From: Adolf Belka <adolf.belka@ipfire.org>
To: development@lists.ipfire.org
Subject: Re: IDS with support for multiple ruleset providers
Date: Sun, 11 Apr 2021 11:49:02 +0200 [thread overview]
Message-ID: <98ce3c42-e304-dd1a-732a-2cc08be21d08@ipfire.org> (raw)
In-Reply-To: <93f244d0ec9d47aa2bd426cb45b9d769ccc55c25.camel@ipfire.org>
[-- Attachment #1: Type: text/plain, Size: 4273 bytes --]
Hi Stefan,
I have installed the new version from scratch in my ipfire vm testbed. I followed "all" the instructions this time :-)
I was able to add additional providers and then go and select the rules I wanted and had no problems at all.
Looks like all fixed. I will do further evaluation of it over the next few days and let you know how things go for me.
Regards,
Adolf.
On 11/04/2021 10:46, Stefan Schantl wrote:
> Hello again,
>
> I've tested and uploaded the fourth test verstion.
>
> https://people.ipfire.org/~stevee/ids-multiple-providers/ids-multiple-providers-004.tar.gz
>
> This time the ownership of all files are correct at my test system.
>
> (Tested with ruleset changes and without)
>
> Best regards,
>
> -Stefan
>
>> Best regards,
>>
>> -Stefan
>>
>>> Hi Stefan,
>>>
>>> I copied the new tarfile to my ipfire vm testbed machine and
>>> extracted it and ran the converter script. No errors. I then used
>>> the
>>> wui page to add a new provider to the list then selected to
>>> customize
>>> the rules and ticked the box for the added rules. Then I pressed
>>> apply and got a blank white screen again.
>>>
>>>
>>> The error log has the following:-
>>>
>>> Smartmatch is experimental at /srv/web/ipfire/cgi-bin/ids.cgi line
>>> 288.
>>> Smartmatch is experimental at /srv/web/ipfire/cgi-bin/ids.cgi line
>>> 288.
>>> Smartmatch is experimental at /srv/web/ipfire/cgi-bin/ids.cgi line
>>> 288.
>>> Smartmatch is experimental at /srv/web/ipfire/cgi-bin/ids.cgi line
>>> 288.
>>> Smartmatch is experimental at /srv/web/ipfire/cgi-bin/ids.cgi line
>>> 288.
>>> Smartmatch is experimental at /srv/web/ipfire/cgi-bin/ids.cgi line
>>> 288.
>>> Could not open /var/ipfire/suricata/oinkmaster-provider-
>>> includes.conf. Permission denied
>>>
>>>
>>> ls- hal of /var/ipfire/suricata shows the following
>>>
>>> drwxr-xr-x 2 nobody nobody 4.0K Apr 10 22:47 .
>>> drwxr-xr-x 49 root root 4.0K Apr 5 08:20 ..
>>> -rw-r--r-- 1 nobody nobody 0 Dec 14 19:05 ignored
>>> -rw-r--r-- 1 root root 21K Apr 1 20:00 oinkmaster.conf
>>> -rw-r--r-- 1 nobody nobody 61 Apr 10 14:40 oinkmaster-modify-
>>> sids.conf
>>> -rw-r--r-- 1 root root 0 Apr 10 14:54 oinkmaster-provider-
>>> includes.conf
>>> -rw-r--r-- 1 nobody nobody 55 Apr 10 22:47 providers-settings
>>> -rw-r--r-- 1 root root 6.0K Apr 5 07:13 ruleset-sources
>>> -rw-r--r-- 1 nobody nobody 102 Apr 10 14:54 settings
>>> -rw-r--r-- 1 nobody nobody 140 Apr 10 22:41 suricata-dns-
>>> servers.yaml
>>> -rw-r--r-- 1 nobody nobody 125 Apr 10 14:54 suricata-emerging-
>>> used-
>>> rulefiles.yaml
>>> -rw-r--r-- 1 nobody nobody 159 Apr 10 22:41 suricata-homenet.yaml
>>> -rw-r--r-- 1 nobody nobody 98 Apr 10 14:40 suricata-http-
>>> ports.yaml
>>> -rw-r--r-- 1 nobody nobody 95 Apr 10 14:54 suricata-static-
>>> included-rulefiles.yaml
>>> -rw-r--r-- 1 nobody nobody 76 Apr 10 22:47 suricata-urlhaus-
>>> used-
>>> rulefiles.yaml
>>> -rw-r--r-- 1 nobody nobody 214 Apr 10 14:54 suricata-used-
>>> providers.yaml
>>>
>>> Three of the files are owned root:root while all the others are
>>> nobody:nobody
>>>
>>>
>>> The above was with extracting and applying the updated tar file on
>>> top of IPFire after running the last version.
>>>
>>> I will do a fresh clone of my IPFire vm and then repeat the tar
>>> extraction and convert and see if that gives any difference.
>>>
>>>
>>> Regards,
>>>
>>> Adolf
>>>
>>> On 10/04/2021 20:25, Stefan Schantl wrote:
>>>> Hello list followers,
>>>>
>>>> after getting a lot of feedback and bug reports I'm happy to
>>>> announce the third test version for the new IDS system.
>>>>
>>>> https://people.ipfire.org/~stevee/ids-multiple-providers/ids-multiple-providers-003.tar.gz
>>>>
>>>> If you just join testing, please omit the installation
>>>> instructions
>>>> from the initial Mail from this list.
>>>>
>>>> The converter script now works as expected and runs very smooth.
>>>>
>>>> As usual please post your feedback and opinions to this list and
>>>> any
>>>> remain bugs to our bugtracker. (https://bugzilla.ipfire.org)
>>>>
>>>> A big thanks in advance,
>>>>
>>>> -Stefan
>>>>
>
next prev parent reply other threads:[~2021-04-11 9:49 UTC|newest]
Thread overview: 21+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-04-09 19:27 Stefan Schantl
2021-04-10 13:01 ` Michael Tremer
2021-04-10 17:15 ` Stefan Schantl
2021-04-10 13:06 ` Adolf Belka
2021-04-10 13:15 ` Adolf Belka
2021-04-10 17:18 ` Stefan Schantl
2021-04-10 18:25 ` Stefan Schantl
2021-04-10 20:56 ` Adolf Belka
2021-04-10 21:17 ` Adolf Belka
2021-04-11 6:59 ` Stefan Schantl
2021-04-11 7:07 ` Stefan Schantl
2021-04-11 8:46 ` Stefan Schantl
2021-04-11 9:49 ` Adolf Belka [this message]
2021-04-11 10:18 ` Adolf Belka
2021-04-11 12:27 ` Michael Tremer
2021-04-13 18:57 ` Stefan Schantl
2021-04-14 9:12 ` Michael Tremer
2021-04-14 19:01 ` Stefan Schantl
2021-04-14 19:16 ` Stefan Schantl
2021-04-14 19:25 ` Stefan Schantl
2021-04-15 11:08 ` Michael Tremer
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=98ce3c42-e304-dd1a-732a-2cc08be21d08@ipfire.org \
--to=adolf.belka@ipfire.org \
--cc=development@lists.ipfire.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox