Pfsense updated and rebooted itself

stephenw10

Whatever was there before those pkgs upgraded.

dwight

@stephenw10 well that the thing. Theres a gap.
Nov 8 07:18:03 kernel arp: 192.168.1.144 moved from 5c:cf:7f:28:d1:3b to 50:91:e3:bd:ef:aa on bridge0
So what happened between is a mystery.
Ive checked all the systemlogs i think could have something. But nothing.

dwight

@stephenw10 cronjobs
*/1 * * * * root /usr/sbin/newsyslog
1 3 * * * root /etc/rc.periodic daily
15 4 * * 6 root /etc/rc.periodic weekly
30 5 1 * * root /etc/rc.periodic monthly
1,31 0-5 * * * root /usr/bin/nice -n20 adjkerntz -a
1 3 1 * * root /usr/bin/nice -n20 /etc/rc.update_bogons.sh
1 1 * * * root /usr/bin/nice -n20 /etc/rc.dyndns.update
*/60 * * * * root /usr/bin/nice -n20 /usr/local/sbin/expiretable -v -t 3600 virusprot
30 12 * * * root /usr/bin/nice -n20 /etc/rc.update_urltables
1 0 * * * root /usr/bin/nice -n20 /etc/rc.update_pkg_metadata
0 * * * * root /usr/local/bin/php /usr/local/www/pfblockerng/pfblockerng.php cron >> /var/log/pfblockerng/pfblockerng.log 2>&1
16 3 * * * root /usr/local/pkg/acme/acme_command.sh "renewall" | /usr/bin/logger -t ACME 2>&1
*/5 * * * * root /usr/bin/nice -n20 /usr/local/bin/php-cgi -f /usr/local/pkg/suricata/suricata_check_cron_misc.inc
16 0 */1 * * root /usr/bin/nice -n20 /usr/local/bin/php-cgi -f /usr/local/pkg/suricata/suricata_check_for_rule_updates.php

stephenw10

Any logins shown?

Anything running at boot that might do this?

People have written scripts to do exactly this but we always advise against it. Any possibility one of those was installed?

dwight

@stephenw10 No logins. Se timestamps here. Empty. I havent used any of those scripts. Only pkg from the list.
Nov 8 06:00:00 sshguard 87458 Now monitoring attacks.
Nov 8 07:36:09 sshd 24787 Server listening on :: port 22.
Nov 8 07:36:09 sshd 24787 Server listening on 0.0.0.0 port 22.
Nov 8 07:36:09 sshguard 25437 Now monitoring attacks.
Nov 8 07:37:15 login 61274 login on ttyv0 as root
Nov 8 07:37:15 sshguard 64107 Now monitoring attacks.
Nov 8 07:37:15 login 62951 login on ttyu0 as root
Nov 8 07:37:54 php-fpm 1909 /index.php: Successful login for user 'dwight' from: 192.168.1.154 (Local Database)

stephenw10

@dwight said in Pfsense updated and rebooted itself:

Nov 8 06:00:00 sshguard 87458 Now monitoring attacks.
Nov 8 07:36:09 sshd 24787 Server listening on :: port 22.
Nov 8 07:36:09 sshd 24787 Server listening on 0.0.0.0 port 22.

You omitted the pkg, reboot and arp move lines there? Can we just see the complete systemlog covering that time?

