rc.update_bogons.sh
-
Hello. Just a few days ago, majority of our firewalls sent this type of notification:
Arpwatch Notification : Cron root@FIREWALL-NAME /usr/bin/nice -n20 /etc/rc.update_bogons.sh
X-Cron-Env: <SHELL=/bin/sh>
X-Cron-Env: <PATH=/etc:/bin:/sbin:/usr/bin:/usr/sbin>
X-Cron-Env: <HOME=/root>
X-Cron-Env: <LOGNAME=root>
X-Cron-Env: <USER=root>fetch: https://files.pfsense.org/lists/fullbogons-ipv4.txt: Authentication error
(Certificate verification failed for XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXX:error:XXXXXXXX:SSL routines:ssl3_get_server_certificate:certificate verify failed:/build/ce-crossbuild-244/pfSense/tmp/FreeBSD-src/crypto/openssl/ssl/s3_clnt.c:1269:)
The fetch errors shows up over 100 times for different certificates. There were no changes to the firewall at the time or around the time the notification was sent.
Anyone knows what this could be? Or where its coming from?
Thanks,
-
@Cornelp
perhaps
https://forum.netgate.com/topic/154180/daily-rc-update_bogons-sh-results-in-zombie-procs -
I am having the same issue I posted about it yesterday I haven't figured it out yet
https://forum.netgate.com/topic/154241/i-keep-getting-these-e-mail-from-pfsense
-
@Cornelp said in rc.update_bogons.sh:
Anyone knows what this could be? Or where its coming from?
These was (still is ?) a cert issue with the root certificate of .netgate.com 5also pfsense.org ?) - the root certificate is used / maintained by the certificate authority.
Check out the first 30 or lines when executing manually:
curl -v https://files.pfsense.org/lists/fullbogons-ipv4.txt
You should find :
.. * subject: OU=Domain Control Validated; OU=PositiveSSL Wildcard; CN=*.pfsense.org * start date: Aug 10 00:00:00 2018 GMT * expire date: Aug 21 23:59:59 2020 GMT * subjectAltName: host "files.pfsense.org" matched cert's "*.pfsense.org" * issuer: C=GB; ST=Greater Manchester; L=Salford; O=COMODO CA Limited; CN=COMODO RSA Domain Validation Secure Server CA * SSL certificate verify ok. ...