1
Intrusion Detection and Prevention / Re: Suricata keeps crashing after last update
« on: July 18, 2021, 10:49:00 pm »
anyone here can advise why it keeps crashing when i enable it ?
Show Posts
This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
2
Tutorials and FAQs / Re: LetsEncrypt - Whitelist
« on: July 18, 2021, 10:47:48 pm »
is no need to use the FQDN rules anymores just the IP ?
3
Intrusion Detection and Prevention / Re: Suricata keeps crashing after last update
« on: July 05, 2021, 01:16:51 am »Development Stream?
if you mean if i am running a development firmware no,
is too bad no where here a documentation how to configure this thing.
4
Intrusion Detection and Prevention / Re: Suricata keeps crashing after last update
« on: June 25, 2021, 12:25:17 pm »
Anyone got a idea why is this happening?
the IDS keeps shutting down it self.
the IDS keeps shutting down it self.
5
Intrusion Detection and Prevention / Suricata keeps crashing after last update
« on: June 21, 2021, 01:36:12 am »
Hi guys,
i hope someone can point me to the right directions, ive been using IDS for over 2 years,
last day we updated the box to the 21.1.7 sinds than Suricata keeps crashing with the below log.
it stops the service and have to start it manually
thank you
i hope someone can point me to the right directions, ive been using IDS for over 2 years,
last day we updated the box to the 21.1.7 sinds than Suricata keeps crashing with the below log.
it stops the service and have to start it manually
thank you
Code: [Select]
2021-06-21T01:34:42
suricata[35325]
[100280] <Notice> -- all 2 packet processing threads, 4 management threads initialized, engine started.
2021-06-21T01:34:42
suricata[35325]
[101369] <Notice> -- opened netmap:em0/T from em0: 0x3e8cf080300
2021-06-21T01:34:42
suricata[35325]
[101369] <Notice> -- opened netmap:em0^ from em0^: 0x3e8cf080000
2021-06-21T01:34:42
suricata[35325]
[100225] <Notice> -- opened netmap:em0^ from em0^: 0x3e8ce0af300
2021-06-21T01:34:41
suricata[35325]
[100225] <Notice> -- opened netmap:em0/R from em0: 0x3e8ce0af000
2021-06-21T01:33:42
suricata[35325]
[100280] <Warning> -- [ERRCODE: SC_WARN_FLOWBIT(306)] - flowbit 'ET.vba-jpg-dl' is checked but not set. Checked in 2814992 and 0 other sigs
2021-06-21T01:33:42
suricata[35325]
[100280] <Warning> -- [ERRCODE: SC_WARN_FLOWBIT(306)] - flowbit 'ET.http.binary' is checked but not set. Checked in 2820208 and 0 other sigs
2021-06-21T01:33:42
suricata[35325]
[100280] <Warning> -- [ERRCODE: SC_WARN_FLOWBIT(306)] - flowbit 'ET.HTA.Download' is checked but not set. Checked in 2816701 and 0 other sigs
2021-06-21T01:33:42
suricata[35325]
[100280] <Warning> -- [ERRCODE: SC_WARN_FLOWBIT(306)] - flowbit 'ET.autoit.ua' is checked but not set. Checked in 2019165 and 0 other sigs
2021-06-21T01:33:42
suricata[35325]
[100280] <Warning> -- [ERRCODE: SC_WARN_FLOWBIT(306)] - flowbit 'ETPRO.certutilhttp' is checked but not set. Checked in 2833774 and 0 other sigs
2021-06-21T01:33:42
suricata[35325]
[100280] <Warning> -- [ERRCODE: SC_WARN_FLOWBIT(306)] - flowbit 'et.IE7.NoRef.NoCookie' is checked but not set. Checked in 2023671 and 2 other sigs
2021-06-21T01:33:13
suricata[21102]
[100286] <Notice> -- This is Suricata version 5.0.6 RELEASE running in SYSTEM mode
2021-06-20T03:01:09
suricata[29540]
[100253] <Notice> -- rule reload complete
2021-06-20T03:00:39
suricata[29540]
[100253] <Warning> -- [ERRCODE: SC_WARN_FLOWBIT(306)] - flowbit 'ET.vba-jpg-dl' is checked but not set. Checked in 2814992 and 0 other sigs
2021-06-20T03:00:39
suricata[29540]
[100253] <Warning> -- [ERRCODE: SC_WARN_FLOWBIT(306)] - flowbit 'ET.http.binary' is checked but not set. Checked in 2820208 and 0 other sigs
