[OISF/outreachy] Issue with the Ubuntu setup

Riju Khatri 19.riju at gmail.com
Tue Oct 13 05:53:10 UTC 2020

Previous message (by thread): [OISF/outreachy] Issue with the Ubuntu setup
Next message (by thread): [OISF/outreachy] Issue with the Ubuntu setup
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi Shivani,
Thank you for clarifying that.
I went to the basic installation link, which led to the link to the basic
setup and over there I found this under "Rule set management and download".

So now, after your response, I just skipped that part and ran -

sudo suricata -c /etc/suricata/suricata.yaml -i wlan0 --init-errors-fatal

Which gives me a warning like:

13/10/2020 -- 11:06:00 - <Warning> - [ERRCODE: SC_ERR_SYSCALL(50)] -
Failure when trying to get MTU via ioctl for 'wlan0':
No such device (19)
13/10/2020 -- 11:06:00 - <Warning> - [ERRCODE: SC_ERR_NO_RULES(42)] -
No rule files match the pattern
/var/lib/suricata/rules/suricata.rules

Because in suricata.yaml, we have suricata.rules specified in
"rule-files". So, is this okay and nothing to be concerned about at
the moment?

Kind Regards,
Riju


On Tue, Oct 13, 2020 at 11:01 AM Shivani Bhardwaj <
sbhardwaj at openinfosecfoundation.org> wrote:

> Hi, Riju!
>
> On Tue, Oct 13, 2020 at 3:51 AM Riju Khatri via Outreachy
> <outreachy at lists.openinfosecfoundation.org> wrote:
> >
> > Hi,
> > I had my Suricata setup on a Mac and I was facing some trouble with
> that, so I am trying to switch over to Ubuntu, since I recently learned
> that this is the recommended way.
> > I am stuck at one of the steps under Rule Management with Oinkmaster
> where we have to run:
> >
> > sudo oinkmaster -C /etc/oinkmaster.conf -o /etc/suricata/rules
> >
> oinkmaster is not our tool of updation. Could you please tell me where
> you are following the installation guide from?
> You do not need to use oinkmaster for Suricata. We have our own tool
> for rule management called Suricata-update
> (https://github.com/oisf/suricata-update). Please use that.
>
> > and we expect that in the new rules directory a classification.config
> and a reference.config can be found.
> >
> > But after I ran that command, I did find a classification.config there
> but not any reference.config.
> > Would someone know why this must have happened?
> >
> > I am unsure about how the contents of this new one differ from the
> contents of reference.config under /etc/suricata, so would copying the file
> from this location to /etc/suricata/rules work?
> >
> >
> > Thank you,
> > Riju
> >
> > _______________________________________________
> > Outreachy mailing list
> > Outreachy at lists.openinfosecfoundation.org
> > https://lists.openinfosecfoundation.org/listinfo/outreachy
>
>
>
> --
> Shivani
> Junior Developer, OISF
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/outreachy/attachments/20201013/aad85cee/attachment-0001.html>

Previous message (by thread): [OISF/outreachy] Issue with the Ubuntu setup
Next message (by thread): [OISF/outreachy] Issue with the Ubuntu setup
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the Outreachy mailing list