[OISF/outreachy] help needed in Suricata setup.

megha Varshney varshney.megha070 at gmail.com
Thu Mar 21 08:44:12 UTC 2019
Previous message (by thread): [OISF/outreachy] help needed in Suricata setup.
Next message (by thread): [OISF/outreachy] help needed in Suricata setup.
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Greetings,
Still the same error.

On Thu, 21 Mar 2019 at 14:00, Shivani Bhardwaj <
sbhardwaj at openinfosecfoundation.org> wrote:

> On Wed, Mar 20, 2019 at 8:05 PM megha Varshney
> <varshney.megha070 at gmail.com> wrote:
> >
> > Greetings,
> > Sorry for the inconvenience caused. Thank You so much Himanshi.
> > I did as Himanshi said but the error still persists. I checked
> reference.config file too.
>
> Nope. You probably failed at a step and continued from there.
> Do a clean install again. I see from your earlier message that you
> perhaps did a sudo make sometime so make clean should be showing you
> some errors about permissions.
>
> Please do
> sudo make clean
> make -j4
> sudo make install
>
> Remember, you fail at any step, repeat it from clean.
>
> > [16823] 20/3/2019 -- 20:01:34 - (detect-reference.c:139) <Error>
> (DetectReferenceParse) -- [ERRCODE: SC_ERR_REFERENCE_UNKNOWN(150)] -
> unknown reference key "url". Supported keys are defined in reference.config
> file.  Please have a look at the conf param "reference-config-file"
> > [16823] 20/3/2019 -- 20:01:34 - (detect-engine-loader.c:184) <Error>
> (DetectLoadSigFile) -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error
> parsing signature "alert tcp
> [97.99.143.196,98.113.127.124,98.114.237.82,98.116.200.172,98.148.135.114,98.165.46.62,98.167.110.55,98.170.209.2,98.176.203.2,98.200.166.221]
> any -> $HOME_NET any (msg:"ET TOR Known Tor Relay/Router (Not Exit) Node
> Traffic group 745"; reference:url,
> doc.emergingthreats.net/bin/view/Main/TorRules; threshold: type limit,
> track by_src, seconds 60, count 1; classtype:misc-attack;
> flowbits:set,ET.TorIP; sid:2523488; rev:3637; metadata:affected_product
> Any, attack_target Any, deployment Perimeter, tag TOR, signature_severity
> Audit, created_at 2008_12_01, updated_at 2019_03_19;)" from file
> /etc/suricata/rules/tor.rules at line 877
> > [16823] 20/3/2019 -- 20:01:34 - (detect-reference.c:139) <Error>
> (DetectReferenceParse) -- [ERRCODE: SC_ERR_REFERENCE_UNKNOWN(150)] -
> unknown reference key "url". Supported keys are defined in reference.config
> file.  Please have a look at the conf param "reference-config-file"
> > [16823] 20/3/2019 -- 20:01:34 - (detect-engine-loader.c:184) <Error>
> (DetectLoadSigFile) -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error
> parsing signature "alert tcp
> [98.207.153.184,98.212.194.147,98.217.124.239,98.222.176.26,98.222.218.185,98.225.157.78,98.229.125.160,98.235.185.167,98.248.47.74,98.248.49.3]
> any -> $HOME_NET any (msg:"ET TOR Known Tor Relay/Router (Not Exit) Node
> Traffic group 746"; reference:url,
> doc.emergingthreats.net/bin/view/Main/TorRules; threshold: type limit,
> track by_src, seconds 60, count 1; classtype:misc-attack;
> flowbits:set,ET.TorIP; sid:2523490; rev:3637; metadata:affected_product
> Any, attack_target Any, deployment Perimeter, tag TOR, signature_severity
> Audit, created_at 2008_12_01, updated_at 2019_03_19;)" from file
> /etc/suricata/rules/tor.rules at line 878
> > [16823] 20/3/2019 -- 20:01:34 - (detect-reference.c:139) <Error>
> (DetectReferenceParse) -- [ERRCODE: SC_ERR_REFERENCE_UNKNOWN(150)] -
> unknown reference key "cve". Supported keys are defined in reference.config
> file.  Please have a look at the conf param "reference-config-file"
> > [16823] 20/3/2019 -- 20:01:34 - (detect-engine-loader.c:184) <Error>
> (DetectLoadSigFile) -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error
> parsing signature "alert tls any any -> any any (msg:"SURICATA TLS overflow
> heartbeat encountered, possible exploit attempt (heartbleed)";
> flow:established; app-layer-event:tls.overflow_heartbeat_message;
> flowint:tls.anomaly.count,+,1; classtype:protocol-command-decode;
> reference:cve,2014-0160; sid:2230012; rev:1;)" from file
> /etc/suricata/rules/tls-events.rules at line 22
> > [16823] 20/3/2019 -- 20:01:34 - (detect-reference.c:139) <Error>
> (DetectReferenceParse) -- [ERRCODE: SC_ERR_REFERENCE_UNKNOWN(150)] -
> unknown reference key "cve". Supported keys are defined in reference.config
