[OISF/outreachy] help needed in Suricata setup.

megha Varshney varshney.megha070 at gmail.com
Wed Mar 20 14:35:01 UTC 2019
Previous message (by thread): [OISF/outreachy] help needed in Suricata setup.
Next message (by thread): [OISF/outreachy] help needed in Suricata setup.
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Greetings,
Sorry for the inconvenience caused. Thank You so much Himanshi.
I did as Himanshi said but the error still persists. I checked
reference.config file too.
[16823] 20/3/2019 -- 20:01:34 - (detect-reference.c:139) <Error>
(DetectReferenceParse) -- [ERRCODE: SC_ERR_REFERENCE_UNKNOWN(150)] -
unknown reference key "url". Supported keys are defined in reference.config
file.  Please have a look at the conf param "reference-config-file"
[16823] 20/3/2019 -- 20:01:34 - (detect-engine-loader.c:184) <Error>
(DetectLoadSigFile) -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error
parsing signature "alert tcp
[97.99.143.196,98.113.127.124,98.114.237.82,98.116.200.172,98.148.135.114,98.165.46.62,98.167.110.55,98.170.209.2,98.176.203.2,98.200.166.221]
any -> $HOME_NET any (msg:"ET TOR Known Tor Relay/Router (Not Exit) Node
Traffic group 745"; reference:url,
doc.emergingthreats.net/bin/view/Main/TorRules; threshold: type limit,
track by_src, seconds 60, count 1; classtype:misc-attack;
flowbits:set,ET.TorIP; sid:2523488; rev:3637; metadata:affected_product
Any, attack_target Any, deployment Perimeter, tag TOR, signature_severity
Audit, created_at 2008_12_01, updated_at 2019_03_19;)" from file
/etc/suricata/rules/tor.rules at line 877
[16823] 20/3/2019 -- 20:01:34 - (detect-reference.c:139) <Error>
(DetectReferenceParse) -- [ERRCODE: SC_ERR_REFERENCE_UNKNOWN(150)] -
unknown reference key "url". Supported keys are defined in reference.config
file.  Please have a look at the conf param "reference-config-file"
[16823] 20/3/2019 -- 20:01:34 - (detect-engine-loader.c:184) <Error>
(DetectLoadSigFile) -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error
parsing signature "alert tcp
[98.207.153.184,98.212.194.147,98.217.124.239,98.222.176.26,98.222.218.185,98.225.157.78,98.229.125.160,98.235.185.167,98.248.47.74,98.248.49.3]
any -> $HOME_NET any (msg:"ET TOR Known Tor Relay/Router (Not Exit) Node
Traffic group 746"; reference:url,
doc.emergingthreats.net/bin/view/Main/TorRules; threshold: type limit,
track by_src, seconds 60, count 1; classtype:misc-attack;
flowbits:set,ET.TorIP; sid:2523490; rev:3637; metadata:affected_product
Any, attack_target Any, deployment Perimeter, tag TOR, signature_severity
Audit, created_at 2008_12_01, updated_at 2019_03_19;)" from file
/etc/suricata/rules/tor.rules at line 878
[16823] 20/3/2019 -- 20:01:34 - (detect-reference.c:139) <Error>
(DetectReferenceParse) -- [ERRCODE: SC_ERR_REFERENCE_UNKNOWN(150)] -
unknown reference key "cve". Supported keys are defined in reference.config
file.  Please have a look at the conf param "reference-config-file"
[16823] 20/3/2019 -- 20:01:34 - (detect-engine-loader.c:184) <Error>
(DetectLoadSigFile) -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error
parsing signature "alert tls any any -> any any (msg:"SURICATA TLS overflow
heartbeat encountered, possible exploit attempt (heartbleed)";
flow:established; app-layer-event:tls.overflow_heartbeat_message;
flowint:tls.anomaly.count,+,1; classtype:protocol-command-decode;
reference:cve,2014-0160; sid:2230012; rev:1;)" from file
/etc/suricata/rules/tls-events.rules at line 22
[16823] 20/3/2019 -- 20:01:34 - (detect-reference.c:139) <Error>
(DetectReferenceParse) -- [ERRCODE: SC_ERR_REFERENCE_UNKNOWN(150)] -
unknown reference key "cve". Supported keys are defined in reference.config
file.  Please have a look at the conf param "reference-config-file"
[16823] 20/3/2019 -- 20:01:34 - (detect-engine-loader.c:184) <Error>
(DetectLoadSigFile) -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error
parsing signature "alert tls any any -> any any (msg:"SURICATA TLS invalid
heartbeat encountered, possible exploit attempt (heartbleed)";
flow:established; app-layer-event:tls.invalid_heartbeat_message;
flowint:tls.anomaly.count,+,1; classtype:protocol-command-decode;
reference:cve,2014-0160; sid:2230013; rev:1;)" from file
/etc/suricata/rules/tls-events.rules at line 23
[16823] 20/3/2019 -- 20:01:34 - (detect-reference.c:139) <Error>
(DetectReferenceParse) -- [ERRCODE: SC_ERR_REFERENCE_UNKNOWN(150)] -
unknown reference key "cve". Supported keys are defined in reference.config
file.  Please have a look at the conf param "reference-config-file"
[16823] 20/3/2019 -- 20:01:34 - (detect-engine-loader.c:184) <Error>
(DetectLoadSigFile) -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error
parsing signature "alert tls any any -> any any (msg:"SURICATA TLS invalid
encrypted heartbeat encountered, possible exploit attempt (heartbleed)";
flow:established; app-layer-event:tls.dataleak_heartbeat_mismatch;
flowint:tls.anomaly.count,+,1; classtype:protocol-command-decode;
reference:cve,2014-0160; sid:2230014; rev:1;)" from file
/etc/suricata/rules/tls-events.rules at line 24
[16823] 20/3/2019 -- 20:01:34 - (suricata.c:2394) <Error> (LoadSignatures)
-- [ERRCODE: SC_ERR_NO_RULES_LOADED(43)] - Loading signatures failed.


On Wed, 20 Mar 2019 at 19:39, Shivani Bhardwaj <
sbhardwaj at openinfosecfoundation.org> wrote:

> On Wed, Mar 20, 2019 at 7:13 PM Himanshi Mathur via Outreachy
> <outreachy at lists.openinfosecfoundation.org> wrote:
> >
> > Hey Megha
> > Please try running the command with writing sudo  in front since it says
> permission error and then send if you encounter further errors.
> >
> On a side note, Megha, please do not start a new thread for every
> message of the same nature. Let the thread go on so that it becomes
> easy to easy what have you done so far.
>
> > On Wed, Mar 20, 2019 at 2:51 PM megha Varshney via Outreachy <
> outreachy at lists.openinfosecfoundation.org> wrote:
> >>
> >> Greetings,
> >> I am getting the below upon entering the commands
> >> make-install
> >>  /bin/bash ../libtool   --mode=install /usr/bin/install -c   libhtp.la
> '/usr/lib'
> >> libtool: install: /usr/bin/install -c .libs/libhtp.so.2.0.0
> /usr/lib/libhtp.so.2.0.0
> >> /usr/bin/install: cannot create regular file
> '/usr/lib/libhtp.so.2.0.0': Permission denied
> >> Makefile:419: recipe for target 'install-libLTLIBRARIES' failed
> >> make[3]: *** [install-libLTLIBRARIES] Error 1
> >> make[3]: Leaving directory '/home/megha/suricata/oisf/libhtp/htp'
> >> Makefile:648: recipe for target 'install-am' failed
> >> make[2]: *** [install-am] Error 2
> >> make[2]: Leaving directory '/home/megha/suricata/oisf/libhtp/htp'
> >> Makefile:472: recipe for target 'install-recursive' failed
> >> make[1]: *** [install-recursive] Error 1
> >> make[1]: Leaving directory '/home/megha/suricata/oisf/libhtp'
> >> Makefile:499: recipe for target 'install-recursive' failed
> >> make: *** [install-recursive] Error 1
> >>
> >> Please help.
> >> Regards
> >> Megha
> >> _______________________________________________
> >> Outreachy mailing list
> >> Outreachy at lists.openinfosecfoundation.org
> >> https://lists.openinfosecfoundation.org/listinfo/outreachy
> >
> >
> >
> > --
> > Thanks and regards
> > Himanshi Mathur
> > CSE undergrad 2022
> > IIIT DELHI
> > _______________________________________________
> > Outreachy mailing list
> > Outreachy at lists.openinfosecfoundation.org
> > https://lists.openinfosecfoundation.org/listinfo/outreachy
>
>
>
> --
> Shivani
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/outreachy/attachments/20190320/3b7f5050/attachment-0001.html>
Previous message (by thread): [OISF/outreachy] help needed in Suricata setup.
Next message (by thread): [OISF/outreachy] help needed in Suricata setup.
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
More information about the Outreachy mailing list