dwight

@stephenw10
Nov 8 07:00:00 pfSense php[91962]: [pfBlockerNG] Starting cron process.
Nov 8 07:00:51 pfSense php[91962]: [pfBlockerNG] No changes to Firewall rules, skipping Filter Reload
Nov 8 07:00:51 pfSense php[91962]:
Nov 8 07:01:04 pfSense kernel: arp: 192.168.1.144 moved from 50:91:e3:bd:ef:aa to 5c:cf:7f:28:d1:3b on bridge0
Nov 8 07:02:02 pfSense kernel: arp: 192.168.1.144 moved from 5c:cf:7f:28:d1:3b to 50:91:e3:bd:ef:aa on bridge0
Nov 8 07:12:04 pfSense kernel: arp: 192.168.1.144 moved from 50:91:e3:bd:ef:aa to 5c:cf:7f:28:d1:3b on bridge0
Nov 8 07:13:03 pfSense kernel: arp: 192.168.1.144 moved from 5c:cf:7f:28:d1:3b to 50:91:e3:bd:ef:aa on bridge0
Nov 8 07:17:04 pfSense kernel: arp: 192.168.1.144 moved from 50:91:e3:bd:ef:aa to 5c:cf:7f:28:d1:3b on bridge0
Nov 8 07:18:03 pfSense kernel: arp: 192.168.1.144 moved from 5c:cf:7f:28:d1:3b to 50:91:e3:bd:ef:aa on bridge0
Nov 8 07:23:29 pfSense pkg-static[42808]: pfSense-repoc upgraded: 20230605 -> 20230912
Nov 8 07:23:29 pfSense pkg-static[42808]: pfSense-upgrade upgraded: 1.0_68 -> 1.2_6
Nov 8 07:25:43 pfSense pkg-static[43175]: pfSense-boot upgraded: 23.05.1 -> 23.09
Nov 8 07:26:02 pfSense pkg-static[49531]: pfSense-kernel-pfSense upgraded: 23.05.1 -> 23.09
Nov 8 07:26:18 pfSense reboot[42776]: rebooted by root
Nov 8 07:26:22 pfSense syslogd: exiting on signal 15
Nov 8 07:35:53 pfSense syslogd: kernel boot file is /boot/kernel/kernel
Nov 8 07:35:53 pfSense kernel: ---<<BOOT>>---
Nov 8 07:35:53 pfSense kernel: Copyright (c) 1992-2023 The FreeBSD Project.
Nov 8 07:35:53 pfSense kernel: Copyright (c) 1979, 1980, 1983, 1986, 1988, 1989, 1991, 1992, 1993, 1994
Nov 8 07:35:53 pfSense kernel: The Regents of the University of California. All rights reserved.
Nov 8 07:35:53 pfSense kernel: FreeBSD is a registered trademark of The FreeBSD Foundation.
Nov 8 07:35:53 pfSense kernel: FreeBSD 14.0-CURRENT amd64 1400094 #0 plus-RELENG_23_09-n256163-2763857e770: Wed Nov 1 21:18:24 UTC 2023
Nov 8 07:35:53 pfSense kernel: root@freebsd:/var/jenkins/workspace/pfSense-Plus-snapshots-23_09-main/obj/amd64/WrS3lKLo/var/jenkins/workspace/pfSense-Plus-snapshots-23_09-main/sources/FreeBSD-src-plus-RELENG_23_09/amd64.amd64/sys/pfSense amd64
Nov 8 07:35:53 pfSense kernel: FreeBSD clang version 16.0.6 (https://github.com/llvm/llvm-project.git llvmorg-16.0.6-0-g7cbf1a259152)
Nov 8 07:35:53 pfSense kernel: VT(vga): resolution 640x480
Nov 8 07:35:53 pfSense kernel: CPU: Intel(R) Atom(TM) CPU C3558 @ 2.20GHz (2200.21-MHz K8-class CPU)
Nov 8 07:35:53 pfSense kernel: Origin="GenuineIntel" Id=0x506f1 Family=0x6 Model=0x5f Stepping=1

stephenw10

Hmm, weird.

Check if you have an upgrade_log.latest.txt file in /conf. Anything unexpected in it? What's the timestamp on that file?

Check the output of ps -auxwwd for anything unusual running.

Steve

dwight

@stephenw10 said in Pfsense updated and rebooted itself:

Hmm, weird.

Check if you have an upgrade_log.latest.txt file in /conf. Anything unexpected in it? What's the timestamp on that file?

Nothing wierd in that file. Time stamp is Nov 8 07:37:11 2023

Check the output of ps -auxwwd for anything unusual running.

I cant see anything but here's the output.

