From mboxrd@z Thu Jan 1 00:00:00 1970 From: Adolf Belka To: development@lists.ipfire.org Subject: Re: IDS with support for multiple ruleset providers Date: Sat, 10 Apr 2021 22:56:47 +0200 Message-ID: In-Reply-To: <3586d6e2aa79b7f048bdffccf846a7f6104a43cc.camel@ipfire.org> MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="===============0815161472523407050==" List-Id: --===============0815161472523407050== Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Hi Stefan, I copied the new tarfile to my ipfire vm testbed machine and extracted it and= ran the converter script. No errors. I then used the wui page to add a new p= rovider to the list then selected to customize the rules and ticked the box f= or the added rules. Then I pressed apply and got a blank white screen again. The error log has the following:- Smartmatch is experimental at /srv/web/ipfire/cgi-bin/ids.cgi line 288. Smartmatch is experimental at /srv/web/ipfire/cgi-bin/ids.cgi line 288. Smartmatch is experimental at /srv/web/ipfire/cgi-bin/ids.cgi line 288. Smartmatch is experimental at /srv/web/ipfire/cgi-bin/ids.cgi line 288. Smartmatch is experimental at /srv/web/ipfire/cgi-bin/ids.cgi line 288. Smartmatch is experimental at /srv/web/ipfire/cgi-bin/ids.cgi line 288. Could not open /var/ipfire/suricata/oinkmaster-provider-includes.conf. Permis= sion denied ls- hal of /var/ipfire/suricata shows the following drwxr-xr-x=C2=A0 2 nobody nobody 4.0K Apr 10 22:47 . drwxr-xr-x 49 root=C2=A0=C2=A0 root=C2=A0=C2=A0 4.0K Apr=C2=A0 5 08:20 .. -rw-r--r--=C2=A0 1 nobody nobody=C2=A0=C2=A0=C2=A0 0 Dec 14 19:05 ignored -rw-r--r--=C2=A0 1 root=C2=A0=C2=A0 root=C2=A0=C2=A0=C2=A0 21K Apr=C2=A0 1 20= :00 oinkmaster.conf -rw-r--r--=C2=A0 1 nobody nobody=C2=A0=C2=A0 61 Apr 10 14:40 oinkmaster-modif= y-sids.conf -rw-r--r--=C2=A0 1 root=C2=A0=C2=A0 root=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 0 Apr = 10 14:54 oinkmaster-provider-includes.conf -rw-r--r--=C2=A0 1 nobody nobody=C2=A0=C2=A0 55 Apr 10 22:47 providers-settin= gs -rw-r--r--=C2=A0 1 root=C2=A0=C2=A0 root=C2=A0=C2=A0 6.0K Apr=C2=A0 5 07:13 r= uleset-sources -rw-r--r--=C2=A0 1 nobody nobody=C2=A0 102 Apr 10 14:54 settings -rw-r--r--=C2=A0 1 nobody nobody=C2=A0 140 Apr 10 22:41 suricata-dns-servers.= yaml -rw-r--r--=C2=A0 1 nobody nobody=C2=A0 125 Apr 10 14:54 suricata-emerging-use= d-rulefiles.yaml -rw-r--r--=C2=A0 1 nobody nobody=C2=A0 159 Apr 10 22:41 suricata-homenet.yaml -rw-r--r--=C2=A0 1 nobody nobody=C2=A0=C2=A0 98 Apr 10 14:40 suricata-http-po= rts.yaml -rw-r--r--=C2=A0 1 nobody nobody=C2=A0=C2=A0 95 Apr 10 14:54 suricata-static-= included-rulefiles.yaml -rw-r--r--=C2=A0 1 nobody nobody=C2=A0=C2=A0 76 Apr 10 22:47 suricata-urlhaus= -used-rulefiles.yaml -rw-r--r--=C2=A0 1 nobody nobody=C2=A0 214 Apr 10 14:54 suricata-used-provide= rs.yaml Three of the files are owned root:root while all the others are nobody:nobody The above was with extracting and applying the updated tar file on top of IPF= ire after running the last version. I will do a fresh clone of my IPFire vm and then repeat the tar extraction an= d convert and see if that gives any difference. Regards, Adolf On 10/04/2021 20:25, Stefan Schantl wrote: > Hello list followers, > > after getting a lot of feedback and bug reports I'm happy to > announce the third test version for the new IDS system. > > https://people.ipfire.org/~stevee/ids-multiple-providers/ids-multiple-provi= ders-003.tar.gz > > If you just join testing, please omit the installation instructions > from the initial Mail from this list. > > The converter script now works as expected and runs very smooth. > > As usual please post your feedback and opinions to this list and any > remain bugs to our bugtracker. (https://bugzilla.ipfire.org) > > A big thanks in advance, > > -Stefan > --===============0815161472523407050==--