Netgate SG-1000 microFirewall

Author Topic: suricata 4.0.02 > 4.0.1 failure  (Read 203 times)

0 Members and 1 Guest are viewing this topic.

Offline repomanz

  • Jr. Member
  • **
  • Posts: 38
  • Karma: +0/-0
    • View Profile
suricata 4.0.02 > 4.0.1 failure
« on: November 29, 2017, 07:14:15 pm »
Number of packages to be upgraded: 1
[1/1] Upgrading pfSense-pkg-suricata from 4.0.0_2 to 4.0.1...
[1/1] Extracting pfSense-pkg-suricata-4.0.1: .......... done
Removing suricata components...
Menu items... done.
Services... done.
Loading package instructions...
pfSense-pkg-suricata-4.0.0_2: missing file /usr/local/share/licenses/pfSense-pkg-suricata-4.0.0_2/APACHE20
pfSense-pkg-suricata-4.0.0_2: missing file /usr/local/share/licenses/pfSense-pkg-suricata-4.0.0_2/LICENSE
pfSense-pkg-suricata-4.0.0_2: missing file /usr/local/share/licenses/pfSense-pkg-suricata-4.0.0_2/
pkg-static: Fail to rename /var/db/suricata/sidmods/.disablesid-sample.conf.HUI3RJW1OOGt -> /var/db/suricata/sidmods/disablesid-sample.conf:No such file or directory

Offline zskwrel

  • Newbie
  • *
  • Posts: 7
  • Karma: +1/-0
    • View Profile
Re: suricata 4.0.02 > 4.0.1 failure
« Reply #1 on: December 05, 2017, 10:52:46 am »
I have had the same upgrade error on Suricata during the past two upgrade versions. I tried adding a dummy 'disablesid-sample.conf' file where Suricata complains there is none but this doesn't work. Only after uninstalling then reinstalling can I get Suricata to upgrade.

Offline bmeeks

  • Hero Member
  • *****
  • Posts: 3327
  • Karma: +866/-0
    • View Profile
Re: suricata 4.0.02 > 4.0.1 failure
« Reply #2 on: December 05, 2017, 01:55:51 pm »
Are you guys by chance modifying and then saving the example files provided on the SID MGMT tab?  They are really intended as examples.  If you edit them to customize the content I suggest saving your changed file with a new name and selecting that name in the corresponding drop-down selectors at the bottom of the page.

The pkg tool used in FreeBSD (and by extension, pfSense) attempts to keep track of all the files it copied/created when installing a package.  It will then attempt to delete all those files when the package is uninstalled or upgraded.  However, if a file has been modified by something outside of the pkg installer routines (as in you, the user, made a change and saved a modified version of the file), then pkg will not remove it.  This might cause issues on the next upgrade of the package.

I have run the package install/uninstall/upgrade process many times in my test virtual machine environment and I've never encountered this error.  I have had pkg leave some files hanging around after an uninstall if I had modified those files myself, though.

Edit:  adding some extra information to my original reply
This error is being thrown by the pkg manager utility that installs all the packages for pfSense.  This is all way before any of the actual Suricata package itself is ready to run, so the error is coming from the pkg-static utility.  It's like it is not installing everything.

« Last Edit: December 05, 2017, 08:13:03 pm by bmeeks »