Netgate SG-1000 microFirewall

Author Topic: Suricata on the SG-3100 does not survive a firmware upgrade  (Read 375 times)

0 Members and 1 Guest are viewing this topic.

Offline stephenw10

  • Administrator
  • Hero Member
  • *****
  • Posts: 12002
  • Karma: +474/-15
    • View Profile
Suricata on the SG-3100 does not survive a firmware upgrade
« on: January 23, 2018, 04:25:30 pm »
Like the subject says really. Because I am always testing fixes I usually follow current snapshots quire closely, updating every few days. Suricata runs just fine on the SG-3100 (thanks bmeeks!) but after updatong to the latest snapshot it does not start. Nor can it be manually started. Nothing useful is logged either. The system log shows:
Code: [Select]
Jan 23 22:19:48 SuricataStartup 29909 Suricata START for WAN(62562_mvneta2)...
The Suricata log shows nothing at all at that point.

The service does not start.

Removing the package, whilst keeping the settings, and installing it again restores fuctionality.

It looks like something either doesn't get created at the upgrade or something is not removed as it is during a normal reinstall and that prevents it starting.

Steve


Edit: This does not happen on x86. Or at least I have failed to make it fail in my testing.
« Last Edit: January 23, 2018, 04:39:56 pm by stephenw10 »

Offline bmeeks

  • Hero Member
  • *****
  • Posts: 3295
  • Karma: +862/-0
    • View Profile
Re: Suricata on the SG-3100 does not survive a firmware upgrade
« Reply #1 on: January 23, 2018, 06:37:34 pm »
Since I have an SG-3100 to test with courtesy of Netgate, I will investigate.  I will have to change my appliance from the RELEASE build to the DEV build first, though.  And per your edit this is confirmed to happen only on the ARM builds and not x86 Intel stuff.  Weird!  My first impulse would be to point a finger at pkg, but I'm not sure why it would be messing around with Suricata at all if it is only the firmware being updated.  That does not reinstall packages does it?

During a CLI-based install or reinstall sequence (and at regular boot up as well), Suricata is started by the system calling the /usr/local/etc/rc.d/suricata.sh script with a "start" argument.  That command assumes that a suitable suricata.yaml configuration file exists for each Suricata-enabled interface.  That shell script is created from code inside the /usr/local/pkg/suricata/suricata.inc file.  Next time you see this problem, drop to the CLI and take a look at that shell script and see what's in it and verify it even exists.  You could also try running the shell script from the command line like so:

Code: [Select]
/usr/local/etc/rc.d/suricata.sh start
It should start all the Suricata configured interfaces.  I would be curious what you see and what happens.

Bill

Offline stephenw10

  • Administrator
  • Hero Member
  • *****
  • Posts: 12002
  • Karma: +474/-15
    • View Profile
Re: Suricata on the SG-3100 does not survive a firmware upgrade
« Reply #2 on: February 13, 2018, 04:18:03 pm »
Sorry for the delay!

Oddly Suricata started after yesterdays update but failed again today.

Code: [Select]
[2.4.3-DEVELOPMENT][admin@3100.stevew.lan]/root: cat  /usr/local/etc/rc.d/suricata.sh
#!/bin/sh
########
# This file was automatically generated
# by the pfSense service handler.
######## Start of main suricata.sh

rc_start() {

### Lock out other start signals until we are done
/usr/bin/touch /var/run/suricata_pkg_starting.lck

## Start suricata on WAN (mvneta2) ##
if [ ! -f /var/run/suricata_mvneta262562.pid ]; then
pid=`/bin/pgrep -fn "suricata -i mvneta2 -D -c /usr/local/etc/suricata/suricata_62562_mvneta2/suricata.yaml "`
else
pid=`/bin/pgrep -F /var/run/suricata_mvneta262562.pid`
fi

