Tweet
All,
After a botched 16.5.2 to 16.6.2 upgrade, I did a fresh install of 16.6.2 then restored my backup from 16.5.2.
I noticed blocked activity from IPS was lower than I expected, so I went looking for answers. Suricata only had the very basic ruleset which was ~380 rules and the last updated date was prior to installation (I want to say it was November 2022).
Since there isn't a GUI option to update rules, I ran /usr/share/untangle/bin/intrusion-prevention-get-updates which completed in about 80 seconds and had a fair number of rules. However, the stdout showed this just before completing. "main: Failure on url = https://ids.untangle.com/suricatasignatures6.patch.tar.gz". I can access that URL just fine from a browser and there are no DNS resolution issues directly on the Untangle box, so I'm not sure what is going on. I suspect I am missing rules as a result. I opened a support ticket but figured posting here might help.
After a botched 16.5.2 to 16.6.2 upgrade, I did a fresh install of 16.6.2 then restored my backup from 16.5.2.
I noticed blocked activity from IPS was lower than I expected, so I went looking for answers. Suricata only had the very basic ruleset which was ~380 rules and the last updated date was prior to installation (I want to say it was November 2022).
Since there isn't a GUI option to update rules, I ran /usr/share/untangle/bin/intrusion-prevention-get-updates which completed in about 80 seconds and had a fair number of rules. However, the stdout showed this just before completing. "main: Failure on url = https://ids.untangle.com/suricatasignatures6.patch.tar.gz". I can access that URL just fine from a browser and there are no DNS resolution issues directly on the Untangle box, so I'm not sure what is going on. I suspect I am missing rules as a result. I opened a support ticket but figured posting here might help.
Comment