search

crowdsecurity / crowdsec

CrowdSec - the open-source and participative security solution offering crowdsourced protection against malicious IPs and access to the most advanced real-world CTI.
https://crowdsec.net
MIT License
9.17k stars 472 forks source link

Bug/Dependency issue during update with crowdsec-firewall-bouncer #1225

Open ianw1974 opened 2 years ago

ianw1974 commented 2 years ago

Describe the bug When updating crowdsec and crowdsec-firewall-bouncer packages, the bouncer is updated before the crowdsec package, causing issues when it attempts to restart the service and it fails. Ideally, it would be better for crowdsec to be installed/updated first, so that this is restarted and available, and then for crowdsec-firewall-bouncer package to be updated, which would then restart successfully.

Once the update had been finished, I manually restarted crowdsec-firewall-bouncer without issues, so it's purely to do with the incorrect order of upgrading these packages. Alternatively, if it's not done, crowdsec should be restarted and running before the crowdsec-firewall-bouncer package is updated. But from what I see, setting up is ran for the firewall bouncer before the crowdsec package instead of the other way around.

Expected behavior It's expected that both packages update and restart successfully without failing during the update process.

Errors from apt output

Unpacking crowdsec (1.3.0) over (1.2.3) ...
Preparing to unpack .../8-crowdsec-firewall-bouncer-iptables_0.0.22_amd64.deb ...
Unpacking crowdsec-firewall-bouncer-iptables (0.0.22) over (0.0.21) ...
Setting up bsdextrautils (2.36.1-8+deb11u1) ...
Setting up eject (2.36.1-8+deb11u1) ...
Setting up crowdsec-firewall-bouncer-iptables (0.0.22) ...
cscli/crowdsec is present, generating API key
Job for crowdsec-firewall-bouncer.service failed because the control process exited with error code.
See "systemctl status crowdsec-firewall-bouncer.service" and "journalctl -xe" for details.
dpkg: error processing package crowdsec-firewall-bouncer-iptables (--configure):
 installed crowdsec-firewall-bouncer-iptables package post-installation script subprocess returned error exit status 1
Setting up libfdisk1:amd64 (2.36.1-8+deb11u1) ...
Setting up crowdsec (1.3.0) ...
Installing new version of config file /etc/crowdsec/config.yaml ...
Installing new version of config file /etc/crowdsec/notifications/slack.yaml ...
Updating hub
INFO[01-02-2022 12:19:09 PM] Wrote new 250867 bytes index to /etc/crowdsec/hub/.index.json 
INFO[01-02-2022 12:19:09 PM] dependency of crowdsecurity/mysql : outdated parsers crowdsecurity/mysql-logs 
INFO[01-02-2022 12:19:09 PM] dependency of crowdsecurity/sshd : outdated parsers crowdsecurity/sshd-logs 
INFO[01-02-2022 12:19:09 PM] dependency of crowdsecurity/apache2 : outdated parsers crowdsecurity/apache2-logs 
INFO[01-02-2022 12:19:09 PM] update for collection crowdsecurity/base-http-scenarios available (currently:0.4, latest:0.5) 
INFO[01-02-2022 12:19:09 PM] dependency of crowdsecurity/linux : outdated parsers crowdsecurity/syslog-logs 
You can always run the configuration again interactively by using '/usr/share/crowdsec/wizard.sh -c
Errors were encountered while processing:
 crowdsec-firewall-bouncer-iptables
E: Sub-process /usr/bin/dpkg returned an error code (1)
Setting up crowdsec-firewall-bouncer-iptables (0.0.22) ...
cscli/crowdsec is present, generating API key

Current status: 0 (-17) upgradable.

Technical Information (please complete the following information):

sabban commented 2 years ago

Hi,

I could reproduce the issue. Thanks for reporting this.

Regards,