Re: More improvements and bugfixes for the shield
Posted by
Wisiwyg on
Nov 04, 2016; 5:42am
URL: https://itus.accessinnov.com/More-improvements-and-bugfixes-for-the-shield-tp1228p1237.html
samtec55@gmail.com wrote
Hi Wisiwyg
At the end of fw-upgrade script is a section that checks if these words are in the tmp/ogfile.log
FATAL ERROR
If thesewords are present then it renames the snort rule file and deletes the snort rule, this is what I think is happening
mv -f /etc/snort/rules/snort.rules /etc/snort/rules/snort.rules.old
rm -f /etc/snort/rules/snort.rules
The reason I put this into the script was if after downloading the new snort rules an error occurred, this would stop the Shield connecting to the Internet. New snort rules are downloaded and checks again for errors, this is done 3 times if it still fails then human intervention is required to sort the problem.
Have a look in the tmp/logfile.log for the words FATAL ERROR, I'm thinking that you may have had another error which the fw_upgrade script had seen and thus run the cleanup process. If this is the case then the script will have to be changed somehow to only trigger when it's the snort rules that are causing the fatal error
As for the fw_upgrade script being delete i have no idea.
Hope this helps
Roadrunnere42
Thank you for the info Roadrunnere42! It does help!
Yes, found the rm at the end and realized it was whacking the snort.rules. I've just copied the snort.rules.old to snort.rules and everything is working until fw_upgrade runs again. So I've renamed fw_upgrade to prevent it from running until I want it to.
Unfortunately, there's no logfile.log in /tmp. Offhand, do you know if it gets deleted as a final cleanup? I'll look through the script tomorrow to see if I can locate something that deletes it. I'll try to catch it before deletion to see what is happening. There was a snort rule that had "fatal error" not "FATAL ERROR" as part of the rule description. I commented that ruleset out and ran again without receiving the "fatal error" line, but it didn't change the outcome.
Shield Pro v1, Chaos Calmer, FW 1.51 SP1, v8.3.2, Bridge Mode