if [ -z $pid ]; then
/usr/bin/logger -p daemon.info -i -t SuricataStartup "Suricata START for WAN(62562_mvneta2)..."
/usr/local/bin/suricata -i mvneta2 -D -c /usr/local/etc/suricata/suricata_62562_mvneta2/suricata.yaml --pidfile /var/run/suricata_mvneta262562.pid > /dev/null 2>&1
fi

sleep 1

if [ -f /var/run/barnyard2_mvneta262562.pid ]; then
/usr/bin/logger -p daemon.info -i -t SuricataStartup "Barnyard2 STOP for WAN(62562_mvneta2)..."
pid=`/bin/pgrep -F /var/run/barnyard2_mvneta262562.pid`
                /bin/pkill -TERM -F /var/run/barnyard2_mvneta262562.pid
time=0 timeout=30
while /bin/kill -TERM $pid 2>/dev/null; do
sleep 1
time=$((time+1))
if [ $time -gt $timeout ]; then
break
fi
done
if [ -f /var/run/barnyard2_mvneta262562.pid ]; then
/bin/rm /var/run/barnyard2_mvneta262562.pid
fi
else
pid=`/bin/pgrep -fn "barnyard2 -r 62562 "`
if [ ! -z $pid ]; then
/bin/pkill -TERM -fn "barnyard2 -r 62562 "
time=0 timeout=30
while /bin/kill -TERM $pid 2>/dev/null; do
sleep 1
time=$((time+1))
if [ $time -gt $timeout ]; then
break
fi
done
fi
        fi

### Remove the lock since we have started all interfaces
if [ -f /var/run/suricata_pkg_starting.lck ]; then
/bin/rm /var/run/suricata_pkg_starting.lck
fi
}

rc_stop() {

if [ -f /var/run/suricata_mvneta262562.pid ]; then
pid=`/bin/pgrep -F /var/run/suricata_mvneta262562.pid`
/usr/bin/logger -p daemon.info -i -t SuricataStartup "Suricata STOP for WAN(62562_mvneta2)..."
/bin/pkill -TERM -F /var/run/suricata_mvneta262562.pid
time=0 timeout=30
while /bin/kill -TERM $pid 2>/dev/null; do
sleep 1
time=$((time+1))
if [ $time -gt $timeout ]; then
break
fi
done
if [ -f /var/run/suricata_mvneta262562.pid ]; then
/bin/rm /var/run/suricata_mvneta262562.pid
fi
else
pid=`/bin/pgrep -fn "suricata -i mvneta2 -D -c /usr/local/etc/suricata/suricata_62562_mvneta2/suricata.yaml "`
if [ ! -z $pid ]; then
/usr/bin/logger -p daemon.info -i -t SuricataStartup "Suricata STOP for WAN(62562_mvneta2)..."
/bin/pkill -TERM -fn "suricata -i mvneta2 "
time=0 timeout=30
while /bin/kill -TERM $pid 2>/dev/null; do
sleep 1
time=$((time+1))
if [ $time -gt $timeout ]; then
break
fi
done
fi
fi

sleep 1

if [ -f /var/run/barnyard2_mvneta262562.pid ]; then
/usr/bin/logger -p daemon.info -i -t SuricataStartup "Barnyard2 STOP for WAN(62562_mvneta2)..."
pid=`/bin/pgrep -F /var/run/barnyard2_mvneta262562.pid`
                /bin/pkill -TERM -F /var/run/barnyard2_mvneta262562.pid
time=0 timeout=30
while /bin/kill -TERM $pid 2>/dev/null; do
sleep 1
time=$((time+1))
if [ $time -gt $timeout ]; then
break
fi
done
if [ -f /var/run/barnyard2_mvneta262562.pid ]; then
/bin/rm /var/run/barnyard2_mvneta262562.pid
fi
else
pid=`/bin/pgrep -fn "barnyard2 -r 62562 "`
if [ ! -z $pid ]; then
/bin/pkill -TERM -fn "barnyard2 -r 62562 "
time=0 timeout=30
while /bin/kill -TERM $pid 2>/dev/null; do
sleep 1
time=$((time+1))
if [ $time -gt $timeout ]; then
break
fi
done
fi
        fi
}

case $1 in
start)
if [ ! -f /var/run/suricata_pkg_starting.lck ]; then
rc_start
else
/usr/bin/logger -p daemon.info -i -t SuricataStartup "Ignoring additional START command since Suricata is already starting..."
fi
;;
stop)
rc_stop
;;
restart)
rc_stop
rc_start
;;
esac

