18.1 IDS rules not updating

Started by MakesSense, January 30, 2018, 07:28:15 AM

Previous topic - Next topic
First of all, thank you for a brilliant product. I've been using it for a couple of weeks and I'm very impressed by it. Keep up the good work!

One thing I found though with the new relese 18.1, is that my IDS rules are not updating (as they did with r1 and r2).

January 30, 2018, 07:40:49 AM #1 Last Edit: January 30, 2018, 07:56:24 AM by elektroinside
Confirming. Manual updates looks like don't work. The cron job however looks like updates the rules.

Although there is some activity in the logs for manual updates:


Jan 30 08:44:23 configd.py: [445e92fb-c6b3-47fe-b075-9a1b380ce59e] get suricata daemon status
Jan 30 08:44:23 configd.py: [97439034-a58f-4abe-9782-0369281f2184] request installable rules
Jan 30 08:44:23 configd.py: [61b9da38-f1ac-4d56-93e7-fe53c23bd23e] returned exit status 1
Jan 30 08:44:22 configd.py: [61b9da38-f1ac-4d56-93e7-fe53c23bd23e] update and reload intrusion detection rules
Jan 30 08:44:22 configd.py: generate template container OPNsense/IDS
Jan 30 08:44:21 configd.py: [c0d69b33-fcb7-45bf-8a28-aff7d6f7465a] generate template OPNsense/IDS
Jan 30 08:44:16 configd.py: [b02986fa-a9ec-499e-95cf-7ff878de4ed5] request installable rules
Jan 30 08:44:16 configd.py: [8454b92b-da7e-4cf9-bf16-a428f406b609] request installable rules
Jan 30 08:44:14 sshlockout[1370]: sshlockout/webConfigurator v3.0 starting up
Jan 30 08:44:14 configd.py: [8832dd6b-c72a-41ea-954a-1456992fab78] get suricata daemon status
Jan 30 08:44:06 syslogd: kernel boot file is /boot/kernel/kernel
OPNsense v18 | HW: Gigabyte Z370N-WIFI, i3-8100, 8GB RAM, 60GB SSD, | Controllers: 82575GB-quad, 82574, I221, I219-V | PPPoE: RDS Romania | Down: 980Mbit/s | Up: 500Mbit/s

Team Rebellion Member

It looks like an issue with py27-openssl, can you try to revert this package to the previous version using:

pkg add -f https://pkg.opnsense.org/FreeBSD:11:amd64/17.7/latest/All/py27-openssl-17.3.0.txz


And retry the update?

Yep, this fixed it.

Thank you!
OPNsense v18 | HW: Gigabyte Z370N-WIFI, i3-8100, 8GB RAM, 60GB SSD, | Controllers: 82575GB-quad, 82574, I221, I219-V | PPPoE: RDS Romania | Down: 980Mbit/s | Up: 500Mbit/s

Team Rebellion Member

Looks like an issue in py27-cryptography instead, which we didn't catch in our image build due to the code freeze. In theory, 18.1.1 will start working again automatically.


Cheers,
Franco

Quote from: AdSchellevis on January 30, 2018, 08:55:25 AM
It looks like an issue with py27-openssl, can you try to revert this package to the previous version using:

pkg add -f https://pkg.opnsense.org/FreeBSD:11:amd64/17.7/latest/All/py27-openssl-17.3.0.txz


And retry the update?

Thanks, this solved it for for my 'ET open' rules.

However my 'abuse.ch' rules and some of my 'Snort' rules are still not updating:-(


January 30, 2018, 10:52:21 AM #7 Last Edit: January 30, 2018, 11:18:39 AM by MakesSense
I finally got all the rule sets down after a few more go's.

Thanks for the help!

The progress of ruleset updates in the UI is a bit awkward, usually, it's a good idea to run the update and then wait a little for the next one :)
OPNsense v18 | HW: Gigabyte Z370N-WIFI, i3-8100, 8GB RAM, 60GB SSD, | Controllers: 82575GB-quad, 82574, I221, I219-V | PPPoE: RDS Romania | Down: 980Mbit/s | Up: 500Mbit/s

Team Rebellion Member

I can confirm, that it's not possible to manually download the rules. I had to install a fresh opnsense 18.1 after trying to update via GUI from 17.7.
Then I tryed to download the IPS rules, but nothing happens.

I tryed to download/update it via cron job. But that didn't work either.

January 31, 2018, 04:03:20 PM #11 Last Edit: January 31, 2018, 04:07:56 PM by MakesSense
Quote from: ChrisW on January 31, 2018, 04:00:50 PM
I can confirm, that it's not possible to manually download the rules. I had to install a fresh opnsense 18.1 after trying to update via GUI from 17.7.
Then I tryed to download the IPS rules, but nothing happens.

Did you try the quick fix:

pkg add -f https://pkg.opnsense.org/FreeBSD:11:amd64/17.7/latest/All/py27-openssl-17.3.0.txz

Worked for me:-)

Please be careful, you need to match your architecture and crypto flavour. The link is for amd64/OpenSSL only.


Cheers,
Franco


I'm on LibreSSL.
It fixed it for me as well. But I forgot about this and updated the reverted package, back to 17.5 and of course it isn't working   ::)

py27-openssl   17.5.0   586KiB   APACHE20   Python interface to the OpenSSL library
OPNsense v18 | HW: Gigabyte Z370N-WIFI, i3-8100, 8GB RAM, 60GB SSD, | Controllers: 82575GB-quad, 82574, I221, I219-V | PPPoE: RDS Romania | Down: 980Mbit/s | Up: 500Mbit/s

Team Rebellion Member