OPNsense Forum

English Forums => Intrusion Detection and Prevention => Topic started by: nas7 on January 13, 2018, 02:58:48 am

Title: [opnsense 18.1.r1 & suricata 4.0.3] issues with queryInstalledRules.py
Post by: nas7 on January 13, 2018, 02:58:48 am

Hi.  I couldn't find this issue in the forums so I am reporting here with a possible fix.  I am testing opnsense 18.1.r1 which have suricata 4.0.3.  When using the GUI to check the rules the system reports:

Code: [Select]

configd.py: [53df30fd-d29a-4b39-98f9-3dd8c2171b76] Script action failed with Command '/usr/local/opnsense/scripts/suricata/queryInstalledRules.py /limit '10' /offset '0' /filter '' /sort_by 'sid'' returned non-zero exit status 1
While debugging the issue I found that the queryInstalledRules.py imports update_params from lib.params which doesn't exist.  I patched the code to:

Code: [Select]

import ujson
from lib.rulecache import RuleCache
#from lib.params import update_params

import sys
sys.path.insert(0, "/usr/local/opnsense/site-python")
from params import update_params
which seems to work.

I couldn't find a bug reporter for the 18.1 series so I am posting here the fix so far.

Regards,

nas7

Title: [opnsense 18.1.r1 & suricata 4.0.3] issues with listAlertLogs.py
Post by: nas7 on January 13, 2018, 03:18:05 am

Just found similar error with listAlertLogs.py.  Patched code as:

Code: [Select]

import datetime
from lib import suricata_alert_log
#from lib.log import reverse_log_reader

import sys
sys.path.insert(0, "/usr/local/opnsense/site-python")
from log_helper import reverse_log_reader
Seems to work now also.

Title: Re: [opnsense 18.1.r1 & suricata 4.0.3] issues with queryInstalledRules.py
Post by: franco on January 13, 2018, 11:12:57 am

Hi nas7,

Thank you for your report. Fixed via:

https://github.com/opnsense/core/commit/921b54d4f


Cheers,
Franco