"
Hello. Can I ask you to add a "push route..." block to the CSO? We provide the default gateway through the VPN, but on some clients, certain subnets need to be routed through their gateway. And of course, I hope that it will be possible to add any possible parameters to the CSO for those who are confident in what they are doing.
This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
Pages1
#2
Intrusion Detection and Prevention / [SOLVED] Suricata 4.1.2 does not block traffic
February 01, 2019, 12:25:51 PM
Hello friends!
I just can not understand what the problem is. Please help, because I do not know what else to do. Suricata version 4.1.2 does not work. When IPS mode is on, I load a test virus. Alerts appear "test virus is blocked." In the log there is a record "[Drop] [1:7999999:1] OPNsense test eicar virus...", but the file is downloaded without problems.
Tried on the integrated I219-LM network card and on the PCIe card with the Intel® 82576EB chipset. And with vlan and without vlan. The result of one. In the logs, everything is fine - dropped, and the virus is perfectly loaded. Maybe I do not understand something? How to diagnose a problem?
In version 4.0.6 everything was fine. Files did not load.
I just can not understand what the problem is. Please help, because I do not know what else to do. Suricata version 4.1.2 does not work. When IPS mode is on, I load a test virus. Alerts appear "test virus is blocked." In the log there is a record "[Drop] [1:7999999:1] OPNsense test eicar virus...", but the file is downloaded without problems.
Tried on the integrated I219-LM network card and on the PCIe card with the Intel® 82576EB chipset. And with vlan and without vlan. The result of one. In the logs, everything is fine - dropped, and the virus is perfectly loaded. Maybe I do not understand something? How to diagnose a problem?
In version 4.0.6 everything was fine. Files did not load.
#3
Web Proxy Filtering and Caching / Squid3 helper ext_kerberos_ldap_group_acl crashed
January 11, 2019, 03:31:36 PM
Hello, Friends!
I use os-web-proxy-useracl and os-web-proxy-sso plugins to create access lists linked on groups of the Windows AD.
At the moment there is a problem. Helper ext_kerberos_ldap_group_acl from the Opnsense repository at work is dumped into the kernel.
...
/usr/local/libexec/squid/ext_kerberos_ldap_group_acl -d -a -m 20 -g Test -D mydomain.ru
...
support_ldap.cc(1128): pid=4848 :2019/01/11 17:00:33| kerberos_ldap_group: DEBUG: Entry 2 "Test" matches group name "Test"
support_ldap.cc(1390): pid=4848 :2019/01/11 17:00:33| kerberos_ldap_group: DEBUG: Unbind ldap server
Segmentation fault (core dumped)
...
(gdb) backtrace
#0 0x000004dc1b2bd68b in ?? () from /lib/libthr.so.3
#1 0x000004dc1b2bc949 in pthread_mutex_lock () from /lib/libthr.so.3
#2 0x000004dc1a69ab42 in k5_cc_mutex_lock ()
from /usr/local/lib/libkrb5.so.3.3
#3 0x000004dc1a6a5308 in ?? () from /usr/local/lib/libkrb5.so.3.3
#4 0x00000123ba3ee641 in krb5_cleanup() ()
#5 0x00000123ba3f2f89 in get_memberof(main_args*, char*, char*, char*) ()
#6 0x00000123ba3ee35b in check_memberof(main_args*, char*, char*) ()
#7 0x00000123ba3eb73b in main ()
(gdb)
...
In order to identify the problem, i installed clear freeBSD 11.1 and make helper from source codes of squid3 version 3.5.28.
Helper worked without problems.
In this regard, the question:
Whether it is possible to ask to update the helper in a repository on assembled from the latest source code?
Sorry for my English, Andrey.
I use os-web-proxy-useracl and os-web-proxy-sso plugins to create access lists linked on groups of the Windows AD.
At the moment there is a problem. Helper ext_kerberos_ldap_group_acl from the Opnsense repository at work is dumped into the kernel.
...
/usr/local/libexec/squid/ext_kerberos_ldap_group_acl -d -a -m 20 -g Test -D mydomain.ru
...
support_ldap.cc(1128): pid=4848 :2019/01/11 17:00:33| kerberos_ldap_group: DEBUG: Entry 2 "Test" matches group name "Test"
support_ldap.cc(1390): pid=4848 :2019/01/11 17:00:33| kerberos_ldap_group: DEBUG: Unbind ldap server
Segmentation fault (core dumped)
...
(gdb) backtrace
#0 0x000004dc1b2bd68b in ?? () from /lib/libthr.so.3
#1 0x000004dc1b2bc949 in pthread_mutex_lock () from /lib/libthr.so.3
#2 0x000004dc1a69ab42 in k5_cc_mutex_lock ()
from /usr/local/lib/libkrb5.so.3.3
#3 0x000004dc1a6a5308 in ?? () from /usr/local/lib/libkrb5.so.3.3
#4 0x00000123ba3ee641 in krb5_cleanup() ()
#5 0x00000123ba3f2f89 in get_memberof(main_args*, char*, char*, char*) ()
#6 0x00000123ba3ee35b in check_memberof(main_args*, char*, char*) ()
#7 0x00000123ba3eb73b in main ()
(gdb)
...
In order to identify the problem, i installed clear freeBSD 11.1 and make helper from source codes of squid3 version 3.5.28.
Helper worked without problems.
In this regard, the question:
Whether it is possible to ask to update the helper in a repository on assembled from the latest source code?
Sorry for my English, Andrey.
Pages1
