Discussions about packages whose functions are Intrusion Detection and Intrusion Prevention such as snort, suricata, etc.
1019
Topics
6196
Posts
@siil-it
So the Snort SO rules are the only ones that don't survive the SAVE operation? Do you have the latest Snort package version? That would be 3.2.9.7_2 if my memory serves me correctly.
Might be a bug in the GUI code. Several changes have had to be made to the GUI source code in order to accomodate the move to PHP 7.2 in pfSense.
Hello,
I have 8GB RAM installed and 4GB of Swap Area. 61% of RAM is used at the moment. My installed packages are Cron, freeradius3, nmap, ntopng, pfBlockerNG, Service_Watchdog, Status_Traffic_Totals. After restarting pfsense, RAM usage is 11% of 8GB. If I don't do anything, this usage is going okay for weeks. But for example if I change pfsense theme or restart whatever service, ram usage is increasing high, ok it is understandable. But after service restart is finished, ram usage doesn't discrease to previous number, it is still high.
Another situation is that in Diagnostics / System Activity, Swap Memory is shown 8GB instead of actual 4GB.
@grimson I already saw that post and it doesn't seem to apply. That related to something not being logged at all and if I read it correctly, the devel version allows additional logging for 'https' sites. In my case it is being logged under the alerts tab, it just shows 'no match' where the list name would normally be. And I tried non-https with the same issue before I posted. This just happened today somehow since facebook url was working this morning.
@nogbadthebad The best solution I have found is using a site like https://github.com/StevenBlack/hosts and making a dnsbl rule it works better for me then shallalist and less resources.
@kaeny123 said in NUT package:
Well, other than the blatant condescending tone, I understand what you mean. I was being modest when I said I was new to this. And it turns out my issue wasn't computer knowledge related. I should've checked the forum topic first, this just came as a result of googling.
Thank you for your replies, they were very helpful :)
Dial it back son. You asked me to explain so you could avoide the same mistake in the future, and I did. Computer awareness meant understanding the difference between CentOS and a firewall distribution based on FreeBSD. This was not indented to be condescending.
squid guard not deduct most of Https website like youtube/facebook and other https secure site. so you need to block these all site from Firewall Rules with IP cidr
It was never available as a pfSense package.
I see where some people manually compiled and installed it, but it was not an official package built for pfSense.
@bmeeks I went ahead and deleted the snort package completely (saved settings though) and then installed latest package. Everything seems to be running smoothly now, but I have to wonder why this problem is only happening with snort updates and consistently. I'll see what happens with the next update unless you have some other advice.
Hi @saveriozagaria - thanks for reporting.
I believe you are describing the fact that FauxAPI is not yet part of the pfSense plugins and as such it gets flagged with a ! mark which when you hover across it gives a message "Package is installed, but is not available on remote repository"
This is warning message unlikely to change until the pfSense (Netgate) team are able to find time to review and accept the fauxapi into their repo - I resubmitted a Pull Request back in July 2018:-
https://github.com/pfsense/FreeBSD-ports/pull/531
Because I am here, a few things to mention:-
there was also a new point release (1.3.2) last week to address an issue with non-standard ports
the package passes all tests etc and has been tested up to 2.4.3-RELEASE-p1
some nice new Python example code managing user and groups available
https://github.com/ndejong/pfsense_fauxapi/tree/master/extras/examples
@wickeren said in Freeradius with LDAP backend and 802.1x:
Have set Active Directory Compatibility in the Freeradius LDAP settings and played around with the EAP settings. For now the default is PEAP, in the EAP-PEAP section the default is MSCHAPv2 and Copy Request to Tunnel is set to Yes. According to some info I have found this should be OK, but in my case it isn’t however. Still think it must be something there, but can’t figure it out yet.
Hi , I tried to configure free-radius on Pfsense (authentication via ldap or Kerberos) , i have AD 2008 .
can you share your configuration please
Hi,
Softflowd traffic is sending to the collector based on the pfSense routing table.
In your case, I suppose you have got a static route to join the collector through OpenVPN1 interface. So, it's OpenVPN1 the source interface.
@kramtw No, not the right thread because I 'm not using Captive Portal. It's only about Freeradius with accounting in mysql but not authentication in mysql.
Even if they were encrypted before being put in there, they are still in plain text in config.xml. If you don't like that, set the user password to MD5-Password and put the hash in and not the actual password in FreeRADIUS.
Keeping them plaintext but encrypting/hashing them in the users file would be pointless.
Open a ssh shell.
Goto /var/log.
Stop tinc in the gui.
Save tinc.log somewhere, just in case.
Do clog -i -s 511488 tinc.log #This makes a new bigger, blank, circular log file.
Restart tinc in the gui
In the gui Status -> Services restart syslogd
Profit.
For further investigation, find out how to fix this in the installation.
