SNORT Bug?
-
Hi
Not sure if this is a bug in SNORT or user error, but having a UI issue when trying to create a second Pass list entry.
I have an existing SNORT Passlist entry that points to an existing Alias. Seems to be working fine.
I now tried to add a new/2nd entry pointing to another alias, I select the alias and click on the save button, it then takes me back to the Edit Pass list screen. All normal, however, the name and description have changed to the 1st pass list entry name and description.
Tried reboot, delete and recreate the entry etc.
updated to Snort 2.9.6.2, but still the same
PFSENSE: 2.1.4-RELEASE (amd64)Any ideas?
Thanks
Eric…
-
Hi
Not sure if this is a bug in SNORT or user error, but having a UI issue when trying to create a second Pass list entry.
I have an existing SNORT Passlist entry that points to an existing Alias. Seems to be working fine.
I now tried to add a new/2nd entry pointing to another alias, I select the alias and click on the save button, it then takes me back to the Edit Pass list screen. All normal, however, the name and description have changed to the 1st pass list entry name and description.
Tried reboot, delete and recreate the entry etc.
updated to Snort 2.9.6.2, but still the same
PFSENSE: 2.1.4-RELEASE (amd64)Any ideas?
Thanks
Eric…You currently can only have one Alias per Pass List, and you can only edit that Alias on the Pass List Edit screen. I have plans to support multiple aliases in the future.
UPDATE: upon taking a second look at your post, I may have misunderstood your question. You should be able to edit/delete the existing Alias. I will double-check that still works. Some changes were made in the Alias Import/Select code to improve security, and it's possible there is a bug lurking.
Bill
-
Hi, Thanks
Sorry if I was not clear. I am trying to create 2 separate Pass Lists. Each with its own Assigned Alias. (see screencap attached)
But whenever I try to assign the Alias to the second passlist, the name and description are changed.
Thanks
Eric…
-
Hi, Thanks
Sorry if I was not clear. I am trying to create 2 separate Pass Lists. Each with its own Assigned Alias. (see screencap attached)
But whenever I try to assign the Alias to the second passlist, the name and description are changed.
Thanks
Eric…
Ah…OK. Let me try to reproduce. It will be a day or two before I can reply.UPDATE: I was able to quickly reproduce this. It is a bug. I will add it to the FIX ME list. Thanks for reporting it.
Bill
-
As a workaround for this bug until I can get it fixed, do the following depending on what you want to accomplish:
If adding a new Pass List–
Click the (+) icon to add a new list. Fill in the name and description and then click SAVE before doing anything else. This will create the list and save it. If you want to add an Alias, click the edit icon to edit the just added list. DO NOT click the SELECT ALIAS button. That's where the bug is. The bug causes the SELECT ALIAS button to only operate on the very first Pass List in the collection, no matter how many actually are displayed. Instead, just start typing the name of your intended Alias and a drop-down list of matching names should appear. Choose the one you want and click SAVE.
If changing the Alias for an existing Pass List–
Click the edit icon to edit the list. DO NOT click the SELECT ALIAS button. Instead, erase the existing alias name in the red background text box and start typing the name of the new one. A drop-down list should appear. Choose the desired alias name and click SAVE.
-
ok thanks for checking and thanks for the workaround
Eric…
-
ok thanks for checking and thanks for the workaround
Eric…
Actually, the more I looked the more troubles I found. I am getting everything corrected and hope to post an updated Snort package in a day or two.
Thanks again for the bug report.
Bill
-
I posted a Pull Request today to the pfsense-packages repository that fixes this bug. Look for version 3.1.2 to appear once the pfSense developers review and approve.
Bill
-
I posted a Pull Request today to the pfsense-packages repository that fixes this bug. Look for version 3.1.2 to appear once the pfSense developers review and approve.
Bill
I have snort subscription that suddenly stopped updating as well.
I am running 2.1.4(amd64) and just tried removing and reinstalling snort 2.9.6.2 pkg v3.1.1. It now fails to install the package altogether. What to do?
I've pasted the install log below.
Beginning package installation for snort .
Downloading package configuration file… done.
Saving updated package information... done.
Downloading snort and its dependencies...
Checking for package installation...
Downloading https://files.pfsense.org/packages/amd64/8/All/snort-2.9.6.2-amd64.pbi ... (extracting)
Loading package configuration... done.
Configuring package components...
Additional files... snort_download_updates.php failed.
Removing package...
Starting package deletion for snort-2.9.6.2-amd64...done.
Removing snort components...
Menu items... done.
Services... done.
Loading package instructions...
Deinstall commands... done.
Removing package instructions...done.
Auxiliary files... done.
Package XML... done.
Configuration... done.
done.
Failed to install package.Installation halted.
-
I have snort subscription that suddenly stopped updating as well.
I am running 2.1.4(amd64) and just tried removing and reinstalling snort 2.9.6.2 pkg v3.1.1. It now fails to install the package altogether. What to do?
I've pasted the install log below.
Beginning package installation for snort .
Downloading package configuration file… done.
Saving updated package information... done.
Downloading snort and its dependencies...
Checking for package installation...
Downloading https://files.pfsense.org/packages/amd64/8/All/snort-2.9.6.2-amd64.pbi ... (extracting)
Loading package configuration... done.
Configuring package components...
Additional files… snort_download_updates.php failed.
Removing package…
Starting package deletion for snort-2.9.6.2-amd64...done.
Removing snort components...
Menu items... done.
Services... done.
Loading package instructions...
Deinstall commands... done.
Removing package instructions...done.
Auxiliary files... done.
Package XML... done.
Configuration... done.
done.
Failed to install package.Installation halted.
I think there is a problem with a pfSense Packages repository server. Are you by chance located outside the U.S.A.? Some other folks have reported issues similar to the error I highlighted in maroon above, and they were outside the U.S. There also appears to be an unrelated issue with at least one of the Snort VRT rules servers (again, maybe one for Europe).
Bill
-
You might be onto something there, I am located in Ontario, Canada.
The package downloads fine, but it backs out of the installation when the update fails.
Is there any workaround available, i.e. can I manually pulldown the pkg&update and install them from pfsense command line?
Thanks.
-
Hi Canux,
I am in Ont. Canada also and didn't have any issues installing an update to an existing Snort Installation or Installing a Fresh 2.2 Box today?
The package needs to be installed by the Package Manager for everything to function cleanly.
-
Thanks for the info. Do you have a paid subscription as well?
-
Thanks for the info. Do you have a paid subscription as well?
Yes I use a Snort VRT and ET Pro subscription. Some of the other boxes I have use the Open Snort and ET Rulesets.
Did you upgrade Snort to the latest version? There were two releases fairly recently.