USER      PID  %CPU %MEM    VSZ    RSS TT  STAT STARTED        TIME COMMAND
root        0  28.7  0.0      0    976  -  DLs  Wed07    2036:47.99 [kernel]
root       11 376.4  0.0      0     64  -  RNL  Wed07   11523:09.95 - [idle]
root        1   0.0  0.0  11352   1156  -  ILs  Wed07       0:00.23 - /sbin/init
root    42334   0.2  0.7  69512  56564  -  Ss   Wed07       1:16.64 |-- php_wg: WireGuard service (php_wg)
unbound 32848   0.1  1.5 157764 124952  -  Ss   15:51       0:45.97 |-- /usr/local/sbin/unbound -c /var/unbound/unbound.conf
root     1907   0.0  0.6 110488  46620  -  Ss   Wed07       0:04.88 |-- php-fpm: master process (/usr/local/lib/php-fpm.conf) (php-fpm)
root    26016   0.0  0.8 145116  64624  -  I    07:05       8:10.05 | |-- php-fpm: pool nginx (php-fpm)
root    51343   0.0  0.8 145116  65172  -  I    09:46       6:26.44 | |-- php-fpm: pool nginx (php-fpm)
root    55375   0.0  0.7 113624  59208  -  I    18:28       0:17.59 | |-- php-fpm: pool nginx (php-fpm)
root    71530   0.0  0.7 113624  57152  -  I    18:32       0:15.90 | |-- php-fpm: pool nginx (php-fpm)
root    90072   0.0  0.7 113624  57152  -  I    18:16       0:23.69 | `-- php-fpm: pool nginx (php-fpm)
root     1949   0.0  0.0  13232   3092  -  INs  Wed07       0:00.03 |-- /usr/local/sbin/check_reload_status
root     1951   0.0  0.0  13232   2896  -  IN   Wed07       0:00.00 | `-- check_reload_status: Monitoring daemon of check_reload_status (check_reload_status)
root     2402   0.0  0.1  14352   4604  -  Ss   Wed07       0:00.11 |-- /sbin/devd -q -f /etc/pfSense-devd.conf
root     8683   0.0  0.1  20144  10952  -  S    07:27       0:08.23 |-- /usr/local/sbin/lighttpd_pfb -f /var/unbound/pfb_dnsbl_lighty.conf
root     8962   0.0  0.7  69448  56484  -  S    07:27       0:00.33 | |-- /usr/local/bin/php -f /usr/local/pkg/pfblockerng/pfblockerng.inc dnsbl
root     9076   0.0  0.7  69512  56936  -  S    07:27       0:05.14 | `-- /usr/local/bin/php -f /usr/local/pkg/pfblockerng/pfblockerng.inc index
root    10184   0.0  0.1  23540   9704  -  Ss   Wed07       0:13.26 |-- /usr/local/sbin/ntpd -g -c /var/etc/ntpd.conf -p /var/run/ntpd.pid
root    10429   0.0  0.0  12820   3252  -  Ss   Wed07       0:27.45 |-- /usr/sbin/syslogd -s -c -c -l /var/dhcpd/var/run/log -l /tmp/haproxy_chroot/var/run/log -P /var/run/syslog.pid -f /etc/syslog.conf
root    73956   0.0  0.0  13320   3232  -  Is   18:31       0:00.00 | `-- /bin/sh /usr/local/sbin/sshguard -i /var/run/sshguard.pid
root    74467   0.0  0.0  12660   2564  -  S    18:31       0:00.00 |   |-- /bin/cat
root    74559   0.0  0.1  19324   6192  -  SC   18:31       0:00.00 |   |-- /usr/local/libexec/sshg-parser
root    74620   0.0  0.0  13268   3096  -  IC   18:31       0:00.00 |   |-- /usr/local/libexec/sshg-blocker
root    74924   0.0  0.0  13320   3232  -  I    18:31       0:00.00 |   `-- /bin/sh /usr/local/sbin/sshguard -i /var/run/sshguard.pid
root    75040   0.0  0.0  13320   3228  -  I    18:31       0:00.00 |     `-- /bin/sh /usr/local/libexec/sshg-fw-pf
