pfSense Gold Subscription

Author Topic: pfSense2.3RC - snort installation error  (Read 4146 times)

0 Members and 1 Guest are viewing this topic.

Offline cremesk

  • Jr. Member
  • **
  • Posts: 28
  • Karma: +1/-0
    • View Profile
    • mySEC - Secure Foundation
pfSense2.3RC - snort installation error
« on: April 02, 2016, 03:47:05 am »
Hallo,

i have upgrade my pfSense2.2.6 maschine to pfSense2.3RC.
I think the process was successfully and fast! :D

The New Version is soo very Great! Thanks for this nice work! :D

After the upgrade all works fine, but when i reinstall snort i see this:

Code: [Select]
Executing custom_php_resync_config_command()...

PHP ERROR: Type: 1, File: /usr/local/pkg/snort/snort.inc, Line: 3867, Message: Call to undefined function XML_RPC_encode()pkg: POST-INSTALL script failed
Message from mysql56-client-5.6.27:
* * * * * * * * * * * * * * * * * * * * * * * *

FULL LOG:
Code: [Select]
pkg install pfSense-pkg-snort-3.2.9.1_7 snort-2.9.8.0
Updating pfSense-core repository catalogue...
pfSense-core repository is up-to-date.
Updating pfSense repository catalogue...
pfSense repository is up-to-date.
All repositories are up-to-date.
Checking integrity... done (0 conflicting)
The following 8 package(s) will be affected (of 0 checked):

New packages to be INSTALLED:
pfSense-pkg-snort: 3.2.9.1_7 [pfSense]
snort: 2.9.8.0 [pfSense]
libnet: 1.1.6_3,1 [pfSense]
daq: 2.0.6 [pfSense]
libdnet: 1.12_1 [pfSense]
barnyard2: 1.13 [pfSense]
broccoli: 1.97,1 [pfSense]
mysql56-client: 5.6.27 [pfSense]

The process will require 54 MiB more space.

Proceed with this action? [y/N]: y
[1/8] Installing libdnet-1.12_1...
[1/8] Extracting libdnet-1.12_1: 100%
[2/8] Installing broccoli-1.97,1...
[2/8] Extracting broccoli-1.97,1: 100%
[3/8] Installing mysql56-client-5.6.27...
[3/8] Extracting mysql56-client-5.6.27: 100%
[4/8] Installing libnet-1.1.6_3,1...
[4/8] Extracting libnet-1.1.6_3,1: 100%
[5/8] Installing daq-2.0.6...
[5/8] Extracting daq-2.0.6: 100%
[6/8] Installing barnyard2-1.13...
[6/8] Extracting barnyard2-1.13: 100%
[7/8] Installing snort-2.9.8.0...
[7/8] Extracting snort-2.9.8.0: 100%
[8/8] Installing pfSense-pkg-snort-3.2.9.1_7...
[8/8] Extracting pfSense-pkg-snort-3.2.9.1_7: 100%
Saving updated package information...
done.
Loading package configuration... done.
Configuring package components...
Loading package instructions...
Custom commands...
Executing custom_php_install_command()...Saved settings detected.
Migrating settings to new configuration... done.
Downloading Snort VRT rules md5 file... done.
Checking Snort VRT rules md5 file... done.
Snort VRT rules are current. No update required.
Downloading Snort OpenAppID detectors md5 file... done.
Checking Snort OpenAppID detectors md5 file... done.
Snort OpenAppID detectors are current. No update required.
Downloading Snort GPLv2 Community Rules md5 file... done.
Checking Snort GPLv2 Community Rules md5 file... done.
There is a new set of Snort GPLv2 Community Rules posted.
Downloading community-rules.tar.gz... 100% done.
Downloading Emerging Threats Open rules md5 file... done.
Checking Emerging Threats Open rules md5 file... done.
There is a new set of Emerging Threats Open rules posted.
Downloading emerging.rules.tar.gz... 100% done.
Installing Snort GPLv2 Community Rules... done.
Installing Emerging Threats Open rules...Copying md5 signature to snort directory... done.
Updating rules configuration for: WAN ... done.
Updating rules configuration for: WAN2 ... done.
Cleaning up temp dirs and files... done.
The Rules update has finished.
Generating snort.conf configuration file from saved settings.
Generating configuration for WAN...
 done.
Generating configuration for WAN2...
 done.
Generating snort.sh script in /usr/local/etc/rc.d/... done.
Finished rebuilding Snort configuration files.
done.
Executing custom_php_resync_config_command()...

PHP ERROR: Type: 1, File: /usr/local/pkg/snort/snort.inc, Line: 3867, Message: Call to undefined function XML_RPC_encode()pkg: POST-INSTALL script failed
Message from mysql56-client-5.6.27:
* * * * * * * * * * * * * * * * * * * * * * * *

Please be aware the database client is vulnerable
to CVE-2015-3152 - SSL Downgrade aka "BACKRONYM".
You may find more information at the following URL:

http://www.vuxml.org/freebsd/36bd352d-299b-11e5-86ff-14dae9d210b8.html

Although this database client is not listed as
"affected", it is vulnerable and will not be
receiving a patch. Please take note of this when
deploying this software.

* * * * * * * * * * * * * * * * * * * * * * * *
Message from barnyard2-1.13:
Read the notes in the barnyard2.conf file for how to configure
/usr/local/etc/barnyard2.conf after installation.  For addtional information
see the Securixlive FAQ at http://www.securixlive.com/barnyard2/faq.php.

In order to enable barnyard2 to start on boot, you must edit /etc/rc.conf
with the appropriate flags, etc.  See the FreeBSD Handbook for syntax:
http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/configtuning-rcng.html

For the various options available, type % barnyard2 -h after install or read
the options in the startup script - in /usr/local/etc/rc.d.

Barnyard2 can process unified2 files from snort or suricata.  It can also
interact with snortsam firewall rules as well as the sguil-sensor. Those
ports must be installed separately if you wish to use them.

************************************************************************
Message from snort-2.9.8.0:
=========================================================================
Snort uses rcNG startup script and must be enabled via /etc/rc.conf
Please see /usr/local/etc/rc.d/snort
for list of available variables and their description.
Configuration files are located in /usr/local/etc/snort directory.

Please note that, by default, snort will truncate packets larger than the
default snaplen of 15158 bytes.  Additionally, LRO may cause issues with
Stream5 target-based reassembly.  It is recommended to disable LRO, if
your card supports it.

This can be done by appending '-lro' to your ifconfig_ line in rc.conf.
=========================================================================
Message from pfSense-pkg-snort-3.2.9.1_7:
Please visit Services - Snort - Interfaces tab first to add an interface, then select your desired rules packages at the Services - Snort - Global tab. Afterwards visit the Updates tab to download your configured rulesets.


Thank you for Help!

​​Kind Regards,
Sven

Offline cremesk

  • Jr. Member
  • **
  • Posts: 28
  • Karma: +1/-0
    • View Profile
    • mySEC - Secure Foundation
Re: pfSense2.3RC - snort installation error
« Reply #1 on: April 04, 2016, 08:15:56 am »
in the upgrade process to version: pfSense-pkg-snort-3.2.9.1_8 / snort-2.9.8.0 have i the same error..

Offline bmeeks

  • Hero Member
  • *****
  • Posts: 3170
  • Karma: +821/-0
    • View Profile
Re: pfSense2.3RC - snort installation error
« Reply #2 on: April 04, 2016, 08:15:05 pm »
The fix for this error is in the next package update (will be version 3.2.9.1_9 when it is posted).  It is caused by a missing include file.  Don't know if I accidentally deleted the line somewhere during the Bootstrap conversion or if it was getting included by other system files that have since changed and no longer include the xml_rpc_client.inc file.

Bill

Offline cmb

  • Hero Member
  • *****
  • Posts: 11230
  • Karma: +893/-7
    • View Profile
    • Chris Buechler
Re: pfSense2.3RC - snort installation error
« Reply #3 on: April 05, 2016, 12:02:42 am »
That's been merged, should show up in a few minutes. Thanks Bill!

Offline Merchant

  • Full Member
  • ***
  • Posts: 127
  • Karma: +3/-0
    • View Profile
Re: pfSense2.3RC - snort installation error
« Reply #4 on: April 05, 2016, 02:56:42 am »
Did upgrade from stable to RC now , now i am having issue updating snort updates

