Project

General

Profile

Bug #8828

Keep settings checkbox under Global Settings does not behave as expected

Added by James Dekker over 1 year ago. Updated over 1 year ago.

Status:
Resolved
Priority:
Normal-package
Assignee:
-
Category:
Suricata
Target version:
Start date:
08/24/2018
Due date:
% Done:

0%

Estimated time:
Affected Version:
Affected Architecture:

Description

On 2.4.4.a.20180824.0955, install Suricata, visit Services > Suricata. Go to the Global Settings tab, enable some rulesets, go to the bottom uncheck Keep settings and click Save. Go to Interfaces tab and add an interface and click Save.

Then go to System > Packages and remove the Suricata package. Once removed, go to Available Packages and reinstall it.

Visit Services > Suricata and notice the Interface is still there, go to Global Settings and notice that the same rulesets are enabled, along with the Keep Settings checkbox being unchecked.

History

#1 Updated by Steve Beaver over 1 year ago

  • Priority changed from Normal to Normal-package

#2 Updated by Anonymous over 1 year ago

I found that the code to remove the package forgot to use 'write_config()' after removing the Suricata configurations. This should now work in the next update. 94e42115f911f6aec94de44cd52b2ebd99fbee40
Version 4.0.13_8

#3 Updated by Anonymous over 1 year ago

  • Status changed from New to Feedback

#4 Updated by Anonymous over 1 year ago

  • Assignee set to Anonymous

#5 Updated by James Dekker over 1 year ago

On version 4.0.13_8, installed suricata, configured some settings, unchecked the Keep settings checkbox, uninstalled the package and received the following output:

>>> Removing pfSense-pkg-suricata... 
Checking integrity... done (0 conflicting)
Deinstallation has been requested for the following 1 packages (of 0 packages in the universe):

Installed packages to be REMOVED:
    pfSense-pkg-suricata-4.0.13_8

Number of packages to be removed: 1
[1/1] Deinstalling pfSense-pkg-suricata-4.0.13_8...
Removing suricata components...
Menu items... done.
Services... done.
Loading package instructions...
[1/1] Deleting files for pfSense-pkg-suricata-4.0.13_8: .........
pfSense-pkg-suricata-4.0.13_8: missing file /var/db/suricata/sidmods/disablesid-sample.conf
[1/1] Deleting files for pfSense-pkg-suricata-4.0.13_8...
pfSense-pkg-suricata-4.0.13_8: missing file /var/db/suricata/sidmods/dropsid-sample.conf
[1/1] Deleting files for pfSense-pkg-suricata-4.0.13_8...
pfSense-pkg-suricata-4.0.13_8: missing file /var/db/suricata/sidmods/enablesid-sample.conf
[1/1] Deleting files for pfSense-pkg-suricata-4.0.13_8...
pfSense-pkg-suricata-4.0.13_8: missing file /var/db/suricata/sidmods/modifysid-sample.conf
[1/1] Deleting files for pfSense-pkg-suricata-4.0.13_8... done
Removing suricata components...
Configuration... done.
pkg-static: unlinkat(var/db/suricata/sidmods): No such file or directory
pkg-static: unlinkat(var/db/suricata): No such file or directory
>>> Removing stale packages... done.
Success

Upon reinstalling the package, the output looked normal, no unusual messages and the settings in the package are not kept from the previous install.

#6 Updated by James Dekker over 1 year ago

On a fresh install of 2.4.4.a.20180830.1356, when suricata 4.0.13_8 is installed the output is :

>>> Installing pfSense-pkg-suricata... 
Updating pfSense-core repository catalogue...
pfSense-core repository is up to date.
Updating pfSense repository catalogue...
pfSense repository is up to date.
All repositories are up to date.
The following 10 package(s) will be affected (of 0 checked):

New packages to be INSTALLED:
    pfSense-pkg-suricata: 4.0.13_8 [pfSense]
    suricata: 4.0.5 [pfSense]
    libyaml: 0.1.6_2 [pfSense]
    nss: 3.38 [pfSense]
    nspr: 4.19 [pfSense]
    libnet: 1.1.6_5,1 [pfSense]
    libhtp: 0.5.27 [pfSense]
    jansson: 2.11 [pfSense]
    hyperscan: 4.6.0 [pfSense]
    hiredis: 0.13.3 [pfSense]

