Hello all,
Just installed the 164 test update tonight. Everything seems OK except I am seeing the same issue here with IPS; I only had the one ruleset (emerging threats) enabled, and I don’t see the rules on the main screen. If I try to edit the rules I just get “The ruleset changes are being applied” forever. The rules that I previously set are still working because I can see hits in the logs. Adding a second ruleset allow me to edit either of them.
EDIT: Additionally, I deleted the rulesets, disabled IPS, then went through the steps of re-adding them. I can no longer edit the rulesets that I’ve selected, so no way of applying anything. Deleted that again, restored my old backup, and although I can’t edit it at all, my original ruleset is now applied and running again.
Regarding the rulesets not being able to be displayed, I’ve raised a bug for it Bug id=12788 which was related to the started topic of
[Manual Update missing on core 164-TEST] (7329)
Appears that doing a UPDATE to core 164 TEST keeps the ‘Customize Ruleset’ function working as normal. But doing a new full install of 164 TEST and then restoring from backup tends to break things. But without a backup restore the rulesets function and are displayed correctly.
@hobthrust - According to the bug 12788 comments, looks like the lads ( with big help from @cbrown ) have been able to replicate the issue and a new nightly of 164 test will be created. I’m waiting for it to test.
@rejjysail I haven’t applied a nightly build before and I can’t seem to find out online, is there a way to move to that via pakfire or does it require a clean installation?
I’m not a developer, and I may have mis-used the term ‘nightly’
The core164 (testing) had IPS rules issues (and possibly others) which related to doing a restore from previous backup. In order the make 164 stable available asap, they decided to possibly hold back the new IPS features and create a new core 165 for deeper testing. It’s not available on pakfire as far as I know. I had to dig through the directories to download the core 165 .iso, so it requires a FULL INSTALL. And for the life of me, I can’t figure out now where exactly it was located. Either way, I think you should wait for official announcments from the team.
I just finished testing the fix changes they’ll be putting into final 164.
From an full .iso install, all worked fine for from the old restore.
I suspect this new 164 will be made available very shortly.
I’m having the endless The ruleset changes are being applied. Please wait until all operations have completed successfully…" also
Looked for the lock file but it doesn’t show …
[root@ipfire suricata]# cd /var/tmp/
[root@ipfire tmp]# ls -la
total 3460
drwxrwxrwt 2 root root 4096 Mar 14 10:02 .
drwxr-xr-x 15 root root 4096 Mar 9 13:46 …
-rw------- 1 nobody nobody 339747 Mar 14 01:25 idsrules-community.tar.gz
-rw------- 1 nobody nobody 3192188 Mar 14 01:25 idsrules-emerging.tar.gz
[root@ipfire tmp]#
[root@ipfire tmp]#
[root@ipfire tmp]# cd /tmp
[root@ipfire tmp]# ls -la
total 12
drwxrwxrwt 3 root root 4096 Mar 14 10:02 .
drwxr-xr-x 21 root root 4096 Mar 13 15:16 …
drwxr-xr-x 4 nobody nobody 4096 Mar 14 10:02 ids_tmp
[root@ipfire tmp]# cd ids_tmp/
[root@ipfire ids_tmp]# ls -la
total 16
drwxr-xr-x 4 nobody nobody 4096 Mar 14 10:02 .
drwxrwxrwt 3 root root 4096 Mar 14 10:02 …
drwxr-xr-x 2 nobody nobody 4096 Mar 14 10:02 conf
drwxr-xr-x 2 nobody nobody 4096 Mar 14 10:02 rules
[root@ipfire ids_tmp]#
Must be something other than the lock file
Edit: Also, there is no oinkmaster process runing:
while I am sorry Core Update 164 caused such a mess (two major bugs in one release - sigh), I am glad to see the discussion going on here, trying to find, understand and resolve the issue. Excellent!
If I got this right, this and this thread cover the same issue. Therefore, I take the liberty to close this one, to avoid the same problem being discussed in two different places. Please post to the other thread, if necessary.
Thanks for your understanding, and best regards,
Peter Müller