From mboxrd@z Thu Jan 1 00:00:00 1970 From: Stefan Schantl To: development@lists.ipfire.org Subject: Re: IDS with support for multiple ruleset providers Date: Sun, 11 Apr 2021 10:46:32 +0200 Message-ID: <93f244d0ec9d47aa2bd426cb45b9d769ccc55c25.camel@ipfire.org> In-Reply-To: <7cc1af73a3f9fe0eac99acdd64751b5253914e73.camel@ipfire.org> MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="===============1802331852916123338==" List-Id: --===============1802331852916123338== Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Hello again, I've tested and uploaded the fourth test verstion. https://people.ipfire.org/~stevee/ids-multiple-providers/ids-multiple-provide= rs-004.tar.gz This time the ownership of all files are correct at my test system. (Tested with ruleset changes and without) Best regards, -Stefan > Best regards, >=20 > -Stefan >=20 > > Hi Stefan, > >=20 > > I copied the new tarfile to my ipfire vm testbed machine and > > extracted it and ran the converter script. No errors. I then used > > the > > wui page to add a new provider to the list then selected to > > customize > > the rules and ticked the box for the added rules. Then I pressed > > apply and got a blank white screen again. > >=20 > >=20 > > The error log has the following:- > >=20 > > Smartmatch is experimental at /srv/web/ipfire/cgi-bin/ids.cgi line > > 288. > > Smartmatch is experimental at /srv/web/ipfire/cgi-bin/ids.cgi line > > 288. > > Smartmatch is experimental at /srv/web/ipfire/cgi-bin/ids.cgi line > > 288. > > Smartmatch is experimental at /srv/web/ipfire/cgi-bin/ids.cgi line > > 288. > > Smartmatch is experimental at /srv/web/ipfire/cgi-bin/ids.cgi line > > 288. > > Smartmatch is experimental at /srv/web/ipfire/cgi-bin/ids.cgi line > > 288. > > Could not open /var/ipfire/suricata/oinkmaster-provider- > > includes.conf. Permission denied > >=20 > >=20 > > ls- hal of /var/ipfire/suricata shows the following > >=20 > > drwxr-xr-x 2 nobody nobody 4.0K Apr 10 22:47 . > > drwxr-xr-x 49 root root 4.0K Apr 5 08:20 .. > > -rw-r--r-- 1 nobody nobody 0 Dec 14 19:05 ignored > > -rw-r--r-- 1 root root 21K Apr 1 20:00 oinkmaster.conf > > -rw-r--r-- 1 nobody nobody 61 Apr 10 14:40 oinkmaster-modify- > > sids.conf > > -rw-r--r-- 1 root root 0 Apr 10 14:54 oinkmaster-provider- > > includes.conf > > -rw-r--r-- 1 nobody nobody 55 Apr 10 22:47 providers-settings > > -rw-r--r-- 1 root root 6.0K Apr 5 07:13 ruleset-sources > > -rw-r--r-- 1 nobody nobody 102 Apr 10 14:54 settings > > -rw-r--r-- 1 nobody nobody 140 Apr 10 22:41 suricata-dns- > > servers.yaml > > -rw-r--r-- 1 nobody nobody 125 Apr 10 14:54 suricata-emerging- > > used- > > rulefiles.yaml > > -rw-r--r-- 1 nobody nobody 159 Apr 10 22:41 suricata-homenet.yaml > > -rw-r--r-- 1 nobody nobody 98 Apr 10 14:40 suricata-http- > > ports.yaml > > -rw-r--r-- 1 nobody nobody 95 Apr 10 14:54 suricata-static- > > included-rulefiles.yaml > > -rw-r--r-- 1 nobody nobody 76 Apr 10 22:47 suricata-urlhaus- > > used- > > rulefiles.yaml > > -rw-r--r-- 1 nobody nobody 214 Apr 10 14:54 suricata-used- > > providers.yaml > >=20 > > Three of the files are owned root:root while all the others are > > nobody:nobody > >=20 > >=20 > > The above was with extracting and applying the updated tar file on > > top of IPFire after running the last version. > >=20 > > I will do a fresh clone of my IPFire vm and then repeat the tar > > extraction and convert and see if that gives any difference. > >=20 > >=20 > > Regards, > >=20 > > Adolf > >=20 > > On 10/04/2021 20:25, Stefan Schantl wrote: > > > Hello list followers, > > >=20 > > > after getting a lot of feedback and bug reports I'm happy to > > > announce the third test version for the new IDS system. > > >=20 > > > https://people.ipfire.org/~stevee/ids-multiple-providers/ids-multiple-p= roviders-003.tar.gz > > >=20 > > > If you just join testing, please omit the installation > > > instructions > > > from the initial Mail from this list. > > >=20 > > > The converter script now works as expected and runs very smooth. > > >=20 > > > As usual please post your feedback and opinions to this list and > > > any > > > remain bugs to our bugtracker. (https://bugzilla.ipfire.org) > > >=20 > > > A big thanks in advance, > > >=20 > > > -Stefan > > >=20 --===============1802331852916123338==--