Snort loosing configuration



  • It has recently come to my attention that Snort may loose it's configuration once we do either:

    • System: Package Manager > Installed Packages > Reinstall Snort Package
    • Diagnostics: Backup/restore > Restore configuration or (same as below but changes to a specific config file)
    • Diagnostics: Backup/restore > Reinstall packages (this uninstalls old versions and installs new versions)

    At first I thought that this was a bug or a package concept flaw.
    Well I've come to change my view on this subject.
    Snort package developer has added a valuable option in the configuration that I found in the package FAQ.
    "In the Global Settings Tab there is a check box Keep snort settings after deinstall. This option will save all your settings."
    Remark: in fact, I think all packages, should have this option.
    Imagine that after upgrading a package, pfSense stops working or simply misbehaves.
    If prior to upgrading the package OR prior to restoring the backup you have this option set up, all the package configuration will be kept if possible.
    I didn't have this option enabled and I did a system restore from a recent backup I had.
    The system restarted - to read the configuration file - and it automatically upgraded all packages including Snort.
    Mind you that upgrading is the same as removing the old package and re-adding the new package.
    As a consequence, I lost Snort's config even though it was still available on my backup config file.
    Then Jim gave me a tip and I hacked the config file.
    To my knowledge you can't hack the config file using windows notepad due to file encoding.
    So I used notepad++ (if you don't want to install here is a portable version)
    Using winMerge I noticed that I needed to change the settings under

    <forcekeepsettings>on</forcekeepsettings>
    

    Then I saved the file, I restored the hacked config file, pfSense restarted, it re-ipgraded all my packages and voilá Snort is back in business.
    Just leaving this as a tip for anyone with this same issue.

    Question: shouldn't all other packages have a similar feature in case something breaks from one version of pkg to another version of pkg?
    Regards.


  • Rebel Alliance Developer Netgate

    @rds_correia:

    Question: shouldn't all other packages have a similar feature in case something breaks from one version of pkg to another version of pkg?
    Regards.

    All other packages automatically keep all of their settings by default, they are not deleted. Snort is the only package the removes its settings and gives the option to save them. IMHO, that should be reversed so they are kept by default with the option to delete them, or just reverse the behavior and remove the option entirely so they are always kept and never deleted.


Log in to reply