Manual installation of Snort
-
Hi,
Anyone know if Snort can be manually reinstalled as it's no longer in the available packages area ? -
If it doesn't show in the Available Packages tab, it should be on the Installed Packages tab. The package is still there and live in the repo. So unless you're on a super old unsupported release (e.g. 2.2.x or earlier) you should still be able to reinstall it from the Installed Packages tab.
-
Thanks @jimp for your quick reply.
It's not in the Installed Packages tab, looks like some other admin staff has been browsing files and removed the Snort folder from the /etc folder.
He is no longer employed. -
Assuming you are on 2.4.3-p1, from the command line, run:
pkg delete -fy snort\* pfSense-pkg-snort\*And then it should show up in the GUI again on one tab or the other.
If you are on 2.3.x that should also work. Anything older and you'll need to upgrade to a supported release to see or install any packages.
-
@jimp said in Manual installation of Snort:
pkg delete -fy snort* pfSense-pkg-snort*
Yes @jimp, I'm on v2.4.3 and tried that with the following result...
No packages matched for pattern 'snort*'
No packages matched for pattern 'pfSense-pkg-snort*'
Checking integrity... done (0 conflicting)
2 packages requested for removal: 0 locked, 2 missingI think I need to get the Snort package and put that into the /etc folder but don't know where to download the correct Snort package for this pfSense!
-
A package would not touch
/etcon pfSense, so that wouldn't help, and doesn't make sense in this context.First, go to System > Update, Update Settings tab. Make sure you are set to Latest Stable Version. Save. Then check for packages again.
Do other packages show up in the list, but not snort?
If so, you might need to manually force the reinstall from the command line:
pkg install -fy pfSense-pkg-snort -
Snort will put configuration information in this path --
/usr/local/etc/snort
but never in /etc. Was Snort originally installed from the pfSense package repo, or did someone perhaps manually install the package directly from FreeBSD ports?
Bill
-
@jimp said in Manual installation of Snort:
pkg install -fy pfSense-pkg-snort
Thanks @jimp, tried that and got the following result...
Updating pfSense-core repository catalogue...
pkg: Repository pfSense-core load error: access repo file(/var/db/pkg/repo-pfSense-core.sqlite) failed: No such file or directory
pkg: https://firmware.netgate.com/pkg/pfSense_factory-v2_4_3_amd64-core/meta.txz: No address record
repository pfSense-core has no meta file, using default settings
pkg: https://firmware.netgate.com/pkg/pfSense_factory-v2_4_3_amd64-core/packagesite.txz: No address record
Unable to update repository pfSense-core
Updating pfSense repository catalogue...
pkg: Repository pfSense load error: access repo file(/var/db/pkg/repo-pfSense.sqlite) failed: No such file or directory
pkg: https://firmware.netgate.com/pkg/pfSense_factory-v2_4_3_amd64-pfSense_factory-v2_4_3/meta.txz: No address record
repository pfSense has no meta file, using default settings
pkg: https://firmware.netgate.com/pkg/pfSense_factory-v2_4_3_amd64-pfSense_factory-v2_4_3/packagesite.txz: No address record
Unable to update repository pfSense
Error updating repositories!As mentioned previously, there's no snort folder within the /etc folder !
I think this is what needs manually installed? -
@bmeeks
Hi Bill,
Yes, Snort was originally installed from the pfSense pkg repo and there is no snort folder within the /usr/local/etc folder -
@kwicky said in Manual installation of Snort:
@bmeeks
Hi Bill,
Yes, Snort was originally installed from the pfSense pkg repo and there is no snort folder within the /usr/local/etc folderYour issues are much much bigger than a missing /usr/local/etc/snort folder. All those errors from pkg when trying to install Snort indicate your firewall's pkg system database is very broken.
I would backup the configuration using the option under DIAGNOSTICS and reinstall pfSense from scratch, then restore the backed up configuration.
Bill
-
From those errors it appears as though you do not have working DNS or network connectivity.
You need to fix whatever is preventing the firewall from resolving those DNS records. It could be a missing gateway, improper DNS configuration, or several other causes.
Safe to say at this point it has nothing at all to do with snort.
-
@bmeeks
Hi Bill,
Sorry for the late response.
Do I reinstall pfSence using the Factory Defaults link in Diagnostics ? -
@kwicky said in Manual installation of Snort:
@bmeeks
Hi Bill,
Sorry for the late response.
Do I reinstall pfSence using the Factory Defaults link in Diagnostics ?No, you will need to download the proper image file and install fresh. Did you buy a pfSense appliance from Netgate or did you roll your own? If you bought an appliance from Netgate, you should have support for a period of time and you can contact them for assistance. If you rolled your own hardware and installed pfSense, then you will need to repeat the installation process you used the first time.
Depending on exactly what is messed up in your system, using the Factory Defaults under DIAGNOSTICS may or may not fix the problem. I guess it wouldn't hurt to try, though.
-
@jimp
Is there an image file I can download to reinstall the pfSense software from scratch? -
-
Just viewed the Snort logs and seems everything went wonky donky when storm Hector hit the UK on June 14th.
-
@kwicky said in Manual installation of Snort:
Just viewed the Snort logs and seems everything went wonky donky when storm Hector hit the UK on June 14th.
It's possible a power disturbance caused disk corruption on your firewall. Is your firewall on a UPS (uninterruptable power supply)? If not, you might want to consider adding one as that will protect you from power surges and brownouts/blackouts like those caused by storms.