security   3.2.9.1_9
Code: [Select]
Apr 5 13:23:17 php-fpm 43612 /snort/snort_download_updates.php: [Snort] Will retry in 15 seconds...
Apr 5 13:23:17 php-fpm 43612 /snort/snort_download_updates.php: [Snort] Rules download error: SSL certificate problem: unable to get local issuer certificate
Apr 5 13:23:02 php-fpm 43612 /snort/snort_download_updates.php: [Snort] Will retry in 15 seconds...
Apr 5 13:23:02 php-fpm 43612 /snort/snort_download_updates.php: [Snort] Rules download error: SSL certificate problem: unable to get local issuer certificate
Apr 5 13:22:47 php-fpm 43612 /snort/snort_download_updates.php: [Snort] Will retry in 15 seconds...
Apr 5 13:22:47 php-fpm 43612 /snort/snort_download_updates.php: [Snort] Rules download error: SSL certificate problem: unable to get local issuer certificate
Apr 5 13:22:32 php-fpm 43612 /snort/snort_download_updates.php: [Snort] Will retry in 15 seconds...
Apr 5 13:22:32 php-fpm 43612 /snort/snort_download_updates.php: [Snort] Rules download error: SSL certificate problem: unable to get local issuer certificate
Apr 5 13:22:31 php-fpm 43612 /snort/snort_download_updates.php: [Snort] There is a new set of Snort GPLv2 Community Rules posted. Downloading community-rules.tar.gz...
Apr 5 13:22:30 php-fpm 43612 /snort/snort_download_updates.php: [Snort] Snort OpenAppID detectors file download failed... server returned error '0'...
Apr 5 13:22:30 php-fpm 43612 /snort/snort_download_updates.php: File 'snort-openappid.tar.gz' download attempts: 4 ...
Apr 5 13:22:15 php-fpm 43612 /snort/snort_download_updates.php: [Snort] Will retry in 15 seconds...
Apr 5 13:22:15 php-fpm 43612 /snort/snort_download_updates.php: [Snort] Rules download error: SSL certificate problem: unable to get local issuer certificate
Apr 5 13:22:00 php-fpm 43612 /snort/snort_download_updates.php: [Snort] Will retry in 15 seconds...
Apr 5 13:22:00 php-fpm 43612 /snort/snort_download_updates.php: [Snort] Rules download error: SSL certificate problem: unable to get local issuer certificate
Apr 5 13:21:44 php-fpm 43612 /snort/snort_download_updates.php: [Snort] Will retry in 15 seconds...
Apr 5 13:21:44 php-fpm 43612 /snort/snort_download_updates.php: [Snort] Rules download error: SSL certificate problem: unable to get local issuer certificate
Apr 5 13:21:29 php-fpm 43612 /snort/snort_download_updates.php: [Snort] Will retry in 15 seconds...
Apr 5 13:21:29 php-fpm 43612 /snort/snort_download_updates.php: [Snort] Rules download error: SSL certificate problem: unable to get local issuer certificate
Apr 5 13:21:28 php-fpm 43612 /snort/snort_download_updates.php: [Snort] There is a new set of Snort OpenAppID detectors posted. Downloading snort-openappid.tar.gz...
Apr 5 13:21:27 php-fpm 43612 /snort/snort_download_updates.php: [Snort] Snort VRT rules file download failed... server returned error '0'...
Apr 5 13:21:27 php-fpm 43612 /snort/snort_download_updates.php: File 'snortrules-snapshot-2980.tar.gz' download attempts: 4 ...
Apr 5 13:21:12 php-fpm 43612 /snort/snort_download_updates.php: [Snort] Will retry in 15 seconds...
Apr 5 13:21:12 php-fpm 43612 /snort/snort_download_updates.php: [Snort] Rules download error: SSL certificate problem: unable to get local issuer certificate
Apr 5 13:21:03 snort 96563 [120:18:1] (http_inspect) PROTOCOL-OTHER HTTP server response before client request [Classification: Unknown Traffic] [Priority: 3] {TCP} 54.169.191.22:8080 -> 192.168.2.2:51637
2.3-RC (amd64)
built on Mon Apr 04 17:09:32 CDT 2016
FreeBSD 10.3-RELEASE
Intel(R) Core(TM)2 Duo CPU E4500 @ 2.20GHz

darkstat       3.1.2_1   
Lightsquid   3.0.3_1   
mailreport       3.0_1   
pfBlockerNG    2.0.9_1    
RRD_Summary    1.3.1_2   
snort    3.2.9.1_9    
squid 0.4.16_1    
squidGuard    1.14_1   
syslog-ng    1.1.2_2

Offline bmeeks

  • Hero Member
  • *****
  • Posts: 3170
  • Karma: +821/-0
    • View Profile
Re: pfSense2.3RC - snort installation error
« Reply #5 on: April 05, 2016, 07:03:20 am »
Did upgrade from stable to RC now , now i am having issue updating snort updates

