Didn't take especially long. I know about the warnings, I thought like
with previous versions of PF, all the rules would default to Snort.
[root@gatekeeper bin]# ./pfcmd service snort start
service|command
httpd.admin|already started
Checking configuration sanity...
WARNING - Invalid trigger Suricata::ET MALWARE for violation 2000000
WARNING - Invalid trigger Suricata::ET TROJAN for violation 2002030
Spawning daemon child...
My daemon child 17401 lives...
Daemon parent exiting (0)
snort|start
pfdetect|already started
[root@gatekeeper bin]#
Thanks,
Joshua Nathan
Level 3 IT Support and Development
Black Forest Academy
+49 (0) 7626-9161-630
On Fri, Apr 22, 2016 at 3:33 PM, Antoine Amacher <aamac...@inverse.ca>
wrote:
> Nathan,
>
> Can you try the following from your pf directory and let us know the
> result:
> bin/pfcmd service snort start
>
> thank you
>
>
> On 04/22/2016 08:06 AM, Nathan, Josh wrote:
>
> Here's what the messages log says:
> Apr 22 13:54:48 gatekeeper systemd: Starting PacketFence Service...
> Apr 22 13:54:50 gatekeeper pfcmd: service|command
> Apr 22 13:54:56 gatekeeper pfcmd: [Fri Apr 22 13:54:56 2016]
> pfappserver.pm: Cannot determine desired terminal width, using default of
> 80 columns
> Apr 22 13:54:57 gatekeeper pfcmd: AH00548: NameVirtualHost has no effect
> and will be removed in the next release
> /usr/local/pf/var/conf/httpd.conf.d/httpd.admin:147
> Apr 22 13:54:57 gatekeeper pfcmd: AH00558: httpd: Could not reliably
> determine the server's fully qualified domain name, using
> gatekeeper.bfacademy.de. Set the 'ServerName' directive globally to
> suppress this message
> Apr 22 13:55:04 gatekeeper pfcmd: httpd.admin|start
> Apr 22 13:55:04 gatekeeper pfcmd: Checking configuration sanity...
> Apr 22 13:55:08 gatekeeper pfcmd: iptables|already started
> Apr 22 13:55:08 gatekeeper pfcmd: redis_queue|start
> Apr 22 13:55:10 gatekeeper pfcmd: AH00548: NameVirtualHost has no effect
> and will be removed in the next release
> /usr/local/pf/var/conf/httpd.conf.d/httpd.aaa:167
> Apr 22 13:55:10 gatekeeper pfcmd: AH00558: httpd: Could not reliably
> determine the server's fully qualified domain name, using
> gatekeeper.bfacademy.de. Set the 'ServerName' directive globally to
> suppress this message
> Apr 22 13:55:12 gatekeeper pfcmd: httpd.aaa|start
> Apr 22 13:55:12 gatekeeper pfcmd: radiusd-acct|start
> Apr 22 13:55:12 gatekeeper pfcmd: radiusd|start
> Apr 22 13:55:14 gatekeeper pfcmd: pfqueue|start
> Apr 22 13:55:15 gatekeeper pfcmd: pfdns|start
> Apr 22 13:55:17 gatekeeper pfcmd: pfdhcplistener_enp0s8|start
> Apr 22 13:55:17 gatekeeper kernel: device enp0s8 entered promiscuous mode
> Apr 22 13:55:18 gatekeeper pfcmd: pfdhcplistener_enp0s9|start
> Apr 22 13:55:18 gatekeeper kernel: device enp0s9 entered promiscuous mode
> Apr 22 13:55:20 gatekeeper pfcmd: pfdhcplistener_enp0s3|start
> Apr 22 13:55:20 gatekeeper kernel: device enp0s3 entered promiscuous mode
> Apr 22 13:55:21 gatekeeper pfcmd: pfdhcplistener_enp0s10|start
> Apr 22 13:55:21 gatekeeper kernel: device enp0s10 entered promiscuous mode
> Apr 22 13:55:21 gatekeeper pfcmd: AH00558: httpd: Could not reliably
> determine the server's fully qualified domain name, using
> gatekeeper.bfacademy.de. Set the 'ServerName' directive globally to
> suppress this message
> Apr 22 13:55:21 gatekeeper pfcmd: httpd.parking|start
> Apr 22 13:55:24 gatekeeper pfcmd: AH00548: NameVirtualHost has no effect
> and will be removed in the next release
> /usr/local/pf/var/conf/httpd.conf.d/httpd.portal:241
> Apr 22 13:55:24 gatekeeper pfcmd: AH00558: httpd: Could not reliably
> determine the server's fully qualified domain name, using
> gatekeeper.bfacademy.de. Set the 'ServerName' directive globally to
> suppress this message
> Apr 22 13:55:27 gatekeeper pfcmd: httpd.portal|start
> Apr 22 13:55:27 gatekeeper dhcpd: Not searching LDAP since ldap-server,
> ldap-port and ldap-base-dn were not specified in the config file
> Apr 22 13:55:27 gatekeeper dhcpd: Internet Systems Consortium DHCP Server
> 4.2.5
> Apr 22 13:55:27 gatekeeper dhcpd: Copyright 2004-2013 Internet Systems
> Consortium.
