[opnsense 18.1.r1 & suricata 4.0.3] issues with queryInstalledRules.py

[nas7]

Hi.  I couldn't find this issue in the forums so I am reporting here with a possible fix.  I am testing opnsense 18.1.r1 which have suricata 4.0.3.  When using the GUI to check the rules the system reports:

Code Select Expand

configd.py: [53df30fd-d29a-4b39-98f9-3dd8c2171b76] Script action failed with Command '/usr/local/opnsense/scripts/suricata/queryInstalledRules.py /limit '10' /offset '0' /filter '' /sort_by 'sid'' returned non-zero exit status 1

While debugging the issue I found that the queryInstalledRules.py imports update_params from lib.params which doesn't exist.  I patched the code to:

Code Select Expand

import ujson
from lib.rulecache import RuleCache
#from lib.params import update_params

import sys
sys.path.insert(0, "/usr/local/opnsense/site-python")
from params import update_params

which seems to work.

I couldn't find a bug reporter for the 18.1 series so I am posting here the fix so far.

Regards,

nas7

[nas7]

Just found similar error with listAlertLogs.py.  Patched code as:

Code Select Expand

import datetime
from lib import suricata_alert_log
#from lib.log import reverse_log_reader

import sys
sys.path.insert(0, "/usr/local/opnsense/site-python")
from log_helper import reverse_log_reader

Seems to work now also.

[franco]

Hi nas7,

Thank you for your report. Fixed via:

https://github.com/opnsense/core/commit/921b54d4f


Cheers,
Franco