NanoBSD Install Squid & ET Open Rules
-
My HDD recently died on my pfsense firewall so I opted to reinstall on a USB Stick using the nanoBSD package.
I restored my configs and downloaded / installed snort and rebooted. When validating the snort config's I noticed that in my WAN Categories the list of ET Open Rules only lists 4 rules whereas when I was running on my HDD I had a long list of rules to choose from.
I forced a download of the rules again and restarted snort but to no avail, I still only have 4 ET rules. Is this a limitation of the nanoBSD install or is there something else going on?
-
NanoBSD uses RAM disks for storage. The default sizes are almost never large enough to provide space for downloading, extracting and installing the vendor rule packages. When you run out of RAM disk space, very strange things happen. Lots of times the installation becomes corrupt to the point a reinstall is required.
I do not recommend running either Snort or Suricata on NanoBSD installations. There are just too many issues with disk space. The forums here have plenty of posts from NanoBSD users with these kinds of problems. My advice is to go back to a conventional hard disk. If you absolutely don't want to do that, then you can try increasing the size of the /tmp and /var partitions to at least 150 MB each (and preferably a lot more!). Even doing that, be prepared for the occasional weirdness with either of these packages on NanoBSD installs.
Bill
