• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

2.7.0-DEVELOPMENT can't install snort without these errors

CE 2.7.0 Development Snapshots (Retired)
4
8
1.0k
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • N
    nhscan
    last edited by Nov 2, 2022, 2:04 AM

    This has started a few weeks ago a few updates back where it won't install snort even on a clean system for me. Fresh install I still get errors then eventually the second or third time around I get the message below. What is going on I never had this problem. If I do what it tells me in the message down below it will install snort but then it breaks the web interface of the entire router. I can't be the only one because I can install this on three different machines and end up in the same place I am now.

    2.7.0-DEVELOPMENT (amd64)
    built on Tue Nov 01 06:05:17 UTC 2022
    FreeBSD 14.0-CURRENT

    Installing pfSense-pkg-snort...
    Updating pfSense-core repository catalogue...
    pfSense-core repository is up to date.
    Updating pfSense repository catalogue...
    pfSense repository is up to date.
    All repositories are up to date.
    Checking integrity... done (2 conflicting)

    • luajit-devel-2.1.0.20221004_1 [pfSense] conflicts with luajit-openresty-2.1.20220915 [installed] on /usr/local/bin/luajit
    • luajit-devel-2.1.0.20221004_1 [pfSense] conflicts with luajit-openresty-2.1.20220915 [pfSense] on /usr/local/bin/luajit
      Checking integrity... done (0 conflicting)
      The following 11 package(s) will be affected (of 0 checked):

    Installed packages to be REMOVED:
    lua-resty-core: 0.1.23
    lua-resty-lrucache: 0.13
    luajit-openresty: 2.1.20220915
    nginx: 1.22.0_9,3
    pfSense: 2.7.0.a.20221101.0600

    New packages to be INSTALLED:
    daq: 2.2.2_3 [pfSense]
    libdnet: 1.13_3 [pfSense]
    libpcap: 1.10.1_2 [pfSense]
    luajit-devel: 2.1.0.20221004_1 [pfSense]
    pfSense-pkg-snort: 4.1.6_1 [pfSense]
    snort: 2.9.20_1 [pfSense]

    Number of packages to be removed: 5
    Number of packages to be installed: 6

    The process will require 3 MiB more space.
    pkg-static: Cannot delete vital package: pfSense!
    pkg-static: If you are sure you want to remove pfSense,
    pkg-static: unset the 'vital' flag with: pkg set -v 0 pfSense
    Failed

    R 1 Reply Last reply Nov 2, 2022, 2:22 AM Reply Quote 0
    • R rcoleman-netgate moved this topic from General pfSense Questions on Nov 2, 2022, 2:22 AM
    • R
      rcoleman-netgate Netgate @nhscan
      last edited by Nov 2, 2022, 2:22 AM

      @nhscan Please keep Development release issues to the Development topic. I have moved this post for you.

      Thanks!

      Ryan
      Repeat, after me: MESH IS THE DEVIL! MESH IS THE DEVIL!
      Requesting firmware for your Netgate device? https://go.netgate.com
      Switching: Mikrotik, Netgear, Extreme
      Wireless: Aruba, Ubiquiti

      1 Reply Last reply Reply Quote 1
      • B
        bmeeks
        last edited by bmeeks Nov 2, 2022, 2:23 PM Nov 2, 2022, 2:08 PM

        I was able to verify this. Will need to work with the Netgate binary repo team to see how to correct it. Definitely related to some inter-package dependencies.

        Edit: I've opened a Redmine Issue asking for some assistance from the Netgate team: https://redmine.pfsense.org/issues/13623.

        1 Reply Last reply Reply Quote 0
        • B
          bmeeks
          last edited by Nov 5, 2022, 5:21 PM

          I found the changes in FreeBSD upstream that caused this error, and I've found a potential solution, but I've asked the Netgate developer team for input to get their opinion on the "best way" to correct the problem. There may be a better method than the one I am proposing, so stay tuned.

