Snort previously installed... and its gone
-
I had Snort previously installed, then after setting a side (still powered) for a few days snort is now gone. So, I went to reinstall and now I don't have space, which i believe i do. See below, or is it one of the 100% partitions i need to be concerned about?
>>> Installing pfSense-pkg-snort... Updating pfSense-core repository catalogue... pfSense-core repository is up to date. Updating pfSense repository catalogue... pfSense repository is up to date. All repositories are up to date. Checking integrity... done (0 conflicting) The following 5 package(s) will be affected (of 0 checked): Installed packages to be REMOVED: pfSense: 2.4.5_1 php72-intl: 7.2.29 New packages to be INSTALLED: daq: 2.2.2_2 [pfSense] pfSense-pkg-snort: 4.1.2_2 [pfSense] snort: 2.9.16.1 [pfSense] Number of packages to be removed: 2 Number of packages to be installed: 3 The process will require 8 MiB more space. pkg-static: Cannot delete vital package: pfSense! pkg-static: If you are sure you want to remove pfSense, pkg-static: unset the 'vital' flag with: pkg set -v 0 pfSense Failed
df -h Filesystem Size Used Avail Capacity Mounted on /dev/ufsid/5fb34aefd038f2b8 213G 3.1G 193G 2% / devfs 1.0K 1.0K 0B 100% /dev fdescfs 1.0K 1.0K 0B 100% /dev/fd procfs 4.0K 4.0K 0B 100% /proc /dev/md0 3.4M 108K 3.0M 3% /var/run devfs 1.0K 1.0K 0B 100% /var/dhcpd/dev
-
Hi,
Use the words 'snort' and 'log' and search (here, on this forum) ;)
Or : did you take care of the log files ?
Did you look into /var/log/...... and found recent, huge files ;) -
This is nothing to do with drive space, those values all look normal, you have 193GB free space on /.
The issue is that it's trying to remove the pfSense meta package and failling.
Do you have 2.4.5p1 installed? Is the package repo set to current release?
This looks like it might be trying to pull in pkgs from the wrong source. Or maybe it upgraded ti 2.4.5p1 and never rebooted?
Steve
-
I stand corrected.
I see now
as it should be.
-
Thank you all for your input, moral support is valuable during these troubling times. So I did do some Bing'ing and the other one.... Oogle or something ;)
And came across this command to clean up packages.
echo y| pkg clean The following package files will be deleted: /var/cache/pkg/snort-2.9.16.1.txz /var/cache/pkg/pfSense-pkg-snort-4.1.2_2~6dd9ca24ec.txz /var/cache/pkg/snort-2.9.16.1~9c4fa132a6.txz /var/cache/pkg/pfSense-pkg-snort-4.1.2_2.txz /var/cache/pkg/libdnet-1.13_3~ed771e37af.txz /var/cache/pkg/libdnet-1.13_3.txz /var/cache/pkg/daq-2.2.2_2~2bf1550793.txz /var/cache/pkg/daq-2.2.2_2.txz /var/cache/pkg/pfSense-pkg-squid-0.4.44_35~2812f333a1.txz /var/cache/pkg/squidclamav-7.1~89d3b4efae.txz /var/cache/pkg/pfSense-pkg-squid-0.4.44_35.txz /var/cache/pkg/brotli-1.0.7_2,1.txz /var/cache/pkg/squidclamav-7.1.txz /var/cache/pkg/c-icap-0.5.6,2~6c88f57f1b.txz /var/cache/pkg/c-icap-0.5.6,2.txz /var/cache/pkg/brotli-1.0.7_2,1~ac45e2590a.txz /var/cache/pkg/squid_radius_auth-1.10~46eaa95f5d.txz /var/cache/pkg/squid-4.10~a1c432e53a.txz /var/cache/pkg/squid_radius_auth-1.10.txz /var/cache/pkg/squid-4.10.txz /var/cache/pkg/krb5-1.17.1~2a507aa0e1.txz /var/cache/pkg/krb5-1.17.1.txz /var/cache/pkg/c-icap-modules-0.5.4~159429b314.txz /var/cache/pkg/clamav-0.102.2,1~69112014ad.txz /var/cache/pkg/c-icap-modules-0.5.4.txz /var/cache/pkg/pcre2-10.33~8bd5f96620.txz /var/cache/pkg/clamav-0.102.2,1.txz /var/cache/pkg/arj-3.10.22_8.txz /var/cache/pkg/pcre2-10.33.txz /var/cache/pkg/unzoo-4.4_2~5b229e580b.txz /var/cache/pkg/unzoo-4.4_2.txz /var/cache/pkg/libmspack-0.10.1~7657633fce.txz /var/cache/pkg/arc-5.21p~822e141684.txz /var/cache/pkg/libmspack-0.10.1.txz /var/cache/pkg/arj-3.10.22_8~66049a8aa2.txz /var/cache/pkg/arc-5.21p.txz The cleanup will free 8 MiB Deleting files: 100%g the cache? [y/N]: Deleting files: 0% All done
I even tried to search for anything in the /var directory for snort and followed with a find / -name snort -delete.
