Warning/bug? when updating SNORT package
-
I assume this is a bug but perhaps I missed something.
I updated the snort package (to 4.1.6_11) expecting it would be an in-place update but it completely wiped all settings, custom rules etc. Thankfully I had a backup and was able to restore but a warning to others as I doubt many would expect this. Make sure you have a backup before proceeding.
To the maintainers: perhaps this is a bug?
-
@pawprint Do you have the setting checked to not keep settings upon uninstall? (However it’s worded)
-
Yeah, the only way this should happen is if you have unchecked the Keep Snort Settings After Deinstall option on the GLOBAL SETTINGS tab. That option is checked and thus enabled by default (meaning settings are saved when removing the package).
-
That setting is checked "Keep Snort Settings After Deinstall" So that wasn't it. I considered that could have been it but technically I also didn't deinstall anything. I upgraded it. I suspected that but if this is the case it's not an "upgrade" but a "uninstall" and "reinstall" which again, I don't think most people would expect, especially anyone familiar with Linux package managers and package updates.
Regardless that wasn't the issue. It wiped everything for some other reason.
-
@pawprint said in Warning/bug? when updating SNORT package:
That setting is checked "Keep Snort Settings After Deinstall" So that wasn't it. I considered that could have been it but technically I also didn't deinstall anything. I upgraded it. I suspected that but if this is the case it's not an "upgrade" but a "uninstall" and "reinstall" which again, I don't think most people would expect, especially anyone familiar with Linux package managers and package updates.
Regardless that wasn't the issue. It wiped everything for some other reason.
Package upgrades on pfSense actually perform an uninstall and reinstall of the GUI components. That's because the current "hooks" that pfSense offers packages during install or upgrade do not distinguish between the two. So, packages treat upgrades the same as a removal and reinstall. This is not ideal, but it is what it is.
I don't know why you lost your configuration. That is not the normal experience. The 4.1.6_11 Snort package upgrade was just recently posted, and a number of folks applied that update. Yours is the only report of losing the configuration of Snort. So, that would imply some kind of one-off situation. Unfortunately, I don't have a good suggestion where to start troubleshooting. First thing I would try is see if the problem is repeatable by removing the package and installing it again. That will be the same as "upgrade" because as I mentioned earlier the same steps of GUI code get executed in either case.
-
Thanks for the clarification. I'm guessing something happened during the unusual (I'm calling it that since it's not standard Linux behaviour to uninstall and reinstall in order to update a package) process. Knowing that and ensuring I have a config backup before any package update I'm not too worried.
Lots to learn (and unlearn) as always getting into a new system. Really appreciate the help from the forum.