[OISF/outreachy] Task #2879 help needed

Shivani Bhardwaj sbhardwaj at openinfosecfoundation.org
Sun Mar 31 18:58:04 UTC 2019 

On Sun, Mar 31, 2019 at 10:36 PM megha Varshney
<varshney.megha070 at gmail.com> wrote:
>
> Greetings,
> After running suricata-update forcefully I am getting this.
> 31/3/2019 -- 20:59:48 - <Info> -- Using data-directory /usr/local/var/lib/suricata.
> 31/3/2019 -- 20:59:48 - <Info> -- Using Suricata configuration /usr/local/etc/suricata/suricata.yaml
> 31/3/2019 -- 20:59:48 - <Info> -- Using /usr/local/etc/suricata/rules for Suricata provided rules.
> 31/3/2019 -- 20:59:48 - <Info> -- Found Suricata version 5.0.0-dev at /usr/local/bin/suricata.
> 31/3/2019 -- 20:59:48 - <Info> -- Loading /usr/local/etc/suricata/suricata.yaml
> 31/3/2019 -- 20:59:48 - <Error> -- [ERRCODE: SC_ERR_FATAL(171)] - failed to open file: /usr/local/etc/suricata/suricata.yaml: Permission denied
> Traceback (most recent call last):
>   File "./bin/suricata-update", line 33, in <module>
>     sys.exit(main.main())
>   File "/home/megha/suricata/suricata-update/suricata/update/main.py", line 1468, in main
>     sys.exit(_main())
>   File "/home/megha/suricata/suricata-update/suricata/update/main.py", line 1300, in _main
>     config.get("suricata-conf"), suricata_path=suricata_path)
>   File "/home/megha/suricata/suricata-update/suricata/update/engine.py", line 96, in load
>     env=env)
>   File "/home/megha/anaconda3/lib/python3.6/subprocess.py", line 356, in check_output
>     **kwargs).stdout
>   File "/home/megha/anaconda3/lib/python3.6/subprocess.py", line 438, in run
>     output=stdout, stderr=stderr)
> subprocess.CalledProcessError: Command '['/usr/local/bin/suricata', '-c', '/usr/local/etc/suricata/suricata.yaml', '--dump-config']' returned non-zero exit status 1.
>
> I don't have a file named as suricata.rules

Hmm. But I do not see that in the error log you've posted. Seems like
a permission issue.
suricata.rules is generated automatically and if it is not there
things won't fall apart like this.