2021-06-20T03:00:39
suricata[29540]
[100253] <Warning> -- [ERRCODE: SC_WARN_FLOWBIT(306)] - flowbit 'ET.HTA.Download' is checked but not set. Checked in 2816701 and 0 other sigs
2021-06-20T03:00:39
suricata[29540]
[100253] <Warning> -- [ERRCODE: SC_WARN_FLOWBIT(306)] - flowbit 'ET.autoit.ua' is checked but not set. Checked in 2019165 and 0 other sigs
2021-06-20T03:00:39
suricata[29540]
[100253] <Warning> -- [ERRCODE: SC_WARN_FLOWBIT(306)] - flowbit 'ETPRO.certutilhttp' is checked but not set. Checked in 2833774 and 0 other sigs
2021-06-20T03:00:39
suricata[29540]
[100253] <Warning> -- [ERRCODE: SC_WARN_FLOWBIT(306)] - flowbit 'et.IE7.NoRef.NoCookie' is checked but not set. Checked in 2023671 and 2 other sigs
2021-06-20T03:00:08
suricata[29540]
[100253] <Notice> -- rule reload starting
6
21.1 Legacy Series / Re: 21.1.7: Updates tab is hanging
« on: June 18, 2021, 02:28:54 pm »
this the browser related issue. depend on the php
so clear the cache fix it,
i think of a old saved password what causes the browser to hang there.
so clear the cache fix it,
i think of a old saved password what causes the browser to hang there.
7
21.1 Legacy Series / Re: ERR_SSL_PROTOCOL_ERROR GUI
« on: February 01, 2021, 10:56:09 am »
Hi Franco,
this appear to happen when you are using lets encrypt.
i cannot seems to find the cause.
anyway guys the soltuion as next.
if you are locked out and cannot access the webgui, log in with ssh and go to shell
run the below command
if everything is okay youll be able to access the gui.
if you have updated yet and using letsencrypt
go to your leftsencrypt and force your exisiting ssl to renew its should be R3 ssl check screenshot.
i noticed certificates that been assigned during december is the cause.
i have 5 boxes who been broke, the 5 boxes has the ssl of last december after following the guide mentioned above, got it sorted out.
this appear to happen when you are using lets encrypt.
i cannot seems to find the cause.
anyway guys the soltuion as next.
if you are locked out and cannot access the webgui, log in with ssh and go to shell
run the below command
Code: [Select]
configctl webgui restart renewif everything is okay youll be able to access the gui.
if you have updated yet and using letsencrypt
go to your leftsencrypt and force your exisiting ssl to renew its should be R3 ssl check screenshot.
i noticed certificates that been assigned during december is the cause.
i have 5 boxes who been broke, the 5 boxes has the ssl of last december after following the guide mentioned above, got it sorted out.
8
21.1 Legacy Series / ERR_SSL_PROTOCOL_ERROR GUI
« on: January 30, 2021, 01:34:35 am »
Hi guys,
after updating one box I lost access to the gui as to the ssh.
the error keep showing
but it appear it failed to revert to 20.7.6 on 21.1
hope someone has a idea how to restore the gui.
thank you
after updating one box I lost access to the gui as to the ssh.
the error keep showing
Code: [Select]
ERR_SSL_PROTOCOL_ERRORusually It was fixed with this command to reverse back Code: [Select]
opnsense-revert -r 20.7.6 lighttpd && configctl webgui restart but it appear it failed to revert to 20.7.6 on 21.1
hope someone has a idea how to restore the gui.
thank you
9
20.7 Legacy Series / Re: Update 20.7.6 to 20.7.7 Update ERR_SSL_PROTOCOL_ERROR
« on: January 29, 2021, 05:58:17 pm »
Guys I am stuck at 21.1
the gui is gone again
when I try the
anyone got a suggestion to restore the box?
the gui is gone again
when I try the
Code: [Select]
opnsense-revert -r 20.7.6 lighttpd && configctl webgui restart it does fail I guess 20.7.6 won't works with 21.1anyone got a suggestion to restore the box?
