search

crowdsecurity / pfSense-pkg-crowdsec

58 stars 2 forks source link

Cannot enroll pfsense installation #92

Closed wgstarks closed 3 months ago

wgstarks commented 3 months ago

Went through the installation instructions twice. Had several errors related to FreeBSD 14 instead of Free BSD 15.

[24.03-RELEASE][root@heimdall.dahoney.me]/root: pkg add -f https://github.com/crowdsecurity/pfSense-pkg-crowdsec/releases/download/v0.1.3-1.6.2/crowdsec-1.6.2.pkg Fetching crowdsec-1.6.2.pkg: 100% 44 MiB 11.5MB/s 00:04 Installing crowdsec-1.6.2... pkg: wrong architecture: FreeBSD:14:amd64 instead of FreeBSD:15:amd64 Extracting crowdsec-1.6.2: 100% Updating crowdsec hub data

After completing the install I get command not found when running the enroll command.

[24.03-RELEASE][root@heimdall.dahoney.me]/root: sudo cscli console enroll -e context clzeha7k80004l6087uikulpm sudo: Command not found. [24.03-RELEASE][root@heimdall.dahoney.me]/root: cscli console enroll -e context clzeha7k80004l6087uikulpm cscli: Command not found.

This is a Netgate SG-4200 firewall appliance running pfSense+ 24.03. FreeBSD15amd.

wgstarks commented 3 months ago

Update: Installed the sudo package on pfsense and now get this when running the enroll command-

[24.03-RELEASE][root@heimdall.dahoney.me]/root: sudo cscli console enroll -e context clzeha7k80004l6087uikulpm WARN can't load CAPI credentials from '/usr/local/etc/crowdsec/online_api_credentials.yaml' (missing login field) FATA the Central API (CAPI) must be configured with 'cscli capi register'

LaurenceJJones commented 3 months ago

Update: Installed the sudo package on pfsense and now get this when running the enroll command-

[24.03-RELEASE][root@heimdall.dahoney.me]/root: sudo cscli console enroll -e context clzeha7k80004l6087uikulpm WARN can't load CAPI credentials from '/usr/local/etc/crowdsec/online_api_credentials.yaml' (missing login field) FATA the Central API (CAPI) must be configured with 'cscli capi register'

can you run cscli capi register seems the post installation failed once the pkg was installed.

wgstarks commented 3 months ago

The command fails.

[24.03-RELEASE][root@heimdall.dahoney.me]/root: cscli capi register WARN can't load CAPI credentials from '/usr/local/etc/crowdsec/online_api_credentials.yaml' (missing login field) INFO Successfully registered to Central API (CAPI) INFO Central API credentials written to '/usr/local/etc/crowdsec/online_api_credentials.yaml' WARN Run 'sudo service crowdsec reload' for the new configuration to be effective. [24.03-RELEASE][root@heimdall.dahoney.me]/root:

wgstarks commented 3 months ago

I notice that the pkg also isn't shown in Package Manager but does show in Services tab although it's not started.

LaurenceJJones commented 3 months ago

The command fails.

[24.03-RELEASE][root@heimdall.dahoney.me]/root: cscli capi register WARN can't load CAPI credentials from '/usr/local/etc/crowdsec/online_api_credentials.yaml' (missing login field) INFO Successfully registered to Central API (CAPI) INFO Central API credentials written to '/usr/local/etc/crowdsec/online_api_credentials.yaml' WARN Run 'sudo service crowdsec reload' for the new configuration to be effective. [24.03-RELEASE][root@heimdall.dahoney.me]/root:

The command didnt fail it posted two warns and 2 infos:

INFO Successfully registered to Central API (CAPI) INFO Central API credentials written to '/usr/local/etc/crowdsec/online_api_credentials.yaml'
LaurenceJJones commented 3 months ago

I notice that the pkg also isn't shown in Package Manager but does show in Services tab although it's not started.

And if you check the status and start it by hand?

sudo service crowdsec status
sudo service crowdsec start
wgstarks commented 3 months ago

I don’t see an engine to be approved in the crowded engines page.

LaurenceJJones commented 3 months ago

I don’t see an engine to be approved in the crowded engines page.

Did you re run the enroll command (after cscli capi register)? and click the refresh on top right of page?

wgstarks commented 3 months ago

Thanks for your help. Running the enroll command again seems to have been successful although I haven't tested yet. I The engine does show in my CrowdSec dashboard.

There were still some issues though with starting the pkg in pfSense-

[24.03-RELEASE][root@heimdall.dahoney.me]/root: sudo service crowdsec status crowdsec is not running. [24.03-RELEASE][root@heimdall.dahoney.me]/root: sudo service crowdsec start Cannot 'start' crowdsec. Set crowdsec_enable to YES in /etc/rc.conf or use 'onestart' instead of 'start'. [24.03-RELEASE][root@heimdall.dahoney.me]/root: sudo service crowdsec start Cannot 'start' crowdsec. Set crowdsec_enable to YES in /etc/rc.conf or use 'onestart' instead of 'start'. [24.03-RELEASE][root@heimdall.dahoney.me]/root: sudo service crowdsec onestart crowdsec already running? (pid=3803). [24.03-RELEASE][root@heimdall.dahoney.me]/root: sudo service crowdsec status crowdsec is running as pid 3803.

As you can see the original start command failed reporting that crowdsec needed to be enabled even though it was already enabled in Sevices>CrowdSec. Running the onestart command reported that crowdsec was already running. Not sure why this confusion is happening?

Also, there still appear to be problems with the package install process since the package is still not listed in Package Manager>Installed Packages. It is my understanding from the documentation that it should be.