18.1 IDS rules not updating

[MakesSense]

First of all, thank you for a brilliant product. I've been using it for a couple of weeks and I'm very impressed by it. Keep up the good work!

One thing I found though with the new relese 18.1, is that my IDS rules are not updating (as they did with r1 and r2).

[elektroinside]

Confirming. Manual updates looks like don't work. The cron job however looks like updates the rules.

Although there is some activity in the logs for manual updates:

Code: [Select]

Jan 30 08:44:23 configd.py: [445e92fb-c6b3-47fe-b075-9a1b380ce59e] get suricata daemon status
Jan 30 08:44:23 configd.py: [97439034-a58f-4abe-9782-0369281f2184] request installable rules
Jan 30 08:44:23 configd.py: [61b9da38-f1ac-4d56-93e7-fe53c23bd23e] returned exit status 1
Jan 30 08:44:22 configd.py: [61b9da38-f1ac-4d56-93e7-fe53c23bd23e] update and reload intrusion detection rules
Jan 30 08:44:22 configd.py: generate template container OPNsense/IDS
Jan 30 08:44:21 configd.py: [c0d69b33-fcb7-45bf-8a28-aff7d6f7465a] generate template OPNsense/IDS
Jan 30 08:44:16 configd.py: [b02986fa-a9ec-499e-95cf-7ff878de4ed5] request installable rules
Jan 30 08:44:16 configd.py: [8454b92b-da7e-4cf9-bf16-a428f406b609] request installable rules
Jan 30 08:44:14 sshlockout[1370]: sshlockout/webConfigurator v3.0 starting up
Jan 30 08:44:14 configd.py: [8832dd6b-c72a-41ea-954a-1456992fab78] get suricata daemon status
Jan 30 08:44:06 syslogd: kernel boot file is /boot/kernel/kernel


[AdSchellevis]

It looks like an issue with py27-openssl, can you try to revert this package to the previous version using:

Code: [Select]

pkg add -f https://pkg.opnsense.org/FreeBSD:11:amd64/17.7/latest/All/py27-openssl-17.3.0.txz

And retry the update?

[elektroinside]

Yep, this fixed it.

Thank you!

[franco]

Looks like an issue in py27-cryptography instead, which we didn't catch in our image build due to the code freeze. In theory, 18.1.1 will start working again automatically.


Cheers,
Franco

[MakesSense]

It looks like an issue with py27-openssl, can you try to revert this package to the previous version using:

Code: [Select]

pkg add -f https://pkg.opnsense.org/FreeBSD:11:amd64/17.7/latest/All/py27-openssl-17.3.0.txz

And retry the update?

Thanks, this solved it for for my 'ET open' rules.

However my 'abuse.ch' rules and some of my 'Snort' rules are still not updating:-(

[Dzioobasek]

Didnt worked for me

[MakesSense]

I finally got all the rule sets down after a few more go's.

Thanks for the help!

[elektroinside]

The progress of ruleset updates in the UI is a bit awkward, usually, it's a good idea to run the update and then wait a little for the next one

[ChrisW]

I can confirm, that it's not possible to manually download the rules. I had to install a fresh opnsense 18.1 after trying to update via GUI from 17.7.
Then I tryed to download the IPS rules, but nothing happens.

[ChrisW]

I tryed to download/update it via cron job. But that didn't work either.

[MakesSense]

I can confirm, that it's not possible to manually download the rules. I had to install a fresh opnsense 18.1 after trying to update via GUI from 17.7.
Then I tryed to download the IPS rules, but nothing happens.

Did you try the quick fix:

Code: [Select]

pkg add -f https://pkg.opnsense.org/FreeBSD:11:amd64/17.7/latest/All/py27-openssl-17.3.0.txz
Worked for me:-)

[franco]

Please be careful, you need to match your architecture and crypto flavour. The link is for amd64/OpenSSL only.


Cheers,
Franco

[ChrisW]

Yes, it fixed it. THX

[elektroinside]

I'm on LibreSSL.
It fixed it for me as well. But I forgot about this and updated the reverted package, back to 17.5 and of course it isn't working   

py27-openssl   17.5.0   586KiB   APACHE20   Python interface to the OpenSSL library