Running the start script manually returns clean:
Code: [Select]
[2.4.3-DEVELOPMENT][admin@3100.stevew.lan]/root: /usr/local/etc/rc.d/suricata.sh start
[2.4.3-DEVELOPMENT][admin@3100.stevew.lan]/root:

Suricata does not start though. System log shows
Code: [Select]
Feb 13 22:12:33 SuricataStartup 26109 Suricata START for WAN(62562_mvneta2)...
/var/run/suricata_mvneta262562.pid does not exist.

Steve

Offline bmeeks

  • Hero Member
  • *****
  • Posts: 3295
  • Karma: +862/-0
    • View Profile
Re: Suricata on the SG-3100 does not survive a firmware upgrade
« Reply #3 on: February 15, 2018, 08:51:42 am »
Sorry for the delay!

Oddly Suricata started after yesterdays update but failed again today.

Code: [Select]
[2.4.3-DEVELOPMENT][admin@3100.stevew.lan]/root: cat  /usr/local/etc/rc.d/suricata.sh
#!/bin/sh
########
# This file was automatically generated
# by the pfSense service handler.
######## Start of main suricata.sh

rc_start() {

### Lock out other start signals until we are done
/usr/bin/touch /var/run/suricata_pkg_starting.lck

## Start suricata on WAN (mvneta2) ##
if [ ! -f /var/run/suricata_mvneta262562.pid ]; then
pid=`/bin/pgrep -fn "suricata -i mvneta2 -D -c /usr/local/etc/suricata/suricata_62562_mvneta2/suricata.yaml "`
else
pid=`/bin/pgrep -F /var/run/suricata_mvneta262562.pid`
fi

if [ -z $pid ]; then
/usr/bin/logger -p daemon.info -i -t SuricataStartup "Suricata START for WAN(62562_mvneta2)..."
/usr/local/bin/suricata -i mvneta2 -D -c /usr/local/etc/suricata/suricata_62562_mvneta2/suricata.yaml --pidfile /var/run/suricata_mvneta262562.pid > /dev/null 2>&1
fi

sleep 1

if [ -f /var/run/barnyard2_mvneta262562.pid ]; then
/usr/bin/logger -p daemon.info -i -t SuricataStartup "Barnyard2 STOP for WAN(62562_mvneta2)..."
pid=`/bin/pgrep -F /var/run/barnyard2_mvneta262562.pid`
                /bin/pkill -TERM -F /var/run/barnyard2_mvneta262562.pid
time=0 timeout=30
while /bin/kill -TERM $pid 2>/dev/null; do
sleep 1
time=$((time+1))
if [ $time -gt $timeout ]; then
break
fi
done
if [ -f /var/run/barnyard2_mvneta262562.pid ]; then
/bin/rm /var/run/barnyard2_mvneta262562.pid
fi
else
pid=`/bin/pgrep -fn "barnyard2 -r 62562 "`
if [ ! -z $pid ]; then
/bin/pkill -TERM -fn "barnyard2 -r 62562 "
time=0 timeout=30
while /bin/kill -TERM $pid 2>/dev/null; do
sleep 1
time=$((time+1))
if [ $time -gt $timeout ]; then
break
fi
done
fi
        fi

### Remove the lock since we have started all interfaces
if [ -f /var/run/suricata_pkg_starting.lck ]; then
/bin/rm /var/run/suricata_pkg_starting.lck
fi
}

rc_stop() {

if [ -f /var/run/suricata_mvneta262562.pid ]; then
pid=`/bin/pgrep -F /var/run/suricata_mvneta262562.pid`
/usr/bin/logger -p daemon.info -i -t SuricataStartup "Suricata STOP for WAN(62562_mvneta2)..."
/bin/pkill -TERM -F /var/run/suricata_mvneta262562.pid
time=0 timeout=30
while /bin/kill -TERM $pid 2>/dev/null; do
sleep 1
time=$((time+1))
if [ $time -gt $timeout ]; then
break
fi
done
if [ -f /var/run/suricata_mvneta262562.pid ]; then
/bin/rm /var/run/suricata_mvneta262562.pid
fi
else
pid=`/bin/pgrep -fn "suricata -i mvneta2 -D -c /usr/local/etc/suricata/suricata_62562_mvneta2/suricata.yaml "`
if [ ! -z $pid ]; then
/usr/bin/logger -p daemon.info -i -t SuricataStartup "Suricata STOP for WAN(62562_mvneta2)..."
/bin/pkill -TERM -fn "suricata -i mvneta2 "
time=0 timeout=30
while /bin/kill -TERM $pid 2>/dev/null; do
sleep 1
time=$((time+1))
if [ $time -gt $timeout ]; then
break
fi
done
fi
fi

sleep 1

if [ -f /var/run/barnyard2_mvneta262562.pid ]; then
/usr/bin/logger -p daemon.info -i -t SuricataStartup "Barnyard2 STOP for WAN(62562_mvneta2)..."
pid=`/bin/pgrep -F /var/run/barnyard2_mvneta262562.pid`
                /bin/pkill -TERM -F /var/run/barnyard2_mvneta262562.pid
time=0 timeout=30
while /bin/kill -TERM $pid 2>/dev/null; do
sleep 1
time=$((time+1))
if [ $time -gt $timeout ]; then
break
fi
done
if [ -f /var/run/barnyard2_mvneta262562.pid ]; then
/bin/rm /var/run/barnyard2_mvneta262562.pid
fi
else
pid=`/bin/pgrep -fn "barnyard2 -r 62562 "`
if [ ! -z $pid ]; then
/bin/pkill -TERM -fn "barnyard2 -r 62562 "
time=0 timeout=30
while /bin/kill -TERM $pid 2>/dev/null; do
sleep 1
time=$((time+1))
if [ $time -gt $timeout ]; then
break
fi
done
fi
        fi
}

case $1 in
start)
if [ ! -f /var/run/suricata_pkg_starting.lck ]; then
rc_start
else
/usr/bin/logger -p daemon.info -i -t SuricataStartup "Ignoring additional START command since Suricata is already starting..."
fi
;;
stop)
rc_stop
;;
restart)
rc_stop
rc_start
;;
esac

Running the start script manually returns clean:
Code: [Select]
[2.4.3-DEVELOPMENT][admin@3100.stevew.lan]/root: /usr/local/etc/rc.d/suricata.sh start
[2.4.3-DEVELOPMENT][admin@3100.stevew.lan]/root:

Suricata does not start though. System log shows
Code: [Select]
Feb 13 22:12:33 SuricataStartup 26109 Suricata START for WAN(62562_mvneta2)...
/var/run/suricata_mvneta262562.pid does not exist.

Steve

What does the /var/log/suricata/suricata_mvneta262562/suricata.log file show?  Suricata puts most of its info into its own log rather than the system log -- exact opposite of the way Snort behaves.

Bill

Offline stephenw10

  • Administrator
  • Hero Member
  • *****
  • Posts: 12002
  • Karma: +474/-15
    • View Profile
Re: Suricata on the SG-3100 does not survive a firmware upgrade
« Reply #4 on: February 15, 2018, 05:09:26 pm »
It shows nothing at all.

