[ERRCODE: SC_ERR_RULE_KEYWORD_UNKNOWN(102), etc.

Started by fxsaddict, October 24, 2022, 12:53:51 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
October 24, 2022, 12:53:51 PM Last Edit: October 24, 2022, 12:59:02 PM by fxsaddict
[ERRCODE: SC_ERR_RULE_KEYWORD_UNKNOWN(102), [ERRCODE: SC_ERR_INVALID_SIGNATURE(39),  [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)]

I want to have suricat that inspects wan interface and  zenarmon inspects lan, dmz and wifi. crowdsec runs also.
is snortrules-snapshot-29151.tar.gz compatible with the version of suricat provided by opnsense 22.7.6?  (i have paid snort subscription and snort_vrt.oinkcode is ok).
the firewall is behind a router provides by isp. should i use advanced mode (settings page)? if yes, what should i put in home networks? leave blank? ip interface wan? ip lan, dmz, wifi?
thanks for help
regards

Code Select


2022-10-24T12:42:58 Error suricata [103231] <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "drop tcp $EXTERNAL_NET any -> $HOME_NET $HTTP_PORTS (msg:"SERVER-WEBAPP Oracle GlassFish Server authentication bypass attempt"; flow:to_server,established; content:"GET"; nocase; http_method; content:"/applications/upload"; http_uri; pcre:"/^(Frame)?\.jsf/R"; content:!"JSESSIONID="; flowbits:set,glassfish_unauth_attempt; metadata:policy max-detect-ips drop, service http; reference:bugtraq,47438; reference:cve,2011-0807; classtype:attempted-admin; sid:20159; rev:9;)" from file /usr/local/etc/suricata/opnsense.rules/snort_vrt.server-webapp.rules at line 3546
2022-10-24T12:42:58 Error suricata [103231] <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - pcre with /R (relative) needs preceding match in the same buffer
2022-10-24T12:42:58 Error suricata [103231] <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "drop tcp $EXTERNAL_NET any -> $HOME_NET $HTTP_PORTS (msg:"SERVER-WEBAPP Multiple products DVR admin password leak attempt"; flow:to_server,established; content:"/device.rsp"; fast_pattern:only; http_uri; content:"uid="; http_raw_cookie; content:"cmd=list"; http_uri; metadata:policy balanced-ips drop, policy max-detect-ips drop, policy security-ips drop, service http; reference:cve,2018-9995; classtype:web-application-attack; sid:46825; rev:2;)" from file /usr/local/etc/suricata/opnsense.rules/snort_vrt.server-webapp.rules at line 1122
2022-10-24T12:42:58 Error suricata [103231] <Error> -- [ERRCODE: SC_ERR_RULE_KEYWORD_UNKNOWN(102)] - unknown rule keyword 'http_raw_cookie'.
2022-10-24T12:42:58 Error suricata [103231] <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "drop tcp $EXTERNAL_NET any -> $HOME_NET $HTTP_PORTS (msg:"SERVER-WEBAPP Grandstream UCM6202 series SQL injection attempt"; flow:to_server,established; content:"user_name="; fast_pattern:only; http_uri; urilen:4; content:"/cgi"; nocase; http_uri; pcre:"/[?&]user_name=[^&]*?([\x27\x22\x3b\x23\x28]|\x2f\x2a|\x2d\x2d)/Ui"; metadata:policy balanced-ips drop, policy max-detect-ips drop, policy security-ips drop, service http; reference:cve,2020-5722; classtype:web-application-attack; sid:53858; rev:2;)" from file /usr/local/etc/suricata/opnsense.rules/snort_vrt.server-webapp.rules at line 202
October 31, 2022, 11:43:37 PM #1
up help me please
Print
Go Up Pages1
User actions