[Oisf-users] suricata-update: missing module(s)
James Moe
jimoe at sohnen-moe.com
Fri Nov 9 19:43:29 UTC 2018
On 08/11/2018 6.03 PM, Jason Ish wrote:
> I see that suricata-update is in /usr/bin, but your suricata is in
> /usr/local. Could you may have an old suricata-update install? If you
> did install suricata in /usr/local, try:
>
> /usr/local/bin/suricata-update
>
Ah, quite. That was the main issue with the invocation. And it worked
as expected without the additional arguments.
The next step: There are 14 errors reported by suricata-update, all of
them related to SMB, all with the error SC_ERR_INVALID_SIGNATURE.
...info...
8/11/2018 -- 18:57:16 - <Info> -- Writing rules to
/usr/local/var/lib/suricata/rules/suricata.rules: total: 23817; enabled:
18858; added: 23817; removed 0; modified: 0
8/11/2018 -- 18:57:17 - <Info> -- Testing with suricata -T.
8/11/2018 -- 18:57:17 - <Error> -- [ERRCODE:
SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert smb any
any -> any any (msg:"SURICATA SMB malformed request data";
flow:to_server; app-layer-event:smb.malformed_data;
classtype:protocol-command-decode; sid:2225002; rev:1;)" from file
/usr/local/var/lib/suricata/rules/suricata.rules at line 1089
...more...
8/11/2018 -- 18:57:18 - <Error> -- [ERRCODE: SC_ERR_NO_RULES_LOADED(43)]
- Loading signatures failed.
8/11/2018 -- 18:57:18 - <Error> -- Suricata test failed, aborting.
8/11/2018 -- 18:57:18 - <Error> -- Restoring previous rules.
--
James Moe
moe dot james at sohnen-moe dot com
520.743.3936
Think.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 195 bytes
Desc: OpenPGP digital signature
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20181109/d16dc872/attachment.sig>
More information about the Oisf-users
mailing list