security   3.2.9.1_9
Code: [Select]
Apr 5 13:23:17 php-fpm 43612 /snort/snort_download_updates.php: [Snort] Will retry in 15 seconds...
Apr 5 13:23:17 php-fpm 43612 /snort/snort_download_updates.php: [Snort] Rules download error: SSL certificate problem: unable to get local issuer certificate
Apr 5 13:23:02 php-fpm 43612 /snort/snort_download_updates.php: [Snort] Will retry in 15 seconds...
Apr 5 13:23:02 php-fpm 43612 /snort/snort_download_updates.php: [Snort] Rules download error: SSL certificate problem: unable to get local issuer certificate
Apr 5 13:22:47 php-fpm 43612 /snort/snort_download_updates.php: [Snort] Will retry in 15 seconds...
Apr 5 13:22:47 php-fpm 43612 /snort/snort_download_updates.php: [Snort] Rules download error: SSL certificate problem: unable to get local issuer certificate
Apr 5 13:22:32 php-fpm 43612 /snort/snort_download_updates.php: [Snort] Will retry in 15 seconds...
Apr 5 13:22:32 php-fpm 43612 /snort/snort_download_updates.php: [Snort] Rules download error: SSL certificate problem: unable to get local issuer certificate
Apr 5 13:22:31 php-fpm 43612 /snort/snort_download_updates.php: [Snort] There is a new set of Snort GPLv2 Community Rules posted. Downloading community-rules.tar.gz...
Apr 5 13:22:30 php-fpm 43612 /snort/snort_download_updates.php: [Snort] Snort OpenAppID detectors file download failed... server returned error '0'...
Apr 5 13:22:30 php-fpm 43612 /snort/snort_download_updates.php: File 'snort-openappid.tar.gz' download attempts: 4 ...
Apr 5 13:22:15 php-fpm 43612 /snort/snort_download_updates.php: [Snort] Will retry in 15 seconds...
Apr 5 13:22:15 php-fpm 43612 /snort/snort_download_updates.php: [Snort] Rules download error: SSL certificate problem: unable to get local issuer certificate
Apr 5 13:22:00 php-fpm 43612 /snort/snort_download_updates.php: [Snort] Will retry in 15 seconds...
Apr 5 13:22:00 php-fpm 43612 /snort/snort_download_updates.php: [Snort] Rules download error: SSL certificate problem: unable to get local issuer certificate
Apr 5 13:21:44 php-fpm 43612 /snort/snort_download_updates.php: [Snort] Will retry in 15 seconds...
Apr 5 13:21:44 php-fpm 43612 /snort/snort_download_updates.php: [Snort] Rules download error: SSL certificate problem: unable to get local issuer certificate
Apr 5 13:21:29 php-fpm 43612 /snort/snort_download_updates.php: [Snort] Will retry in 15 seconds...
Apr 5 13:21:29 php-fpm 43612 /snort/snort_download_updates.php: [Snort] Rules download error: SSL certificate problem: unable to get local issuer certificate
Apr 5 13:21:28 php-fpm 43612 /snort/snort_download_updates.php: [Snort] There is a new set of Snort OpenAppID detectors posted. Downloading snort-openappid.tar.gz...
Apr 5 13:21:27 php-fpm 43612 /snort/snort_download_updates.php: [Snort] Snort VRT rules file download failed... server returned error '0'...
Apr 5 13:21:27 php-fpm 43612 /snort/snort_download_updates.php: File 'snortrules-snapshot-2980.tar.gz' download attempts: 4 ...
Apr 5 13:21:12 php-fpm 43612 /snort/snort_download_updates.php: [Snort] Will retry in 15 seconds...
Apr 5 13:21:12 php-fpm 43612 /snort/snort_download_updates.php: [Snort] Rules download error: SSL certificate problem: unable to get local issuer certificate
Apr 5 13:21:03 snort 96563 [120:18:1] (http_inspect) PROTOCOL-OTHER HTTP server response before client request [Classification: Unknown Traffic] [Priority: 3] {TCP} 54.169.191.22:8080 -> 192.168.2.2:51637

This is a different problem.  Wait about an hour or more and try again to be sure it's not a problem on the Snort web site end.  Post back if the issue continues.

Bill

Offline Merchant

  • Full Member
  • ***
  • Posts: 127
  • Karma: +3/-0
    • View Profile
Re: pfSense2.3RC - snort installation error
« Reply #6 on: April 05, 2016, 07:53:57 am »
Did upgrade from stable to RC now , now i am having issue updating snort updates