root    12535   0.0  0.0  12656   2448  -  Is   Wed07       0:00.00 |-- /usr/local/bin/minicron 240 /var/run/ping_hosts.pid /usr/local/bin/ping_hosts.sh
root    13015   0.0  0.0  12656   2468  -  I    Wed07       0:00.06 | `-- minicron: helper /usr/local/bin/ping_hosts.sh  (minicron)
root    12871   0.0  0.7  69448  56860  -  S    07:27       0:18.35 |-- /usr/local/bin/php -f /usr/local/pkg/pfblockerng/pfblockerng.inc queries
root    13158   0.0  0.0  12656   2452  -  Is   Wed07       0:00.00 |-- /usr/local/bin/minicron 300 /var/run/ipsec_keepalive.pid /usr/local/bin/ipsec_keepalive.php
root    13790   0.0  0.0  12656   2472  -  I    Wed07       0:00.05 | `-- minicron: helper /usr/local/bin/ipsec_keepalive.php  (minicron)
root    13907   0.0  0.0  12656   2452  -  Is   Wed07       0:00.00 |-- /usr/local/bin/minicron 3600 /var/run/expire_accounts.pid /usr/local/sbin/fcgicli -f /etc/rc.expireaccounts
root    14263   0.0  0.0  12656   2476  -  I    Wed07       0:00.00 | `-- minicron: helper /usr/local/sbin/fcgicli -f /etc/rc.expireaccounts  (minicron)
root    14274   0.0  0.0  12768   2608  -  S    07:27       0:02.31 |-- /usr/bin/tail_pfb -n0 -F /var/log/filter.log
root    14282   0.0  0.0  12656   2452  -  Is   Wed07       0:00.00 |-- /usr/local/bin/minicron 86400 /var/run/update_alias_url_data.pid /usr/local/sbin/fcgicli -f /etc/rc.update_alias_url_data
root    14570   0.0  0.0  12656   2476  -  I    Wed07       0:00.00 | `-- minicron: helper /usr/local/sbin/fcgicli -f /etc/rc.update_alias_url_data  (minicron)
root    14599   0.0  0.7  69512  56556  -  S    07:27       0:00.83 |-- /usr/local/bin/php_pfb -f /usr/local/pkg/pfblockerng/pfblockerng.inc filterlog
www     16523   0.0  0.3  35864  22704  -  Ss   07:27       0:27.53 |-- /usr/local/sbin/haproxy -f /var/etc/haproxy/haproxy.cfg -p /var/run/haproxy.pid -D -x /tmp/haproxy.socket -st 56861
root    24980   0.0  0.0  12736   2888  -  Ss   Wed07       0:02.99 |-- /usr/local/sbin/radvd -p /var/run/radvd.pid -C /var/etc/radvd.conf -m syslog
dhcpd   39395   0.0  0.2  27272  15400  -  Ss   15:51       0:01.28 |-- /usr/local/sbin/dhcpd -user dhcpd -group _dhcp -chroot /var/dhcpd -cf /etc/dhcpd.conf -pf /var/run/dhcpd.pid ix2 bridge0 ix1.10 ix1.22 ix1.13
root    43934   0.0  0.0  13084   2936  -  Is   Wed07       0:00.01 |-- dhclient: system.syslog (dhclient)
root    45935   0.0  0.2  22380  12728  -  Is   15:51       0:00.01 |-- sshd: /usr/sbin/sshd [listener] 0 of 10-100 startups (sshd)
root    36168   0.0  0.2  22452  12820  -  Is   18:48       0:00.03 | `-- sshd: dwight [priv] (sshd)
dwight  36423   0.0  0.2  22452  13088  -  S    18:48       0:00.02 |   `-- sshd: dwight@pts/0 (sshd)
dwight  36583   0.0  0.1  13792   4400  0  Ss   18:48       0:00.02 |     `-- -tcsh (tcsh)
root     8950   0.0  0.1  20768  11184  0  S+   18:53       0:00.01 |       `-- sudo ps -auxwwd
root     9194   0.0  0.1  20768  11180  1  Ss   18:53       0:00.00 |         `-- sudo ps -auxwwd
root     9513   0.0  0.0  13388   3520  1  R+   18:53       0:00.00 |           `-- ps -auxwwd