          I updated the Redmine Issue here: https://redmine.pfsense.org/issues/13623.

          W 1 Reply Last reply Nov 23, 2022, 4:43 PM Reply Quote 2
          • W
            w0w @bmeeks
            last edited by Nov 23, 2022, 4:43 PM

            @bmeeks
            I am not sure is it the same on the 2.7, but on the Plus version made on 23 nov snapshot (23.01) we have a little bit different issue now. Snort installs and removes ngnix and pfSense packages. Everything looks fine until you have to reboot the router, after reboot you will have only console access. The workaround will be issuing command under option 8. 'pkg install pfsense'

            >>> Installing pfSense-pkg-snort... 
Updating pfSense-core repository catalogue...
pfSense-core repository is up to date.
Updating pfSense repository catalogue...
pfSense repository is up to date.
All repositories are up to date.
Checking integrity... done (2 conflicting)
  - luajit-devel-2.1.0.20221004_1 [pfSense] conflicts with luajit-openresty-2.1.20220915 [installed] on /usr/local/bin/luajit
  - luajit-devel-2.1.0.20221004_1 [pfSense] conflicts with luajit-openresty-2.1.20220915 [pfSense] on /usr/local/bin/luajit
Checking integrity... done (0 conflicting)
The following 12 package(s) will be affected (of 0 checked):

Installed packages to be REMOVED:
	lua-resty-core: 0.1.23
	lua-resty-lrucache: 0.13
	luajit-openresty: 2.1.20220915
	nginx: 1.22.0_9,3
	pfSense: 23.01.a.20221123.0600

New packages to be INSTALLED:
	daq: 2.2.2_3 [pfSense]
	libdnet: 1.13_3 [pfSense]
	libpcap: 1.10.1_2 [pfSense]
	luajit-devel: 2.1.0.20221004_1 [pfSense]
	pfSense-pkg-snort: 4.1.6_1 [pfSense]
	snort: 2.9.20_1 [pfSense]

Installed packages to be REINSTALLED:
	pkg-1.18.4_3 [pfSense]

Number of packages to be removed: 5
Number of packages to be installed: 6
Number of packages to be reinstalled: 1

