IPS Error with fresh updated install of 6.7

With two separate installs of 6.7 today, I did the following:

  • Installed all updates
  • Installed Basic firewall, DNS and DHCP server, Intrusion Prevention System, Web filter, and Web proxy packages
  • Configured green and red interfaces and enabled DHCP
  • Enabled and configured content filter
  • Enabled and configured web proxy
  • Enabled IPS and BOOM, I get this error:

It doesn’t matter which rule policy I select and even displays that error when I disable IPS. I see these errors in messages log:

Oct 29 12:17:12 localhost esmith::event[25916]: #011A 404 error
occurred, please verify your filenames and urls for your tarball!
Oct 29 12:17:12 localhost esmith::event[25916]: Action:
FAILED: 255 [0.55115]
Oct 29 12:17:12 localhost esmith::event[25916]: Event:
nethserver-pulledpork-save FAILED

snort is making some modification to their website, moving links, etc.
I hope they will fix things in the coming days.
If not, we need an updated version of pulledpork (the snort update tool).
Either way, it will be fixed in a few days.

1 Like

Should I hold off on this testing until it’s resolved?

No. But the sid_changes.log will not be updated any longer.

1 Like

I don’t have any NethServer servers with a sid_changes.log file and it looks like it’s not created unless IPS can be enabled correctly… so I think it’ll have to wait.

Delete this line from /etc/snort/pulledpork.conf:


You will be downloading only ET rules without errors.
You could run the following command to force download now:

/usr/bin/pulledpork.pl -c /etc/snort/pulledpork.conf
1 Like

snort has noticed the problem:

I tested the instructions: those work on NethServer.
I will work on a fix tomorrow, now I’m heading out to the local Linux User Group meeting.

1 Like

Perfect! I also made the change here and it worked great:


BTW, local Linux user group meeting sounds fun! I’m a bit of a newb with linux, but I’ve started getting into it pretty hard core. I recently acquired a HP Microserver Gen8 with 4x 6tb WD red drives, 8GB RAM, a Xeon, and a P222 controller for home. I’ve been doing some testing with CentOS 7 and having a blast. The wife and kid are starting to miss me though. LOL!

Is there going to be an update for this?

I think I’ve released it last week. I’ve probably made a mistake, give me some time to double check.

Update: it was released yesterday, sorry. See:

When a package has been verified but still unreleased, it could be safely updated from the testing repository.

1 Like

Sorry about that… I quickly browsed through redmine but didn’t see this issue, there weren’t any updates available through the standard repo, and the issue was still happening. It seems to be working now after updating though. Thanks!!

1 Like

Are you sure that it’s updated in the repository. The Software Center shows nothing to update, but:

[root@NethServer ~]# yum list | grep pulled
nethserver-pulledpork.noarch        1.0.1-1.ns6              @nethserver-updates
pulledpork.noarch                   0.7.0-2                  @nethserver-base
[root@NethServer ~]## yum repolist
Loaded plugins: changelog, fastestmirror, nethserver_events, presto
Loading mirror speeds from cached hostfile
 * nethserver-base: mirror.nethserver.org
 * nethserver-updates: mirror.nethserver.org
repo id                            repo name                              status
centos-base                        CentOS-6 Base                          6,518
centos-updates                     CentOS-6 Updates                       1,370
nethserver-base                    NethServer 6.7 base                      327
nethserver-updates                 NethServer 6.7 updates                   412
repolist: 8,627
[root@NethServer ~]#


Do you have an http cache between NethServer and the mirrors?

Here I see:

[root@nscom ~]# yum repolist
Loaded plugins: changelog, fastestmirror, nethserver_events, presto
Determining fastest mirrors
 * centos-base: centos.muzzy.it
 * centos-updates: ba.mirror.garr.it
Including mirror: mirror.nethserver.org
 * nethserver-base: mirror.nethserver.org
Including mirror: mirror.nethserver.org
 * nethserver-updates: mirror.nethserver.org
centos-base                                                                                                  | 3.7 kB     00:00     
centos-base/primary_db                                                                                       | 4.6 MB     00:01     
centos-updates                                                                                               | 3.4 kB     00:00     
centos-updates/primary_db                                                                                    | 3.2 MB     00:00     
nethserver-base                                                                                              | 3.7 kB     00:00     
nethserver-base/primary_db                                                                                   | 436 kB     00:00     
nethserver-updates                                                                                           | 4.1 kB     00:00     
nethserver-updates/primary_db                                                                                | 129 kB     00:00     
repo id                                                      repo name                                                        status
centos-base                                                  CentOS-6 Base                                                    6,575
centos-updates                                               CentOS-6 Updates                                                   954
nethserver-base                                              NethServer 6.7 base                                                446
nethserver-updates                                           NethServer 6.7 updates                                              70
repolist: 8,045
[root@nscom ~]# yum list | grep pulled
nethserver-pulledpork.noarch        1.0.2-1.ns6                 @nethserver-updates
pulledpork.noarch                   0.7.0-2                     @nethserver-base

Nope. The server is connected directly to the internet.


Not sure why it suddenly kicked in this afternoon after a couple of days of running, but now the Software Center shows around 200 packages to be updated with around 30 Nethserver ones in the list, including this one. I guess it’s catching up with all the changes since I built the system a couple of months ago and then put it to one side while gathering the courage to switch out my Zentyal.