root    46590   0.0  0.1  31304  10884  -  Is   15:51       0:00.00 |-- nginx: master process /usr/local/sbin/nginx -c /var/etc/nginx-webConfigurator.conf (nginx)
root    46659   0.0  0.2  33864  12516  -  I    15:51       0:00.15 | |-- nginx: worker process (nginx)
root    46725   0.0  0.1  33864  12240  -  I    15:51       0:00.20 | |-- nginx: worker process (nginx)
root    46992   0.0  0.2  33864  12916  -  I    15:51       0:04.40 | |-- nginx: worker process (nginx)
root    47047   0.0  0.2  33864  13196  -  I    15:51       0:13.94 | |-- nginx: worker process (nginx)
root    47360   0.0  0.2  33864  13404  -  I    15:51       0:18.21 | `-- nginx: worker process (nginx)
root    47798   0.0  0.0  13084   3108  -  Is   Wed07       0:00.01 |-- dhclient: ix0 [priv] (dhclient)
root    47990   0.0  0.0  13508   3048  -  Is   Wed07       0:24.21 |-- /usr/local/bin/dpinger -S -r 0 -i WAN3_10GBE_DHCP_GW -B 62.63.208.161 -p /var/run/dpinger_WAN3_10GBE_DHCP_GW~62.63.208.161~62.63.208.254.pid -u /var/run/dpinger_WAN3_10GBE_DHCP_GW~62.63.208.161~62.63.208.254.sock -C /etc/rc.gateway_alarm -d 1 -s 500 -l 2000 -t 60000 -A 1000 -D 500 -L 20 62.63.208.254
root    49046   0.0  0.0  13320   3204  -  IN   15:51       0:02.75 |-- /bin/sh /var/db/rrd/updaterrd.sh
root    47373   0.0  0.0  12656   2364  -  INC  18:52       0:00.00 | `-- sleep 60
root    53624   0.0  0.0  12764   2512  -  Ss   Wed07       0:13.76 |-- /usr/sbin/powerd -b hadp -a hadp -n hadp
_dhcp   57376   0.0  0.0  13088   3252  -  ICs  Wed07       0:00.01 |-- dhclient: ix0 (dhclient)
root    74975   0.0  0.0  12860   2948  -  Is   Wed07       0:01.48 |-- /usr/sbin/cron -s
root    75404   0.0  0.1  23092  12204  -  Ss   Wed07       0:02.87 |-- /usr/local/sbin/openvpn --config /var/etc/openvpn/server1/config.ovpn
root    83468   0.0  0.1  22940  12260  -  Ss   Wed07       0:05.78 |-- /usr/local/sbin/openvpn --config /var/etc/openvpn/client2/config.ovpn
root    86202   0.0  0.0  13424   3944  -  Ss   Wed07       0:09.53 |-- /usr/local/sbin/filterlog -i pflog0 -p /var/run/filterlog.pid
zabbix  87537   0.0  0.2  26072  13956  -  I    07:27       0:00.00 |-- /usr/local/sbin/zabbix_agentd -c /usr/local/etc/zabbix6/zabbix_agentd.conf
zabbix  87668   0.0  0.2  26072  14332  -  S    07:27       0:04.53 | |-- zabbix_agentd: collector [idle 1 sec] (zabbix_agentd)
zabbix  87671   0.0  0.2  26208  14524  -  S    07:27       0:04.43 | |-- zabbix_agentd: listener #1 [waiting for connection] (zabbix_agentd)
zabbix  88007   0.0  0.2  26208  14640  -  S    07:27       0:04.46 | |-- zabbix_agentd: listener #2 [waiting for connection] (zabbix_agentd)
zabbix  88228   0.0  0.2  26208  14608  -  S    07:27       0:04.48 | |-- zabbix_agentd: listener #3 [waiting for connection] (zabbix_agentd)
zabbix  88558   0.0  0.2  26208  14220  -  S    07:27       0:02.52 | `-- zabbix_agentd: active checks #1 [idle 1 sec] (zabbix_agentd)
root    62951   0.0  0.0  13204   3212 u0  Is   Wed07       0:00.01 |-- login [pam] (login)
