Snort update to 2.9.7.0 pkg v3.2.1 - no GUI



  • Hi again!

    Me idiot pressed the update button for Snort and as usual - afterwards the GUI shows no sign of Snort any more, although I can access it via

    https://<router ip="">/snort/snort_interfaces.php

    Any help or do I have to do a reinstall of the CF-card?

    Happy New Year in advance….

    chemlud

    Update: removing Snort - reboot - installation of Snort led to another nightmare

    Dec 31 19:21:14 php: /pkg_mgr_install.php: The command '/usr/bin/sed -I '' -f /tmp/sedcmd /usr/pbi/snort-i386/etc/snort/snort_18807_re2/preproc_rules/sensitive-data.rules' returned exit code '1', the output was 'sed: /usr/pbi/snort-i386/etc/snort/snort_18807_re2/preproc_rules/sensitive-data.rules: No such file or directory'
    Dec 31 19:21:14 php: /pkg_mgr_install.php: [Snort] Updating rules configuration for: LAN …
    Dec 31 19:21:14 php: /pkg_mgr_install.php: [Snort] Seems preprocessor and/or decoder rules are missing, enabling autogeneration of them in conf file.
    Dec 31 19:21:14 php: /pkg_mgr_install.php: Could not find the libsf_imap_preproc file. Snort might error out!
    Dec 31 19:21:14 php: /pkg_mgr_install.php: Could not find the libsf_pop_preproc file. Snort might error out!
    Dec 31 19:21:14 php: /pkg_mgr_install.php: Could not find the libsf_dns_preproc file. Snort might error out!
    Dec 31 19:21:14 php: /pkg_mgr_install.php: Could not find the libsf_dce2_preproc file. Snort might error out!
    Dec 31 19:21:14 php: /pkg_mgr_install.php: Could not find the libsf_ssh_preproc file. Snort might error out!
    Dec 31 19:21:14 php: /pkg_mgr_install.php: Could not find the libsf_sip_preproc file. Snort might error out!
    Dec 31 19:21:14 php: /pkg_mgr_install.php: Could not find the libsf_ssl_preproc file. Snort might error out!
    Dec 31 19:21:14 php: /pkg_mgr_install.php: Could not find the libsf_smtp_preproc file. Snort might error out!
    Dec 31 19:21:14 php: /pkg_mgr_install.php: Could not find the libsf_ftptelnet_preproc file. Snort might error out!
    Dec 31 19:17:30 php: /pkg_mgr_install.php: [Snort] Building new sig-msg.map file for WAN…
    Dec 31 19:17:28 php: /pkg_mgr_install.php: [Snort] Enabling any flowbit-required rules for: WAN…
    Dec 31 19:13:20 php: /pkg_mgr_install.php: The command '/usr/bin/sed -I '' -f /tmp/sedcmd /usr/pbi/snort-i386/etc/snort/snort_27736_re1/preproc_rules/sensitive-data.rules' returned exit code '1', the output was 'sed: /usr/pbi/snort-i386/etc/snort/snort_27736_re1/preproc_rules/sensitive-data.rules: No such file or directory'
    Dec 31 19:13:20 php: /pkg_mgr_install.php: [Snort] Updating rules configuration for: WAN …
    Dec 31 19:13:20 php: /pkg_mgr_install.php: [Snort] Seems preprocessor and/or decoder rules are missing, enabling autogeneration of them in conf file.
    Dec 31 19:13:20 php: /pkg_mgr_install.php: Could not find the libsf_imap_preproc file. Snort might error out!
    Dec 31 19:13:20 php: /pkg_mgr_install.php: Could not find the libsf_pop_preproc file. Snort might error out!
    Dec 31 19:13:20 php: /pkg_mgr_install.php: Could not find the libsf_dns_preproc file. Snort might error out!
    Dec 31 19:13:20 php: /pkg_mgr_install.php: Could not find the libsf_dce2_preproc file. Snort might error out!
    Dec 31 19:13:20 php: /pkg_mgr_install.php: Could not find the libsf_ssh_preproc file. Snort might error out!
    Dec 31 19:13:20 php: /pkg_mgr_install.php: Could not find the libsf_sip_preproc file. Snort might error out!
    Dec 31 19:13:20 php: /pkg_mgr_install.php: Could not find the libsf_ssl_preproc file. Snort might error out!
    Dec 31 19:13:20 php: /pkg_mgr_install.php: Could not find the libsf_smtp_preproc file. Snort might error out!
    Dec 31 19:13:20 php: /pkg_mgr_install.php: Could not find the libsf_ftptelnet_preproc file. Snort might error out!
    Dec 31 19:13:20 check_reload_status: Syncing firewall
    Dec 31 19:13:19 php: /pkg_mgr_install.php: [Snort] The Rules update has finished.
    Dec 31 19:12:44 php: /pkg_mgr_install.php: [Snort] Emerging Threats Open rules file update downloaded successfully
    Dec 31 19:12:42 php: /pkg_mgr_install.php: [Snort] There is a new set of Emerging Threats Open rules posted. Downloading emerging.rules.tar.gz…
    Dec 31 19:12:41 php: /pkg_mgr_install.php: [Snort] Snort GPLv2 Community Rules file update downloaded successfully
    Dec 31 19:12:39 php: /pkg_mgr_install.php: [Snort] There is a new set of Snort GPLv2 Community Rules posted. Downloading community-rules.tar.gz…
    Dec 31 19:12:39 php: /pkg_mgr_install.php: [Snort] Server returned error code 422…
    Dec 31 19:12:39 php: /pkg_mgr_install.php: [Snort] Snort VRT rules md5 download failed…
    Dec 31 19:12:38 php: /pkg_mgr_install.php: [Snort] Downloading and updating configured rule types…
    Dec 31 19:12:38 php: /pkg_mgr_install.php: [Snort] Settings successfully migrated to new configuration format…
    Dec 31 19:12:38 php: /pkg_mgr_install.php: [Snort] Checking configuration settings version…
    Dec 31 19:12:37 php: /pkg_mgr_install.php: [Snort] Saved settings detected… rebuilding installation with saved settings...</router>