security   3.2.9.1_9
Code: [Select]
Apr 5 13:23:17 php-fpm 43612 /snort/snort_download_updates.php: [Snort] Will retry in 15 seconds...
Apr 5 13:23:17 php-fpm 43612 /snort/snort_download_updates.php: [Snort] Rules download error: SSL certificate problem: unable to get local issuer certificate
Apr 5 13:23:02 php-fpm 43612 /snort/snort_download_updates.php: [Snort] Will retry in 15 seconds...
Apr 5 13:23:02 php-fpm 43612 /snort/snort_download_updates.php: [Snort] Rules download error: SSL certificate problem: unable to get local issuer certificate
Apr 5 13:22:47 php-fpm 43612 /snort/snort_download_updates.php: [Snort] Will retry in 15 seconds...
Apr 5 13:22:47 php-fpm 43612 /snort/snort_download_updates.php: [Snort] Rules download error: SSL certificate problem: unable to get local issuer certificate
Apr 5 13:22:32 php-fpm 43612 /snort/snort_download_updates.php: [Snort] Will retry in 15 seconds...
Apr 5 13:22:32 php-fpm 43612 /snort/snort_download_updates.php: [Snort] Rules download error: SSL certificate problem: unable to get local issuer certificate
Apr 5 13:22:31 php-fpm 43612 /snort/snort_download_updates.php: [Snort] There is a new set of Snort GPLv2 Community Rules posted. Downloading community-rules.tar.gz...
Apr 5 13:22:30 php-fpm 43612 /snort/snort_download_updates.php: [Snort] Snort OpenAppID detectors file download failed... server returned error '0'...
Apr 5 13:22:30 php-fpm 43612 /snort/snort_download_updates.php: File 'snort-openappid.tar.gz' download attempts: 4 ...
Apr 5 13:22:15 php-fpm 43612 /snort/snort_download_updates.php: [Snort] Will retry in 15 seconds...
Apr 5 13:22:15 php-fpm 43612 /snort/snort_download_updates.php: [Snort] Rules download error: SSL certificate problem: unable to get local issuer certificate
Apr 5 13:22:00 php-fpm 43612 /snort/snort_download_updates.php: [Snort] Will retry in 15 seconds...
Apr 5 13:22:00 php-fpm 43612 /snort/snort_download_updates.php: [Snort] Rules download error: SSL certificate problem: unable to get local issuer certificate
Apr 5 13:21:44 php-fpm 43612 /snort/snort_download_updates.php: [Snort] Will retry in 15 seconds...
Apr 5 13:21:44 php-fpm 43612 /snort/snort_download_updates.php: [Snort] Rules download error: SSL certificate problem: unable to get local issuer certificate
Apr 5 13:21:29 php-fpm 43612 /snort/snort_download_updates.php: [Snort] Will retry in 15 seconds...
Apr 5 13:21:29 php-fpm 43612 /snort/snort_download_updates.php: [Snort] Rules download error: SSL certificate problem: unable to get local issuer certificate
Apr 5 13:21:28 php-fpm 43612 /snort/snort_download_updates.php: [Snort] There is a new set of Snort OpenAppID detectors posted. Downloading snort-openappid.tar.gz...
Apr 5 13:21:27 php-fpm 43612 /snort/snort_download_updates.php: [Snort] Snort VRT rules file download failed... server returned error '0'...
Apr 5 13:21:27 php-fpm 43612 /snort/snort_download_updates.php: File 'snortrules-snapshot-2980.tar.gz' download attempts: 4 ...
Apr 5 13:21:12 php-fpm 43612 /snort/snort_download_updates.php: [Snort] Will retry in 15 seconds...
Apr 5 13:21:12 php-fpm 43612 /snort/snort_download_updates.php: [Snort] Rules download error: SSL certificate problem: unable to get local issuer certificate
Apr 5 13:21:03 snort 96563 [120:18:1] (http_inspect) PROTOCOL-OTHER HTTP server response before client request [Classification: Unknown Traffic] [Priority: 3] {TCP} 54.169.191.22:8080 -> 192.168.2.2:51637

This is a different problem.  Wait about an hour or more and try again to be sure it's not a problem on the Snort web site end.  Post back if the issue continues.

