IPS Error with fresh updated install of 6.7


(Adam) #1

With two separate installs of 6.7 today, I did the following:

  • Installed all updates
  • Installed Basic firewall, DNS and DHCP server, Intrusion Prevention System, Web filter, and Web proxy packages
  • Configured green and red interfaces and enabled DHCP
  • Enabled and configured content filter
  • Enabled and configured web proxy
  • Enabled IPS and BOOM, I get this error:

It doesn’t matter which rule policy I select and even displays that error when I disable IPS. I see these errors in messages log:

Oct 29 12:17:12 localhost esmith::event[25916]: #011A 404 error
occurred, please verify your filenames and urls for your tarball!
Oct 29 12:17:12 localhost esmith::event[25916]: Action:
/etc/e-smith/events/nethserver-pulledpork-save/S30nethserver-pulledpork-apply
FAILED: 255 [0.55115]
Oct 29 12:17:12 localhost esmith::event[25916]: Event:
nethserver-pulledpork-save FAILED


IPS not working
(Filippo Carletti) #2

snort is making some modification to their website, moving links, etc.
I hope they will fix things in the coming days.
If not, we need an updated version of pulledpork (the snort update tool).
Either way, it will be fixed in a few days.


(Adam) #3

Should I hold off on this testing until it’s resolved?
http://dev.nethserver.org/issues/3273


(Filippo Carletti) #4

No. But the sid_changes.log will not be updated any longer.


(Adam) #5

I don’t have any NethServer servers with a sid_changes.log file and it looks like it’s not created unless IPS can be enabled correctly… so I think it’ll have to wait.


(Filippo Carletti) #6

Delete this line from /etc/snort/pulledpork.conf:

rule_url=https://s3.amazonaws.com/snort-org/www/rules/community/|community-rules.tar.gz|Community

You will be downloading only ET rules without errors.
You could run the following command to force download now:

/usr/bin/pulledpork.pl -c /etc/snort/pulledpork.conf

(Filippo Carletti) #7

snort has noticed the problem:

I tested the instructions: those work on NethServer.
I will work on a fix tomorrow, now I’m heading out to the local Linux User Group meeting.


(Adam) #8

Perfect! I also made the change here and it worked great:

/etc/e-smith/templates/etc/snort/pulledpork.conf

BTW, local Linux user group meeting sounds fun! I’m a bit of a newb with linux, but I’ve started getting into it pretty hard core. I recently acquired a HP Microserver Gen8 with 4x 6tb WD red drives, 8GB RAM, a Xeon, and a P222 controller for home. I’ve been doing some testing with CentOS 7 and having a blast. The wife and kid are starting to miss me though. LOL!


(Adam) #9

Is there going to be an update for this?


(Filippo Carletti) #10

I think I’ve released it last week. I’ve probably made a mistake, give me some time to double check.

Update: it was released yesterday, sorry. See:
http://dev.nethserver.org/issues/3301#note-6

When a package has been verified but still unreleased, it could be safely updated from the testing repository.


(Adam) #11

Sorry about that… I quickly browsed through redmine but didn’t see this issue, there weren’t any updates available through the standard repo, and the issue was still happening. It seems to be working now after updating though. Thanks!!


(Eddie Atherton) #12

@filippo_carletti
Are you sure that it’s updated in the repository. The Software Center shows nothing to update, but:

[root@NethServer ~]# yum list | grep pulled
nethserver-pulledpork.noarch        1.0.1-1.ns6              @nethserver-updates
pulledpork.noarch                   0.7.0-2                  @nethserver-base
[root@NethServer ~]## yum repolist
Loaded plugins: changelog, fastestmirror, nethserver_events, presto
Loading mirror speeds from cached hostfile
 * nethserver-base: mirror.nethserver.org
 * nethserver-updates: mirror.nethserver.org
repo id                            repo name                              status
centos-base                        CentOS-6 Base                          6,518
centos-updates                     CentOS-6 Updates                       1,370
nethserver-base                    NethServer 6.7 base                      327
nethserver-updates                 NethServer 6.7 updates                   412
repolist: 8,627
[root@NethServer ~]#

Cheers.


(Filippo Carletti) #13

Do you have an http cache between NethServer and the mirrors?

Here I see:

[root@nscom ~]# yum repolist
Loaded plugins: changelog, fastestmirror, nethserver_events, presto
Determining fastest mirrors
 * centos-base: centos.muzzy.it
 * centos-updates: ba.mirror.garr.it
Including mirror: mirror.nethserver.org
 * nethserver-base: mirror.nethserver.org
Including mirror: mirror.nethserver.org
 * nethserver-updates: mirror.nethserver.org
centos-base                                                                                                  | 3.7 kB     00:00     
centos-base/primary_db                                                                                       | 4.6 MB     00:01     
centos-updates                                                                                               | 3.4 kB     00:00     
centos-updates/primary_db                                                                                    | 3.2 MB     00:00     
nethserver-base                                                                                              | 3.7 kB     00:00     
nethserver-base/primary_db                                                                                   | 436 kB     00:00     
nethserver-updates                                                                                           | 4.1 kB     00:00     
nethserver-updates/primary_db                                                                                | 129 kB     00:00     
repo id                                                      repo name                                                        status
centos-base                                                  CentOS-6 Base                                                    6,575
centos-updates                                               CentOS-6 Updates                                                   954
nethserver-base                                              NethServer 6.7 base                                                446
nethserver-updates                                           NethServer 6.7 updates                                              70
repolist: 8,045
[root@nscom ~]# yum list | grep pulled
nethserver-pulledpork.noarch        1.0.2-1.ns6                 @nethserver-updates
pulledpork.noarch                   0.7.0-2                     @nethserver-base

(Eddie Atherton) #14

Nope. The server is connected directly to the internet.

Cheers.


(Eddie Atherton) #15

Not sure why it suddenly kicked in this afternoon after a couple of days of running, but now the Software Center shows around 200 packages to be updated with around 30 Nethserver ones in the list, including this one. I guess it’s catching up with all the changes since I built the system a couple of months ago and then put it to one side while gathering the courage to switch out my Zentyal.

Cheers.