crowdsec
crowdsec copied to clipboard
crowdsecurity
Bug/Dependency issue during update with crowdsec-firewall-bouncer
Describe the bug When updating crowdsec and crowdsec-firewall-bouncer packages, the bouncer is updated before the crowdsec package, causing issues when it attempts to restart the service and it fails. Ideally, it would be better for crowdsec to be installed/updated first, so that this is restarted and available, and then for crowdsec-firewall-bouncer package to be updated, which would then restart successfully.
Once the update had been finished, I manually restarted crowdsec-firewall-bouncer without issues, so it's purely to do with the incorrect order of upgrading these packages. Alternatively, if it's not done, crowdsec should be restarted and running before the crowdsec-firewall-bouncer package is updated. But from what I see, setting up is ran for the firewall bouncer before the crowdsec package instead of the other way around.
Expected behavior It's expected that both packages update and restart successfully without failing during the update process.
Errors from apt output
Unpacking crowdsec (1.3.0) over (1.2.3) ...
Preparing to unpack .../8-crowdsec-firewall-bouncer-iptables_0.0.22_amd64.deb ...
Unpacking crowdsec-firewall-bouncer-iptables (0.0.22) over (0.0.21) ...
Setting up bsdextrautils (2.36.1-8+deb11u1) ...
Setting up eject (2.36.1-8+deb11u1) ...
Setting up crowdsec-firewall-bouncer-iptables (0.0.22) ...
cscli/crowdsec is present, generating API key
Job for crowdsec-firewall-bouncer.service failed because the control process exited with error code.
See "systemctl status crowdsec-firewall-bouncer.service" and "journalctl -xe" for details.
dpkg: error processing package crowdsec-firewall-bouncer-iptables (--configure):
installed crowdsec-firewall-bouncer-iptables package post-installation script subprocess returned error exit status 1
Setting up libfdisk1:amd64 (2.36.1-8+deb11u1) ...
Setting up crowdsec (1.3.0) ...
Installing new version of config file /etc/crowdsec/config.yaml ...
Installing new version of config file /etc/crowdsec/notifications/slack.yaml ...
Updating hub
INFO[01-02-2022 12:19:09 PM] Wrote new 250867 bytes index to /etc/crowdsec/hub/.index.json
INFO[01-02-2022 12:19:09 PM] dependency of crowdsecurity/mysql : outdated parsers crowdsecurity/mysql-logs
INFO[01-02-2022 12:19:09 PM] dependency of crowdsecurity/sshd : outdated parsers crowdsecurity/sshd-logs
INFO[01-02-2022 12:19:09 PM] dependency of crowdsecurity/apache2 : outdated parsers crowdsecurity/apache2-logs
INFO[01-02-2022 12:19:09 PM] update for collection crowdsecurity/base-http-scenarios available (currently:0.4, latest:0.5)
INFO[01-02-2022 12:19:09 PM] dependency of crowdsecurity/linux : outdated parsers crowdsecurity/syslog-logs
You can always run the configuration again interactively by using '/usr/share/crowdsec/wizard.sh -c
Errors were encountered while processing:
crowdsec-firewall-bouncer-iptables
E: Sub-process /usr/bin/dpkg returned an error code (1)
Setting up crowdsec-firewall-bouncer-iptables (0.0.22) ...
cscli/crowdsec is present, generating API key
Current status: 0 (-17) upgradable.
Technical Information (please complete the following information):
- OS: Debian 11 Bullseye
- Version: Upgrading 1.2.3 to 1.3.0