The process will require 3 MiB more space.
[1/12] Deinstalling pfSense-23.01.a.20221123.0600...
[1/12] Deleting files for pfSense-23.01.a.20221123.0600: .... done
[2/12] Deinstalling luajit-openresty-2.1.20220915...
[2/12] Deleting files for luajit-openresty-2.1.20220915: ...
luajit-openresty-2.1.20220915: missing file /usr/local/man/man1/luajit.1.gz
[2/12] Deleting files for luajit-openresty-2.1.20220915.......... done
[3/12] Deinstalling nginx-1.22.0_9,3...
[3/12] Deleting files for nginx-1.22.0_9,3: .....
nginx-1.22.0_9,3: missing file /usr/local/man/man8/nginx.8.gz
[3/12] Deleting files for nginx-1.22.0_9,3........ done
[4/12] Installing libdnet-1.13_3...
[4/12] Extracting libdnet-1.13_3: .......... done
[5/12] Installing libpcap-1.10.1_2...
[5/12] Extracting libpcap-1.10.1_2: .......... done
[6/12] Deinstalling lua-resty-core-0.1.23...
[6/12] Deleting files for lua-resty-core-0.1.23: .......... done
[7/12] Installing luajit-devel-2.1.0.20221004_1...
[7/12] Extracting luajit-devel-2.1.0.20221004_1: .......... done
[8/12] Installing daq-2.2.2_3...
[8/12] Extracting daq-2.2.2_3: .......... done
[9/12] Deinstalling lua-resty-lrucache-0.13...
[9/12] Deleting files for lua-resty-lrucache-0.13: ..... done
[10/12] Installing snort-2.9.20_1...
[10/12] Extracting snort-2.9.20_1: .......... done
[11/12] Installing pfSense-pkg-snort-4.1.6_1...
[11/12] Extracting pfSense-pkg-snort-4.1.6_1: .......... done
Saving updated package information...
done.
Loading package configuration... done.
Configuring package components...
Loading package instructions...
Custom commands...
Executing custom_php_install_command()...Saved settings detected.
Migrating settings to new configuration... done.
Downloading configured rule sets. This may take some time...
Downloading Snort Subscriber rules md5 file... done.
Checking Snort Subscriber rules md5 file... done.
There is a new set of Snort Subscriber rules posted.
Downloading snortrules-snapshot-29200.tar.gz... done.
Downloading Snort OpenAppID detectors md5 file... done.
Checking Snort OpenAppID detectors md5 file... done.
There is a new set of Snort OpenAppID detectors posted.
Downloading snort-openappid.tar.gz... done.
Downloading Snort GPLv2 Community Rules md5 file... done.
Checking Snort GPLv2 Community Rules md5 file... done.
There is a new set of Snort GPLv2 Community Rules posted.
Downloading community-rules.tar.gz... done.
Downloading Emerging Threats Open rules md5 file... done.
Checking Emerging Threats Open rules md5 file... done.
There is a new set of Emerging Threats Open rules posted.
Downloading emerging.rules.tar.gz... done.
Installing Snort Subscriber ruleset...Copying md5 signature to snort directory... done.
Installing Snort OpenAppID detectors...Copying md5 signature to snort directory... done.
Installing Snort GPLv2 Community Rules... done.
Installing Emerging Threats Open rules...Copying md5 signature to snort directory... done.
Updating rules configuration for: LAN ... done.
Cleaning up temp dirs and files... done.
The Rules update has finished.
Generating snort.conf configuration file from saved settings.
Generating configuration for LAN... done.
Generating snort.sh script in /usr/local/etc/rc.d/... done.
Finished rebuilding Snort configuration files.
done.
Executing custom_php_resync_config_command()...done.
Menu items... done.
Services... done.
Writing configuration... done.
Please visit Services - Snort - Interfaces tab first and select your desired rules. Afterwards visit the Updates tab to download your configured rulesets.[12/12] Reinstalling pkg-1.18.4_3...
[12/12] Extracting pkg-1.18.4_3: .......... done
=====
Message from snort-2.9.20_1:

--
Snort uses rcNG startup script and must be enabled via /etc/rc.conf
Please see /usr/local/etc/rc.d/snort
for list of available variables and their description.
Configuration files are located in /usr/local/etc/snort directory.

Please note that, by default, snort will truncate packets larger than the
default snaplen of 15158 bytes.  Additionally, LRO may cause issues with
Stream5 target-based reassembly.  It is recommended to disable LRO, if
your card supports it.

This can be done by appending '-lro' to your ifconfig_ line in rc.conf.
=====
Message from pfSense-pkg-snort-4.1.6_1:

--
Please visit Services - Snort - Interfaces tab first to add an interface, then select your desired rules packages at the Services - Snort - Global tab. Afterwards visit the Updates tab to download your configured rulesets.
You may need to manually remove /usr/local/etc/pkg.conf if it is no longer needed.
>>> Cleaning up cache... done.
Success
            B 1 Reply Last reply Nov 23, 2022, 5:02 PM Reply Quote 0
            • B
              bmeeks @w0w
              last edited by bmeeks Nov 23, 2022, 5:03 PM Nov 23, 2022, 5:02 PM

              @w0w said in 2.7.0-DEVELOPMENT can't install snort without these errors:

              @bmeeks
              I am not sure is it the same on the 2.7, but on the Plus version made on 23 nov snapshot (23.01) we have a little bit different issue now. Snort installs and removes ngnix and pfSense packages. Everything looks fine until you have to reboot the router, after reboot you will have only console access. The workaround will be issuing command under option 8. 'pkg install pfsense'

