Project

General

Profile

Actions
Copy link

Bug #8716

closed

Suricata package does not survive pfSense upgrade.

Added by Steve Wheeler over 5 years ago. Updated over 5 years ago.

Status:
Resolved
Priority:
Normal-package
Assignee:
Steve Wheeler
Category:
Suricata
Target version:
pfSense - 2.4.4
Start date:
07/29/2018
Due date:
% Done:

100%

Estimated time:
Plus Target Version:
Affected Version:
2.4.4
Affected Plus Version:
Affected Architecture:
All

Description

After running a firmware update, between snapshots for example, the Suricata will no longer start.
This was discussed here:
https://forum.netgate.com/topic/126168/suricata-on-the-sg-3100-does-not-survive-a-firmware-upgrade

The solution found there still restores functionality:

/etc/rc.d/ldconfig start; ldd /usr/local/bin/suricata

I am now seeing this on x86 and ARM devices.

Files

Download all files
config-pfSense.localdomain-20180819104256.xml (22.4 KB) config-pfSense.localdomain-20180819104256.xml Config Chris Macmahon, 08/19/2018 05:46 AM
Screenshot from 2018-08-19 06-43-21.png (25.1 KB) Screenshot from 2018-08-19 06-43-21.png interfaces start Chris Macmahon, 08/19/2018 05:47 AM
Screenshot from 2018-08-19 06-43-35.png (36.9 KB) Screenshot from 2018-08-19 06-43-35.png upgrade Chris Macmahon, 08/19/2018 05:47 AM
Screenshot from 2018-08-19 06-48-41.png (4.16 KB) Screenshot from 2018-08-19 06-48-41.png service menu start Chris Macmahon, 08/19/2018 05:52 AM
Screenshot from 2018-08-19 06-49-12.png (15 KB) Screenshot from 2018-08-19 06-49-12.png suricata interface start Chris Macmahon, 08/19/2018 05:52 AM
Screenshot from 2018-08-19 06-50-07.png (31.4 KB) Screenshot from 2018-08-19 06-50-07.png messages from syslog Chris Macmahon, 08/19/2018 05:52 AM
Actions
Copy link
 #1

Updated by Steve Wheeler over 5 years ago

  • Assignee set to Anonymous
Actions
Copy link
 #2

Updated by Anonymous over 5 years ago

  • Assignee changed from Anonymous to Renato Botelho
Actions
Copy link
 #3

Updated by Renato Botelho over 5 years ago

  • Status changed from New to 13
Actions
Copy link
 #4

Updated by Renato Botelho over 5 years ago

  • Status changed from 13 to In Progress
Actions
Copy link
 #5

Updated by Renato Botelho over 5 years ago

  • Status changed from In Progress to Feedback
  • Assignee changed from Renato Botelho to Steve Wheeler

I couldn't reproduce this issue. Steve, do you still see issues when upgrade?

Actions
Copy link
 #6

Updated by Anonymous over 5 years ago

Install 2.4.4.a.20180810.1914 recovery snapshot for SG-3100. Install Suricata, enable some sources, update, add and enable WAN interace with some rules. Start the interface, it will run. Upgrade to the latest 2.4.4 snapshot (2.4.4.a.20180817.1114 as I type this). Once the upgrade completes try to start the service, it will not start.

Actions
Copy link
 #7

Updated by Chris Macmahon over 5 years ago

CE test base xml, and images attached.

base image: https://snapshots.pfsense.org/amd64/pfSense_master/installer/pfSense-CE-memstick-2.4.4-DEVELOPMENT-amd64-20180817-2020.img.gz

Steps done:
installed suricata, installed, Install ETOpen Emerging Threats and The Snort Community Ruleset.
Enabled interface, verified it was running.

Updated to Base System 2.4.4.a.20180818.2240
After boot interface was not running.
Clicked the start button in the webgui, no change.

Actions
Copy link
 #8

Updated by Steve Wheeler over 5 years ago

Still seeing this. On ARM for example:

Installed packages to be UPGRADED:
    php72-pfSense-module: 0.62_6 -> 0.63_6 [pfSense]
    pfSense-u-boot-sg3100: 2.4.4.a.20180814.1655 -> 2.4.4.a.20180820.0415 [pfSense-core]
    pfSense-rc: 2.4.4.a.20180814.1655 -> 2.4.4.a.20180820.0415 [pfSense-core]
    pfSense-pkg-suricata: 4.0.13_2 -> 4.0.13_3 [pfSense]
    pfSense-kernel-pfSense-SG-3100: 2.4.4.a.20180814.1655 -> 2.4.4.a.20180820.0415 [pfSense-core]
    pfSense-default-config-serial: 2.4.4.a.20180814.1655 -> 2.4.4.a.20180820.0415 [pfSense-core]
    pfSense-base: 2.4.4.a.20180814.1655 -> 2.4.4.a.20180820.0415 [pfSense-core]
    pfSense: 2.4.4.a.20180814.1656 -> 2.4.4.a.20180819.1529 [pfSense]

Running "/etc/rc.d/ldconfig start; ldd /usr/local/bin/suricata" still allows it to start after that so the root cause appears the same.

Interestingly the Suricata package was updated there and that usually allows it to start normally after an upgrade but not this time.

Actions
Copy link
 #9

Updated by Renato Botelho over 5 years ago

  • Status changed from Feedback to In Progress
Actions
Copy link
 #10

Updated by Anonymous over 5 years ago

  • Priority changed from Normal to Normal-package
Actions
Copy link
 #11

Updated by Renato Botelho over 5 years ago

  • Status changed from In Progress to Feedback
  • % Done changed from 0 to 100

Added a call to ldconfig start on suricata startup script. It should be enough to make sure libraries cache will be up2date.

Version 4,.0.13_6 will contain the fix

Actions
Copy link
 #12

Updated by Chris Macmahon over 5 years ago

  • Status changed from Feedback to Resolved
Actions
Copy link
 #13

Updated by Chris Macmahon over 5 years ago

  • Status changed from Resolved to Feedback
Actions
Copy link
 #14

Updated by Steve Wheeler over 5 years ago

We probably need to test this across an upgrade where the suricata package version doesn't change to be sure.

Actions
Copy link
 #15

Updated by Danilo Zrenjanin over 5 years ago

I have done upgrade at SG-3100 to 2.4.4.a.20180824.1144 base system. Suricata has survived.

Actions
Copy link
 #16

Updated by Steve Wheeler over 5 years ago

Tested on ARM and x86. Looks good, Suricata running correctly after reboot.

pfSense-base: 2.4.4.a.20180823.1619 -> 2.4.4.a.20180824.1624

pfSense-base: 2.4.4.a.20180823.1533 -> 2.4.4.a.20180824.1144

Actions
Copy link
 #17

Updated by Steve Wheeler over 5 years ago

  • Status changed from Feedback to Resolved
Actions
Copy link

Also available in: Atom PDF