> Apr 22 13:55:27 gatekeeper dhcpd: All rights reserved.
> Apr 22 13:55:27 gatekeeper dhcpd: For info, please visit
> <https://www.isc.org/software/dhcp/>https://www.isc.org/software/dhcp/
> Apr 22 13:55:27 gatekeeper dhcpd: Wrote 0 group decls to leases file.
> Apr 22 13:55:27 gatekeeper dhcpd: Wrote 4 leases to leases file.
> Apr 22 13:55:27 gatekeeper pfcmd: dhcpd|start
> Apr 22 13:55:29 gatekeeper pfcmd: AH00548: NameVirtualHost has no effect
> and will be removed in the next release
> /usr/local/pf/var/conf/httpd.conf.d/httpd.webservices:167
> Apr 22 13:55:29 gatekeeper pfcmd: AH00558: httpd: Could not reliably
> determine the server's fully qualified domain name, using
> gatekeeper.bfacademy.de. Set the 'ServerName' directive globally to
> suppress this message
> Apr 22 13:55:30 gatekeeper pfcmd: httpd.webservices|start
> Apr 22 13:55:32 gatekeeper pfcmd: pfmon|start
> Apr 22 13:55:32 gatekeeper snort[12065]: Found pid path directive
> (/usr/local/pf/var/run)
> Apr 22 13:55:32 gatekeeper snort[12065]: Running in IDS mode
> Apr 22 13:55:32 gatekeeper snort[12065]:
> Apr 22 13:55:32 gatekeeper snort[12065]: --== Initializing Snort
> ==--
> Apr 22 13:55:32 gatekeeper snort[12065]: Initializing Output Plugins!
> Apr 22 13:55:32 gatekeeper snort[12065]: Initializing Preprocessors!
> Apr 22 13:55:32 gatekeeper snort[12065]: Initializing Plug-ins!
> Apr 22 13:55:32 gatekeeper snort[12065]: Parsing Rules file
> "/usr/local/pf/var/conf/snort.conf"
> Apr 22 13:55:32 gatekeeper snort[12065]: PortVar 'HTTP_PORTS' defined :
> Apr 22 13:55:32 gatekeeper snort[12065]: [ 80 ]
> Apr 22 13:55:32 gatekeeper snort[12065]:
> Apr 22 13:55:32 gatekeeper snort[12065]: PortVar 'SSH_PORTS' defined :
> Apr 22 13:55:32 gatekeeper snort[12065]: [ 22 ]
> Apr 22 13:55:32 gatekeeper snort[12065]:
> Apr 22 13:55:32 gatekeeper snort[12065]: PortVar 'ORACLE_PORTS' defined :
> Apr 22 13:55:32 gatekeeper snort[12065]: [ 1521 ]
> Apr 22 13:55:32 gatekeeper snort[12065]:
> Apr 22 13:55:32 gatekeeper snort[12065]: PortVar 'SHELLCODE_PORTS' defined
> :
> Apr 22 13:55:32 gatekeeper snort[12065]: [ any ]
> Apr 22 13:55:32 gatekeeper snort[12065]:
> Apr 22 13:55:32 gatekeeper snort[12065]: Found pid path directive
> (/usr/local/pf/var/run)
> Apr 22 13:55:32 gatekeeper snort[12065]: Tagged Packet Limit: 256
> Apr 22 13:55:32 gatekeeper snort[12065]: Log directory = /usr/local/pf/var
> Apr 22 13:59:48 gatekeeper systemd: packetfence.service start operation
> timed out. Terminating.