> file.  Please have a look at the conf param "reference-config-file"
> > [16823] 20/3/2019 -- 20:01:34 - (detect-engine-loader.c:184) <Error>
> (DetectLoadSigFile) -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error
> parsing signature "alert tls any any -> any any (msg:"SURICATA TLS invalid
> heartbeat encountered, possible exploit attempt (heartbleed)";
> flow:established; app-layer-event:tls.invalid_heartbeat_message;
> flowint:tls.anomaly.count,+,1; classtype:protocol-command-decode;
> reference:cve,2014-0160; sid:2230013; rev:1;)" from file
> /etc/suricata/rules/tls-events.rules at line 23
> > [16823] 20/3/2019 -- 20:01:34 - (detect-reference.c:139) <Error>
> (DetectReferenceParse) -- [ERRCODE: SC_ERR_REFERENCE_UNKNOWN(150)] -
> unknown reference key "cve". Supported keys are defined in reference.config
> file.  Please have a look at the conf param "reference-config-file"
> > [16823] 20/3/2019 -- 20:01:34 - (detect-engine-loader.c:184) <Error>
> (DetectLoadSigFile) -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error
> parsing signature "alert tls any any -> any any (msg:"SURICATA TLS invalid
> encrypted heartbeat encountered, possible exploit attempt (heartbleed)";
> flow:established; app-layer-event:tls.dataleak_heartbeat_mismatch;
> flowint:tls.anomaly.count,+,1; classtype:protocol-command-decode;
> reference:cve,2014-0160; sid:2230014; rev:1;)" from file
> /etc/suricata/rules/tls-events.rules at line 24
> > [16823] 20/3/2019 -- 20:01:34 - (suricata.c:2394) <Error>
> (LoadSignatures) -- [ERRCODE: SC_ERR_NO_RULES_LOADED(43)] - Loading
> signatures failed.
> >
> >
> > On Wed, 20 Mar 2019 at 19:39, Shivani Bhardwaj <
> sbhardwaj at openinfosecfoundation.org> wrote:
> >>
> >> On Wed, Mar 20, 2019 at 7:13 PM Himanshi Mathur via Outreachy
> >> <outreachy at lists.openinfosecfoundation.org> wrote:
> >> >
> >> > Hey Megha
> >> > Please try running the command with writing sudo  in front since it
> says permission error and then send if you encounter further errors.
> >> >
> >> On a side note, Megha, please do not start a new thread for every
> >> message of the same nature. Let the thread go on so that it becomes
> >> easy to easy what have you done so far.
> >>
> >> > On Wed, Mar 20, 2019 at 2:51 PM megha Varshney via Outreachy <
> outreachy at lists.openinfosecfoundation.org> wrote:
> >> >>
> >> >> Greetings,
> >> >> I am getting the below upon entering the commands
> >> >> make-install
> >> >>  /bin/bash ../libtool   --mode=install /usr/bin/install -c
> libhtp.la '/usr/lib'
> >> >> libtool: install: /usr/bin/install -c .libs/libhtp.so.2.0.0
> /usr/lib/libhtp.so.2.0.0
> >> >> /usr/bin/install: cannot create regular file
> '/usr/lib/libhtp.so.2.0.0': Permission denied
> >> >> Makefile:419: recipe for target 'install-libLTLIBRARIES' failed
> >> >> make[3]: *** [install-libLTLIBRARIES] Error 1
> >> >> make[3]: Leaving directory '/home/megha/suricata/oisf/libhtp/htp'
> >> >> Makefile:648: recipe for target 'install-am' failed
> >> >> make[2]: *** [install-am] Error 2
> >> >> make[2]: Leaving directory '/home/megha/suricata/oisf/libhtp/htp'
> >> >> Makefile:472: recipe for target 'install-recursive' failed
> >> >> make[1]: *** [install-recursive] Error 1
> >> >> make[1]: Leaving directory '/home/megha/suricata/oisf/libhtp'
> >> >> Makefile:499: recipe for target 'install-recursive' failed
> >> >> make: *** [install-recursive] Error 1
> >> >>
> >> >> Please help.
> >> >> Regards
> >> >> Megha
> >> >> _______________________________________________
> >> >> Outreachy mailing list
> >> >> Outreachy at lists.openinfosecfoundation.org
> >> >> https://lists.openinfosecfoundation.org/listinfo/outreachy
> >> >
> >> >
> >> >
> >> > --
> >> > Thanks and regards
> >> > Himanshi Mathur
> >> > CSE undergrad 2022
> >> > IIIT DELHI
> >> > _______________________________________________
> >> > Outreachy mailing list
> >> > Outreachy at lists.openinfosecfoundation.org
> >> > https://lists.openinfosecfoundation.org/listinfo/outreachy
> >>
> >>
> >>
> >> --
> >> Shivani
>
>
>
> --
> Shivani
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/outreachy/attachments/20190321/9d15736d/attachment-0001.html>
Previous message (by thread): [OISF/outreachy] help needed in Suricata setup.
Next message (by thread): [OISF/outreachy] help needed in Suricata setup.
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
More information about the Outreachy mailing list