From mboxrd@z Thu Jan 1 00:00:00 1970 From: Adolf Belka To: development@lists.ipfire.org Subject: Re: IDS with support for multiple ruleset providers Date: Sat, 10 Apr 2021 23:17:50 +0200 Message-ID: <048dd4a8-cf03-c898-eee3-ca2bf545b677@ipfire.org> In-Reply-To: MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="===============7339193207463005965==" List-Id: --===============7339193207463005965== Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Hi Stefan, I did a fresh install of the latest tar file and ran the convert script. It r= an for a bit longer than in the past and then stopped with no errors. I then went to the WUI page and it showed "Downloading and unpacking new rule= set. Please wait until all operations have completed successfully..." It is still showing that message after more than 5 minutes and the error log = has a large number of the following lines in it:- Smartmatch is experimental at /srv/web/ipfire/cgi-bin/ids.cgi line 288. Smartmatch is experimental at /srv/web/ipfire/cgi-bin/ids.cgi line 288. Smartmatch is experimental at /srv/web/ipfire/cgi-bin/ids.cgi line 288. Smartmatch is experimental at /srv/web/ipfire/cgi-bin/ids.cgi line 288. The number of lines keeps increasing with time so it seems something is in a = loop. So this time I never even got to see the IDS WUI page. Reloading the IP= Fire browser and re-selecting IDS gives the same message. Regards, Adolf. On 10/04/2021 22:56, Adolf Belka wrote: > Hi Stefan, > > I copied the new tarfile to my ipfire vm testbed machine and extracted it a= nd ran the converter script. No errors. I then used the wui page to add a new= provider to the list then selected to customize the rules and ticked the box= for the added rules. Then I pressed apply and got a blank white screen again. > > > The error log has the following:- > > Smartmatch is experimental at /srv/web/ipfire/cgi-bin/ids.cgi line 288. > Smartmatch is experimental at /srv/web/ipfire/cgi-bin/ids.cgi line 288. > Smartmatch is experimental at /srv/web/ipfire/cgi-bin/ids.cgi line 288. > Smartmatch is experimental at /srv/web/ipfire/cgi-bin/ids.cgi line 288. > Smartmatch is experimental at /srv/web/ipfire/cgi-bin/ids.cgi line 288. > Smartmatch is experimental at /srv/web/ipfire/cgi-bin/ids.cgi line 288. > Could not open /var/ipfire/suricata/oinkmaster-provider-includes.conf. Perm= ission denied > > > ls- hal of /var/ipfire/suricata shows the following > > drwxr-xr-x=C2=A0 2 nobody nobody 4.0K Apr 10 22:47 . > drwxr-xr-x 49 root=C2=A0=C2=A0 root=C2=A0=C2=A0 4.0K Apr=C2=A0 5 08:20 .. > -rw-r--r--=C2=A0 1 nobody nobody=C2=A0=C2=A0=C2=A0 0 Dec 14 19:05 ignored > -rw-r--r--=C2=A0 1 root=C2=A0=C2=A0 root=C2=A0=C2=A0=C2=A0 21K Apr=C2=A0 1 = 20:00 oinkmaster.conf > -rw-r--r--=C2=A0 1 nobody nobody=C2=A0=C2=A0 61 Apr 10 14:40 oinkmaster-mod= ify-sids.conf > -rw-r--r--=C2=A0 1 root=C2=A0=C2=A0 root=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 0 Ap= r 10 14:54 oinkmaster-provider-includes.conf > -rw-r--r--=C2=A0 1 nobody nobody=C2=A0=C2=A0 55 Apr 10 22:47 providers-sett= ings > -rw-r--r--=C2=A0 1 root=C2=A0=C2=A0 root=C2=A0=C2=A0 6.0K Apr=C2=A0 5 07:13= ruleset-sources > -rw-r--r--=C2=A0 1 nobody nobody=C2=A0 102 Apr 10 14:54 settings > -rw-r--r--=C2=A0 1 nobody nobody=C2=A0 140 Apr 10 22:41 suricata-dns-server= s.yaml > -rw-r--r--=C2=A0 1 nobody nobody=C2=A0 125 Apr 10 14:54 suricata-emerging-u= sed-rulefiles.yaml > -rw-r--r--=C2=A0 1 nobody nobody=C2=A0 159 Apr 10 22:41 suricata-homenet.ya= ml > -rw-r--r--=C2=A0 1 nobody nobody=C2=A0=C2=A0 98 Apr 10 14:40 suricata-http-= ports.yaml > -rw-r--r--=C2=A0 1 nobody nobody=C2=A0=C2=A0 95 Apr 10 14:54 suricata-stati= c-included-rulefiles.yaml > -rw-r--r--=C2=A0 1 nobody nobody=C2=A0=C2=A0 76 Apr 10 22:47 suricata-urlha= us-used-rulefiles.yaml > -rw-r--r--=C2=A0 1 nobody nobody=C2=A0 214 Apr 10 14:54 suricata-used-provi= ders.yaml > > Three of the files are owned root:root while all the others are nobody:nobo= dy > > > The above was with extracting and applying the updated tar file on top of I= PFire after running the last version. > > I will do a fresh clone of my IPFire vm and then repeat the tar extraction = and convert and see if that gives any difference. > > > Regards, > > Adolf > > On 10/04/2021 20:25, Stefan Schantl wrote: >> Hello list followers, >> >> after getting a lot of feedback and bug reports I'm happy to >> announce the third test version for the new IDS system. >> >> https://people.ipfire.org/~stevee/ids-multiple-providers/ids-multiple-prov= iders-003.tar.gz >> >> If you just join testing, please omit the installation instructions >> from the initial Mail from this list. >> >> The converter script now works as expected and runs very smooth. >> >> As usual please post your feedback and opinions to this list and any >> remain bugs to our bugtracker. (https://bugzilla.ipfire.org) >> >> A big thanks in advance, >> >> -Stefan >> --===============7339193207463005965==--