Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Snort Rule Update Settings time has a bug with the cron job

    Scheduled Pinned Locked Moved
    pfSense Packages
    3
    4
    450
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • B
      benjaminm
      last edited by benjaminm

      Just discovered this, looks like it's been a bug for at least three years based on some people having the same issue.

      What happens is that when a combination of update interval and hour is set that adds up to 24, the script that creates the cron job incorrectly inputs 24 into the parameters, which is invalid.
      For example, inputting the settings in the GUI to update every 12 hours, and start at 12:10, puts the following into crontab:

      10 12,24 * * *

      This is invalid, as 24 should be 0 instead; there is no 24th hour.
      It should be:

      10 0,12 * * *

      Of course when this happens, it fails silently with no logging, as the job doesn't even attempt to run.

      It does appear to be fine if the values add up to over 24. I tried setting it to update every 12 hours, starting at 13:10, and it properly puts in the following:

      10 13,1 * * *

      I've attached a few screenshots of the GUI and the crontab output from SSH as proof.

      13 10 update time.png 12 10 update time.png 13 1 crontab.png 12 24 crontab.png

      EDIT: This is with PFSense 23.05.1 and Snort 4.1.6_7

      S 1 Reply Last reply Reply Quote 0
      • S
        SteveITS Rebel Alliance @benjaminm
        last edited by

        @benjaminm You can enter a bug report at redmine.pfsense.org so @bmeeks will see it.

        I'd expect a workaround would be to use 0:10 am. :)

        Pre-2.7.2/23.09: Only install packages for your version, or risk breaking it. Select your branch in System/Update/Update Settings.
        When upgrading, allow 10-15 minutes to restart, or more depending on packages and device speed.
        Upvote 👍 helpful posts!

        1 Reply Last reply Reply Quote 0
        • bmeeksB
          bmeeks
          last edited by bmeeks

          I have created two Redmine Issues for this bug. Suricata has the same bug as they share much of the same PHP GUI code.

          Snort Bug Report: https://redmine.pfsense.org/issues/14723
          Suricata Bug Report: https://redmine.pfsense.org/issues/14724

          Thank you for the report. This will be fixed in an upcoming release.

          1 Reply Last reply Reply Quote 0
          • bmeeksB
            bmeeks
            last edited by

            A package update containing the fix for this bug is building and should show up for users shortly.

            The new Snort package containing this bug fix is 4.1.6_9.

            1 Reply Last reply Reply Quote 0
            • First post
              Last post