The last entries there are from it stopping when I ran the upgrade:

Code: [Select]
13/2/2018 -- 20:58:23 - <Notice> -- Signal Received.  Stopping engine.
13/2/2018 -- 20:58:23 - <Info> -- time elapsed 190197.109s
13/2/2018 -- 20:58:24 - <Info> -- (RX#01-mvneta2) Packets 1863609, bytes 241627739
13/2/2018 -- 20:58:24 - <Info> -- (RX#01-mvneta2) Pcap Total:1863611 Recv:1863611 Drop:0 (0.0%).
13/2/2018 -- 20:58:24 - <Info> -- Alerts: 0
13/2/2018 -- 20:58:24 - <Info> -- cleaning up signature grouping structure... complete
13/2/2018 -- 20:58:24 - <Notice> -- Stats for 'mvneta2':  pkts: 1863609, drop: 0 (0.00%), invalid chksum: 0

It's like it never even tries to start.

Steve

Offline dales

  • Newbie
  • *
  • Posts: 12
  • Karma: +4/-0
    • View Profile
Re: Suricata on the SG-3100 does not survive a firmware upgrade
« Reply #5 on: February 15, 2018, 05:58:59 pm »
Does tracing (`sh -x /usr/local/etc/rc.d/suricata.sh start`) show anything interesting?

Offline stephenw10

  • Administrator
  • Hero Member
  • *****
  • Posts: 12002
  • Karma: +474/-15
    • View Profile
Re: Suricata on the SG-3100 does not survive a firmware upgrade
« Reply #6 on: February 15, 2018, 07:36:30 pm »
Code: [Select]
[2.4.3-DEVELOPMENT][admin@3100.stevew.lan]/root: sh -x /usr/local/etc/rc.d/suricata.sh start
+ [ ! -f /var/run/suricata_pkg_starting.lck ]
+ rc_start
+ /usr/bin/touch /var/run/suricata_pkg_starting.lck
+ [ ! -f /var/run/suricata_mvneta262562.pid ]
+ /bin/pgrep -fn 'suricata -i mvneta2 -D -c /usr/local/etc/suricata/suricata_62562_mvneta2/suricata.yaml '
+ pid=''
+ [ -z ]
+ /usr/bin/logger -p daemon.info -i -t SuricataStartup 'Suricata START for WAN(62562_mvneta2)...'
+ /usr/local/bin/suricata -i mvneta2 -D -c /usr/local/etc/suricata/suricata_62562_mvneta2/suricata.yaml --pidfile /var/run/suricata_mvneta262562.pid
+ sleep 1
+ [ -f /var/run/barnyard2_mvneta262562.pid ]
+ /bin/pgrep -fn 'barnyard2 -r 62562 '
+ pid=''
+ [ ! -z ]
+ [ -f /var/run/suricata_pkg_starting.lck ]
+ /bin/rm /var/run/suricata_pkg_starting.lck

Offline bmeeks

  • Hero Member
  • *****
  • Posts: 3295
  • Karma: +862/-0
    • View Profile
Re: Suricata on the SG-3100 does not survive a firmware upgrade
« Reply #7 on: February 15, 2018, 09:34:56 pm »
It shows nothing at all.

The last entries there are from it stopping when I ran the upgrade:

Code: [Select]
13/2/2018 -- 20:58:23 - <Notice> -- Signal Received.  Stopping engine.
13/2/2018 -- 20:58:23 - <Info> -- time elapsed 190197.109s
13/2/2018 -- 20:58:24 - <Info> -- (RX#01-mvneta2) Packets 1863609, bytes 241627739
13/2/2018 -- 20:58:24 - <Info> -- (RX#01-mvneta2) Pcap Total:1863611 Recv:1863611 Drop:0 (0.0%).
13/2/2018 -- 20:58:24 - <Info> -- Alerts: 0
13/2/2018 -- 20:58:24 - <Info> -- cleaning up signature grouping structure... complete
13/2/2018 -- 20:58:24 - <Notice> -- Stats for 'mvneta2':  pkts: 1863609, drop: 0 (0.00%), invalid chksum: 0

It's like it never even tries to start.

Steve

Very weird.  And it now won't start from the GUI either?

Bill

Offline dales

  • Newbie
  • *
  • Posts: 12
  • Karma: +4/-0
    • View Profile
Re: Suricata on the SG-3100 does not survive a firmware upgrade
« Reply #8 on: February 15, 2018, 10:26:06 pm »
What happens if you run the command from the trace file manually?

