BUG 1
while configuring ASL4.72, I had a tail process running on the logs.
After adding some networks to the accounting reports, I started seeing this:
Code:
2004:02:29-05:16:23 (none) middleware[477]: modules::Config::Changed() => Not a array reference!
2004:02:29-05:16:23 (none) middleware[477]: modules::Config at /PerlApp/modules/Config.pm line 395.
2004:02:29-05:16:23 (none) middleware[477]:
2004:02:29-05:16:23 (none) middleware[477]: modules::Error::Error
2004:02:29-05:16:23 (none) middleware[477]: modules::Config::Changed
2004:02:29-05:16:23 (none) middleware[477]: modules::Config::load
2004:02:29-05:16:23 (none) middleware[477]:
2004:02:29-05:16:23 (none) middleware[477]: ==================================
2004:02:29-05:16:24 (none) middleware[477]: modules::Config::Changed() => Not a array reference!
2004:02:29-05:16:24 (none) middleware[477]: modules::Config at /PerlApp/modules/Config.pm line 395.
2004:02:29-05:16:24 (none) middleware[477]:
2004:02:29-05:16:24 (none) middleware[477]: modules::Error::Error
2004:02:29-05:16:24 (none) middleware[477]: modules::Config::Changed
2004:02:29-05:16:24 (none) middleware[477]: modules::Config::load
2004:02:29-05:16:24 (none) middleware[477]:
2004:02:29-05:16:24 (none) middleware[477]: =====================================
This repeats every second or so forever!
Rebooting seems to have fixed this for now.
BUG2 - SERIOUS
Web interface quit responding during setup.
Logs show packets to 443 are being dropped.
Rebooting didn't help!
ping worked in both directions (pc to firewall, firewall to pc)
Happened shortly after turning on IPS and setting it to drop things.
I believe I also had just turned on the SYN flood protection.
No emails were sent or are in queue, so I'm not sure if it was IPS that caused it.
checked snort... was running... killing it didn't help.
I had to manually flush & create new iptables rules to regain access as rebooting didn't help!.
turned off IPS... rebooted... working now.
I haven't tried playing with IPS again.
Whatever this is was almost a showstopper for me as I had spent 3 hours installing and configuring and hadn't saved a backup yet (as I wasn't done). If I hadn't figured out how to manually reset IPTables, I might have given up.
When things like this happen, an emergency command-line interface to shutdown features would be nice. See RedHat's "chkconfig", "service --status-all", "ntsysv", etc. (Yes, I know these are SYSV init tools. Make something similar if it doesn't exist, or simply provide some documentation on how to stop features manually. I know how to kill the perl programs, but I didn't know what to do about this problem.)
Of course, that assumes I made a mistake when I set the IPS to drop, and not that there was just some wierd bug.
If I did make a mistake, it wasn't clear to me that it would/could cause total filtering of the webmin port.
BUG 3
Shutdown & Restart don't do anything from the Web Interface.
"reboot" works fine from command line.
BUG 4
Lots of quirks in the web interface.
e.g. change an email on the first page, and hit ENTER on your keyboard... change doesn't get saved. this kind of thing occurs in many sections of web interface.
e.g. TAB order is wrong on many pages. (this is an html thing)
BUG 5
spamd is running, even though I have POP3 and SMTP proxies disabled. It is using 19MB of RAM, so it'd be nice if it weren't running.
I have also witnessed multiple mdw_daemon.pl instances running simultaneously. Rebooting seems to have fixed it for now.
BUG 6
Viewing PF log is killing my browser (Moz 1.6).
It looks like there are no linebreaks between lines in the log.
BR's are NOT enough... you MUST also add linefeeds (\n in perl)
Other Comments:
Making changes with web interface is VERY slow compared to 4.17 and even 3.x.
e.g. each click in the PF Rules page takes 7-20 seconds!
I'm currently using ASL 3.x on a P5 and a PIII. Runs pretty good.
Installed & configured ASL4.17 on a PII-500 today... interface is quite smooth.
Erased HD and installed 4.720. VERY slow making ANY changes via web interface. Computer has 192MB RAM, and free, top, etc show it is using about 120, and the computer is NOT swapping much (swap usage currently 2.1MB)
Tailing the log files while using the web interface is interesting and explains some of the slowness, but speed needs to be vastly improved.
I realize the recommended requirements are higher for this version, but this is excessively slow and I don't think upgrading to 900MHz would make much difference. (it would still be much slower than 4.x and even 3.x which was slow.)
I'll assume for now that we can expect substantial improvements by 5.0 final.
Also, when I was initially configuring it, a lot of times the web interface would seem to hang after a change. Unfortunately, hitting the browsers stop button makes things MUCH worse, as then none of the links work anymore (seems to have to do wit h the way the interface uses JS, I believe).
This got much better after I rebooted ASL, but things are still quite slow.
BTW, THANK YOU for adding inline snort!.
Will this be included in the home user and/or "professional" license?
Also, would it be possible to also have it log to a remote MySQL DB? I've already set this up myself in ASL 3.x (Snort + remote ACID), and it was easy.
Thanks,
Barry Gould
ASL user since 2.x.
Power User at Home, 50-ip Professional License at work