root    64783   0.0  0.0  13320   3504 u0  I    Wed07       0:00.01 | `-- -sh (sh)
root    85737   0.0  0.0  13320   3244 u0  I+   Wed07       0:00.00 |   `-- /bin/sh /etc/rc.initial
root    61274   0.0  0.0  13204   3200 v0  Is   Wed07       0:00.01 |-- login [pam] (login)
root    63309   0.0  0.0  13320   3504 v0  I    Wed07       0:00.01 | `-- -sh (sh)
root    65245   0.0  0.0  13320   3240 v0  I+   Wed07       0:00.00 |   `-- /bin/sh /etc/rc.initial
root    61491   0.0  0.0  12788   2544 v1  Is+  Wed07       0:00.00 |-- /usr/libexec/getty Pc ttyv1
root    61561   0.0  0.0  12788   2544 v2  Is+  Wed07       0:00.00 |-- /usr/libexec/getty Pc ttyv2
root    61812   0.0  0.0  12788   2548 v3  Is+  Wed07       0:00.00 |-- /usr/libexec/getty Pc ttyv3
root    62091   0.0  0.0  12788   2548 v4  Is+  Wed07       0:00.00 |-- /usr/libexec/getty Pc ttyv4
root    62216   0.0  0.0  12788   2544 v5  Is+  Wed07       0:00.00 |-- /usr/libexec/getty Pc ttyv5
root    62506   0.0  0.0  12788   2544 v6  Is+  Wed07       0:00.00 |-- /usr/libexec/getty Pc ttyv6
root    62669   0.0  0.0  12788   2544 v7  Is+  Wed07       0:00.00 `-- /usr/libexec/getty Pc ttyv7
root        2   0.0  0.0      0     64  -  WL   Wed07       0:41.74 - [clock]
root        3   0.0  0.0      0     80  -  DL   Wed07       0:00.00 - [crypto]
root        4   0.0  0.0      0     48  -  DL   Wed07       0:00.00 - [cam]
root        5   0.0  0.0      0     16  -  DL   Wed07       0:00.00 - [busdma]
root        6   0.0  0.0      0     16  -  DL   Wed07       0:48.83 - [pf purge]
root        7   0.0  0.0      0     16  -  DL   Wed07       0:20.31 - [rand_harvestq]
root        8   0.0  0.0      0     16  -  DL   Wed07       0:16.10 - [mmcsd0: mmc/sd card]
root        9   0.0  0.0      0     16  -  DL   Wed07       0:00.00 - [mmcsd0boot0: mmc/sd]
root       10   0.0  0.0      0     16  -  DL   Wed07       0:00.00 - [audit]
root       12   0.0  0.0      0    480  -  WL   Wed07       5:07.64 - [intr]
root       13   0.0  0.0      0     64  -  DL   Wed07       0:00.00 - [ng_queue]
root       14   0.0  0.0      0     48  -  DL   Wed07       0:09.04 - [geom]
root       15   0.0  0.0      0     16  -  DL   Wed07       0:00.00 - [sequencer 00]
root       16   0.0  0.0      0     80  -  DL   Wed07       0:01.19 - [usb]
root       17   0.0  0.0      0     16  -  DL   Wed07       0:01.50 - [acpi_thermal]
root       18   0.0  0.0      0     16  -  DL   Wed07       0:00.70 - [acpi_cooling0]
root       19   0.0  0.0      0     16  -  DL   Wed07       0:00.00 - [mmcsd0boot1: mmc/sd]
root       20   0.0  0.0      0     48  -  DL   Wed07       0:15.74 - [pagedaemon]
root       21   0.0  0.0      0     16  -  DL   Wed07       0:00.00 - [vmdaemon]
root       22   0.0  0.0      0     96  -  DL   Wed07       0:10.85 - [bufdaemon]
root       23   0.0  0.0      0     16  -  DL   Wed07       0:00.83 - [vnlru]
root       24   0.0  0.0      0     16  -  DL   Wed07       1:08.66 - [syncer]
root       25   0.0  0.0      0     16  -  DL   Wed07       0:00.00 - [ALQ Daemon]