Code: [Select]
/usr/local/bin/suricata -i mvneta2 -D -c /usr/local/etc/suricata/suricata_62562_mvneta2/suricata.yaml --pidfile /var/run/suricata_mvneta262562.pid

[Hoping that it dumps something interesting on stderr....]

Offline bmeeks

  • Hero Member
  • *****
  • Posts: 3295
  • Karma: +862/-0
    • View Profile
Re: Suricata on the SG-3100 does not survive a firmware upgrade
« Reply #9 on: February 16, 2018, 07:28:16 pm »
I assume you are running DEV firmware since you are upgrading.  I've not tested Suricata recently with the new pfSense development releases on the SG-3100.  My single test unit is still running the RELEASE firmware.

Getting absolutely nothing in either log (the suricata.log file nor the system log) is strange.  Try doing this from the command line --

Code: [Select]
/usr/local/bin/suricata -V    # should print the version information and exit
See if any console errors get output or if the command runs successfully.  We can then go from there.

Bill

Offline stephenw10

  • Administrator
  • Hero Member
  • *****
  • Posts: 12002
  • Karma: +474/-15
    • View Profile
Re: Suricata on the SG-3100 does not survive a firmware upgrade
« Reply #10 on: February 17, 2018, 02:53:44 pm »
Indeed I'm running dev and hence upgrading frequently which is when I spotted it.

This seems pretty conclusive as to why it's failing to start:

Code: [Select]
[2.4.3-DEVELOPMENT][admin@3100.stevew.lan]/root: /usr/local/bin/suricata -V
Shared object "libnss3.so" not found, required by "suricata"

Interesting then that the upgrade before last it did not fail, presumably the correct library was included that time.

It does appear to be there though so some path missing?
Code: [Select]
[2.4.3-DEVELOPMENT][admin@3100.stevew.lan]/root: find / -name 'libnss3*'
/usr/local/lib/nss/libnss3.so

Steve

Offline bmeeks

  • Hero Member
  • *****
  • Posts: 3295
  • Karma: +862/-0
    • View Profile
Re: Suricata on the SG-3100 does not survive a firmware upgrade
« Reply #11 on: February 19, 2018, 04:34:02 pm »
Indeed I'm running dev and hence upgrading frequently which is when I spotted it.

This seems pretty conclusive as to why it's failing to start:

Code: [Select]
[2.4.3-DEVELOPMENT][admin@3100.stevew.lan]/root: /usr/local/bin/suricata -V
Shared object "libnss3.so" not found, required by "suricata"

Interesting then that the upgrade before last it did not fail, presumably the correct library was included that time.

It does appear to be there though so some path missing?
Code: [Select]
[2.4.3-DEVELOPMENT][admin@3100.stevew.lan]/root: find / -name 'libnss3*'
/usr/local/lib/nss/libnss3.so

Steve

It might be a required symlink is missing.

<rant on>
 I hate shared libraries!  They cause this kind of stuff.  Same as the old "DLL hell" experienced on Windows.
</rant off>

We will probably need to run this one by Renato on the pfSense team to see if he can determine what's going on.  I have not been following the latest DEV build.  It's a different FreeBSD tree isn't it?  If so, the FreeBSD-ports part of the pfSense fork may need an update to match upstream.

Bill

Offline Renato Botelho

  • Administrator
  • Full Member
  • *****
  • Posts: 265
  • Karma: +44/-0
    • View Profile
Re: Suricata on the SG-3100 does not survive a firmware upgrade
« Reply #12 on: February 20, 2018, 06:26:08 am »
Indeed I'm running dev and hence upgrading frequently which is when I spotted it.

This seems pretty conclusive as to why it's failing to start:

Code: [Select]
[2.4.3-DEVELOPMENT][admin@3100.stevew.lan]/root: /usr/local/bin/suricata -V
Shared object "libnss3.so" not found, required by "suricata"

Interesting then that the upgrade before last it did not fail, presumably the correct library was included that time.

