[Oisf-users] Configuring Suricata Auto Update with Briar IDS

Shivani Bhardwaj shivanib134 at gmail.com
Fri Jan 25 05:25:31 UTC 2019


On Fri, Jan 25, 2019 at 10:16 AM <419telegraph298 at protonmail.com> wrote:
>
> Hi - did you have something to add?
>
I don't think I have anything to add for the file permission issue. If
you see it happening despite the correct permissions, please let us
know.

About the OOM errors you're facing, we're currently investigating that
and it is being tracked here:
https://redmine.openinfosecfoundation.org/issues/2791
Thanks for reporting this.
>
> Sent from ProtonMail, encrypted email based in Switzerland.
>
> Sent with ProtonMail Secure Email.
>
> ‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐
> On Wednesday, January 23, 2019 12:56 AM, Shivani Bhardwaj <shivanib134 at gmail.com> wrote:
>
> > Hello!
> >
> > On Wed, Jan 23, 2019 at 6:06 AM 419telegraph298 at protonmail.com wrote:
> >
> > > Thanks Jason, I tried to change the path as you specified and got this:
> > > Traceback (most recent call last):
> > > File "/usr/local/bin/suricata-update", line 33, in <module>
> > > sys.exit(main.main())
> > > File "/usr/local/lib/python2.7/dist-packages/suricata/update/main.py", line 1454, in main
> > > sys.exit(_main())
> > > File "/usr/local/lib/python2.7/dist-packages/suricata/update/main.py", line 1196, in _main
> > > config.init(args)
> > > File "/usr/local/lib/python2.7/dist-packages/suricata/update/config.py", line 202, in init
> > > build_info = suricata.update.engine.get_build_info(_config["suricata"])
> > > File "/usr/local/lib/python2.7/dist-packages/suricata/update/engine.py", line 39, in get_build_info
> > > build_info_output = subprocess.check_output([suricata, "--build-info"])
> > > File "/usr/lib/python2.7/subprocess.py", line 212, in check_output
> > > process = Popen(stdout=PIPE, *popenargs, **kwargs)
> > > File "/usr/lib/python2.7/subprocess.py", line 390, in init
> > > errread, errwrite)
> > > File "/usr/lib/python2.7/subprocess.py", line 1024, in _execute_child
> > > raise child_exception
> > > OSError: [Errno 13] Permission denied
> >
> > The path you're trying to specify is inaccessible to the user running
> > suricata-update. Please check the permissions and the owner of the
> > directory. It is usually a good practice to make a suricata group,
> > give correct permissions to that and add the user to suricata group.
> > You can find more about it here:
> > https://suricata-update.readthedocs.io/en/latest/quickstart.html#directories-and-permissions
> >
> > > Sent from ProtonMail, encrypted email based in Switzerland.
> > > Sent with ProtonMail Secure Email.
> > > ‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐
> > > On Monday, January 21, 2019 10:22 AM, Jason Ish ish at unx.ca wrote:
> > >
> > > > On 2019-01-19 3:44 p.m., 419telegraph298 at protonmail.com wrote:
> > > >
> > > > > Hey everyone,
> > > > > I recently installed Suricata on a Raspberry Pi 3 using the Briar IDS
> > > > >
> > > > > -   https://github.com/musicmancorley/BriarIDS
> > > > >     I then attempted to install Suricata-Update, however, and am running
> > > > >     into issues, I suspect because Briar installed suricata-4.0.4 in
> > > > >     /usr/local/src but auto-update is in /var/lib/suricata. Suricata stops
> > > > >     running every day instead of updating, and I have to relaunch the
> > > > >     program manually. It does not have any issues collecting traffic when I
> > > > >     relaunch.
> > > > >     It fails to locate the binary for Suricata and gives me the error "No
> > > > >     distribution rule directory found" but has been able to update my
> > > > >     rulesets in */usr/local/src/suricata-4.0.4/rules. *Do I need to move my
> > > > >     config file?
> > > > >
> > > >
> > > > This will happen if suricata-update and suricata are installed
> > > > separately of each other and have different prefixes. Your best bet is
> > > > to tell suricata-update where your suricata is:
> > > > suricata-update --suricata /path/to/suricata
> > > > As for Suricata stopping. It doesn't look like you have suricata-update
> > > > setup to trigger suricata, so maybe the memory issue the other user
> > > > posted could be the cause?
> > > > Jason
> > > > Suricata IDS Users mailing list: oisf-users at openinfosecfoundation.org
> > > > Site: http://suricata-ids.org | Support: http://suricata-ids.org/support/
> > > > List: https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
> > > > Conference: https://suricon.net
> > > > Trainings: https://suricata-ids.org/training/
> > >
> > > Suricata IDS Users mailing list: oisf-users at openinfosecfoundation.org
> > > Site: http://suricata-ids.org | Support: http://suricata-ids.org/support/
> > > List: https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
> > > Conference: https://suricon.net
> > > Trainings: https://suricata-ids.org/training/
> >
> > --
> >
> > Shivani
> > https://about.me/shivani.bhardwaj
>
>


-- 
Shivani
https://about.me/shivani.bhardwaj


More information about the Oisf-users mailing list