Suricata package install hangs after PfSense reinstall



  • I just had to reinstall PfSense 2.2.3 due to some disk issues. I had a config.xml backed up, so I used it to restore my config during the install. Once everything was back up, I started reinstalling my packages and all went fine until Suricata. It goes along fine for a while, then hangs indefinitely at the message " Generating suricata.yaml configuration from saved settings….  Generating configuration for WAN...".

    I have tried rebooting, made sure there was plenty of disk space, and verified the permissions on the suricata pkg dir. I do not see any package logs to check for errors, but none are generated on the web GUI installer. Any ideas as to what may be causing this hang? My firewall feels naked without Suricata installed.



  • Take a look in the system log and see if there any messages in there that might point to what's wrong.  Post back with your findings.

    Bill



  • Thanks for taking a look, Bill. Nothing helpful in the system logs. Here is everything from starting the reinstall to hang:

    Jul 3 01:16:31 php-fpm[88756]: /pkg_mgr_install.php: [Suricata] Updating rules configuration for: WAN …
    Jul 3 01:16:29 php-fpm[88756]: /pkg_mgr_install.php: [Suricata] The Rules update has finished.
    Jul 3 01:16:29 php-fpm[88756]: /pkg_mgr_install.php: [Suricata] Snort VRT rules are up to date…
    Jul 3 01:16:29 php-fpm[88756]: /pkg_mgr_install.php: [Suricata] Emerging Threats Open rules are up to date…
    Jul 3 01:16:28 php-fpm[88756]: /pkg_mgr_install.php: [Suricata] Downloading and updating configured rule types…
    Jul 3 01:16:28 php-fpm[88756]: /pkg_mgr_install.php: [Suricata] Configuration version is current…
    Jul 3 01:16:28 php-fpm[88756]: /pkg_mgr_install.php: [Suricata] Checking configuration settings version…
    Jul 3 01:16:28 php-fpm[88756]: /pkg_mgr_install.php: [Suricata] Saved settings detected… rebuilding installation with saved settings...
    Jul 3 01:16:26 php-fpm[88756]: /pkg_mgr_install.php: [Suricata] GeoIP database update finished.
    Jul 3 01:16:23 php-fpm[88756]: /pkg_mgr_install.php: [Suricata] Updating the GeoIP country database files…
    Jul 3 01:16:23 php-fpm[88756]: /pkg_mgr_install.php: [Suricata] Installing free GeoIP country database files…
    Jul 3 01:16:06 php-fpm[88756]: /pkg_mgr_install.php: Beginning package installation for suricata .


  • Banned

    @jmlott:

    I just had to reinstall PfSense 2.2.3 due to some disk issues. …. Any ideas as to what may be causing this hang?

    Maybe the disk issues? Did you actually replace the faulty drive?



  • Yeah, sorry. I guess I thought that was implied. I did replace the disk and tested that there are no more issues.


  • Banned

    Perhaps try

    
    mount -o nosync /
    
    


  • When you reinstalled, is all the hardware exactly the same save the disk drive?  Did your interfaces perhaps change (as in different NIC or what was LAN interface is now WAN and vice-versa)?  Suricata and Snort are both vulnerable to problems if the interface physical name is changed.  This is because that name is part of the internal UUID both packages use to keep track of interfaces.

    The message in the logs indicates the Suricata GUI code is reading your WAN interface configuration from config.xml and trying to generate the YAML configuration file.

    Bill



  • @doktornotor:

    Perhaps try

    
    mount -o nosync /
    
    

    That did the trick. Thanks so much!


  • Banned

    @jmlott:

    @doktornotor:

    Perhaps try

    
    mount -o nosync /
    
    

    That did the trick. Thanks so much!

    Hmmmm… Could you post what HW are we talking about here? (The forced sync is going away in 2.2.4 anyway, but I find it hard to believe what range of issues this causes.)



  • Sure thing. It's a bare metal install on an HP Proliant DL380 G5 2x 3.0GHz Xeon CPUs with 48GB RAM . The drives are WD 500 GB SATA 2.5" WD5000LPLX in a RAID 1 on the Smart Array P400 card.


  • Banned

    Hmmm, WTF… There's something badly rotten with UFS.