运行SC_ERR_NO_MD5_SUPPORT时出现Suricata错误

问题描述 投票:0回答:1

我正在使用Suricata 4.0.4,我想用这个规则检查文件的md5:

alert http any any -> any any (msg:"FILE MD5 Check against Malware Patrol blacklist"; filemd5: /root/2018.md5.txt; sid:10203040; rev:1;)

但在运行suricata之后,它说:

<Error> - [ERRCODE: SC_ERR_NO_MD5_SUPPORT(209)] - no MD5 calculation support built in, needed for filemd5 keyword

有什么建议?

rules snort suricata
1个回答
0
投票

对我来说,CentOS 7.5帮助了这些步骤:

  1. 安装包(对于CentOS来说是'yum install ...'): nss-util nss-util-devel nss-devel nspr-devel nspr
  2. 重新配置并重新安装这些库的Suricata: ./configure --with-libnss-libraries=/usr/lib --with-libnss-includes=/usr/include/nss/ --with-libnspr-libraries=/usr/lib --with-libnspr-includes=/usr/include/nspr make clean make sudo make install-full
  3. 启动Suricata:/usr/local/bin/suricata -c /usr/local/etc/suricata/suricata.yaml -i eth0

还要注意不要忘记关键字“filestore;”在你的规则 - 没有它警报可能不会被捕获!

示例:alert http any any -> any any (msg:"FILE MD5 Check against Malware Patrol blacklist"; filemd5: /root/2018.md5.txt; filestore; sid:10203040; rev:1;)

最新问题
© www.soinside.com 2019 - 2024. All rights reserved.