This is what happened to me (so the update didn’t work? My Suricata was pretty fresh/recent)
And according to those threads looks like no matter what, I would have lost the config.
1 Like
Seems like appliances always dump the whole OS on a single partition. You could have dealt with this pretty easily if it was only the log or even var partition that filled up.
I use this script to email me capacity alerts. Haven’t tested it in FreeBSD, but I think it would work out of the box or with very little changed. It does assume sendmail has functional smtp and mail sent to root will go somewhere useful.
#!/usr/bin/env sh
#
# Configure following capacity email alerts for mounted filesystems:
#
# 1. 80% Weekly
# 2. 90% Daily
# 3. 98% Hourly
#
################################################################################
# safety first
set -euo pipefail
#set -x #debug
PATH='/usr/local/bin:/usr/bin:/bin:/usr/sbin:/sbin'; hash -r
# weekly email alerts at 80% capacity
printf '%s\n' \
'#!/usr/bin/env bash' \
'' \
'# safety first' \
'set -euo pipefail' \
'#set -x #debug' \
'PATH="/usr/local/bin:/usr/bin:/bin:/usr/sbin:/sbin"' \
'' \
'OVER_THRESHOLD="$(df --local \' \
' --output=target,pcent \' \
' --exclude-type tmpfs \' \
' --exclude-type devtmpfs |' \
' egrep "[8-9][[:digit:]]%$|100%$")"' \
'' \
'[ -z "${OVER_THRESHOLD:-}" ] ||' \
' printf "%s" "Subject: $(hostname -f) - Filesystem Capacity Warning' \
' The following filesystems are over 80% capacity:' \
'' \
' ${OVER_THRESHOLD}" |' \
' sendmail -F "storage@$(hostname -f)" "root"' \
'' \
'exit $?' |
sudo tee '/etc/cron.weekly/60-vol-capacity-80' >/dev/null
sudo chmod 755 '/etc/cron.weekly/60-vol-capacity-80'
# daily email alerts at 90% capacity
sed \
-e 's/\[8-9\]/9/' \
-e 's/80%/90%/' \
'/etc/cron.weekly/60-vol-capacity-80' |
sudo tee '/etc/cron.daily/60-vol-capacity-90' >/dev/null
sudo chmod 755 '/etc/cron.daily/60-vol-capacity-90'
# hourly email alerts at 98% capacity
sed \
-e 's/\[\[:digit:\]\]/[8-9]/' \
-e 's/90%/98%/' \
'/etc/cron.daily/60-vol-capacity-90' |
sudo tee '/etc/cron.hourly/60-vol-capacity-98' >/dev/null
sudo chmod 755 '/etc/cron.hourly/60-vol-capacity-98'
exit 0
1 Like
I don’t have smtp setup, but I will re-install the splunk forwarder and I can probably set the script to output to a file and then take from that, then Splunk has gateway setup and will send me a notification to my phone.
I was looking at the logs before it went kaput and there isn’t a warning at 80% or some such thing, it only tells you when you have hit 100% in which case kiss your config goodbye.
1 Like
I think FreeBSD might not have the shortcut /etc/cron.weekly folders, but those scripts just parse df so should work on anything.
If postfix is installed, I have the gmail smtp config handy (and scripted of course) if you want it.
1 Like
so friggin weird, but I’ve been chasing one of my VLANs not making any sense at all- firewall rules not working, then not having internet access, deleting all rules, adding allow all, clearing states. Just could not figure it out. Decided to nuke it (VLAN 70) and make a new one (VLAN 20) and reset it all up, seems to be working- DHCP, rules, WAN etc.
So weird…
1 Like
For future me
2 Likes
Just throwing this in here- if you reverted a Win VM to an old snapshot and you get the domain trust broken complaint, there is a powershell alternative vs. dropping and rejoining the domain.
Just worked for me- stoked.
2 Likes
I just installed the Mailvelope add-on for Firefox for PGP encrypted emails using gmail, generated keys, learned the GUI. Super easy, painless. IMO people would use encryption more when its made this crazy easy to use.
2 Likes
I’ve been telling people for years to encrypt, but to no great effect.
Personally, however, I prefer a more arhaic method outside the browser, because paranoia … 
PS
Even l1t notifications should have options. Every online store should communicate with the customer in a coded manner … ah dreams.
1 Like
Yeah I took the lazy route. After updating my thunderbird that fixed the sync issue with my gmail, and I suppose using PGP via thunderbird would be a better implementation.
But kudos to Mailvelope making it so easy- no need to know imap, pop etc.
IMO this can’t happen soon enough: TrueNAS SCALE
But once in stock and funds ready I’m pretty set on getting the Synology DS1621xs+. Low power, easy to use, surveillance station, turn key backup apps + Andriod apps. #justworks.
But when TrueNAS Scale comes out, I will be very tempted to do a small efficient white box build and try it out. Can’t help but think it will blossom built on Linux- from big contributions to small little details like Plex’s commercial cutting tool working.
