Messages

1

Intrusion Detection and Prevention / Re: Suricata 4.1.2 does not block traffic

« on: February 04, 2019, 07:37:44 am »

Also, for some reason, disappeared list with action setting (drop/alert) in "Alert info" window. It is not comfortable. Nobody knows how to return?

2

Intrusion Detection and Prevention / Re: Suricata 4.1.2 does not block traffic

« on: February 04, 2019, 07:03:33 am »

I managed to succesfully install GeoIP and Suricata 4.0.5 on OPNsense 19.1

Hello!
Tell me how to install suricata 4.0.5 in opnsense 19.1?
Best Regards/

3

Intrusion Detection and Prevention / [SOLVED] Suricata 4.1.2 does not block traffic

« on: February 01, 2019, 12:25:51 pm »

Hello friends!
I just can not understand what the problem is. Please help, because I do not know what else to do. Suricata  version 4.1.2 does not work. When IPS mode is on, I load a test virus. Alerts appear "test virus is blocked." In the log there is a record "[Drop] [1:7999999:1] OPNsense test eicar virus...", but the file is downloaded without problems.
Tried on the integrated I219-LM network card and on the PCIe card with the Intel® 82576EB chipset. And with vlan and without vlan. The result of one. In the logs, everything is fine - dropped, and the virus is perfectly loaded. Maybe I do not understand something? How to diagnose a problem?
In version 4.0.6 everything was fine. Files did not load.

4

Web Proxy Filtering and Caching / Re: Squid3 helper ext_kerberos_ldap_group_acl crashed

« on: January 14, 2019, 12:09:58 pm »

Hi guys!
Tell me one more question:
Plugin os-web-proxy-sso ignores System -> Servers -> LDAP settings, such as Auth Container and Extendet Query &(memberOf...).
That is, the access tester does not authorize users who are not suitable for Auth Container and Extendet Query filters, and os-web-proxy-sso plugin authorizes all domain users. Is this normal behavior?

5

Web Proxy Filtering and Caching / Re: Squid3 helper ext_kerberos_ldap_group_acl crashed

« on: January 14, 2019, 07:02:49 am »

Ok, Thanks, we'll wait.

6

Web Proxy Filtering and Caching / Squid3 helper ext_kerberos_ldap_group_acl crashed

« on: January 11, 2019, 03:31:36 pm »

Hello, Friends!
I use os-web-proxy-useracl and os-web-proxy-sso plugins to create access lists linked on groups of the Windows AD.
At the moment there is a problem. Helper ext_kerberos_ldap_group_acl from the Opnsense repository at work is dumped into the kernel.
...
/usr/local/libexec/squid/ext_kerberos_ldap_group_acl -d -a -m 20 -g Test -D mydomain.ru
...
support_ldap.cc(1128): pid=4848 :2019/01/11 17:00:33| kerberos_ldap_group: DEBUG: Entry 2 "Test" matches group name "Test"
support_ldap.cc(1390): pid=4848 :2019/01/11 17:00:33| kerberos_ldap_group: DEBUG: Unbind ldap server
Segmentation fault (core dumped)
...
(gdb) backtrace
#0  0x000004dc1b2bd68b in ?? () from /lib/libthr.so.3
#1  0x000004dc1b2bc949 in pthread_mutex_lock () from /lib/libthr.so.3
#2  0x000004dc1a69ab42 in k5_cc_mutex_lock ()
   from /usr/local/lib/libkrb5.so.3.3
#3  0x000004dc1a6a5308 in ?? () from /usr/local/lib/libkrb5.so.3.3
#4  0x00000123ba3ee641 in krb5_cleanup() ()
#5  0x00000123ba3f2f89 in get_memberof(main_args*, char*, char*, char*) ()
#6  0x00000123ba3ee35b in check_memberof(main_args*, char*, char*) ()
#7  0x00000123ba3eb73b in main ()
(gdb)
...
In order to identify the problem, i installed clear freeBSD 11.1 and make helper from source codes of squid3 version 3.5.28.
Helper worked without problems.
In this regard, the question:
Whether it is possible to ask to update the helper in a repository on assembled from the latest source code?
Sorry for my English, Andrey.

7

Russian - Русский / Re: Group and Users - валит squid

« on: December 25, 2018, 04:44:05 pm »

Привет!
Не нашлось решение?
Сегодня понаблюдал, что происходит. Позапускал отдельно ext_kerberos_ldap_group_acl
Происходит следующее: как только начинается рекурсивный поиск в LDAP, процесс ext_kerberos_ldap_g начинает бешено жрать память, и продолжает даже после того, как поиск завершен. После того, как память успешно выжирается, система глушит его (Segmentation fault) и привет семье.
Такое ощущение, что он по рекурсии зацикливается. Завтра еще попробую покопать...

8

Web Proxy Filtering and Caching / Re: Squid, lightsquid and logrotate

« on: August 28, 2018, 10:52:04 am »

Hello!
I also set the sarg to the Opnsense server. But did not integrate into it.
The configuration is done by changing the /usr/local/etc/sarg.conf file
Made changes for authorization in the file /usr/local/etc/inc/plugins.inc.d/webgui.inc
1. Added "mod_auth" to the server.modules
2. Added the line $lighty_config = "include \"/usr/local/etc/lighttpd/conf.d/auth.conf\"\n"
3. Specified the authorization parameters in the file /usr/local/etc/lighttpd/conf.d/auth.conf
~~~~~~
auth.backend                 = "plain"
auth.backend.plain.userfile  = "/usr/local/etc/lighttpd/lighttpd.user"

auth.require               = ( "/squid-reports/" =>
                               (
                                 "method"  => "basic",
                                 "realm"   => "Sarg Authentication",
                                 "require" => "user=browser"
                               ),
                             )
~~~~~~~~
If you can, write down your steps.

9

Web Proxy Filtering and Caching / Re: Squid, lightsquid and logrotate

« on: August 17, 2018, 01:59:55 pm »

... I'll post a step by step integration process of the software inside OPNSense...

Hi Michele,
You have everything worked out? Can describe the process?

Andrew