ls -lhR /var | grep snort find / -name snort -delete
Even after freeing 15KB's still not enough, but i believe what i actually cleaned out was pkages downloaded that didn't get installed.
Now I should mention as this may be important, I installed a github package that installs Unifi Controller. But after i installed the unifi package (snort had already been previously installed) i tried to reinstall Snort and failed, so i tried Suricata, which actually installed like a breeze and I am running IDS/IPS : Here is that Ubiquiti Unifi Controller i used, i can say its working but not sure if its related or not : https://github.com/gozoinks/unifi-pfsense
One last mention I had also previously installed Squid which doesn't show up, which you can see from the clean command, but I don't want to overload this thread. KISS :)
-
Yes, that broke your install. It messes with the pkg repo and now it's trying to uninstall pfSense because that doesn't exist there.
This has nothing to do with drive space.I would highly recommend backing up the config and reinstalling at this point. It's impossible to know what may or may not have been installed or uninstalled at this point.
Steve
-
I can tell you from being one of the people actively working on this repo, nothing in this script would break your package repo. Do me a favor, check your /usr/local/etc/pkg/repos/pfSense.conf file. Some people have made prior suggestions that FreeBSD: { enabled: yes } should be set to yes. If it is, change it to no. After you do that, then go ahead and restart your PFSense box. That should in fact fix your issues, anytime this gets flipped to yes, it tends to ignore the PFSense repos, which causes issues when installing PFSense packages.
-
@stephenw10 said in Snort previously installed... and its gone:
Yes, that broke your install. It messes with the pkg repo and now it's trying to uninstall pfSense because that doesn't exist there.
This has nothing to do with drive space.I would highly recommend backing up the config and reinstalling at this point. It's impossible to know what may or may not have been installed or uninstalled at this point.
Steve
I do agree with Stephen here...
It is probably best at this point because you ran that command to "clean up your packages" that you reinstall PFSense. You deleted quite a bit, and it is hard to tell what all you broke. Next time use my latest pull request, to install the controller, this will prevent you from having to set other things like enabling the FreeBSD package repo...https://github.com/gozoinks/unifi-pfsense/pull/215
-
@Quasiguru as for the deleting well to be fair, I didn't actually run find / -name snort -delete , I actually used ls -lRh /var/ | grep snort then copied and paste the exact filename I wanted to delete instead of "snort" (this was for the sake of brevity) and for path I used /var/. I personally don't like to run find -delete at root unless I had too.
Also I tried your suggestion, unfortunately it didn't work for me.
"/usr/local/etc/pkg/repos/pfSense.conf file .... FreeBSD: { enabled: yes } should be set to yes. If it is, change it to no"I will reinstall bare metal, perhaps me accidentally running the script twice could of had some repercussions. I did link this issue to there Github. So, ill give it another go and backup before re-installing UnifiController.
Its nice having Unifi run on the PFsense since its going to stay powered on anyways, worth trying for me.