> Apr 22 13:59:48 gatekeeper systemd: Failed to start PacketFence Service.
> Apr 22 13:59:48 gatekeeper systemd: Unit packetfence.service entered
> failed state.
> Apr 22 13:59:48 gatekeeper systemd: packetfence.service failed.
> Apr 22 13:59:50 gatekeeper kernel: device enp0s8 left promiscuous mode
> Apr 22 13:59:51 gatekeeper kernel: device enp0s10 left promiscuous mode
> Apr 22 13:59:51 gatekeeper kernel: device enp0s3 left promiscuous mode
> Apr 22 13:59:51 gatekeeper kernel: device enp0s9 left promiscuous mode
>
> Thanks,
> Joshua Nathan
> Level 3 IT Support and Development
> Black Forest Academy
> +49 (0) 7626-9161-630
>
>
> On Thu, Apr 21, 2016 at 8:00 PM, Louis Munro <lmu...@inverse.ca> wrote:
>
>> Anything interesting in /var/log/messages?
>>
>> You could temporarily set TimeoutStartSec=infinity
>> in /etc/systemd/system/multi-user.target.wants/packetfence.service
>> See how long it takes to actually start for you and then adjust the
>> timeout.
>>
>> Regards,
>> --
>> Louis Munro
>> lmu...@inverse.ca :: <http://www.inverse.ca>www.inverse.ca
>> +1.514.447.4918 x125 <%2B1.514.447.4918%20x125> :: +1 (866) 353-6153
>> x125 <%2B1%20%28866%29%C2%A0353-6153%20x125>
>> Inverse inc. :: Leaders behind SOGo ( <http://www.sogo.nu>www.sogo.nu)
>> and PacketFence (www.packetfence.org)
>>
>> On Apr 21, 2016, at 10:59 , Nathan, Josh <josh.nat...@bfacademy.de>
>> wrote:
>>
>> I will confess that I'm struggling to get used to CentOS 7 as it is so
>> different from CentOS 6. Here's the "journalctl -xe":
>>
>> Apr 21 16:55:06 gatekeeper.bfacademy.de systemd[1]: packetfence.service
>> start operation timed out. Terminating.
>> Apr 21 16:55:06 gatekeeper.bfacademy.de polkitd[731]: Unregistered
>> Authentication Agent for unix-process:7258:55
>> Apr 21 16:55:06 gatekeeper.bfacademy.de systemd[1]: Failed to start
>> PacketFence Service.
>> -- Subject: Unit packetfence.service has failed
>> -- Defined-By: systemd
>> -- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
>> --
>> -- Unit packetfence.service has failed.
>> --
>> -- The result is failed.
>> Apr 21 16:55:06 gatekeeper.bfacademy.de systemd[1]: Unit
>> packetfence.service entered failed state.
>> Apr 21 16:55:06 gatekeeper.bfacademy.de systemd[1]: packetfence.service
>> failed.
>>
>> This is after going through the configurator. If, while it's trying to
>> start the services, I go ahead and connect to the admin console and "help
>> it", then it all boots up fine. I'll usually try to manually kick off p0f
>> and pfdetect, and that does the trick.
>>
>> Thanks,
>> Joshua Nathan
>> Level 3 IT Support and Development
>> Black Forest Academy
>> +49 (0) 7626-9161-630 <%2B49%20%280%29%207626-9161-630>
>>
>>
>> On Thu, Apr 21, 2016 at 3:28 PM, Louis Munro <lmu...@inverse.ca> wrote:
>>
>>> Hi Nathan,
>>> Can you show us some logs please?
>>>
>>> Please also clarify whether this is before or after going through the
>>> configurator.