              >>> Installing pfSense-pkg-snort... 
Updating pfSense-core repository catalogue...
pfSense-core repository is up to date.
Updating pfSense repository catalogue...
pfSense repository is up to date.
All repositories are up to date.
Checking integrity... done (2 conflicting)
  - luajit-devel-2.1.0.20221004_1 [pfSense] conflicts with luajit-openresty-2.1.20220915 [installed] on /usr/local/bin/luajit
  - luajit-devel-2.1.0.20221004_1 [pfSense] conflicts with luajit-openresty-2.1.20220915 [pfSense] on /usr/local/bin/luajit
Checking integrity... done (0 conflicting)
The following 12 package(s) will be affected (of 0 checked):

Installed packages to be REMOVED:
	lua-resty-core: 0.1.23
	lua-resty-lrucache: 0.13
	luajit-openresty: 2.1.20220915
	nginx: 1.22.0_9,3
	pfSense: 23.01.a.20221123.0600

New packages to be INSTALLED:
	daq: 2.2.2_3 [pfSense]
	libdnet: 1.13_3 [pfSense]
	libpcap: 1.10.1_2 [pfSense]
	luajit-devel: 2.1.0.20221004_1 [pfSense]
	pfSense-pkg-snort: 4.1.6_1 [pfSense]
	snort: 2.9.20_1 [pfSense]

Installed packages to be REINSTALLED:
	pkg-1.18.4_3 [pfSense]

Number of packages to be removed: 5
Number of packages to be installed: 6
Number of packages to be reinstalled: 1

The process will require 3 MiB more space.
[1/12] Deinstalling pfSense-23.01.a.20221123.0600...
[1/12] Deleting files for pfSense-23.01.a.20221123.0600: .... done
[2/12] Deinstalling luajit-openresty-2.1.20220915...
[2/12] Deleting files for luajit-openresty-2.1.20220915: ...
luajit-openresty-2.1.20220915: missing file /usr/local/man/man1/luajit.1.gz
[2/12] Deleting files for luajit-openresty-2.1.20220915.......... done
[3/12] Deinstalling nginx-1.22.0_9,3...
[3/12] Deleting files for nginx-1.22.0_9,3: .....
nginx-1.22.0_9,3: missing file /usr/local/man/man8/nginx.8.gz
[3/12] Deleting files for nginx-1.22.0_9,3........ done
[4/12] Installing libdnet-1.13_3...
[4/12] Extracting libdnet-1.13_3: .......... done
[5/12] Installing libpcap-1.10.1_2...
[5/12] Extracting libpcap-1.10.1_2: .......... done
[6/12] Deinstalling lua-resty-core-0.1.23...
[6/12] Deleting files for lua-resty-core-0.1.23: .......... done
[7/12] Installing luajit-devel-2.1.0.20221004_1...
[7/12] Extracting luajit-devel-2.1.0.20221004_1: .......... done
[8/12] Installing daq-2.2.2_3...
[8/12] Extracting daq-2.2.2_3: .......... done
[9/12] Deinstalling lua-resty-lrucache-0.13...
[9/12] Deleting files for lua-resty-lrucache-0.13: ..... done
[10/12] Installing snort-2.9.20_1...
[10/12] Extracting snort-2.9.20_1: .......... done
[11/12] Installing pfSense-pkg-snort-4.1.6_1...
[11/12] Extracting pfSense-pkg-snort-4.1.6_1: .......... done
Saving updated package information...
done.
Loading package configuration... done.
Configuring package components...
Loading package instructions...
Custom commands...
Executing custom_php_install_command()...Saved settings detected.
Migrating settings to new configuration... done.
Downloading configured rule sets. This may take some time...
Downloading Snort Subscriber rules md5 file... done.
Checking Snort Subscriber rules md5 file... done.
There is a new set of Snort Subscriber rules posted.
Downloading snortrules-snapshot-29200.tar.gz... done.
Downloading Snort OpenAppID detectors md5 file... done.
Checking Snort OpenAppID detectors md5 file... done.
There is a new set of Snort OpenAppID detectors posted.
Downloading snort-openappid.tar.gz... done.
Downloading Snort GPLv2 Community Rules md5 file... done.
Checking Snort GPLv2 Community Rules md5 file... done.
There is a new set of Snort GPLv2 Community Rules posted.
Downloading community-rules.tar.gz... done.
Downloading Emerging Threats Open rules md5 file... done.
Checking Emerging Threats Open rules md5 file... done.
There is a new set of Emerging Threats Open rules posted.
Downloading emerging.rules.tar.gz... done.
Installing Snort Subscriber ruleset...Copying md5 signature to snort directory... done.
Installing Snort OpenAppID detectors...Copying md5 signature to snort directory... done.
Installing Snort GPLv2 Community Rules... done.
Installing Emerging Threats Open rules...Copying md5 signature to snort directory... done.
Updating rules configuration for: LAN ... done.
Cleaning up temp dirs and files... done.
The Rules update has finished.
Generating snort.conf configuration file from saved settings.
Generating configuration for LAN... done.
Generating snort.sh script in /usr/local/etc/rc.d/... done.
Finished rebuilding Snort configuration files.
done.
Executing custom_php_resync_config_command()...done.
Menu items... done.
Services... done.
Writing configuration... done.
Please visit Services - Snort - Interfaces tab first and select your desired rules. Afterwards visit the Updates tab to download your configured rulesets.[12/12] Reinstalling pkg-1.18.4_3...
[12/12] Extracting pkg-1.18.4_3: .......... done
=====
Message from snort-2.9.20_1:

