Thank you for your response and sorry for the delay in my response, changed to public, good morning
El mar, 9 de mar. de 2021 a la(s) 09:00, Marc Deslauriers ( 1917...@bugs.launchpad.net) escribió: > Thanks for reporting this issue. Can I make this bug public so that the > fwsnort community can see it and possibly fix the issue? > > ** Changed in: fwsnort (Ubuntu) > Status: New => Incomplete > > -- > You received this bug notification because you are subscribed to the bug > report. > https://bugs.launchpad.net/bugs/1917682 > > Title: > rules url error fwsnort > > Status in fwsnort package in Ubuntu: > Incomplete > > Bug description: > > psad detects the default url of fwsnort rules and blocks the ip > > sudo psad --sig-update > > sudo fwsnort --update-rules > > > Resolviendo rules.emergingthreats.net (rules.emergingthreats.net)... > 23.21.164.163, 18.214.66.196 > Conectando con rules.emergingthreats.net > (rules.emergingthreats.net)[23.21.164.163]:80... > falló: Expiró el tiempo de conexión. > Conectando con rules.emergingthreats.net > (rules.emergingthreats.net)[18.214.66.196]:80... > ^C[-] Could not download emerging-all.rules file. > [*] Could not move emerging-all.rules -> emerging-all.rules.tmp at > /usr/sbin/fwsnort line 4387. > > > added iptables auto-block against 18.214.66.196 > > added iptables auto-block against 23.21.164.163 > > Danger level: [2] (out of 5) > > Scanned TCP ports: [48356: 1 packets] > TCP flags: [ACK: 1 packets] > iptables chain: FWSNORT_INPUT_ESTAB (prefix "[498] REJ SID1310 > ESTAB"), 1 packets > fwsnort rule: 498 > > Source: 18.214.66.196 > DNS: ec2-18-214-66-196.compute-1.amazonaws.com > MAC: 8c:c5:b4:dd:fe:e0 > [+] TCP scan signatures: > > "PORN free XXX" > dst port: 48356 (no server bound to local port) > flags: ACK > content: "FREE XXX" > sid: 1310 > chain: FWSNORT_INPUT_ESTAB > packets: 1 > classtype: kickass-porn > ----------------------------------------------------------------- > > Danger level: [2] (out of 5) > > Scanned TCP ports: [54500: 2 packets] > TCP flags: [ACK: 2 packets] > iptables chain: FWSNORT_INPUT_ESTAB (prefix "[514] REJ SID1795 > ESTAB"), 1 packets > fwsnort rule: 514 > iptables chain: FWSNORT_INPUT_ESTAB (prefix "[93] REJ > SID100000105 ESTAB"), 1 packets > fwsnort rule: 93 > > Source: 23.21.164.163 > DNS: ec2-23-21-164-163.compute-1.amazonaws.com > MAC: 8c:c5:b4:dd:fe:e0 > > [+] TCP scan signatures: > > "PORN ejaculation" > dst port: 54500 (no server bound to local port) > flags: ACK > content: "ejaculat" > sid: 1795 > chain: FWSNORT_INPUT_ESTAB > packets: 1 > classtype: kickass-porn > > "COMMUNITY INAPPROPRIATE lolita sex" > dst port: 54500 (no server bound to local port) > flags: ACK > content: "lolita" > content: "sex" > sid: 100000105 > chain: FWSNORT_INPUT_ESTAB > packets: 1 > classtype: kickass-porn > > -------------------------------------------------------------------- > /etc/psad/psad.conf > #### AOL AIM server nets > AIM_SERVERS [64.12.24.0/24, 64.12.25.0/24, > 64.12.26.14/24, 64.12.28.0/24, 64.12.29.0/24, > 64.12.161.0/24, 64.12.163.0/24, 205.188.5.0/24, 205.188.9.0/24]; > > > /etc/fwsnort/fwsnort.conf > ### AOL AIM server nets > AIM_SERVERS [64.12.24.0/24, 64.12.25.0/24, 64.12.26.14/24, > 64.12.28.0/24, 64.12.29.0/24, > 64.12.161.0/24, 64.12.163.0/24, 205.188.5.0/24, 205.188.9.0/24]; > ------------------------------------------------------------------- > > ubuntu Linux 5.4.0-66-generic #74~18.04.2-Ubuntu SMP Fri Feb 5 > 11:17:31 UTC 2021 x86_64 x86_64 x86_64 GNU/Linux > > apt-cache policy fwsnort > fwsnort: > Instalados: 1.6.7-3 > Candidato: 1.6.7-3 > Tabla de versión: > *** 1.6.7-3 500 > 500 http://archive.ubuntu.com/ubuntu bionic/universe amd64 > Packages > 500 http://archive.ubuntu.com/ubuntu bionic/universe i386 > Packages > 100 /var/lib/dpkg/status > > apt-cache policy psad > psad: > Instalados: 2.4.3-1.2 > Candidato: 2.4.3-1.2 > Tabla de versión: > *** 2.4.3-1.2 500 > 500 http://archive.ubuntu.com/ubuntu bionic/universe amd64 > Packages > 100 /var/lib/dpkg/status > > ProblemType: Bug > DistroRelease: Ubuntu 18.04 > Package: fwsnort 1.6.7-3 > ProcVersionSignature: Ubuntu 5.4.0-66.74~18.04.2-generic 5.4.86 > Uname: Linux 5.4.0-66-generic x86_64 > ApportVersion: 2.20.9-0ubuntu7.23 > Architecture: amd64 > CurrentDesktop: ubuntu:GNOME > Date: Wed Mar 3 20:12:08 2021 > InstallationDate: Installed on 2020-04-16 (321 days ago) > InstallationMedia: Ubuntu 18.04.4 LTS "Bionic Beaver" - Release amd64 > (20200203.1) > PackageArchitecture: all > SourcePackage: fwsnort > UpgradeStatus: No upgrade log present (probably fresh install) > > To manage notifications about this bug go to: > > https://bugs.launchpad.net/ubuntu/+source/fwsnort/+bug/1917682/+subscriptions > -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1917682 Title: rules url error fwsnort To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/fwsnort/+bug/1917682/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs