[OISF/outreachy] Issue with the Ubuntu setup

[Riju Khatri]

Thank you Shivani! This worked :)

> On 13-Oct-2020, at 11:34 AM, Shivani Bhardwaj <sbhardwaj at openinfosecfoundation.org> wrote:
> 
> On Tue, Oct 13, 2020 at 11:24 AM Riju Khatri <19.riju at gmail.com <mailto:19.riju at gmail.com>> wrote:
>> 
>> Hi Shivani,
>> Thank you for clarifying that.
>> I went to the basic installation link, which led to the link to the basic setup and over there I found this under "Rule set management and download".
>> 
>> So now, after your response, I just skipped that part and ran -
>> 
>> sudo suricata -c /etc/suricata/suricata.yaml -i wlan0 --init-errors-fatal
>> 
> You have to provide your interface that is handling the network
> traffic with "-i". You can check that by doing an "ip a".
> 
>> Which gives me a warning like:
>> 
>> 13/10/2020 -- 11:06:00 - <Warning> - [ERRCODE: SC_ERR_SYSCALL(50)] - Failure when trying to get MTU via ioctl for 'wlan0':
>> No such device (19)
> Then this error should not be there anymore.
> 
>> 13/10/2020 -- 11:06:00 - <Warning> - [ERRCODE: SC_ERR_NO_RULES(42)] - No rule files match the pattern
>> /var/lib/suricata/rules/suricata.rules
>> 
> This is just the file not found warning. If you run suricata-update
> once, it'll generate this rule file for you.
> 
>> Because in suricata.yaml, we have suricata.rules specified in "rule-files". So, is this okay and nothing to be concerned about at the moment?
>> 
> Nothing to worry about. And I have mentioned the fixes anyway so you
> can try them out. It would be nice to get suricata working though if
> you are going to contribute to Suricata-verify or suricata itself.
> 
>> Kind Regards,
>> Riju
>> 
>> 
>> On Tue, Oct 13, 2020 at 11:01 AM Shivani Bhardwaj <sbhardwaj at openinfosecfoundation.org> wrote:
>>> 
>>> Hi, Riju!
>>> 
>>> On Tue, Oct 13, 2020 at 3:51 AM Riju Khatri via Outreachy
>>> <outreachy at lists.openinfosecfoundation.org> wrote:
>>>> 
>>>> Hi,
>>>> I had my Suricata setup on a Mac and I was facing some trouble with that, so I am trying to switch over to Ubuntu, since I recently learned that this is the recommended way.
>>>> I am stuck at one of the steps under Rule Management with Oinkmaster where we have to run:
>>>> 
>>>> sudo oinkmaster -C /etc/oinkmaster.conf -o /etc/suricata/rules
>>>> 
>>> oinkmaster is not our tool of updation. Could you please tell me where
>>> you are following the installation guide from?
>>> You do not need to use oinkmaster for Suricata. We have our own tool
>>> for rule management called Suricata-update
>>> (https://github.com/oisf/suricata-update). Please use that.
>>> 
>>>> and we expect that in the new rules directory a classification.config and a reference.config can be found.
>>>> 
>>>> But after I ran that command, I did find a classification.config there but not any reference.config.
>>>> Would someone know why this must have happened?
>>>> 
>>>> I am unsure about how the contents of this new one differ from the contents of reference.config under /etc/suricata, so would copying the file from this location to /etc/suricata/rules work?
>>>> 
>>>> 
>>>> Thank you,
>>>> Riju
>>>> 
>>>> _______________________________________________
>>>> Outreachy mailing list
>>>> Outreachy at lists.openinfosecfoundation.org
>>>> https://lists.openinfosecfoundation.org/listinfo/outreachy
>>> 
>>> 
>>> 
>>> --
>>> Shivani
>>> Junior Developer, OISF
> 
> 
> 
> -- 
> Shivani
> Junior Developer, OISF

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/outreachy/attachments/20201013/07d59a34/attachment-0001.html>