> Regards
> Megha
>
>
>
> On Sun, 31 Mar 2019 at 18:55, megha Varshney <varshney.megha070 at gmail.com> wrote:
>>
>> Greetings,
>> I have raised a pull request but haven't tested my code as yet. I followed the aforementioned test routine but was unclear with copying rules part.
>> Please review my PR and let me know the necessary changes.
>>
>> Regards
>> Megha
>>
>> On Sun, 31 Mar 2019 at 14:03, Shivani Bhardwaj <sbhardwaj at openinfosecfoundation.org> wrote:
>>>
>>> Hi, Megha!
>>>
>>> On Sat, Mar 30, 2019 at 12:14 PM megha Varshney
>>> <varshney.megha070 at gmail.com> wrote:
>>> >
>>> > Greetings,
>>> > I made changes to main.py file such that whenever a duplicate sid is encountered it will log a warning. I am trying testing my code, I wanted to ask if , do I need to make changes to rule.py file if yes, what changes do i need to make.
>>> Did you try and follow the test routine that I shared with you? Are
>>> you able to see the results as per the changes you made in your
>>> main.py? If yes, then you do not need to make any changes to any other
>>> file. Maybe I am unclear about your question yet again, so if you are
>>> not seeing the results of testing, there may be something wrong with
>>> the changes you made and/or performing the test routine. So, it would
>>> be helpful for me to answer if you target the specific question out of
>>> these. And, if there is something concerning your code, maybe sending
>>> a PR would be nice so that we can review and leave comments on whether
>>> the code is correct.
>>>
>>> > Regards
>>> > Megha
>>> >
>>> > On Sat, 30 Mar 2019 at 00:38, Shivani Bhardwaj <sbhardwaj at openinfosecfoundation.org> wrote:
>>> >>
>>> >> On Fri, Mar 29, 2019 at 10:05 PM megha Varshney
>>> >> <varshney.megha070 at gmail.com> wrote:
>>> >> >
>>> >> > Greetings,
>>> >> > Thank you so much for the above article but I was unable to test my code. I ain't getting from where do I need to copy the rules.
>>> >> >
>>> >> I do not understand. Could you please explain what have you done so
>>> >> far and what are you trying to achieve?
>>> >>
>>> >> > Regards,
>>> >> > Megha
>>> >> >
>>> >> > On Mon, 25 Mar 2019 at 17:13, Shivani Bhardwaj <sbhardwaj at openinfosecfoundation.org> wrote:
>>> >> >>
>>> >> >> Hi, Megha!
>>> >> >>
>>> >> >> On Sat, Mar 23, 2019 at 2:26 AM megha Varshney
>>> >> >> <varshney.megha070 at gmail.com> wrote:
>>> >> >> >
>>> >> >> > Greetings,
>>> >> >> > Could you please help me in testing my code?
>>> >> >>
>>> >> >> I just wrote a test routine here for you:
>>> >> >> https://gist.github.com/shivan1b/be0cee4e9edcd63f678ac806abbc0291
>>> >> >>
>>> >> >> After applying the changes, you should look for the log message that
>>> >> >> you have written in the last step on console justifying your case.
>>> >> >>
>>> >> >> Let me know if you need more help.
>>> >> >>
>>> >> >> > Regards
>>> >> >> > Megha
>>> >> >> >
>>> >> >> > On Mon, 18 Mar 2019 at 13:52, Shivani Bhardwaj <sbhardwaj at openinfosecfoundation.org> wrote:
>>> >> >> >>
>>> >> >> >> Hi Megha!
>>> >> >> >>
>>> >> >> >> On Sat, Mar 16, 2019 at 1:33 AM megha Varshney
>>> >> >> >> <varshney.megha070 at gmail.com> wrote:
>>> >> >> >> >
>>> >> >> >> > Greetings,
>>> >> >> >> > Do I need to include the following code snippet in build_rule_map function of the main.py file?
>>> >> >> >> > FORMAT = '%(version)s %(message)s'
>>> >> >> >> > logging.basicConfig(format=FORMAT)
>>> >> >> >> > d={'version: rule'}
>>> >> >> >> > logger = logging.getLogger('tcpserver')
>>> >> >> >> > logger.warning('Found duplicate rule ID %s', 'keeping one with higher revision')
>>> >> >> >> >
>>> >> >> >>
>>> >> >> >> Please do a "Reply-all" in all your emails so that if I am unavailable
>>> >> >> >> (like I was for past two days) someone else can help you. You should
>>> >> >> >> try and ask for code reviews only on the PRs you send. However, if you
>>> >> >> >> need any help with understanding the issue, testing routine, etc
>>> >> >> >> you're free to ask. Please make sure to have tested the code before
>>> >> >> >> you send a PR.
>>> >> >> >>
>>> >> >> >> > Regards,
>>> >> >> >> > Megha
>>> >> >> >> >
>>> >> >> >> >
>>> >> >> >> > On Fri, 15 Mar 2019 at 14:54, megha Varshney <varshney.megha070 at gmail.com> wrote:
>>> >> >> >> >>
>>> >> >> >> >> Thanks a lot. Will try looking for this.
>>> >> >> >> >>
>>> >> >> >> >> On Fri, 15 Mar 2019 at 14:48, Shivani Bhardwaj <sbhardwaj at openinfosecfoundation.org> wrote:
>>> >> >> >> >>>
>>> >> >> >> >>> On Fri, Mar 15, 2019 at 2:38 PM megha Varshney via Outreachy
>>> >> >> >> >>> <outreachy at lists.openinfosecfoundation.org> wrote:
>>> >> >> >> >>> >
>>> >> >> >> >>> > Greetings,
>>> >> >> >> >>> > I read the documentation and tried understanding the code snippets but I couldn't get, where do I need to start in order to complete the task assigned.
>>> >> >> >> >>> >
>>> >> >> >> >>> Maybe this will be helpful to know what sid is:
>>> >> >> >> >>> https://suricata.readthedocs.io/en/suricata-4.1.2/rules/meta.html#sid-signature-id
>>> >> >> >> >>> As Jason had mentioned in the issue that it has already been
>>> >> >> >> >>> implemented, your task is to look up the code of suricata-update and
>>> >> >> >> >>> see where sids are being processed for duplicate IDs.
>>> >> >> >> >>> Does this make sense?
>>> >> >> >> >>>
>>> >> >> >> >>> > Regards,
>>> >> >> >> >>> > Megha Varshney
>>> >> >> >> >>> > _______________________________________________
>>> >> >> >> >>> > Outreachy mailing list
>>> >> >> >> >>> > Outreachy at lists.openinfosecfoundation.org
>>> >> >> >> >>> > https://lists.openinfosecfoundation.org/listinfo/outreachy
>>> >> >> >> >>>
>>> >> >> >> >>>
>>> >> >> >> >>>
>>> >> >> >> >>> --
>>> >> >> >> >>> Shivani
>>> >> >> >>
>>> >> >> >>
>>> >> >> >>
>>> >> >> >> --
>>> >> >> >> Shivani
>>> >> >>
>>> >> >>
>>> >> >>
>>> >> >> --
>>> >> >> Shivani
>>> >>
>>> >>
>>> >>
>>> >> --
>>> >> Shivani
>>>
>>>
>>>
>>> --
>>> Shivani



-- 
Shivani

More information about the Outreachy mailing list