>>>
>>> Regards,
>>> --
>>> Louis Munro
>>> lmu...@inverse.ca :: www.inverse.ca
>>> +1.514.447.4918 x125 <%2B1.514.447.4918%20x125> :: +1 (866) 353-6153
>>> x125 <%2B1%20%28866%29%C2%A0353-6153%20x125>
>>> Inverse inc. :: Leaders behind SOGo ( <http://www.sogo.nu/>www.sogo.nu)
>>> and PacketFence ( <http://www.packetfence.org/>www.packetfence.org)
>>>
>>> On Apr 21, 2016, at 6:24 , Nathan, Josh < <josh.nat...@bfacademy.de>
>>> josh.nat...@bfacademy.de> wrote:
>>>
>>> So... I've just done a fresh install of PacketFence 6 on a CentOS 7
>>> box. Is anyone else having the problem where PacketFence won't start
>>> because it's takes too long, and systemctl times out on it? I am running
>>> it in a virtual server, so maybe I'm not giving it enough resources... But
>>> it has 8GB of Ram and 4 CPU cores...
>>>
>>>
>>>
>>>
>>> ------------------------------------------------------------------------------
>>> Find and fix application performance issues faster with Applications
>>> Manager
>>> Applications Manager provides deep performance insights into multiple
>>> tiers of
>>> your business applications. It resolves application problems quickly and
>>> reduces your MTTR. Get your free trial!
>>> https://ad.doubleclick.net/ddm/clk/302982198;130105516;z
>>> _______________________________________________
>>> PacketFence-users mailing list
>>> PacketFence-users@lists.sourceforge.net
>>> https://lists.sourceforge.net/lists/listinfo/packetfence-users
>>>
>>>
>>
>> ------------------------------------------------------------------------------
>> Find and fix application performance issues faster with Applications
>> Manager
>> Applications Manager provides deep performance insights into multiple
>> tiers of
>> your business applications. It resolves application problems quickly and
>> reduces your MTTR. Get your free trial!
>>
>> https://ad.doubleclick.net/ddm/clk/302982198;130105516;z_______________________________________________
>> PacketFence-users mailing list
>> PacketFence-users@lists.sourceforge.net
>> https://lists.sourceforge.net/lists/listinfo/packetfence-users
>>
>>
>>
>>
>> ------------------------------------------------------------------------------
>> Find and fix application performance issues faster with Applications
>> Manager
>> Applications Manager provides deep performance insights into multiple
>> tiers of
>> your business applications. It resolves application problems quickly and
>> reduces your MTTR. Get your free trial!
>> https://ad.doubleclick.net/ddm/clk/302982198;130105516;z
>> _______________________________________________
>> PacketFence-users mailing list
>> PacketFence-users@lists.sourceforge.net
>> https://lists.sourceforge.net/lists/listinfo/packetfence-users
>>
>>
>
>
> ------------------------------------------------------------------------------
> Find and fix application performance issues faster with Applications Manager
> Applications Manager provides deep performance insights into multiple tiers of
> your business applications. It resolves application problems quickly and
> reduces your MTTR. Get your free
> trial!https://ad.doubleclick.net/ddm/clk/302982198;130105516;z
>
>
>
> _______________________________________________
> PacketFence-users mailing
> listPacketFence-users@lists.sourceforge.nethttps://lists.sourceforge.net/lists/listinfo/packetfence-users
>
>
> --
> Antoine amacheraamac...@inverse.ca :: +1.514.447.4918 *130 ::
> www.inverse.ca
> Inverse inc. :: Leaders behind SOGo (www.sogo.nu) and PacketFence
> (www.packetfence.org)
>
>
>
> ------------------------------------------------------------------------------
> Find and fix application performance issues faster with Applications
> Manager
> Applications Manager provides deep performance insights into multiple
> tiers of
> your business applications. It resolves application problems quickly and
> reduces your MTTR. Get your free trial!
> https://ad.doubleclick.net/ddm/clk/302982198;130105516;z
> _______________________________________________
> PacketFence-users mailing list
> PacketFence-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/packetfence-users
>
>
------------------------------------------------------------------------------
Find and fix application performance issues faster with Applications Manager
Applications Manager provides deep performance insights into multiple tiers of
your business applications. It resolves application problems quickly and
reduces your MTTR. Get your free trial!
https://ad.doubleclick.net/ddm/clk/302982198;130105516;z
_______________________________________________
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users