10
20.7 Legacy Series / Re: Update 20.7.6 to 20.7.7 Update ERR_SSL_PROTOCOL_ERROR
« on: January 25, 2021, 10:40:37 pm »
is this going to be fixed someday?
after every update i keep getting this error ERR_SSL_PROTOCOL_ERROR and have to restore the
i am at 20.7.8 now but the error still appeared.
after every update i keep getting this error ERR_SSL_PROTOCOL_ERROR and have to restore the
Code: [Select]
opnsense-revert -r 20.7.6 lighttpd && configctl webgui restart
i am at 20.7.8 now but the error still appeared.
11
Intrusion Detection and Prevention / Re: Suricata, LAN and VLAN
« on: January 15, 2021, 10:49:15 pm »For IPS and VLANs, you should enable Promiscuous Mode. I run IPS on my LAN with multiple VLANs, without any issues.
Try enabling that and see if it makes any difference.
I have exact the same problem. Remote users om vlans cannot connect after I enable the ids on the lan.
I cannot run it on LAN neither with promiscuous mode or not . It crashes my connection
I cannnot see why have to run it in the wan as the way already dropping anything not allowed.
12
20.7 Legacy Series / Re: Update 20.7.6 to 20.7.7 Update ERR_SSL_PROTOCOL_ERROR
« on: January 14, 2021, 11:32:15 pm »Then it looks like lighttpd is not going to fix that issue. I can't imagine that this is an issue that can't be fixed from the system (switching cert maybe?). Because it is working for a representative amount of users...
Cheers,
Franco
I just updated both my backup and master, the master runs Let's Encrypt and I had to run:Code: [Select]opnsense-revert -r 20.7.6 lighttpd && configctl webgui restart
This got the GUI working again but on updating lighttpd the error came back.
Is it a case of wait for further update or is there something I can do?
Thanks,
Nick
EDIT: Proper schoolboy error and completely missed the 2nd page ignore me please
I am just curious how to do so if you cannot access the gui
Code: [Select]
Please note that Let's Encrypt users need to reissue their certificates
manually after upgrading to this version to fix the embedded certificate chain
issue with the current signing CA switch going on.
13
20.7 Legacy Series / Re: Update 20.7.6 to 20.7.7 Update ERR_SSL_PROTOCOL_ERROR
« on: January 07, 2021, 12:08:13 pm »Then it looks like lighttpd is not going to fix that issue. I can't imagine that this is an issue that can't be fixed from the system (switching cert maybe?). Because it is working for a representative amount of users...
Cheers,
Franco
for me is working too in some boxes, but most of them are crashed
14
20.7 Legacy Series / Re: Update 20.7.6 to 20.7.7 Update ERR_SSL_PROTOCOL_ERROR
« on: January 05, 2021, 03:01:36 am »
this the fix
the
first run the first command of 20.7.6 and access the gun and run the update from the gui to lighted 1.4.58 the errors appears again.
Code: [Select]
opnsense-revert -r 20.7.6 lighttpd && configctl webgui restartthe
Code: [Select]
opnsense-revert -r 20.7.7 lighttpd && configctl webgui restart is not workingfirst run the first command of 20.7.6 and access the gun and run the update from the gui to lighted 1.4.58 the errors appears again.
15
20.7 Legacy Series / Re: Update 20.7.6 to 20.7.7 Update ERR_SSL_PROTOCOL_ERROR
« on: December 21, 2020, 04:06:00 pm »
did the last update change something on the firewall behaivor?
i noticed our UDP packets (VOIP) are disconnecting after 20 sec. also the web gui is not availble.
i noticed our UDP packets (VOIP) are disconnecting after 20 sec. also the web gui is not availble.