From mboxrd@z Thu Jan 1 00:00:00 1970 From: Michael Tremer To: development@lists.ipfire.org Subject: Re: IPFire meets Suricata - Call for tester Date: Tue, 05 Mar 2019 09:31:40 +0000 Message-ID: <9F046078-080B-444B-BCA9-44655D224619@ipfire.org> In-Reply-To: <002301d4d2c4$1a446560$4ecd3020$@net> MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="===============3395069834637909258==" List-Id: --===============3395069834637909258== Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Hi, Thank you for testing and your helpful feedback, Mentalic. @Stefan: Is the Suricata branch based on the latest Core Update 128 branch? I= f not, that would explain the GeoIP issues. -Michael > On 4 Mar 2019, at 19:54, Mentalic wrote: >=20 > Ran three different installs of tarball over image 5c861701e52ead2620df3604= 9c242255 ipfire-2.x-suricata-rc4_x86_64.tar.gz using a couple different backu= ps. All three had these two snort errors. >=20 > ./install.sh: line 4: /etc/init.d/snort: No such file or directory > /var/ipfire/snort/settings not found - Nothing to do. Exiting! >=20 >=20 > 1)Built without internet access, restored core 128 backup from suricata edi= tion. Tarball installs with allot of geoip errors apparently because file st= ructure and data did not yet exist due to being offline. Backup had Geoip and= GeoIP Groups in use.=20 > Repeated error: > "Could not open /usr/share/xt_geoip/CN.iv4: No such file or directory" > After giving internet access and rebooting it cleared up these messages. >=20 > 2)Built with internet access, restored core 128 backup from suricata editio= n. Tarball installs with only the two snort errors. > ./install.sh: line 4: /etc/init.d/snort: No such file or directory > /var/ipfire/snort/settings not found - Nothing to do. Exiting! >=20 > 3) Built with internet access, restored core 127 backup from guardian insta= ll. IDS had this error: > Setting up firewall [ O= K ] > Stopping Collection daemon... [ O= K ] > Starting Collection daemon... [ O= K ] > Starting Intrusion Detection System... [ FA= IL ] > chmod: cannot access '/var/run/suricata.pid': No such file or directory >=20 > From IPS interface was able to do a save and IPS then service started. >=20 > Regards > Wayne >=20 >=20 >=20 > -----Original Message----- > From: Development [mailto:development-bounces(a)lists.ipfire.org] On Behalf= Of Mentalic > Sent: Sunday, March 03, 2019 11:33 AM > To: 'Stefan Schantl'; development(a)lists.ipfire.org > Subject: RE: IPFire meets Suricata - Call for tester >=20 > Loaded up the Tarball, reports build 5d04cfe7. Running Blue and orange. >=20 > Noticed that the Blue network no longer requires a firewall rule to enable = internet access. Only had to add device in Blue Access interface. I like this= change. >=20 > Regards > Wayne >=20 > -----Original Message----- > From: Development [mailto:development-bounces(a)lists.ipfire.org] On Behalf= Of Stefan Schantl > Sent: Sunday, March 03, 2019 8:39 AM > To: development(a)lists.ipfire.org > Subject: Re: IPFire meets Suricata - Call for tester >=20 > Hello list, >=20 > Recently I've uploaded the fourth release candidate. >=20 > It fixes the issue of non working IPSec tunnels and tunes the main suricata= configuration to better use available system resources. >=20 > The new tarball (currently x86_64 only) can be found here: >=20 > https://people.ipfire.org/~stevee/suricata/ >=20 > To start testing download the tarball and place it on your IPFire system. E= xtract the tarball and launch the install (install.sh) script. >=20 > If you already have installed a previous test version or image, with the sa= me steps as noted above you can update the the new version. >=20 > As always, if you prefer a fresh installation, the latest image can be grab= bed from here (Please note the delay of at least one day until the new ISO is= built by the service): >=20 > https://nightly.ipfire.org/next-suricata/latest/x86_64/ >=20 >=20 > Thanks for downloading and testing. There are no known bugs so far, as usua= l please file any bugs to our bugtracker ( > https://bugzilla.ipfire.org) and share your feedback on the list. >=20 > Best regards, >=20 > -Stefan >=20 --===============3395069834637909258==--