  • Banned

    I dont have that issue at all. Seems to be some issues when running CF and 32 bit versions of PF.

    Save your config and inst. a vanilla 64bit, import backup config and try inst. Snort again.



  • hardware is 32 bit, i guess… no hdd/ssd...

    Update 2:

    after new un/reinstall of snort:

    php: /snort/snort_interfaces.php: The command '/usr/bin/sed -I '' -f /tmp/sedcmd /usr/pbi/snort-i386/etc/snort/snort_27736_re1/preproc_rules/sensitive-data.rules' returned exit code '1', the output was 'sed: /usr/pbi/snort-i386/etc/snort/snort_27736_re1/preproc_rules/sensitive-data.rules: No such file or directory'

    adds up to the fuck up listed above, Snort is in GUI but fails to start, even after reboot...

    Dec 31 19:56:28 php: /snort/snort_interfaces.php: The command '/usr/bin/sed -I '' -f /tmp/sedcmd /usr/pbi/snort-i386/etc/snort/snort_27736_re1/preproc_rules/sensitive-data.rules' returned exit code '1', the output was 'sed: /usr/pbi/snort-i386/etc/snort/snort_27736_re1/preproc_rules/sensitive-data.rules: No such file or directory'
    Dec 31 19:56:28 php: /snort/snort_interfaces.php: [Snort] Updating rules configuration for: WAN …
    Dec 31 19:56:28 php: /snort/snort_interfaces.php: [Snort] Seems preprocessor and/or decoder rules are missing, enabling autogeneration of them in conf file.
    Dec 31 19:56:28 php: /snort/snort_interfaces.php: Could not find the libsf_imap_preproc file. Snort might error out!
    Dec 31 19:56:28 php: /snort/snort_interfaces.php: Could not find the libsf_pop_preproc file. Snort might error out!
    Dec 31 19:56:28 php: /snort/snort_interfaces.php: Could not find the libsf_dns_preproc file. Snort might error out!
    Dec 31 19:56:28 php: /snort/snort_interfaces.php: Could not find the libsf_dce2_preproc file. Snort might error out!
    Dec 31 19:56:28 php: /snort/snort_interfaces.php: Could not find the libsf_ssh_preproc file. Snort might error out!
    Dec 31 19:56:28 php: /snort/snort_interfaces.php: Could not find the libsf_sip_preproc file. Snort might error out!
    Dec 31 19:56:28 php: /snort/snort_interfaces.php: Could not find the libsf_ssl_preproc file. Snort might error out!
    Dec 31 19:56:28 php: /snort/snort_interfaces.php: Could not find the libsf_smtp_preproc file. Snort might error out!
    Dec 31 19:56:28 php: /snort/snort_interfaces.php: Could not find the libsf_ftptelnet_preproc file. Snort might error out!
    Dec 31 19:56:28 php: /snort/snort_interfaces.php: Toggle (snort starting) for WAN(re1)…

    Update 3:

    Manual update of rules fails for VRT with error code 422....