stephenw10

Nope nothing obvious I see there either. Could have been something run once.
I can only say that nothing in a default pfSense install would auto-upgrade.

dwight

@stephenw10

I havent added anything. And only installed from the pkgs in pfsense. So its very strange. Hardware is all so netgate.

stephenw10

Hmm, it does actually show a full upgrade in that log file though? I expect to see more logged for an upgrade initiated using pfSense-upgrade.

dwight

@stephenw10 you have a point. Nothing about the upgrade in the file. Didnt even think about it.

Output:

Setting vital flag on php82... done.
Updating repositories metadata... done.
Your system is up to date
Removing vital flag from php82... done.
Upgrading necessary packages...
Checking for upgrades (2 candidates): .. done
Processing candidates (2 candidates): .. done
Checking integrity... done (0 conflicting)
The following 2 package(s) will be affected (of 0 checked):

Installed packages to be UPGRADED:
pfSense-pkg-WireGuard: 0.2.0_2 -> 0.2.1 [pfSense]
pfSense-pkg-suricata: 6.0.13 -> 7.0.0_2 [pfSense]

Number of packages to be upgraded: 2
[1/2] Upgrading pfSense-pkg-WireGuard from 0.2.0_2 to 0.2.1...
[1/2] Extracting pfSense-pkg-WireGuard-0.2.1: .......... done
Removing WireGuard components...
Menu items... done.
Services... done.
Loading package instructions...
Removing WireGuard early shell commands...done.
Removing WireGuard interface group...done.
Removing WireGuard temporary files...done.
Keeping WireGuard configuration settings...done.
Removing WireGuard Unbound access list...done.
Destroying WireGuard tunnels...done.
Stopping and removing the WireGuard service...done.
Saving updated package information...
overwrite!
Loading package configuration... done.
Configuring package components...
Loading package instructions...
Custom commands...
Executing custom_php_install_command()...done.
Installing WireGuard early shell commands...done.
Creating WireGuard interface group...done.
Creating WireGuard Unbound access list...done.
Installing WireGuard service...done.
Applying WireGuard default settings as necessary...done.
done.
Executing custom_php_resync_config_command()...done.
Menu items... done.
Services... done.
Writing configuration... done.
[2/2] Upgrading pfSense-pkg-suricata from 6.0.13 to 7.0.0_2...
[2/2] Extracting pfSense-pkg-suricata-7.0.0_2: .......... done
Removing suricata components...
Menu items... done.
Services... done.
Loading package instructions...
Saving updated package information...
overwrite!
Loading package configuration... done.
Configuring package components...
Loading package instructions...
Custom commands...
Executing custom_php_install_command()...Saved settings detected...
Migrating settings to new configuration... done.
Downloading Emerging Threats Open rules md5 file... done.
There is a new set of Emerging Threats Open rules posted. Downloading... done.
Downloading Feodo Tracker Botnet C2 IP rules file... done.
Installing Feodo Tracker Botnet C2 IP rules...Feodo Tracker Botnet C2 IP rules were updated.
Downloading ABUSE.ch SSL Blacklist rules file... done.
Installing ABUSE.ch SSL Blacklist rules...ABUSE.ch SSL Blacklist rules were updated.
Installing Emerging Threats Open rules... done.
Warning: No interfaces configured for Suricata were found!
Cleaning up after rules extraction... done.
The Rules update has finished.
Generating suricata.yaml configuration file from saved settings.
Finished rebuilding Suricata configuration from saved settings.
Setting package version in configuration file.
done.
Executing custom_php_resync_config_command()...done.
Menu items... done.
Services... done.
Writing configuration... done.

Updating ldconfig... done.
Removing unnecessary packages... done.
Cleanup pkg cache... done.

stephenw10

Hmm, that's just the package install. I'd expect to see a lot more listed shown there after an upgrade from 23.05.1. But it might have been replaced if packages were reinstalled later.

dwight

@stephenw10 no clue. Its just so strange it did this by it self.

stephenw10

If you have any doubts reinstall 23.09 clean and restore the config.

If you want to investigate further you might be able to roll back the ZFS snapshot to 23.05.1 and see if anything looks out of place there. Though the most recent snap would have been created by the upgrade.

dwight

@stephenw10 ok. If it happens again i think i need to reinstall.