--
Snort uses rcNG startup script and must be enabled via /etc/rc.conf
Please see /usr/local/etc/rc.d/snort
for list of available variables and their description.
Configuration files are located in /usr/local/etc/snort directory.

Please note that, by default, snort will truncate packets larger than the
default snaplen of 15158 bytes.  Additionally, LRO may cause issues with
Stream5 target-based reassembly.  It is recommended to disable LRO, if
your card supports it.

This can be done by appending '-lro' to your ifconfig_ line in rc.conf.
=====
Message from pfSense-pkg-snort-4.1.6_1:

--
Please visit Services - Snort - Interfaces tab first to add an interface, then select your desired rules packages at the Services - Snort - Global tab. Afterwards visit the Updates tab to download your configured rulesets.
You may need to manually remove /usr/local/etc/pkg.conf if it is no longer needed.
>>> Cleaning up cache... done.
Success

              Although the old bug should not be removing those core pfSense packages during the install (they are supposed to marked as "critical"), the new fix is not yet in the package repos. The new Snort package version will be 4.1.6_2 that fixes this problem. Should work for both pfSense CE and pfSense Plus DEVEL snapshots.

              N W 2 Replies Last reply Nov 23, 2022, 5:12 PM Reply Quote 1
              • N
                nhscan @bmeeks
                last edited by Nov 23, 2022, 5:12 PM

                @bmeeks I actually got snort to install fine this morning. Flashed an slightly older version by a couple weeks of developer snapshot of pfsense. Then I ran pkg install -f luajit-devel which removed the beta as it's not supposed to be on the beta anyway. Then installed snort. After that I then updated pfsense to newest dev snapshot. Now everything is running fine.

                We know all they need to do is update the snapshot so luajit-beta to be luajit-devel instead and this problem would be gone.

                1 Reply Last reply Reply Quote 0
                • W
                  w0w @bmeeks
                  last edited by Nov 23, 2022, 5:21 PM

                  @bmeeks
                  Yes. On the previous snapshot it failed to install and today it is installed. Ok, will wait for the new version, thank you!

                  pkg-static: Cannot delete vital package: pfSense!
pkg-static: If you are sure you want to remove pfSense, 
pkg-static: unset the 'vital' flag with: pkg set -v 0 pfSense
                  1 Reply Last reply Reply Quote 0
                  • First post
                    Last post
                  Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.