Latest PFBlockerNG package with DNSBL setup seems to run away with resources and causes my pfsense box to crash and I have to manually re-plug in power.
Suricata update fixed that package so that when you click “block” hosts that throw alerts- it actually blocks them.
OpenVPN, if you want to access LAN resources do not gloss over this section in the setup:
Happy Thanksgiving to all that celebrate it.
So Suricata was never blocking even when enabled until the recent update, then when I turned blocking off it would still block so had to disable the interface. Tried to get it going today, it won’t even log alerts now. Also uncovered it was responsible for pfsense issues I was blaming on pfblockerng.
I’ve never had luck with Suricata- never. I ran it because of a lawrence tech vid, went right back to Snort the same day. Ran it again when the big changes in logging hit both packages and learned a lot about how my “Intel” NICs are not the right ones for inline mode blocking, json logs etc. Their forums have been chalk full of issues that require users to complete un-install and re-install the package and I’ve had to do that myself (and that would likely fix my interface just stopping taking any changes).
Going back to snort today. Low and behold it works, it doesn’t cause sessions to reset on browsers and all other nuances with Suricata. I don’t understand the hype with Suricata, I suppose I’m not technical enough to know that it runs faster, less resources, rule formatting, layer 7 inspection etc or whatever put it on the map, but good ole’ Snort #justworks.
1 Like
I had similar experiences with it on OPNsense. I think it’s one of those things you need to know in and out to run properly.
1 Like
For those running pfsense + pfblockerng-devel + DNSBL (awesome, highly recommend it but would love to do a comparison with pi-hole) the following applied to me:
I both whitelisted malwarebytes and went into malwarebytes GUI to turn off telemetry and its solid low CPU use now.
On that note, before I updated pfblockerng-devel to 3.0.0_1, it was a pain to load up additional block lists and interact with them. The new GUI is jaw-dropping awesome.
I plan on self hosting a wordpress again because reasons, and some of these lists are to block spam bots, this should be neat.
2 Likes
Boot up old stuff from time to time, electronics doesn’t like to be ‘dead’ for long stretches of time.
I booted up the ole’ z800 that had PopOS and some RAM failed tests. I then was prompted by PopOS that my version was out of data but also so old I had to update via a chain of version updates. I proceeded to do so. Things I learned today:
-
There is a bug that after an update or fresh install of PopOS or Ubuntu 20.0X LTS it will say it failed at the end of install. This is not true, reboot and carry on about your day. I did not read this bug finding at first, so I proceeded to make various USB boot disks of various distros and started to doubt the health of my SSD.
-
Yes, do the update. I re-installed the old PopOS from the USB and a number of the packages are no longer found by the automated update process or when you apt-get update. I saw the automated update process was spiking the CPU like a heart EKG. This will effect workloads if your not watching for this. It kind of strong arms you into turning off updates or updating.
-
I turned off pfblockerng in case it was the reason updates were an issue- shoot this reminds me to turn it back on. pfblockerng was not the issue (nor did the logs indicate this, but I started to just rattle off ideas and attempts).
-
Don’t just re-seat RAM or move them around, but use compressed air and do a few re-seatings to hopefully get rid of RAM failure issues.
-
xrdp requires that you log off the host first, otherwise you xrdp into a black screen. This spurred my update frenzy and move from PopOS to Ubuntu, all probably for nothing. Meaning my update path for PopOS actually worked (despite the fail popup) and xrdp was probably working (I thought it wasn’t).
-
I’m too lazy to go back to PopOS, I’ll just rock good ole’ Ubuntu now that its installed and my data drive is setup for my user and I have the apps I wanted.
Goal is to use this old bird that has 8 physical cores to ship off kdenlive work to. Basically following YouTube’s LearnLinuxTV’s vid of using Syncthing and kdenlive to export work to a beastly box. xrdp is extra as I’m doing this from Windows. This whole thing is just to put some old equipment to use because I really have no need to export the work- I’m just being a LVL1’er and making something harder and more complicated than it needs to be.
Actually I should follow that video more to a ‘T’ and export work to a VM vs this bare metal box that is usually off…
1 Like
Nope- Nuked my Ubuntu by trying to install Nvidia drivers via their very own firmware management tool.
I was ok with the open source driver until I saw horrible taring on youtube vids.
I guess PopOS Nvidia built it is…
I’ve learned the hard way that distros don’t keep packages around forever either. I now go through all my systems at least every six months for a round of updating just to make sure I don’t run into any major upgrade issues due to missing upgrade paths…
2 Likes
You should be able to find everything on an archive mirror no?
2 Likes
kdenlive adopted the dark theme when on Ubuntu 20.04, but on PopOS 20.04 you need to:
sudo apt install breeze
Then in the kdenlive GUI under Settings >> Color Theme, you will have more options, a few being dark themes.
Its the little things in life.
On that note, the Nvidia PopOS build fixed the screen taring.