Project

General

Profile

Bug #8829

Keep settings checkbox under Global Settings does not behave as expected

Added by James Dekker about 1 year ago. Updated about 1 year ago.

Status:
Resolved
Priority:
Normal-package
Assignee:
-
Category:
Snort
Target version:
Start date:
08/24/2018
Due date:
% Done:

0%

Estimated time:
Affected Version:
Affected Architecture:

Description

On 2.4.4.a.20180824.0955, install Snort, visit Services > Snort. Go to the Global Settings tab, enable some rulesets, go to the bottom uncheck Keep settings and click Save. Go to Interfaces tab and add an interface and click Save.

Then go to System > Packages and remove the Snort package. Once removed, go to Available Packages and reinstall it.

Visit Services > Snort and notice the Interface is still there, go to Global Settings and notice that the same rulesets are enabled, along with the Keep Settings checkbox being unchecked.

History

#1 Updated by Steve Beaver about 1 year ago

  • Priority changed from Normal to Normal-package

#2 Updated by Anonymous about 1 year ago

  • Status changed from New to Feedback
  • Assignee set to Anonymous

This should now work as expected. c5d12ed2814f7ed5c002fb71fae6d992708bc4f9
Snort version 3.2.9.7_2

#3 Updated by James Dekker about 1 year ago

On version 3.2.9.7_2, installed suricata, configured some settings, unchecked the Keep settings checkbox, uninstalled the package and received the following output:

>>> Removing pfSense-pkg-snort... 
Checking integrity... done (0 conflicting)
Deinstallation has been requested for the following 1 packages (of 0 packages in the universe):

Installed packages to be REMOVED:
    pfSense-pkg-snort-3.2.9.7_2

Number of packages to be removed: 1
[1/1] Deinstalling pfSense-pkg-snort-3.2.9.7_2...
Removing snort components...
Menu items... done.
Services... done.
Loading package instructions...
[1/1] Deleting files for pfSense-pkg-snort-3.2.9.7_2: .........
pfSense-pkg-snort-3.2.9.7_2: missing file /var/db/snort/sidmods/disablesid-sample.conf
[1/1] Deleting files for pfSense-pkg-snort-3.2.9.7_2...
pfSense-pkg-snort-3.2.9.7_2: missing file /var/db/snort/sidmods/enablesid-sample.conf
[1/1] Deleting files for pfSense-pkg-snort-3.2.9.7_2...
pfSense-pkg-snort-3.2.9.7_2: missing file /var/db/snort/sidmods/modifysid-sample.conf
[1/1] Deleting files for pfSense-pkg-snort-3.2.9.7_2... done
Removing snort components...
Configuration... done.
pkg-static: unlinkat(var/db/snort/sidmods): No such file or directory
pkg-static: unlinkat(var/db/snort): No such file or directory
>>> Removing stale packages... done.
Success

Upon reinstalling the package, the output looked normal, no unusual messages and the settings in the package are not kept from the previous install.

#4 Updated by Steve Beaver about 1 year ago

  • Status changed from Feedback to Resolved

#5 Updated by James Dekker about 1 year ago

On a fresh install of 2.4.4.a.20180830.1356, when snort 3.2.9.7_2 is installed the output is :

>>> Installing pfSense-pkg-snort... 
Updating pfSense-core repository catalogue...
pfSense-core repository is up to date.
Updating pfSense repository catalogue...
pfSense repository is up to date.
All repositories are up to date.
The following 9 package(s) will be affected (of 0 checked):

New packages to be INSTALLED:
    pfSense-pkg-snort: 3.2.9.7_2 [pfSense]
    snort: 2.9.11.1_2 [pfSense]
    barnyard2: 1.13_1 [pfSense]
    broccoli: 1.97,1 [pfSense]
    GeoIP: 1.6.12 [pfSense]
    libpcap: 1.8.1 [pfSense]
    mysql56-client: 5.6.41 [pfSense]
    libdnet: 1.12_1 [pfSense]
    daq: 2.2.2 [pfSense]

