 match.
Rule Path: /etc/suricata/rules/files.rule

alert http any any → any any (msg:“Black list checksum match and extract SHA256”; filesha256:/etc/suricata/rules/sha256chksum; filestore; sid:2802; rev:1;)

When I am trying to update my rules to load it , I am getting an error
filesha256 file /etc/suricata/rules/sha256chksum not found

How can it be fixed ? seems like it doesn’t recognize the file even tough it’s in the same path as mentioned in the rule.

Suricta 6.0.5
Ubuntu 20.04 LTS

Thank you very much.

Andreas_Herz · May 16, 2022, 7:23pm

How do you trigger the reload and where do you see the error?
Please provide a bit more details to this case.

Idanb · May 16, 2022, 7:31pm

I already fixed, thank you anyway.

Topic		Replies	Views
Error filemd5 file xxxx was not found Rules file-extraction	4	658	August 5, 2021
Help please! File Hash detection issues Help	4	2158	January 5, 2021
Hash detection issue Help	1	349	February 15, 2021
Hash alerts no detected Help community , rules , suricata	1	110	May 28, 2024
Detect against sha256 hashes Help rules , suricata	9	471	October 31, 2023

<Error> filesha256 file <filename> not found

Related topics