Snort package Bootstrap conversion is complete – ready for testing

bmeeks

A new version of the Snort package was just merged that should address all of the issues reported thus far with the ALERTS tab, the INTERFACES EDIT drop-downs for HOME NET, EXTERNAL NET, PASS LIST and SUPPRESS LIST, and an incorrect label name for the enable checkbox on the SID MGMT tab.

NOTE:  The issue with the UPDATES tab not showing on-screen progress is still being worked.  That fix is going to take a little time, because some things have to be re-engineered a bit in that part of the Snort GUI.

Bill

MikeV7896

Looks good! I waited until after that first update. Installed, went through your walkthrough from the IDS/IPS forum again (making changes where needed), and it looks like it's running great!

My only request would be to put an info box regarding the pattern matching algorithms, or maybe add some additional text in the drop-down list (since it's so wide), or provide a link to some info on the different algorithms and their resource use or benefits (i.e. high CPU, high RAM, fastest, etc.)

It looks good though! Thanks for your hard work on this!

bmeeks

@virgiliomi:

Looks good! I waited until after that first update. Installed, went through your walkthrough from the IDS/IPS forum again (making changes where needed), and it looks like it's running great!

My only request would be to put an info box regarding the pattern matching algorithms, or maybe add some additional text in the drop-down list (since it's so wide), or provide a link to some info on the different algorithms and their resource use or benefits (i.e. high CPU, high RAM, fastest, etc.)

It looks good though! Thanks for your hard work on this!

Thank you for the positive feedback …  :).  I will see about adding an info block maybe in that pattern matching section.  The short answer, though, is a lot of smart folks have tested and prodded and poked over the years and the consensus is use AC-BNFA or AC-BNFA-NQ and you are good for pretty much anything.

Bill

athurdent

Looks great, many thanks for the hard work!
The widget seems to have a problem displaying the names of OPT interfaces though. It shows OPT2 instead of the real name on my setup.

bmeeks

@athurdent:

Looks great, many thanks for the hard work!
The widget seems to have a problem displaying the names of OPT interfaces though. It shows OPT2 instead of the real name on my setup.

I will put that on my "fix it" list.  I have a few other cosmetic fixes to incorporate as well.

Bill

LinuxTracker

You are awesome

Raul Ramos

Hi…snort-2.9.8.0 f*** yeah.

Some more "bugging".

• Can't change nothin on Log Mgmt.
• After upgrade snort i have to re-enable, previously enabled, interfaces or i don't wait enough time(?).

Some requesting, for another time.

• Some awesome GUI to AppID feature? no?

Thanks a lot.

bmeeks

@mais_um:

Hi…snort-2.9.8.0 f*** yeah.

Some more "bugging".

• Can't change nothin on Log Mgmt.
• After upgrade snort i have to re-enable, previously enabled, interfaces or i don't wait enough time(?).

Some requesting, for another time.

• Some awesome GUI to AppID feature? no?

Thanks a lot.

I also found the LOG MGMT bug myself last night.  I am working on it and several other small GUI bugs.  An update will be posted later today for approval and merging by the pfSense team.

There is a problem with the interfaces not auto-starting after an upgrade.  This is impacting Suricata as well.  This is also on my list to troubleshoot and fix, but I have been delaying it while working on some of the other bugs.  Lots of things needed to be "touched" as part of the Bootstrap conversion, and as a result some new bugs got introduced.

A GUI interface to help with OpenAppID has been requested by several folks.  That is on my radar.  I've been holding off introducing new GUI features during the long conversion to Bootstrap.  Now that the Bootstrap conversion is about done (just a few more little bugs to fix), I can start looking at new GUI features soon.

Bill

bmeeks

NOTE:  An update to the Snort binary is coming with the next GUI package update.  The binary will be updated to version 2.9.8.0.  In fact, the binary package is already posted, but it won't show up as an "update" in the pfSense Package Manager until I post the coming bug fix update for the Snort GUI package.  I'm working on that now update now and hope to post it before the end of today.

Bill

bmeeks

I've posted another bug fix update for the new Bootstrap version of the Snort package.  It was merged and should now show up as package version 3.2.9.1_6 in the Package Manager GUI.  This update corrects the following bugs:

Bug Fixes

• Stats log filename incorrect in drop-down on LOGS VIEW tab.

• Receive system log error "open() "/usr/local/www/javascript/base64.js" failed from LOGS VIEW tab.

• Settings not saving on LOGS MGMT tab.

• Alerts Widget does not auto-update and does not display friendly interface names.

• Add VIEW RULES button to RULES tab to allow viewing of raw rules content for selected category.

• Improve feedback on UPDATES tab when updating rules via a temporary workaround.

• Style footer of blocked IPs table on BLOCKED tab to "bg-info".

• Fix up errant newlines in post-install code and tidy up status messages.

• Fix Snort auto-start failure after upgrade or reinstall.

Binary Update:
The Snort binary is also updated to 2.9.8.0 to match the latest upstream release.

Bill

maverick_slo

Thanks!
Now to production :)

Raul Ramos

Cosmetic thing "\n"  on line 206 (browser source) 151 line in snort_blocked.php file on Blocked tab

\n<