[OISF/outreachy] Issue with the Ubuntu setup

Shivani Bhardwaj sbhardwaj at openinfosecfoundation.org
Tue Oct 13 06:04:39 UTC 2020

Previous message (by thread): [OISF/outreachy] Issue with the Ubuntu setup
Next message (by thread): [OISF/outreachy] Issue with the Ubuntu setup
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Tue, Oct 13, 2020 at 11:24 AM Riju Khatri <19.riju at gmail.com> wrote:
>
> Hi Shivani,
> Thank you for clarifying that.
> I went to the basic installation link, which led to the link to the basic setup and over there I found this under "Rule set management and download".
>
> So now, after your response, I just skipped that part and ran -
>
> sudo suricata -c /etc/suricata/suricata.yaml -i wlan0 --init-errors-fatal
>
You have to provide your interface that is handling the network
traffic with "-i". You can check that by doing an "ip a".

> Which gives me a warning like:
>
> 13/10/2020 -- 11:06:00 - <Warning> - [ERRCODE: SC_ERR_SYSCALL(50)] - Failure when trying to get MTU via ioctl for 'wlan0':
> No such device (19)
Then this error should not be there anymore.

> 13/10/2020 -- 11:06:00 - <Warning> - [ERRCODE: SC_ERR_NO_RULES(42)] - No rule files match the pattern
> /var/lib/suricata/rules/suricata.rules
>
This is just the file not found warning. If you run suricata-update
once, it'll generate this rule file for you.

> Because in suricata.yaml, we have suricata.rules specified in "rule-files". So, is this okay and nothing to be concerned about at the moment?
>
Nothing to worry about. And I have mentioned the fixes anyway so you
can try them out. It would be nice to get suricata working though if
you are going to contribute to Suricata-verify or suricata itself.

> Kind Regards,
> Riju
>
>
> On Tue, Oct 13, 2020 at 11:01 AM Shivani Bhardwaj <sbhardwaj at openinfosecfoundation.org> wrote:
>>
>> Hi, Riju!
>>
>> On Tue, Oct 13, 2020 at 3:51 AM Riju Khatri via Outreachy
>> <outreachy at lists.openinfosecfoundation.org> wrote:
>> >
>> > Hi,
>> > I had my Suricata setup on a Mac and I was facing some trouble with that, so I am trying to switch over to Ubuntu, since I recently learned that this is the recommended way.
>> > I am stuck at one of the steps under Rule Management with Oinkmaster where we have to run:
>> >
>> > sudo oinkmaster -C /etc/oinkmaster.conf -o /etc/suricata/rules
>> >
>> oinkmaster is not our tool of updation. Could you please tell me where
>> you are following the installation guide from?
>> You do not need to use oinkmaster for Suricata. We have our own tool
>> for rule management called Suricata-update
>> (https://github.com/oisf/suricata-update). Please use that.
>>
>> > and we expect that in the new rules directory a classification.config and a reference.config can be found.
>> >
>> > But after I ran that command, I did find a classification.config there but not any reference.config.
>> > Would someone know why this must have happened?
>> >
>> > I am unsure about how the contents of this new one differ from the contents of reference.config under /etc/suricata, so would copying the file from this location to /etc/suricata/rules work?
>> >
>> >
>> > Thank you,
>> > Riju
>> >
>> > _______________________________________________
>> > Outreachy mailing list
>> > Outreachy at lists.openinfosecfoundation.org
>> > https://lists.openinfosecfoundation.org/listinfo/outreachy
>>
>>
>>
>> --
>> Shivani
>> Junior Developer, OISF



-- 
Shivani
Junior Developer, OISF

Previous message (by thread): [OISF/outreachy] Issue with the Ubuntu setup
Next message (by thread): [OISF/outreachy] Issue with the Ubuntu setup
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the Outreachy mailing list