Bill

Code: [Select]
Apr 5 18:27:08 check_reload_status Syncing firewall
Apr 5 18:27:08 php-fpm 17273 /snort/snort_download_updates.php: [Snort] The Rules update has finished.
Apr 5 18:27:08 php-fpm 17273 /snort/snort_download_updates.php: [Snort] Removed 0 obsoleted rules category files.
Apr 5 18:27:08 php-fpm 17273 /snort/snort_download_updates.php: [Snort] Hide Deprecated Rules is enabled. Removing obsoleted rules categories.
Apr 5 18:27:08 php-fpm 17273 /snort/snort_download_updates.php: [Snort] Emerging Threats Open rules are up to date...
Apr 5 18:27:06 php-fpm 17273 /snort/snort_download_updates.php: [Snort] Snort GPLv2 Community Rules file download failed... server returned error '0'...
Apr 5 18:27:06 php-fpm 17273 /snort/snort_download_updates.php: File 'community-rules.tar.gz' download attempts: 4 ...
Apr 5 18:26:56 pfsense.cbdata.local nginx: 2016/04/05 18:26:56 [error] 57723#0: *11549 upstream timed out (60: Operation timed out) while reading response header from upstream, client: 192.168.0.246, server: , request: "POST /snort/snort_download_updates.php HTTP/1.1", upstream: "fastcgi://unix:/var/run/php-fpm.socket", host: "192.168.0.1", referrer: "https://192.168.0.1/snort/snort_download_updates.php"
Apr 5 18:26:51 php-fpm 17273 /snort/snort_download_updates.php: [Snort] Will retry in 15 seconds...
Apr 5 18:26:51 php-fpm 17273 /snort/snort_download_updates.php: [Snort] Rules download error: SSL certificate problem: unable to get local issuer certificate
Apr 5 18:26:36 php-fpm 17273 /snort/snort_download_updates.php: [Snort] Will retry in 15 seconds...
Apr 5 18:26:36 php-fpm 17273 /snort/snort_download_updates.php: [Snort] Rules download error: SSL certificate problem: unable to get local issuer certificate
Apr 5 18:26:21 php-fpm 17273 /snort/snort_download_updates.php: [Snort] Will retry in 15 seconds...
Apr 5 18:26:21 php-fpm 17273 /snort/snort_download_updates.php: [Snort] Rules download error: SSL certificate problem: unable to get local issuer certificate
Apr 5 18:26:05 php-fpm 17273 /snort/snort_download_updates.php: [Snort] Will retry in 15 seconds...
Apr 5 18:26:05 php-fpm 17273 /snort/snort_download_updates.php: [Snort] Rules download error: SSL certificate problem: unable to get local issuer certificate
Apr 5 18:26:04 php-fpm 17273 /snort/snort_download_updates.php: [Snort] There is a new set of Snort GPLv2 Community Rules posted. Downloading community-rules.tar.gz...
Apr 5 18:26:03 php-fpm 17273 /snort/snort_download_updates.php: [Snort] Snort OpenAppID detectors file download failed... server returned error '0'...
Apr 5 18:26:03 php-fpm 17273 /snort/snort_download_updates.php: File 'snort-openappid.tar.gz' download attempts: 4 ...
Apr 5 18:25:48 php-fpm 17273 /snort/snort_download_updates.php: [Snort] Will retry in 15 seconds...
Apr 5 18:25:48 php-fpm 17273 /snort/snort_download_updates.php: [Snort] Rules download error: SSL certificate problem: unable to get local issuer certificate
Apr 5 18:25:33 php-fpm 17273 /snort/snort_download_updates.php: [Snort] Will retry in 15 seconds...
Apr 5 18:25:33 php-fpm 17273 /snort/snort_download_updates.php: [Snort] Rules download error: SSL certificate problem: unable to get local issuer certificate
Apr 5 18:25:18 php-fpm 17273 /snort/snort_download_updates.php: [Snort] Will retry in 15 seconds...
Apr 5 18:25:18 php-fpm 17273 /snort/snort_download_updates.php: [Snort] Rules download error: SSL certificate problem: unable to get local issuer certificate
Apr 5 18:25:02 php-fpm 17273 /snort/snort_download_updates.php: [Snort] Will retry in 15 seconds...
Apr 5 18:25:02 php-fpm 17273 /snort/snort_download_updates.php: [Snort] Rules download error: SSL certificate problem: unable to get local issuer certificate
Apr 5 18:25:01 php-fpm 17273 /snort/snort_download_updates.php: [Snort] There is a new set of Snort OpenAppID detectors posted. Downloading snort-openappid.tar.gz...
Apr 5 18:25:00 php-fpm 17273 /snort/snort_download_updates.php: [Snort] Snort VRT rules file download failed... server returned error '0'...
Apr 5 18:25:00 php-fpm 17273 /snort/snort_download_updates.php: File 'snortrules-snapshot-2980.tar.gz' download attempts: 4 ...
Apr 5 18:24:45 php-fpm 17273 /snort/snort_download_updates.php: [Snort] Will retry in 15 seconds...
Apr 5 18:24:45 php-fpm 17273 /snort/snort_download_updates.php: [Snort] Rules download error: SSL certificate problem: unable to get local issuer certificate
Apr 5 18:24:30 php-fpm 17273 /snort/snort_download_updates.php: [Snort] Will retry in 15 seconds...
Apr 5 18:24:30 php-fpm 17273 /snort/snort_download_updates.php: [Snort] Rules download error: SSL certificate problem: unable to get local issuer certificate
Apr 5 18:24:15 php-fpm 17273 /snort/snort_download_updates.php: [Snort] Will retry in 15 seconds...
Apr 5 18:24:15 php-fpm 17273 /snort/snort_download_updates.php: [Snort] Rules download error: SSL certificate problem: unable to get local issuer certificate
Apr 5 18:24:00 php-fpm 17273 /snort/snort_download_updates.php: [Snort] Will retry in 15 seconds...
Apr 5 18:24:00 php-fpm 17273 /snort/snort_download_updates.php: [Snort] Rules download error: SSL certificate problem: unable to get local issuer certificate
Apr 5 18:23:58 php-fpm 17273 /snort/snort_download_updates.php: [Snort] There is a new set of Snort VRT rules posted. Downloading snortrules-snapshot-2980.tar.gz...

thank you for replying , 

tried just now  , still same issue     . I will try doing tomorrow
« Last Edit: April 05, 2016, 07:57:57 am by Merchant »
2.3-RC (amd64)
built on Mon Apr 04 17:09:32 CDT 2016
FreeBSD 10.3-RELEASE
Intel(R) Core(TM)2 Duo CPU E4500 @ 2.20GHz

darkstat       3.1.2_1   
Lightsquid   3.0.3_1   
mailreport       3.0_1   
pfBlockerNG    2.0.9_1    
RRD_Summary    1.3.1_2   
snort    3.2.9.1_9    
squid 0.4.16_1    
squidGuard    1.14_1   
syslog-ng    1.1.2_2

Offline maverick_slo

  • Hero Member
  • *****
  • Posts: 809
  • Karma: +37/-2
    • View Profile
Re: pfSense2.3RC - snort installation error
« Reply #7 on: April 05, 2016, 08:22:24 am »
I just did it without any issue.