It does appear to be there though so some path missing?
Code: [Select]
[2.4.3-DEVELOPMENT][admin@3100.stevew.lan]/root: find / -name 'libnss3*'
/usr/local/lib/nss/libnss3.so

Steve

What is the output of the following commands?

# pkg upgrade -n
# ldd /usr/local/bin/suricata
Renato Botelho

Offline stephenw10

  • Administrator
  • Hero Member
  • *****
  • Posts: 12002
  • Karma: +474/-15
    • View Profile
Re: Suricata on the SG-3100 does not survive a firmware upgrade
« Reply #13 on: February 20, 2018, 08:51:15 am »
Code: [Select]
[2.4.3-DEVELOPMENT][admin@3100.stevew.lan]/root: pkg upgrade -n
Updating pfSense-core repository catalogue...
pfSense-core repository is up to date.
Updating pfSense repository catalogue...
pfSense repository is up to date.
All repositories are up to date.
Checking for upgrades (6 candidates): 100%
Processing candidates (6 candidates): 100%
The following 6 package(s) will be affected (of 0 checked):

Installed packages to be UPGRADED:
pfSense-u-boot-sg3100: 2.4.3.a.20180213.0339 -> 2.4.3.a.20180219.1328 [pfSense-core]
pfSense-rc: 2.4.3.a.20180213.0339 -> 2.4.3.a.20180219.1328 [pfSense-core]
pfSense-kernel-pfSense-SG-3100: 2.4.3.a.20180213.0339 -> 2.4.3.a.20180219.1328 [pfSense-core]
pfSense-default-config-serial: 2.4.3.a.20180213.0339 -> 2.4.3.a.20180219.1328 [pfSense-core]
pfSense-base: 2.4.3.a.20180213.0339 -> 2.4.3.a.20180219.1328 [pfSense-core]
pfSense: 2.4.3.a.20180212.0807 -> 2.4.3.a.20180219.1329 [pfSense]

Number of packages to be upgraded: 6

37 MiB to be downloaded.

Code: [Select]
[2.4.3-DEVELOPMENT][admin@3100.stevew.lan]/root: ldd /usr/local/bin/suricata
/usr/local/bin/suricata:
libhiredis.so.0.13 => /usr/local/lib/libhiredis.so.0.13 (0x20252000)
libGeoIP.so.1 => /usr/local/lib/libGeoIP.so.1 (0x20266000)
libluajit-5.1.so.2 => /usr/local/lib/libluajit-5.1.so.2 (0x202a4000)
libmagic.so.4 => /usr/lib/libmagic.so.4 (0x20329000)
libpcap.so.1 => /usr/local/lib/libpcap.so.1 (0x20351000)
libnet.so.1 => /usr/local/lib/libnet.so.1 (0x203a7000)
libjansson.so.4 => /usr/local/lib/libjansson.so.4 (0x203c3000)
libthr.so.3 => /lib/libthr.so.3 (0x203d8000)
libyaml-0.so.2 => /usr/local/lib/libyaml-0.so.2 (0x20406000)
libpcre.so.1 => /usr/local/lib/libpcre.so.1 (0x20429000)
libhtp.so.2 => /usr/local/lib/libhtp.so.2 (0x204b9000)
libnss3.so => not found (0)
libsmime3.so => not found (0)
libssl3.so => not found (0)
libnssutil3.so => not found (0)
libplds4.so => /usr/local/lib/libplds4.so (0x204dc000)
libplc4.so => /usr/local/lib/libplc4.so (0x204e6000)
libnspr4.so => /usr/local/lib/libnspr4.so (0x204f1000)
libc.so.7 => /lib/libc.so.7 (0x20600000)
libm.so.5 => /lib/libm.so.5 (0x2052e000)
libgcc_s.so.1 => /lib/libgcc_s.so.1 (0x2055b000)
libz.so.6 => /lib/libz.so.6 (0x2056a000)
libiconv.so.2 => /usr/local/lib/libiconv.so.2 (0x20768000)