>>> Installing pfSense-pkg-ntopng... Updating pfSense-core repository catalogue... pfSense-core repository is up to date. Updating pfSense repository catalogue... pfSense repository is up to date. All repositories are up to date. The following 17 package(s) will be affected (of 0 checked): Installed packages to be REMOVED: pfSense: 2.4.5_1 php72-intl: 7.2.29 New packages to be INSTALLED: gdbm: 1.18.1_1 [pfSense] graphviz: 2.42.2_3 [pfSense] jbigkit: 2.1_1 [pfSense] jpeg-turbo: 2.0.3 [pfSense] libgd: 2.2.5_2,1 [pfSense] libsodium: 1.0.18 [pfSense] mysql57-client: 5.7.30_1 [pfSense] ndpi: 3.0.d20191021,1 [pfSense] ntopng: 3.8.d20191111,1 [pfSense] pfSense-pkg-ntopng: 0.8.13_5 [pfSense] protobuf: 3.9.2,1 [pfSense] redis: 5.0.7_2 [pfSense] tiff: 4.1.0 [pfSense] webfonts: 0.30_14 [pfSense] webp: 1.0.3_1 [pfSense] Number of packages to be removed: 2 Number of packages to be installed: 15 The process will require 123 MiB more space. 15 MiB to be downloaded.
-
@chumunga said in Snort previously installed... and its gone:
@Quasiguru as for the deleting well to be fair, I didn't actually run find / -name snort -delete , I actually used ls -lRh /var/ | grep snort then copied and paste the exact filename I wanted to delete instead of "snort" (this was for the sake of brevity) and for path I used /var/. I personally don't like to run find -delete at root unless I had too.
Also I tried your suggestion, unfortunately it didn't work for me.
"/usr/local/etc/pkg/repos/pfSense.conf file .... FreeBSD: { enabled: yes } should be set to yes. If it is, change it to no"I will reinstall bare metal, perhaps me accidentally running the script twice could of had some repercussions. I did link this issue to there Github. So, ill give it another go and backup before re-installing UnifiController.
Its nice having Unifi run on the PFsense since its going to stay powered on anyways, worth trying for me.
>>> Installing pfSense-pkg-ntopng... Updating pfSense-core repository catalogue... pfSense-core repository is up to date. Updating pfSense repository catalogue... pfSense repository is up to date. All repositories are up to date. The following 17 package(s) will be affected (of 0 checked): Installed packages to be REMOVED: pfSense: 2.4.5_1 php72-intl: 7.2.29 New packages to be INSTALLED: gdbm: 1.18.1_1 [pfSense] graphviz: 2.42.2_3 [pfSense] jbigkit: 2.1_1 [pfSense] jpeg-turbo: 2.0.3 [pfSense] libgd: 2.2.5_2,1 [pfSense] libsodium: 1.0.18 [pfSense] mysql57-client: 5.7.30_1 [pfSense] ndpi: 3.0.d20191021,1 [pfSense] ntopng: 3.8.d20191111,1 [pfSense] pfSense-pkg-ntopng: 0.8.13_5 [pfSense] protobuf: 3.9.2,1 [pfSense] redis: 5.0.7_2 [pfSense] tiff: 4.1.0 [pfSense] webfonts: 0.30_14 [pfSense] webp: 1.0.3_1 [pfSense] Number of packages to be removed: 2 Number of packages to be installed: 15 The process will require 123 MiB more space. 15 MiB to be downloaded.
Like I said do not run the standard script run the one from my pull request instead. Running the script multiple times also will not cause a package repo issue either. The script does not effect the repos used...
-
So I finally reinstalled, after some interesting research from netgate manual, i learned that this could be an issue with my disk itself. These are the articles
https://docs.netgate.com/pfsense/en/latest/troubleshooting/filesystem-check.html
https://docs.netgate.com/pfsense/en/latest/troubleshooting/filesystem-usage.html
Althought S.M.A.R.T didn't show anything concerning on PFSense, I recall one of these drives I used is failing. Since I intend to use pfsense personally (and for learning) I replaced the drives and configured a RAID 1, black friday amazon $25 for 240GB Kingston not bad.
@Quasiguru I am not a Github Guru or a dev by any means, and GitHub's UI doesn't really make a whole lot of sense to me, I thought pull request was for contributors who are requesting changes.
Here is what I was intending to use as well as what I used previously.
https://github.com/gozoinks/unifi-pfsense
which has that simple to run one-liner :)
-
Mmm, unclear which PR that might be: https://github.com/gozoinks/unifi-pfsense/pulls
Edit:
Oh wait I see it linked now: https://github.com/gozoinks/unifi-pfsense/pull/215And, yeah, links to a different install script.
-
Hey chumunga my pull request is 215, I fixed a lot of problems that were broken in the original script. This one liner will install 6.0.36...
fetch -o - https://git.io/JIIj5 | sh -s