[OISF/outreachy] help needed in Suricata setup.

Shivani Bhardwaj sbhardwaj at openinfosecfoundation.org
Thu Mar 21 10:10:08 UTC 2019
Previous message (by thread): [OISF/outreachy] help needed in Suricata setup.
Next message (by thread): [OISF/outreachy] help needed in Suricata setup.
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
On Thu, Mar 21, 2019 at 2:14 PM megha Varshney
<varshney.megha070 at gmail.com> wrote:
>
> Greetings,
> Still the same error.
>
Hmm. Could you check your `reference-config-file` value in your
suricata.yaml file?
Does it have the same path to reference.config file that you're
looking at? If not, you should change that.

> On Thu, 21 Mar 2019 at 14:00, Shivani Bhardwaj <sbhardwaj at openinfosecfoundation.org> wrote:
>>
>> On Wed, Mar 20, 2019 at 8:05 PM megha Varshney
>> <varshney.megha070 at gmail.com> wrote:
>> >
>> > Greetings,
>> > Sorry for the inconvenience caused. Thank You so much Himanshi.
>> > I did as Himanshi said but the error still persists. I checked reference.config file too.
>>
>> Nope. You probably failed at a step and continued from there.
>> Do a clean install again. I see from your earlier message that you
>> perhaps did a sudo make sometime so make clean should be showing you
>> some errors about permissions.
>>
>> Please do
>> sudo make clean
>> make -j4
>> sudo make install
>>
>> Remember, you fail at any step, repeat it from clean.
>>
>> > [16823] 20/3/2019 -- 20:01:34 - (detect-reference.c:139) <Error> (DetectReferenceParse) -- [ERRCODE: SC_ERR_REFERENCE_UNKNOWN(150)] - unknown reference key "url". Supported keys are defined in reference.config file.  Please have a look at the conf param "reference-config-file"
>> > [16823] 20/3/2019 -- 20:01:34 - (detect-engine-loader.c:184) <Error> (DetectLoadSigFile) -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert tcp [97.99.143.196,98.113.127.124,98.114.237.82,98.116.200.172,98.148.135.114,98.165.46.62,98.167.110.55,98.170.209.2,98.176.203.2,98.200.166.221] any -> $HOME_NET any (msg:"ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 745"; reference:url,doc.emergingthreats.net/bin/view/Main/TorRules; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; flowbits:set,ET.TorIP; sid:2523488; rev:3637; metadata:affected_product Any, attack_target Any, deployment Perimeter, tag TOR, signature_severity Audit, created_at 2008_12_01, updated_at 2019_03_19;)" from file /etc/suricata/rules/tor.rules at line 877
>> > [16823] 20/3/2019 -- 20:01:34 - (detect-reference.c:139) <Error> (DetectReferenceParse) -- [ERRCODE: SC_ERR_REFERENCE_UNKNOWN(150)] - unknown reference key "url". Supported keys are defined in reference.config file.  Please have a look at the conf param "reference-config-file"
>> > [16823] 20/3/2019 -- 20:01:34 - (detect-engine-loader.c:184) <Error> (DetectLoadSigFile) -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert tcp [98.207.153.184,98.212.194.147,98.217.124.239,98.222.176.26,98.222.218.185,98.225.157.78,98.229.125.160,98.235.185.167,98.248.47.74,98.248.49.3] any -> $HOME_NET any (msg:"ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 746"; reference:url,doc.emergingthreats.net/bin/view/Main/TorRules; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; flowbits:set,ET.TorIP; sid:2523490; rev:3637; metadata:affected_product Any, attack_target Any, deployment Perimeter, tag TOR, signature_severity Audit, created_at 2008_12_01, updated_at 2019_03_19;)" from file /etc/suricata/rules/tor.rules at line 878
>> > [16823] 20/3/2019 -- 20:01:34 - (detect-reference.c:139) <Error> (DetectReferenceParse) -- [ERRCODE: SC_ERR_REFERENCE_UNKNOWN(150)] - unknown reference key "cve". Supported keys are defined in reference.config file.  Please have a look at the conf param "reference-config-file"
>> > [16823] 20/3/2019 -- 20:01:34 - (detect-engine-loader.c:184) <Error> (DetectLoadSigFile) -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert tls any any -> any any (msg:"SURICATA TLS overflow heartbeat encountered, possible exploit attempt (heartbleed)"; flow:established; app-layer-event:tls.overflow_heartbeat_message; flowint:tls.anomaly.count,+,1; classtype:protocol-command-decode; reference:cve,2014-0160; sid:2230012; rev:1;)" from file /etc/suricata/rules/tls-events.rules at line 22