    "Snort VRT rules will not be updated.
    Server returned error code 422."



  • @chemlud:

    hardware is 32 bit, i guess… no hdd/ssd...

    Update 2:

    after new un/reinstall of snort:

    php: /snort/snort_interfaces.php: The command '/usr/bin/sed -I '' -f /tmp/sedcmd /usr/pbi/snort-i386/etc/snort/snort_27736_re1/preproc_rules/sensitive-data.rules' returned exit code '1', the output was 'sed: /usr/pbi/snort-i386/etc/snort/snort_27736_re1/preproc_rules/sensitive-data.rules: No such file or directory'

    adds up to the fuck up listed above, Snort is in GUI but fails to start, even after reboot...

    Dec 31 19:56:28 php: /snort/snort_interfaces.php: The command '/usr/bin/sed -I '' -f /tmp/sedcmd /usr/pbi/snort-i386/etc/snort/snort_27736_re1/preproc_rules/sensitive-data.rules' returned exit code '1', the output was 'sed: /usr/pbi/snort-i386/etc/snort/snort_27736_re1/preproc_rules/sensitive-data.rules: No such file or directory'
    Dec 31 19:56:28 php: /snort/snort_interfaces.php: [Snort] Updating rules configuration for: WAN …
    Dec 31 19:56:28 php: /snort/snort_interfaces.php: [Snort] Seems preprocessor and/or decoder rules are missing, enabling autogeneration of them in conf file.
    Dec 31 19:56:28 php: /snort/snort_interfaces.php: Could not find the libsf_imap_preproc file. Snort might error out!
    Dec 31 19:56:28 php: /snort/snort_interfaces.php: Could not find the libsf_pop_preproc file. Snort might error out!
    Dec 31 19:56:28 php: /snort/snort_interfaces.php: Could not find the libsf_dns_preproc file. Snort might error out!
    Dec 31 19:56:28 php: /snort/snort_interfaces.php: Could not find the libsf_dce2_preproc file. Snort might error out!
    Dec 31 19:56:28 php: /snort/snort_interfaces.php: Could not find the libsf_ssh_preproc file. Snort might error out!
    Dec 31 19:56:28 php: /snort/snort_interfaces.php: Could not find the libsf_sip_preproc file. Snort might error out!
    Dec 31 19:56:28 php: /snort/snort_interfaces.php: Could not find the libsf_ssl_preproc file. Snort might error out!
    Dec 31 19:56:28 php: /snort/snort_interfaces.php: Could not find the libsf_smtp_preproc file. Snort might error out!
    Dec 31 19:56:28 php: /snort/snort_interfaces.php: Could not find the libsf_ftptelnet_preproc file. Snort might error out!
    Dec 31 19:56:28 php: /snort/snort_interfaces.php: Toggle (snort starting) for WAN(re1)…

    Update 3:

    Manual update of rules fails for VRT with error code 422....

    "Snort VRT rules will not be updated.
    Server returned error code 422."

    Try this.  Completely remove the Snort package by clicking the X icon on the System…Packages...Installed Packages tab.  Then install it again.  Your configuration settings will be saved so long as the checkbox on the GLOBAL SETTINGS tab is checked to save setting on uninstall.

    Give Snort a long…long time to restart after the install.  It can take it several minutes on some hardware and with lots of enabled rules.  Some earlier users were experiencing the same issue (no GUI menu option under SERVICES), but they were exiting the package installation screen too soon.  Wait until you get a message in the screen dialog that the package installation is complete before you navigate away from the page.

    Bill



  • Hi Bill! Many thanx for the extended service, after the tird uninstall-reinstall it finally works! :-D

    Had a nice fondue and some decent white wine in the meantime and that apparently helped…

    Cheers and nice party everybody

    chemlud


Log in to reply