Number of packages to be installed: 9

The process will require 49 MiB more space.
4 MiB to be downloaded.
[1/9] Fetching pfSense-pkg-snort-3.2.9.7_2.txz: .......... done
[2/9] Fetching snort-2.9.11.1_2.txz: .......... done
[3/9] Fetching barnyard2-1.13_1.txz: .......... done
[4/9] Fetching broccoli-1.97,1.txz: .......... done
[5/9] Fetching GeoIP-1.6.12.txz: .......... done
[6/9] Fetching libpcap-1.8.1.txz: .......... done
[7/9] Fetching mysql56-client-5.6.41.txz: .......... done
[8/9] Fetching libdnet-1.12_1.txz: ........ done
[9/9] Fetching daq-2.2.2.txz: .......... done
Checking integrity... done (0 conflicting)
[1/9] Installing GeoIP-1.6.12...
[1/9] Extracting GeoIP-1.6.12: .......... done
[2/9] Installing broccoli-1.97,1...
[2/9] Extracting broccoli-1.97,1: .......... done
[3/9] Installing libpcap-1.8.1...
[3/9] Extracting libpcap-1.8.1: .......... done
[4/9] Installing mysql56-client-5.6.41...
[4/9] Extracting mysql56-client-5.6.41: .......... done
[5/9] Installing libdnet-1.12_1...
[5/9] Extracting libdnet-1.12_1: .......... done
[6/9] Installing barnyard2-1.13_1...
[6/9] Extracting barnyard2-1.13_1: ...... done
[7/9] Installing daq-2.2.2...
[7/9] Extracting daq-2.2.2: .......... done
[8/9] Installing snort-2.9.11.1_2...
[8/9] Extracting snort-2.9.11.1_2: .......... done
[9/9] Installing pfSense-pkg-snort-3.2.9.7_2...
[9/9] Extracting pfSense-pkg-snort-3.2.9.7_2: .......... done
Saving updated package information...
done.
Loading package configuration... done.
Configuring package components...
Loading package instructions...
Custom commands...
Executing custom_php_install_command()...done.
Executing custom_php_resync_config_command()...done.
Menu items... done.
Services... done.
Writing configuration... done.
Please visit Services - Snort - Interfaces tab first and select your desired rules. Afterwards visit the Updates tab to download your configured rulesets.Message from GeoIP-1.6.12:

GeoIP does not ship with the actual data files. You must download
them yourself! To obtain the free database, run:
# /usr/local/bin/geoipupdate.sh
Message from mysql56-client-5.6.41:

* * * * * * * * * * * * * * * * * * * * * * * *

Please be aware the database client is vulnerable
to CVE-2015-3152 - SSL Downgrade aka "BACKRONYM".
You may find more information at the following URL:

http://www.vuxml.org/freebsd/36bd352d-299b-11e5-86ff-14dae9d210b8.html

Although this database client is not listed as
"affected", it is vulnerable and will not be
receiving a patch. Please take note of this when
deploying this software.

* * * * * * * * * * * * * * * * * * * * * * * *
Message from barnyard2-1.13_1:

Read the notes in the barnyard2.conf file for how to configure
/usr/local/etc/barnyard2.conf after installation.  For addtional information
see the Securixlive FAQ at http://www.securixlive.com/barnyard2/faq.php.

In order to enable barnyard2 to start on boot, you must edit /etc/rc.conf
with the appropriate flags, etc.  See the FreeBSD Handbook for syntax:
http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/configtuning-rcng.html

For the various options available, type % barnyard2 -h after install or read
the options in the startup script - in /usr/local/etc/rc.d.

Barnyard2 can process unified2 files from snort or suricata.  It can also
interact with snortsam firewall rules as well as the sguil-sensor. Those
ports must be installed separately if you wish to use them.

************************************************************************
Message from snort-2.9.11.1_2:

=========================================================================
Snort uses rcNG startup script and must be enabled via /etc/rc.conf
Please see /usr/local/etc/rc.d/snort
for list of available variables and their description.
Configuration files are located in /usr/local/etc/snort directory.

Please note that, by default, snort will truncate packets larger than the
default snaplen of 15158 bytes.  Additionally, LRO may cause issues with
Stream5 target-based reassembly.  It is recommended to disable LRO, if
your card supports it.

This can be done by appending '-lro' to your ifconfig_ line in rc.conf.
=========================================================================
Message from pfSense-pkg-snort-3.2.9.7_2:

Please visit Services - Snort - Interfaces tab first to add an interface, then select your desired rules packages at the Services - Snort - Global tab. Afterwards visit the Updates tab to download your configured rulesets.
>>> Cleaning up cache... done.
Success

Looks good.

Also available in: Atom PDF