>> > [16823] 20/3/2019 -- 20:01:34 - (detect-reference.c:139) <Error> (DetectReferenceParse) -- [ERRCODE: SC_ERR_REFERENCE_UNKNOWN(150)] - unknown reference key "cve". Supported keys are defined in reference.config file.  Please have a look at the conf param "reference-config-file"
>> > [16823] 20/3/2019 -- 20:01:34 - (detect-engine-loader.c:184) <Error> (DetectLoadSigFile) -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert tls any any -> any any (msg:"SURICATA TLS invalid heartbeat encountered, possible exploit attempt (heartbleed)"; flow:established; app-layer-event:tls.invalid_heartbeat_message; flowint:tls.anomaly.count,+,1; classtype:protocol-command-decode; reference:cve,2014-0160; sid:2230013; rev:1;)" from file /etc/suricata/rules/tls-events.rules at line 23
>> > [16823] 20/3/2019 -- 20:01:34 - (detect-reference.c:139) <Error> (DetectReferenceParse) -- [ERRCODE: SC_ERR_REFERENCE_UNKNOWN(150)] - unknown reference key "cve". Supported keys are defined in reference.config file.  Please have a look at the conf param "reference-config-file"
>> > [16823] 20/3/2019 -- 20:01:34 - (detect-engine-loader.c:184) <Error> (DetectLoadSigFile) -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert tls any any -> any any (msg:"SURICATA TLS invalid encrypted heartbeat encountered, possible exploit attempt (heartbleed)"; flow:established; app-layer-event:tls.dataleak_heartbeat_mismatch; flowint:tls.anomaly.count,+,1; classtype:protocol-command-decode; reference:cve,2014-0160; sid:2230014; rev:1;)" from file /etc/suricata/rules/tls-events.rules at line 24
>> > [16823] 20/3/2019 -- 20:01:34 - (suricata.c:2394) <Error> (LoadSignatures) -- [ERRCODE: SC_ERR_NO_RULES_LOADED(43)] - Loading signatures failed.
>> >
>> >
>> > On Wed, 20 Mar 2019 at 19:39, Shivani Bhardwaj <sbhardwaj at openinfosecfoundation.org> wrote:
>> >>
>> >> On Wed, Mar 20, 2019 at 7:13 PM Himanshi Mathur via Outreachy
>> >> <outreachy at lists.openinfosecfoundation.org> wrote:
>> >> >
>> >> > Hey Megha
>> >> > Please try running the command with writing sudo  in front since it says permission error and then send if you encounter further errors.
>> >> >
>> >> On a side note, Megha, please do not start a new thread for every
>> >> message of the same nature. Let the thread go on so that it becomes
>> >> easy to easy what have you done so far.
>> >>
>> >> > On Wed, Mar 20, 2019 at 2:51 PM megha Varshney via Outreachy <outreachy at lists.openinfosecfoundation.org> wrote:
>> >> >>
>> >> >> Greetings,
>> >> >> I am getting the below upon entering the commands
>> >> >> make-install
>> >> >>  /bin/bash ../libtool   --mode=install /usr/bin/install -c   libhtp.la '/usr/lib'
>> >> >> libtool: install: /usr/bin/install -c .libs/libhtp.so.2.0.0 /usr/lib/libhtp.so.2.0.0
>> >> >> /usr/bin/install: cannot create regular file '/usr/lib/libhtp.so.2.0.0': Permission denied
>> >> >> Makefile:419: recipe for target 'install-libLTLIBRARIES' failed
>> >> >> make[3]: *** [install-libLTLIBRARIES] Error 1
>> >> >> make[3]: Leaving directory '/home/megha/suricata/oisf/libhtp/htp'
>> >> >> Makefile:648: recipe for target 'install-am' failed
>> >> >> make[2]: *** [install-am] Error 2
>> >> >> make[2]: Leaving directory '/home/megha/suricata/oisf/libhtp/htp'
>> >> >> Makefile:472: recipe for target 'install-recursive' failed
>> >> >> make[1]: *** [install-recursive] Error 1
>> >> >> make[1]: Leaving directory '/home/megha/suricata/oisf/libhtp'
>> >> >> Makefile:499: recipe for target 'install-recursive' failed
>> >> >> make: *** [install-recursive] Error 1
>> >> >>
>> >> >> Please help.
>> >> >> Regards
>> >> >> Megha
>> >> >> _______________________________________________
>> >> >> Outreachy mailing list
>> >> >> Outreachy at lists.openinfosecfoundation.org
>> >> >> https://lists.openinfosecfoundation.org/listinfo/outreachy
>> >> >
>> >> >
>> >> >
>> >> > --
>> >> > Thanks and regards
>> >> > Himanshi Mathur
>> >> > CSE undergrad 2022
>> >> > IIIT DELHI
>> >> > _______________________________________________
>> >> > Outreachy mailing list
>> >> > Outreachy at lists.openinfosecfoundation.org
>> >> > https://lists.openinfosecfoundation.org/listinfo/outreachy
>> >>
>> >>
>> >>
>> >> --
>> >> Shivani
>>
>>
>>
>> --
>> Shivani



-- 
Shivani
Previous message (by thread): [OISF/outreachy] help needed in Suricata setup.
Next message (by thread): [OISF/outreachy] help needed in Suricata setup.
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
More information about the Outreachy mailing list