search

crowdsecurity / pfSense-pkg-crowdsec

49 stars 2 forks source link

Any chance on getting FreeBSD 15 build soon? #81

Open yuryk1 opened 8 months ago

yuryk1 commented 8 months ago

pfSense+ v24.x switched to FreeBSD-15

`[24.03-DEVELOPMENT][admin@fw2.xxxx.net]/root: setenv IGNORE_OSVERSION yes [24.03-DEVELOPMENT][admin@fw2.xxxx.net]/root: pkg add https://github.com/crowdsecurity/pfSense-pkg-crowdsec/releases/download/v0.1/abseil-20230125.3.pkg Fetching abseil-20230125.3.pkg: 100% 1 MiB 1.4MB/s 00:01
Installing abseil-20230125.3... pkg: wrong architecture: FreeBSD:14:amd64 instead of FreeBSD:15:amd64

Failed to install the following 1 package(s): https://github.com/crowdsecurity/pfSense-pkg-crowdsec/releases/download/v0.1/abseil-20230125.3.pkg [24.03-DEVELOPMENT][admin@fw2.xxxx.net]/root: pkg add https://github.com/crowdsecurity/pfSense-pkg-crowdsec/releases/download/v0.1/re2-20230901.pkg Fetching re2-20230901.pkg: 100% 296 KiB 303.2kB/s 00:01
Installing re2-20230901... pkg: wrong architecture: FreeBSD:14:amd64 instead of FreeBSD:15:amd64

Failed to install the following 1 package(s): https://github.com/crowdsecurity/pfSense-pkg-crowdsec/releases/download/v0.1/re2-20230901.pkg [24.03-DEVELOPMENT][admin@fw2.xxxx.net]/root: pkg add https://github.com/crowdsecurity/pfSense-pkg-crowdsec/releases/download/v0.1/crowdsec-firewall-bouncer-0.0.28_1.pkg Fetching crowdsec-firewall-bouncer-0.0.28_1.pkg: 100% 4 MiB 3.8MB/s 00:01
Installing crowdsec-firewall-bouncer-0.0.28_1... pkg: wrong architecture: FreeBSD:14:amd64 instead of FreeBSD:15:amd64

Failed to install the following 1 package(s): https://github.com/crowdsecurity/pfSense-pkg-crowdsec/releases/download/v0.1/crowdsec-firewall-bouncer-0.0.28_1.pkg [24.03-DEVELOPMENT][admin@fw2.xxxx.net]/root: pkg add https://github.com/crowdsecurity/pfSense-pkg-crowdsec/releases/download/v0.1/crowdsec-1.5.5.pkg Fetching crowdsec-1.5.5.pkg: 100% 41 MiB 42.7MB/s 00:01
Installing crowdsec-1.5.5... pkg: wrong architecture: FreeBSD:14:amd64 instead of FreeBSD:15:amd64

Failed to install the following 1 package(s): https://github.com/crowdsecurity/pfSense-pkg-crowdsec/releases/download/v0.1/crowdsec-1.5.5.pkg [24.03-DEVELOPMENT][admin@fw2.xxxx.net]/root: pkg add https://github.com/crowdsecurity/pfSense-pkg-crowdsec/releases/download/v0.1/pfSense-pkg-crowdsec-0.1.pkg Fetching pfSense-pkg-crowdsec-0.1.pkg: 100% 79 KiB 80.8kB/s 00:01
Installing pfSense-pkg-crowdsec-0.1... pkg: wrong architecture: FreeBSD:14:amd64 instead of FreeBSD:15:amd64

Failed to install the following 1 package(s): https://github.com/crowdsecurity/pfSense-pkg-crowdsec/releases/download/v0.1/pfSense-pkg-crowdsec-0.1.pkg `

mmetc commented 8 months ago

after christmas I'll update the package and do new versions including the block rule priority fix (currently ignored if you don't have a manual rule) freebsd 15 and crowdsec 1.5.6 RC

yuryk1 commented 8 months ago

Thank you and Happy Holidays!On Dec 23, 2023, at 5:50 PM, mmetc @.***> wrote: after christmas I'll update the package and do new versions including the block rule priority fix (currently ignored if you don't have a manual rule) freebsd 15 and crowdsec 1.5.6 RC

—Reply to this email directly, view it on GitHub, or unsubscribe.You are receiving this because you authored the thread.Message ID: @.***>

mmetc commented 8 months ago

You'll find a tar package here

https://github.com/crowdsecurity/pfSense-pkg-crowdsec/releases/tag/v0.1.1

I'm sorry there's no crowdsec 1.5.5, if 1.5.6~rc8 does not suit you I'll build you the stable one.

yuryk1 commented 8 months ago

Thank you @mmetc!

Getting the tar allowed me to install the package, however the rules engine was failing to start :

time="2023-12-28 11:43:10" level=info msg="Adding file /var/log/nginx.log to datasources" type=file
time="2023-12-28 11:43:10" level=info msg="Starting processing data"
time="2023-12-28 11:43:10" level=info msg="Error machine login for pfsense : ent: machine not found "
time="2023-12-28 11:43:10" **level=fatal msg="starting outputs error : authenticate watcher (pfsense): API error: ent: machine not found"**

UPDATE: The issue was related to default LAPI port 8080. Changing it to 8088 allowed for service to start....

zkhcohen commented 8 months ago

Thank you @mmetc!

Getting the tar allowed me to install the package, however the rules engine was failing to start :

time="2023-12-28 11:43:10" level=info msg="Adding file /var/log/nginx.log to datasources" type=file
time="2023-12-28 11:43:10" level=info msg="Starting processing data"
time="2023-12-28 11:43:10" level=info msg="Error machine login for pfsense : ent: machine not found "
time="2023-12-28 11:43:10" **level=fatal msg="starting outputs error : authenticate watcher (pfsense): API error: ent: machine not found"**

UPDATE: The issue was related to default LAPI port 8080. Changing it to 8088 allowed for service to start....

Changing the port (tried several different ports) didn't resolve the issue for me.

[2.7.0-RELEASE][admin@pfsense]/root: tail /var/log/crowdsec/crowdsec.log
time="2023-12-30 18:59:56" level=warning msg="No matching files for pattern /var/log/httpd-access.log" type=file
time="2023-12-30 18:59:56" level=warning msg="No matching files for pattern /var/log/httpd-error.log" type=file
time="2023-12-30 18:59:56" level=info msg="loading acquisition file : /usr/local/etc/crowdsec/acquis.d/pfsense.yaml"
time="2023-12-30 18:59:56" level=info msg="Force add watch on /var/log" type=file
time="2023-12-30 18:59:56" level=info msg="Adding file /var/log/filter.log to datasources" type=file
time="2023-12-30 18:59:56" level=info msg="Force add watch on /var/log" type=file
time="2023-12-30 18:59:56" level=info msg="Adding file /var/log/nginx.log to datasources" type=file
time="2023-12-30 18:59:56" level=info msg="Starting processing data"
time="2023-12-30 18:59:56" level=info msg="Error machine login for  : ent: machine not found "
time="2023-12-30 18:59:56" level=fatal msg="starting outputs error : authenticate watcher (): API error: ent: machine not found"

EDIT: I figured out the issue with 0.1.1 -- /usr/local/etc/crowdsec/local_api_credentials.yaml is generated without credentials the first time you start Crowdsec via the UI. After manually deleting this file from the server and then restarting the service, it worked.

If you save the changes again via Services > Crowdsec, the credentials appear to be invalidated. Deleting the file by hand again and then restarting the service fixes it once more.