Offline maverick_slo

  • Hero Member
  • *****
  • Posts: 809
  • Karma: +37/-2
    • View Profile
Re: pfSense2.3RC - snort installation error
« Reply #8 on: April 05, 2016, 08:29:01 am »
Everything is working OK, BUT I got this:


Code: [Select]
amd64
10.3-RELEASE
FreeBSD 10.3-RELEASE #9 51f8df0(RELENG_2_3): Tue Apr  5 03:24:20 CDT 2016     root@ce23-amd64-builder:/builder/pfsense/tmp/obj/builder/pfsense/tmp/FreeBSD-src/sys/pfSense

Crash report details:

PHP Errors:
[05-Apr-2016 15:24:39 Europe/Berlin] PHP Stack trace:
[05-Apr-2016 15:24:39 Europe/Berlin] PHP   1. {main}() /usr/local/www/snort/snort_download_updates.php:0
[05-Apr-2016 15:24:39 Europe/Berlin] PHP   2. header() /usr/local/www/snort/snort_download_updates.php:165
[05-Apr-2016 15:24:39 Europe/Berlin] PHP Stack trace:
[05-Apr-2016 15:24:39 Europe/Berlin] PHP   1. {main}() /usr/local/www/snort/snort_download_updates.php:0
[05-Apr-2016 15:24:39 Europe/Berlin] PHP   2. header() /usr/local/www/snort/snort_download_updates.php:166
[05-Apr-2016 15:24:39 Europe/Berlin] PHP Stack trace:
[05-Apr-2016 15:24:39 Europe/Berlin] PHP   1. {main}() /usr/local/www/snort/snort_download_updates.php:0
[05-Apr-2016 15:24:39 Europe/Berlin] PHP   2. header() /usr/local/www/snort/snort_download_updates.php:167
[05-Apr-2016 15:24:39 Europe/Berlin] PHP Stack trace:
[05-Apr-2016 15:24:39 Europe/Berlin] PHP   1. {main}() /usr/local/www/snort/snort_download_updates.php:0
[05-Apr-2016 15:24:39 Europe/Berlin] PHP   2. header() /usr/local/www/snort/snort_download_updates.php:168
[05-Apr-2016 15:24:39 Europe/Berlin] PHP Stack trace:
[05-Apr-2016 15:24:39 Europe/Berlin] PHP   1. {main}() /usr/local/www/snort/snort_download_updates.php:0
[05-Apr-2016 15:24:39 Europe/Berlin] PHP   2. header() /usr/local/www/snort/snort_download_updates.php:169
[05-Apr-2016 15:24:39 Europe/Berlin] PHP Stack trace:
[05-Apr-2016 15:24:39 Europe/Berlin] PHP   1. {main}() /usr/local/www/snort/snort_download_updates.php:0
[05-Apr-2016 15:24:39 Europe/Berlin] PHP   2. header() /usr/local/www/snort/snort_download_updates.php:170

Offline cremesk

  • Jr. Member
  • **
  • Posts: 28
  • Karma: +1/-0
    • View Profile
    • mySEC - Secure Foundation
Re: pfSense2.3RC - snort installation error
« Reply #9 on: April 05, 2016, 04:23:01 pm »
Okay my installation work fine and my Interface config run..
But, i have a enconding problem or some think else.. (see attachment)

Offline bmeeks

  • Hero Member
  • *****
  • Posts: 3170
  • Karma: +821/-0
    • View Profile
Re: pfSense2.3RC - snort installation error
« Reply #10 on: April 05, 2016, 06:00:43 pm »
Okay my installation work fine and my Interface config run..
But, i have a enconding problem or some think else.. (see attachment)

Where are you located (country)?  It may well be that gettext() is not being called to translate some values.  That page should be simply outputting 10% 20% 30% ... 100% showing progress.

The whole GUI for manual rules updates in Snort and Suricata needs some work since the move to Bootstrap.  The old system calls for a progress bar output no longer are available, and so I quickly cobbled something together to let the user see some progress.  I am still searching for a better solution.

