First of all, thank you for a brilliant product. I've been using it for a couple of weeks and I'm very impressed by it. Keep up the good work!
One thing I found though with the new relese 18.1, is that my IDS rules are not updating (as they did with r1 and r2).
Confirming. Manual updates looks like don't work. The cron job however looks like updates the rules.
Although there is some activity in the logs for manual updates:
Jan 30 08:44:23 configd.py: [445e92fb-c6b3-47fe-b075-9a1b380ce59e] get suricata daemon status
Jan 30 08:44:23 configd.py: [97439034-a58f-4abe-9782-0369281f2184] request installable rules
Jan 30 08:44:23 configd.py: [61b9da38-f1ac-4d56-93e7-fe53c23bd23e] returned exit status 1
Jan 30 08:44:22 configd.py: [61b9da38-f1ac-4d56-93e7-fe53c23bd23e] update and reload intrusion detection rules
Jan 30 08:44:22 configd.py: generate template container OPNsense/IDS
Jan 30 08:44:21 configd.py: [c0d69b33-fcb7-45bf-8a28-aff7d6f7465a] generate template OPNsense/IDS
Jan 30 08:44:16 configd.py: [b02986fa-a9ec-499e-95cf-7ff878de4ed5] request installable rules
Jan 30 08:44:16 configd.py: [8454b92b-da7e-4cf9-bf16-a428f406b609] request installable rules
Jan 30 08:44:14 sshlockout[1370]: sshlockout/webConfigurator v3.0 starting up
Jan 30 08:44:14 configd.py: [8832dd6b-c72a-41ea-954a-1456992fab78] get suricata daemon status
Jan 30 08:44:06 syslogd: kernel boot file is /boot/kernel/kernel
It looks like an issue with py27-openssl, can you try to revert this package to the previous version using:
pkg add -f https://pkg.opnsense.org/FreeBSD:11:amd64/17.7/latest/All/py27-openssl-17.3.0.txz
And retry the update?
Yep, this fixed it.
Thank you!
Looks like an issue in py27-cryptography instead, which we didn't catch in our image build due to the code freeze. In theory, 18.1.1 will start working again automatically.
Cheers,
Franco
Quote from: AdSchellevis on January 30, 2018, 08:55:25 AM
It looks like an issue with py27-openssl, can you try to revert this package to the previous version using:
pkg add -f https://pkg.opnsense.org/FreeBSD:11:amd64/17.7/latest/All/py27-openssl-17.3.0.txz
And retry the update?
Thanks, this solved it for for my 'ET open' rules.
However my 'abuse.ch' rules and some of my 'Snort' rules are still not updating:-(
Didnt worked for me :(
I finally got all the rule sets down after a few more go's.
Thanks for the help!
The progress of ruleset updates in the UI is a bit awkward, usually, it's a good idea to run the update and then wait a little for the next one :)
I can confirm, that it's not possible to manually download the rules. I had to install a fresh opnsense 18.1 after trying to update via GUI from 17.7.
Then I tryed to download the IPS rules, but nothing happens.
I tryed to download/update it via cron job. But that didn't work either.
Quote from: ChrisW on January 31, 2018, 04:00:50 PM
I can confirm, that it's not possible to manually download the rules. I had to install a fresh opnsense 18.1 after trying to update via GUI from 17.7.
Then I tryed to download the IPS rules, but nothing happens.
Did you try the quick fix:
pkg add -f https://pkg.opnsense.org/FreeBSD:11:amd64/17.7/latest/All/py27-openssl-17.3.0.txzWorked for me:-)
Please be careful, you need to match your architecture and crypto flavour. The link is for amd64/OpenSSL only.
Cheers,
Franco
Yes, it fixed it. THX
I'm on LibreSSL.
It fixed it for me as well. But I forgot about this and updated the reverted package, back to 17.5 and of course it isn't working ::)
py27-openssl 17.5.0 586KiB APACHE20 Python interface to the OpenSSL library
Hey, can you try this instead? This is the amd64/LibreSSL package for the real bug...
# pkg add -f https://pkg.opnsense.org/FreeBSD:11:amd64/snapshots/libressl/All/py27-cryptography-2.1.4.txz
Cheers,
Franco
Brilliant, working!
Thank you Franco!
Okay, perfect. 8)