Hi All,
Ignore my comments in the thread below on the fcron.daily issue. This is nothing to do with the CU164 to CU165. It is a bug but related to the fact that a backup does not restore the suricata link in either the fcron.daily or fcron.weekly or not at all depending on the update frequency setting.
So if the link is there then a CU maintains it where it is.
I have confirmed this by installing a CU163 vm restoring a backup from that time and then discovering that the link was not there. Updated the frequency setting to get the link created and confirmed its presence.
Then I did a CU to 164 and after reboot the suricata link was still there. Then did the same from CU164 to CU165 Testing and also the suricata link stayed there.
What happened was that I had a vm install some time back and did a restore from a backup I had and did not notice that the suricata link was not there. So this vm has not been doing daily backups for a while. Not so easily noticeable as I don't leave the vm's running overnight unless I am doing a CU Testing evaluation.
I will raise a bug for the lack of storing the suricata link.
Regards,
Adolf.
On 18/03/2022 12:37, Adolf Belka wrote:
Hi All,
After changing from daily to weekly and back to daily to get the suricata link in the fcron.daily I can confirm that the updates for the two providers I have selected worked overnight. Also no spinning disk when I went to the IPS page. so everything looks good.
Regards,
Adolf
On 17/03/2022 10:50, Adolf Belka wrote:
Hi All,
Further update.
I registered for the Talos VRT Registered rulesets.
I thenĀ added the set to my IPS and after a while the IPS page came back now with Talos VRT added to the providers. I then pressed customise ruleset and got the rules. I selected some rulesets from Talos and then pressed apply. I got the spinning symbol and the browser status bar showed activity ongoing. After some time the browser pointer spinning disk disappeared and the status bar was empty but the IPFire IPS spinning symbol continued. I checked in /tmp and there was no lock file but there was an ids_tmp directory.
I then selected another wui menu and then went back to the IPS menu and got the screen with three providers. Selected customise ruleset again and got the table headed ruleset with the buttons Back and Apply but absolutely no rulesets.
I then deleted the Talos VRT ruleset and after some time got back the main page with only two providers now.
I then pressed customise ruleset again and got all the rulesets for the two remaining providers back again.
So the Talos VRT Registered rulesetĀ still has some issues.
Regards,
Adolf.
On 17/03/2022 10:29, Adolf Belka wrote:
Hi All,
Running 165 Testing for a day now. Most things working well.
One thing I found is that this morning the daily update of the IPS rulesets had not taken place although the updates were set to occur in 163 and also showed on the WUI page as being set for daily.
After some searching I found that the suricata rules update link was not set in the /etc/fcron.daily directory. Pressing save on the IPS page made no difference. I then changed the setting to weekly and pressed save and the link was then created in the fcron.weekly directory. Then I changed it to daily and pressed save and now I have the link in my fcron.daily directory but it was not present after the upgrade process.
It is no running with updated rulesets and I will check tomorrow how the update went.
In terms of test results, everything was running after the upgrade (On my testbed I have everything set up and running although I don't yet have a working IPSec client but that should be available for the next testing.
OpenVPN Roadwarrior connections successfully running. Web Proxy is up and running and working. Openssh is up and working. OpenVPN Roadwarrior connections log working. Domain Name System fully working with five DNS TLS servers. DHCP server up and fully working. Backup system working. All graphs working as before. All Firewall Log Charts working.
Regards, Adolf.
On 15/03/2022 12:40, IPFire Project wrote:
IPFire Logo
there is a new post from Michael Tremer on the IPFire Blog:
*IPFire 2.27 - Core Update 165 is available for testing*
Another update is ready for testing: IPFire 2.27 - Core Update 165. It comes with various updates for the firewall engine that improve its performance and increase its flexibility, as well as with an updated toolchain, Python 3.10 and various more bug and security fixes.
Click Here To Read More https://blog.ipfire.org/post/ipfire-2-27-core-update-165-is-available-for-testing
The IPFire Project Don't like these emails? Unsubscribe https://people.ipfire.org/unsubscribe.