securityonion
securityonion copied to clipboard
Published
20 hours ago •
Security-Onion-Solutions
Security-Onion-Solutions
so-rule-update does not trust internal proxy certificates
SO version 2.3.110
The proxy certificates are stored in /etc/pki/ca-trust/source/anchors/ and did update-ca-trust but still so-rule-update giving below error:
This is the only problem with so-rule-update as of now and need to use local url --url as an alternative. Discussed here
so-rule-update
2022-04-01 10:49:52,092 - <INFO> - Loading ./rulecat.conf.
2022-04-01 10:49:52,097 - <INFO> - Forcing Suricata version to 6.0.
2022-04-01 10:49:52,099 - <INFO> - Fetching https://rules.emergingthreats.net/open/suricata-6.0.0/emerging.rules.tar.gz.
Traceback (most recent call last):
File "/usr/local/lib/python3.9/urllib/request.py", line 1346, in do_open
h.request(req.get_method(), req.selector, req.data, headers,
File "/usr/local/lib/python3.9/http/client.py", line 1279, in request
self._send_request(method, url, body, headers, encode_chunked)
File "/usr/local/lib/python3.9/http/client.py", line 1325, in _send_request
self.endheaders(body, encode_chunked=encode_chunked)
File "/usr/local/lib/python3.9/http/client.py", line 1274, in endheaders
self._send_output(message_body, encode_chunked=encode_chunked)
File "/usr/local/lib/python3.9/http/client.py", line 1034, in _send_output
self.send(msg)
File "/usr/local/lib/python3.9/http/client.py", line 974, in send
self.connect()
File "/usr/local/lib/python3.9/http/client.py", line 1448, in connect
self.sock = self._context.wrap_socket(self.sock,
File "/usr/local/lib/python3.9/ssl.py", line 500, in wrap_socket
return self.sslsocket_class._create(
File "/usr/local/lib/python3.9/ssl.py", line 1040, in _create
self.do_handshake()
File "/usr/local/lib/python3.9/ssl.py", line 1309, in do_handshake
self._sslobj.do_handshake()
ssl.SSLCertVerificationError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: self signed certificate in certificate chain (_ssl.c:1129)
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "/usr/local/bin/idstools-rulecat", line 12, in <module>
sys.exit(main())
File "/usr/local/lib/python3.9/site-packages/idstools/scripts/rulecat.py", line 845, in main
files = Fetch(args).run()
File "/usr/local/lib/python3.9/site-packages/idstools/scripts/rulecat.py", line 329, in run
files.update(self.fetch(url))
File "/usr/local/lib/python3.9/site-packages/idstools/scripts/rulecat.py", line 317, in fetch
idstools.net.get(
File "/usr/local/lib/python3.9/site-packages/idstools/net.py", line 55, in get
remote = urlopen(url)
File "/usr/local/lib/python3.9/urllib/request.py", line 214, in urlopen
return opener.open(url, data, timeout)
File "/usr/local/lib/python3.9/urllib/request.py", line 517, in open
response = self._open(req, data)
File "/usr/local/lib/python3.9/urllib/request.py", line 534, in _open
result = self._call_chain(self.handle_open, protocol, protocol +
File "/usr/local/lib/python3.9/urllib/request.py", line 494, in _call_chain
result = func(*args)
File "/usr/local/lib/python3.9/urllib/request.py", line 1389, in https_open
return self.do_open(http.client.HTTPSConnection, req,
File "/usr/local/lib/python3.9/urllib/request.py", line 1349, in do_open
raise URLError(err)
urllib.error.URLError: <urlopen error [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: self signed certificate in certificate chain (_ssl.c:1129)>
It only works with docker exec so-idstools /bin/bash -c "CURL_CA_BUNDLE=''; cd /opt/so/idstools/etc && idstools-rulecat --url http://<local-python-web-server>:port/emerging.rules.tar.gz"