Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

IDS: Editing rules throws bootgrid warning Error (1) #4346

Closed
mimugmail opened this issue Sep 11, 2020 · 4 comments
Closed

IDS: Editing rules throws bootgrid warning Error (1) #4346

mimugmail opened this issue Sep 11, 2020 · 4 comments
Assignees
@AdSchellevis
Labels
cleanup Low impact changes
Milestone
21.1

Comments

@mimugmail
Copy link
Member

Important notices
Before you add a new report, we ask you kindly to acknowledge the following:

[X] I have read the contributing guide lines at https://github.com/opnsense/core/blob/master/CONTRIBUTING.md

[X] I have searched the existing issues and I'm convinced that mine is new.

Describe the bug
I'm on latest 20.7.2 and while preparing an IDS webinar I encountered and error when editing rules everytime I get a popup with Error (1) (screenshot below)

In the forums there are also couple of ppl complaining with different solution:
https://forum.opnsense.org/index.php?topic=18424.0

Screenshots
image
(this comes when enabling just one rule, or when selecting a rule category in download tab)

Relevant log files
configd.log just gives:

Sep 11 16:41:14 Zeus1.localdomain configd.py[81826]: [f2651f25-59d9-47b9-9c1d-73baa66df861] generate template OPNsense/IDS
Sep 11 16:41:14 Zeus1.localdomain configd.py[81826]: generate template container OPNsense/IDS
Sep 11 16:41:15 Zeus1.localdomain configd.py[81826]: [5bfab047-700a-4701-a6b7-da02c61ec45f] generate template OPNsense/IDS
Sep 11 16:41:15 Zeus1.localdomain configd.py[81826]: generate template container OPNsense/IDS
Sep 11 16:41:15 Zeus1.localdomain configd.py[81826]:  OPNsense/IDS generated //usr/local/etc/suricata/rules/OPNsense.rules
Sep 11 16:41:15 Zeus1.localdomain configd.py[81826]:  OPNsense/IDS generated //usr/local/etc/suricata/classification.config
Sep 11 16:41:15 Zeus1.localdomain configd.py[81826]:  OPNsense/IDS generated //usr/local/etc/suricata/custom.yaml
Sep 11 16:41:15 Zeus1.localdomain configd.py[81826]:  OPNsense/IDS generated //etc/newsyslog.conf.d/suricata
Sep 11 16:41:15 Zeus1.localdomain configd.py[81826]:  OPNsense/IDS generated //etc/rc.conf.d/suricata
Sep 11 16:41:15 Zeus1.localdomain configd.py[81826]:  OPNsense/IDS generated //usr/local/etc/suricata/reference.config
Sep 11 16:41:15 Zeus1.localdomain configd.py[81826]:  OPNsense/IDS generated //usr/local/etc/suricata/rule-updater.config
Sep 11 16:41:15 Zeus1.localdomain configd.py[81826]:  OPNsense/IDS generated //usr/local/etc/suricata/rules.config
Sep 11 16:41:15 Zeus1.localdomain configd.py[81826]:  OPNsense/IDS generated //usr/local/etc/suricata/suricata.yaml
Sep 11 16:41:15 Zeus1.localdomain configd.py[81826]: [2443a3e9-cab1-4623-8d1e-c56e99fb0955] reload intrusion detection rules
Sep 11 16:41:15 Zeus1.localdomain configd.py[81826]:  OPNsense/IDS generated //usr/local/etc/suricata/rules/OPNsense.rules
Sep 11 16:41:15 Zeus1.localdomain configd.py[81826]:  OPNsense/IDS generated //usr/local/etc/suricata/classification.config
Sep 11 16:41:15 Zeus1.localdomain configd.py[81826]:  OPNsense/IDS generated //usr/local/etc/suricata/custom.yaml
Sep 11 16:41:15 Zeus1.localdomain configd.py[81826]:  OPNsense/IDS generated //etc/newsyslog.conf.d/suricata
Sep 11 16:41:15 Zeus1.localdomain configd.py[81826]:  OPNsense/IDS generated //etc/rc.conf.d/suricata
Sep 11 16:41:15 Zeus1.localdomain configd.py[81826]:  OPNsense/IDS generated //usr/local/etc/suricata/reference.config
Sep 11 16:41:15 Zeus1.localdomain configd.py[81826]:  OPNsense/IDS generated //usr/local/etc/suricata/rule-updater.config
Sep 11 16:41:15 Zeus1.localdomain configd.py[81826]:  OPNsense/IDS generated //usr/local/etc/suricata/rules.config
Sep 11 16:41:15 Zeus1.localdomain configd.py[81826]:  OPNsense/IDS generated //usr/local/etc/suricata/suricata.yaml
Sep 11 16:41:15 Zeus1.localdomain configd.py[81826]: [d2a7aa6f-10b5-4efb-92c1-49343f2d83ff] reload intrusion detection rules
Sep 11 16:41:16 Zeus1.localdomain configd.py[81826]: [2443a3e9-cab1-4623-8d1e-c56e99fb0955] returned exit status 1
Sep 11 16:41:16 Zeus1.localdomain configd.py[81826]: [d2a7aa6f-10b5-4efb-92c1-49343f2d83ff] returned exit status 1

Additional context
If you have any fancy commands to dig further I'm happy to help :)

Environment

OPNsense 20.7.2-amd64FreeBSD 12.1-RELEASE-p8-HBSDOpenSSL 1.1.1g 21 Apr 2020
@AdSchellevis
Copy link
Member

Maybe trying to reconfigure while still in startup or not enabled and trying to start (The might be a minor cosmetic issue there)

@mimugmail
Copy link
Member Author

Ah, this happens when no suri process is running! :)

root@Zeus1:~ # configctl ids update
Error (1)
root@Zeus1:~ # less /usr/local/opnsense/service/conf/actions.d/actions_ids.conf
root@Zeus1:~ # ps aufx | grep suri
root    79000   0.0  0.0 1060968  3228  0  R+   19:59        0:00.00 grep suri
root@Zeus1:~ # configctl ids reload
Error (1)

@AdSchellevis
Copy link
Member

We should probably omit the exit code here

@AdSchellevis AdSchellevis self-assigned this Sep 13, 2020
@AdSchellevis AdSchellevis added the cleanup Low impact changes label Sep 13, 2020
@fichtner fichtner added this to the 21.1 milestone Sep 14, 2020
@AdSchellevis
Copy link
Member

@mimugmail a222eda should prevent the error on update.

fichtner pushed a commit that referenced this issue Oct 14, 2020
@AdSchellevis @fichtner
IDS: ignore pkill exit status when performing ids update, if suri is …
e7bce71 
…inactive we can safely ignore it. closes #4346

(cherry picked from commit a222eda)
oshogbo pushed a commit to DynFi/opnsense-core that referenced this issue Mar 3, 2022
@AdSchellevis
IDS: ignore pkill exit status when performing ids update, if suri is …
4323381 
…inactive we can safely ignore it. closes opnsense/core#4346
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@AdSchellevis AdSchellevis

Labels
cleanup Low impact changes
Milestone
21.1
Development

No branches or pull requests
3 participants
@fichtner @AdSchellevis @mimugmail