Manual installation of Snort
-
Snort will put configuration information in this path --
/usr/local/etc/snort
but never in /etc. Was Snort originally installed from the pfSense package repo, or did someone perhaps manually install the package directly from FreeBSD ports?
Bill
-
@jimp said in Manual installation of Snort:
pkg install -fy pfSense-pkg-snort
Thanks @jimp, tried that and got the following result...
Updating pfSense-core repository catalogue...
pkg: Repository pfSense-core load error: access repo file(/var/db/pkg/repo-pfSense-core.sqlite) failed: No such file or directory
pkg: https://firmware.netgate.com/pkg/pfSense_factory-v2_4_3_amd64-core/meta.txz: No address record
repository pfSense-core has no meta file, using default settings
pkg: https://firmware.netgate.com/pkg/pfSense_factory-v2_4_3_amd64-core/packagesite.txz: No address record
Unable to update repository pfSense-core
Updating pfSense repository catalogue...
pkg: Repository pfSense load error: access repo file(/var/db/pkg/repo-pfSense.sqlite) failed: No such file or directory
pkg: https://firmware.netgate.com/pkg/pfSense_factory-v2_4_3_amd64-pfSense_factory-v2_4_3/meta.txz: No address record
repository pfSense has no meta file, using default settings
pkg: https://firmware.netgate.com/pkg/pfSense_factory-v2_4_3_amd64-pfSense_factory-v2_4_3/packagesite.txz: No address record
Unable to update repository pfSense
Error updating repositories!As mentioned previously, there's no snort folder within the /etc folder !
I think this is what needs manually installed? -
@bmeeks
Hi Bill,
Yes, Snort was originally installed from the pfSense pkg repo and there is no snort folder within the /usr/local/etc folder -
@kwicky said in Manual installation of Snort:
@bmeeks
Hi Bill,
Yes, Snort was originally installed from the pfSense pkg repo and there is no snort folder within the /usr/local/etc folderYour issues are much much bigger than a missing /usr/local/etc/snort folder. All those errors from pkg when trying to install Snort indicate your firewall's pkg system database is very broken.
I would backup the configuration using the option under DIAGNOSTICS and reinstall pfSense from scratch, then restore the backed up configuration.
Bill
-
From those errors it appears as though you do not have working DNS or network connectivity.
You need to fix whatever is preventing the firewall from resolving those DNS records. It could be a missing gateway, improper DNS configuration, or several other causes.
Safe to say at this point it has nothing at all to do with snort.
-
@bmeeks
Hi Bill,
Sorry for the late response.
Do I reinstall pfSence using the Factory Defaults link in Diagnostics ? -
@kwicky said in Manual installation of Snort:
@bmeeks
Hi Bill,
Sorry for the late response.
Do I reinstall pfSence using the Factory Defaults link in Diagnostics ?No, you will need to download the proper image file and install fresh. Did you buy a pfSense appliance from Netgate or did you roll your own? If you bought an appliance from Netgate, you should have support for a period of time and you can contact them for assistance. If you rolled your own hardware and installed pfSense, then you will need to repeat the installation process you used the first time.
Depending on exactly what is messed up in your system, using the Factory Defaults under DIAGNOSTICS may or may not fix the problem. I guess it wouldn't hurt to try, though.
-
@jimp
Is there an image file I can download to reinstall the pfSense software from scratch? -
-
Just viewed the Snort logs and seems everything went wonky donky when storm Hector hit the UK on June 14th.
-
@kwicky said in Manual installation of Snort:
Just viewed the Snort logs and seems everything went wonky donky when storm Hector hit the UK on June 14th.
It's possible a power disturbance caused disk corruption on your firewall. Is your firewall on a UPS (uninterruptable power supply)? If not, you might want to consider adding one as that will protect you from power surges and brownouts/blackouts like those caused by storms.