Offline Renato Botelho

  • Administrator
  • Full Member
  • *****
  • Posts: 265
  • Karma: +44/-0
    • View Profile
Re: Suricata on the SG-3100 does not survive a firmware upgrade
« Reply #14 on: February 20, 2018, 09:04:52 am »
Code: [Select]
[2.4.3-DEVELOPMENT][admin@3100.stevew.lan]/root: pkg upgrade -n
Updating pfSense-core repository catalogue...
pfSense-core repository is up to date.
Updating pfSense repository catalogue...
pfSense repository is up to date.
All repositories are up to date.
Checking for upgrades (6 candidates): 100%
Processing candidates (6 candidates): 100%
The following 6 package(s) will be affected (of 0 checked):

Installed packages to be UPGRADED:
pfSense-u-boot-sg3100: 2.4.3.a.20180213.0339 -> 2.4.3.a.20180219.1328 [pfSense-core]
pfSense-rc: 2.4.3.a.20180213.0339 -> 2.4.3.a.20180219.1328 [pfSense-core]
pfSense-kernel-pfSense-SG-3100: 2.4.3.a.20180213.0339 -> 2.4.3.a.20180219.1328 [pfSense-core]
pfSense-default-config-serial: 2.4.3.a.20180213.0339 -> 2.4.3.a.20180219.1328 [pfSense-core]
pfSense-base: 2.4.3.a.20180213.0339 -> 2.4.3.a.20180219.1328 [pfSense-core]
pfSense: 2.4.3.a.20180212.0807 -> 2.4.3.a.20180219.1329 [pfSense]

Number of packages to be upgraded: 6

37 MiB to be downloaded.

Code: [Select]
[2.4.3-DEVELOPMENT][admin@3100.stevew.lan]/root: ldd /usr/local/bin/suricata
/usr/local/bin/suricata:
libhiredis.so.0.13 => /usr/local/lib/libhiredis.so.0.13 (0x20252000)
libGeoIP.so.1 => /usr/local/lib/libGeoIP.so.1 (0x20266000)
libluajit-5.1.so.2 => /usr/local/lib/libluajit-5.1.so.2 (0x202a4000)
libmagic.so.4 => /usr/lib/libmagic.so.4 (0x20329000)
libpcap.so.1 => /usr/local/lib/libpcap.so.1 (0x20351000)
libnet.so.1 => /usr/local/lib/libnet.so.1 (0x203a7000)
libjansson.so.4 => /usr/local/lib/libjansson.so.4 (0x203c3000)
libthr.so.3 => /lib/libthr.so.3 (0x203d8000)
libyaml-0.so.2 => /usr/local/lib/libyaml-0.so.2 (0x20406000)
libpcre.so.1 => /usr/local/lib/libpcre.so.1 (0x20429000)
libhtp.so.2 => /usr/local/lib/libhtp.so.2 (0x204b9000)
libnss3.so => not found (0)
libsmime3.so => not found (0)
libssl3.so => not found (0)
libnssutil3.so => not found (0)
libplds4.so => /usr/local/lib/libplds4.so (0x204dc000)
libplc4.so => /usr/local/lib/libplc4.so (0x204e6000)
libnspr4.so => /usr/local/lib/libnspr4.so (0x204f1000)
libc.so.7 => /lib/libc.so.7 (0x20600000)
libm.so.5 => /lib/libm.so.5 (0x2052e000)
libgcc_s.so.1 => /lib/libgcc_s.so.1 (0x2055b000)
libz.so.6 => /lib/libz.so.6 (0x2056a000)
libiconv.so.2 => /usr/local/lib/libiconv.so.2 (0x20768000)

There are 2 possibilities in this case. Or nss is not installed or /usr/local/lib/nss is not being tracked by ld. Please run the following commands and let me know the result.

# pkg info nss
# cat /usr/local/libdata/ldconfig/nss

Renato Botelho