Number of packages to be installed: 10

The process will require 32 MiB more space.
6 MiB to be downloaded.
[1/10] Fetching pfSense-pkg-suricata-4.0.13_8.txz: .......... done
[2/10] Fetching suricata-4.0.5.txz: .......... done
[3/10] Fetching libyaml-0.1.6_2.txz: ......... done
[4/10] Fetching nss-3.38.txz: .......... done
[5/10] Fetching nspr-4.19.txz: .......... done
[6/10] Fetching libnet-1.1.6_5,1.txz: .......... done
[7/10] Fetching libhtp-0.5.27.txz: .......... done
[8/10] Fetching jansson-2.11.txz: ..... done
[9/10] Fetching hyperscan-4.6.0.txz: .......... done
[10/10] Fetching hiredis-0.13.3.txz: .......... done
Checking integrity... done (0 conflicting)
[1/10] Installing nspr-4.19...
[1/10] Extracting nspr-4.19: .......... done
[2/10] Installing libyaml-0.1.6_2...
[2/10] Extracting libyaml-0.1.6_2: ......... done
[3/10] Installing nss-3.38...
[3/10] Extracting nss-3.38: .......... done
[4/10] Installing libnet-1.1.6_5,1...
[4/10] Extracting libnet-1.1.6_5,1: .......... done
[5/10] Installing libhtp-0.5.27...
[5/10] Extracting libhtp-0.5.27: .......... done
[6/10] Installing jansson-2.11...
[6/10] Extracting jansson-2.11: .......... done
[7/10] Installing hyperscan-4.6.0...
[7/10] Extracting hyperscan-4.6.0: .......... done
[8/10] Installing hiredis-0.13.3...
[8/10] Extracting hiredis-0.13.3: .......... done
[9/10] Installing suricata-4.0.5...
[9/10] Extracting suricata-4.0.5: .......... done
[10/10] Installing pfSense-pkg-suricata-4.0.13_8...
[10/10] Extracting pfSense-pkg-suricata-4.0.13_8: .......... done
Saving updated package information...
done.
Loading package configuration... done.
Configuring package components...
Loading package instructions...
Custom commands...
Executing custom_php_install_command()...   
  Setting up initial configuration.
  Setting package version in configuration file.
done.
Executing custom_php_resync_config_command()...done.
Menu items... done.
Services... done.
Writing configuration... done.
Message from suricata-4.0.5:

===========================================================================

If you want to run Suricata in IDS mode, add to /etc/rc.conf:

    suricata_enable="YES" 
    suricata_interface="<if>" 

NOTE: Declaring suricata_interface is MANDATORY for Suricata in IDS Mode.

However, if you want to run Suricata in Inline IPS Mode in divert(4) mode,
add to /etc/rc.conf:

    suricata_enable="YES" 
    suricata_divertport="8000" 

NOTE:
    Suricata won't start in IDS mode without an interface configured.
    Therefore if you omit suricata_interface from rc.conf, FreeBSD's
    rc.d/suricata will automatically try to start Suricata in IPS Mode
    (on divert port 8000, by default).

Alternatively, if you want to run Suricata in Inline IPS Mode in high-speed
netmap(4) mode, add to /etc/rc.conf:

    suricata_enable="YES" 
    suricata_netmap="YES" 

NOTE:
    Suricata requires additional interface settings in the configuration
    file to run in netmap(4) mode.

RULES: Suricata IDS/IPS Engine comes without rules by default. You should
add rules by yourself and set an updating strategy. To do so, please visit:

 http://www.openinfosecfoundation.org/documentation/rules.html
 http://www.openinfosecfoundation.org/documentation/emerging-threats.html

You may want to try BPF in zerocopy mode to test performance improvements:

    sysctl -w net.bpf.zerocopy_enable=1

Don't forget to add net.bpf.zerocopy_enable=1 to /etc/sysctl.conf

===========================================================================
>>> Cleaning up cache... done.
Success

Looks good.

#7 Updated by James Dekker over 1 year ago

  • Status changed from Feedback to Resolved

Also available in: Atom PDF