IDS/IPS Plugins - Snort Rules PT Research Rules not loaded config reinstall

Started by Noctur, February 08, 2018, 04:51:02 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
February 08, 2018, 04:51:02 PM Last Edit: February 08, 2018, 04:53:24 PM by Noctur
In my upgrade from 17.1.12_1 to 18.1.1 I used a backup config file to reinstall my settings. In those settings I had the Snort/VRT rules tagged and had my ID and rules version file input.

On inspection, I noted the packages for Snort VRT and PT Research rulesets were not checked in the packages. Checking the IDS rules, they were not present.

After installing the packages my Snort user ID and rules file version were present. I was able to download and install those rules.

It looks like restoring a prior config is not capturing the all of the installed packages.
overkill: Dell SFF i5, 16gb, 120gb SSD, 4x gb NICs
OPNsense 21.1.x
February 12, 2018, 06:31:00 PM #1
There is an open ticket for remembering plugins, but besides mentioning it we can't do more. Auto-installing plugins is risky and crosses a barrier to always invoke user-interaction before doing something. And that is assuming a connection is up and running....

https://github.com/opnsense/core/issues/1663


Cheers,
Franco
Print
Go Up Pages1
User actions