IPS Warnings and Crashes

[brumsky]

Hello,

I've recently bought the home pro license for untangle. I enabled IPS and found that it tends to stop reporting attacks. It seems to "crash" at least once per day. What I've seen is that the process shows as running. Yet it stops logging and\or blocking any attacks. I simply disable then enable IPS and it works agian for the day.

I was getting an error with the modbus signatures. I resolved it by disabling the sigs for it. However, I am now getting a new warning regarding checksum files.

opening hash file /etc/suricata/fileextraction-chksum.list: No such file or directory
error parsing signature "reject http any any -> any any ( msg:"Black list checksum match and extract MD5"; filemd5:fileextraction-chksum.list; filestore; sid:28; rev:1; )" from file /etc/suricata at line 28931
opening hash file /etc/fileextraction-chksum.list: No such file or directory
error parsing signature "reject http any any -> any any ( msg:"Black list checksum match and extract SHA1"; filesha1:fileextraction-chksum.list; filestore; sid:29; rev:1; )" from file /etc at line 28932
opening hash file //fileextraction-chksum.list: No such file or directory
error parsing signature "reject http any any -> any any ( msg:"Black list checksum match and extract SHA256"; filesha256:fileextraction-chksum.list; filestore; sid:30; rev:1; )" from file / at line 28933

Any help would be greatly appreciated!

[jcoffin]

Version of UT? How long has it been online?

[brumsky]

Hey sorry, I should have known to post the version.
Build: 15.1.1.20200905T150556.8ca624f09e-1buster
Kernel: 4.19.0-8-untangle-amd64

It is a pretty recent deployment. It's only be online for a few weeks. It was a fresh install of 15.1.

I am running it on Hyper-V 2019.