Bill

Offline bmeeks

  • Hero Member
  • *****
  • Posts: 3170
  • Karma: +821/-0
    • View Profile
Re: pfSense2.3RC - snort installation error
« Reply #11 on: April 05, 2016, 06:09:34 pm »
Everything is working OK, BUT I got this:


Code: [Select]
amd64
10.3-RELEASE
FreeBSD 10.3-RELEASE #9 51f8df0(RELENG_2_3): Tue Apr  5 03:24:20 CDT 2016     root@ce23-amd64-builder:/builder/pfsense/tmp/obj/builder/pfsense/tmp/FreeBSD-src/sys/pfSense

Crash report details:

PHP Errors:
[05-Apr-2016 15:24:39 Europe/Berlin] PHP Stack trace:
[05-Apr-2016 15:24:39 Europe/Berlin] PHP   1. {main}() /usr/local/www/snort/snort_download_updates.php:0
[05-Apr-2016 15:24:39 Europe/Berlin] PHP   2. header() /usr/local/www/snort/snort_download_updates.php:165
[05-Apr-2016 15:24:39 Europe/Berlin] PHP Stack trace:
[05-Apr-2016 15:24:39 Europe/Berlin] PHP   1. {main}() /usr/local/www/snort/snort_download_updates.php:0
[05-Apr-2016 15:24:39 Europe/Berlin] PHP   2. header() /usr/local/www/snort/snort_download_updates.php:166
[05-Apr-2016 15:24:39 Europe/Berlin] PHP Stack trace:
[05-Apr-2016 15:24:39 Europe/Berlin] PHP   1. {main}() /usr/local/www/snort/snort_download_updates.php:0
[05-Apr-2016 15:24:39 Europe/Berlin] PHP   2. header() /usr/local/www/snort/snort_download_updates.php:167
[05-Apr-2016 15:24:39 Europe/Berlin] PHP Stack trace:
[05-Apr-2016 15:24:39 Europe/Berlin] PHP   1. {main}() /usr/local/www/snort/snort_download_updates.php:0
[05-Apr-2016 15:24:39 Europe/Berlin] PHP   2. header() /usr/local/www/snort/snort_download_updates.php:168
[05-Apr-2016 15:24:39 Europe/Berlin] PHP Stack trace:
[05-Apr-2016 15:24:39 Europe/Berlin] PHP   1. {main}() /usr/local/www/snort/snort_download_updates.php:0
[05-Apr-2016 15:24:39 Europe/Berlin] PHP   2. header() /usr/local/www/snort/snort_download_updates.php:169
[05-Apr-2016 15:24:39 Europe/Berlin] PHP Stack trace:
[05-Apr-2016 15:24:39 Europe/Berlin] PHP   1. {main}() /usr/local/www/snort/snort_download_updates.php:0
[05-Apr-2016 15:24:39 Europe/Berlin] PHP   2. header() /usr/local/www/snort/snort_download_updates.php:170

I have the fix for this as well.  It's a sort of cosmetic PHP crash.  I used the header() function after some other output was already written to the page, so PHP is correctly complaining about that.

If you want to manually fix it while waiting for the permanent fix, do this:

Open the file /usr/local/www/snort/snort_download_updates.php in an editor.
Find this section (lines 164 through 171) in the file

Code: [Select]

// Reload the page to update displayed values
header( 'Expires: Sat, 26 Jul 1997 05:00:00 GMT' );
header( 'Last-Modified: ' . gmdate( 'D, d M Y H:i:s' ) . ' GMT' );
header( 'Cache-Control: no-store, no-cache, must-revalidate' );
header( 'Cache-Control: post-check=0, pre-check=0', false );
header( 'Pragma: no-cache' );
header("Location: /snort/snort_download_updates.php");
return;


Delete those header() lines and add the new line shown so that the new file looks like this:

Code: [Select]

// Reload the page to update displayed values
print '<script type="text/javascript">window.location = "/snort/snort_download_updates.php";</script>';
return;


Be sure and copy/paste from the text above to be sure the single quotes and double quotes are correct.  Save the change.

Bill

Offline cremesk

  • Jr. Member
  • **
  • Posts: 28
  • Karma: +1/-0
    • View Profile
    • mySEC - Secure Foundation
Re: pfSense2.3RC - snort installation error
« Reply #12 on: April 06, 2016, 03:05:39 am »
Okay my installation work fine and my Interface config run..
But, i have a enconding problem or some think else.. (see attachment)

Where are you located (country)?  It may well be that gettext() is not being called to translate some values.  That page should be simply outputting 10% 20% 30% ... 100% showing progress.

The whole GUI for manual rules updates in Snort and Suricata needs some work since the move to Bootstrap.  The old system calls for a progress bar output no longer are available, and so I quickly cobbled something together to let the user see some progress.  I am still searching for a better solution.

Bill

hi,

Timezone: ETC/UTC
Language: English

Thanks for the Problem Description!

Sven