[SOLVED] Snort fails after OS update
-
Just updated to 2.4.3 and noticed that Snort wasn't running. Checked the package manager and it showed an update for Snort. When I try to update I get this-
>>> Upgrading pfSense-pkg-snort... Updating pfSense-core repository catalogue... pfSense-core repository is up to date. Updating pfSense repository catalogue... pfSense repository is up to date. All repositories are up to date. Checking integrity... done (0 conflicting) The following 1 package(s) will be affected (of 0 checked): Installed packages to be UPGRADED: pfSense-pkg-snort: 3.2.9.6 -> 3.2.9.6_1 [pfSense] Number of packages to be upgraded: 1 [1/1] Upgrading pfSense-pkg-snort from 3.2.9.6 to 3.2.9.6_1... [1/1] Extracting pfSense-pkg-snort-3.2.9.6_1: .......... done Removing snort components... Menu items... done. Services... done. Loading package instructions... pfSense-pkg-snort-3.2.9.6: missing file /usr/local/share/licenses/pfSense-pkg-snort-3.2.9.6/APACHE20 pfSense-pkg-snort-3.2.9.6: missing file /usr/local/share/licenses/pfSense-pkg-snort-3.2.9.6/LICENSE pfSense-pkg-snort-3.2.9.6: missing file /usr/local/share/licenses/pfSense-pkg-snort-3.2.9.6/catalog.mk pkg-static: Fail to rename /var/db/snort/sidmods/.disablesid-sample.conf.DGfxfSvviirT -> /var/db/snort/sidmods/disablesid-sample.conf:No such file or directory Failed -
Just updated to 2.4.3 and noticed that Snort wasn't running. Checked the package manager and it showed an update for Snort. When I try to update I get this-
>>> Upgrading pfSense-pkg-snort... Updating pfSense-core repository catalogue... pfSense-core repository is up to date. Updating pfSense repository catalogue... pfSense repository is up to date. All repositories are up to date. Checking integrity... done (0 conflicting) The following 1 package(s) will be affected (of 0 checked): Installed packages to be UPGRADED: pfSense-pkg-snort: 3.2.9.6 -> 3.2.9.6_1 [pfSense] Number of packages to be upgraded: 1 [1/1] Upgrading pfSense-pkg-snort from 3.2.9.6 to 3.2.9.6_1... [1/1] Extracting pfSense-pkg-snort-3.2.9.6_1: .......... done Removing snort components... Menu items... done. Services... done. Loading package instructions... pfSense-pkg-snort-3.2.9.6: missing file /usr/local/share/licenses/pfSense-pkg-snort-3.2.9.6/APACHE20 pfSense-pkg-snort-3.2.9.6: missing file /usr/local/share/licenses/pfSense-pkg-snort-3.2.9.6/LICENSE pfSense-pkg-snort-3.2.9.6: missing file /usr/local/share/licenses/pfSense-pkg-snort-3.2.9.6/catalog.mk pkg-static: Fail to rename /var/db/snort/sidmods/.disablesid-sample.conf.DGfxfSvviirT -> /var/db/snort/sidmods/disablesid-sample.conf:No such file or directory FailedThis indicates a problem with your pkg database perhaps. I'm not an authority on pkg, the package manager system used with FreeBSD and pfSense. Your errors above are coming from the pkg utility as it is downloading, unpacking, and installing files from the repository. Did you try the install again to see if it works a second time?
Bill
-
Yes. Retried probably 5 or 6 times. I get the same result each time.
-
My only suggestion is to open a CLI session with the firewall and then delete any snort directories and all of their contents you find under these paths. Don't remove these enitre paths (they contain critical system files), but rather just remove any snort subdirectories you see at the end of the paths below:
/usr/local/etc
/usr/local/lib
/usr/local/pkg
/usr/local/wwwIf you do not have customized SID modification files (in other words, you are not using features on the SID MGMT tab), then also remove this directory and any files in it:
/var/db/snort/sidmods
Then try the package installation once more. If you can, it certainly would not hurt to reboot your firewall after removing the directories above but before trying the installation again. Something may be hung up and preventing pkg from working fully. Your errors are not coming from Snort itself. Snort is not even getting installed, so the problem is with the pkg system on your firewall.
Bill
-
Will this also remove all my previous settings?
-
Will this also remove all my previous settings?
No. Those are stored within the firewall's configuration file. That answer assumes you have no customized SID MGMT settings. If you do, then save those files off first. The all would reside in /var/db/snort/sidmods.
Bill
-
Thanks. Worked great.
