From mboxrd@z Thu Jan 1 00:00:00 1970 From: Stefan Schantl To: development@lists.ipfire.org Subject: Re: IDS with support for multiple ruleset providers Date: Sun, 11 Apr 2021 08:59:49 +0200 Message-ID: In-Reply-To: <048dd4a8-cf03-c898-eee3-ca2bf545b677@ipfire.org> MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="===============4359870961000176934==" List-Id: --===============4359870961000176934== Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Good morning Adolf, you missed to update the language cache after extracting the archive, so the language strings are missing and the WUI infinite loops here. Best regards, -Stefan =20 > Hi Stefan, >=20 > I did a fresh install of the latest tar file and ran the convert > script. It ran for a bit longer than in the past and then stopped > with no errors. >=20 > I then went to the WUI page and it showed "Downloading and unpacking > new ruleset. Please wait until all operations have completed > successfully..." >=20 > It is still showing that message after more than 5 minutes and the > error log has a large number of the following lines in it:- >=20 > Smartmatch is experimental at /srv/web/ipfire/cgi-bin/ids.cgi line > 288. > Smartmatch is experimental at /srv/web/ipfire/cgi-bin/ids.cgi line > 288. > Smartmatch is experimental at /srv/web/ipfire/cgi-bin/ids.cgi line > 288. > Smartmatch is experimental at /srv/web/ipfire/cgi-bin/ids.cgi line > 288. >=20 > The number of lines keeps increasing with time so it seems something > is in a loop. So this time I never even got to see the IDS WUI page. > Reloading the IPFire browser and re-selecting IDS gives the same > message. >=20 >=20 > Regards, >=20 > Adolf. >=20 > On 10/04/2021 22:56, Adolf Belka wrote: > > Hi Stefan, > >=20 > > I copied the new tarfile to my ipfire vm testbed machine and > > extracted it and ran the converter script. No errors. I then used > > the wui page to add a new provider to the list then selected to > > customize the rules and ticked the box for the added rules. Then I > > pressed apply and got a blank white screen again. > >=20 > >=20 > > The error log has the following:- > >=20 > > Smartmatch is experimental at /srv/web/ipfire/cgi-bin/ids.cgi line > > 288. > > Smartmatch is experimental at /srv/web/ipfire/cgi-bin/ids.cgi line > > 288. > > Smartmatch is experimental at /srv/web/ipfire/cgi-bin/ids.cgi line > > 288. > > Smartmatch is experimental at /srv/web/ipfire/cgi-bin/ids.cgi line > > 288. > > Smartmatch is experimental at /srv/web/ipfire/cgi-bin/ids.cgi line > > 288. > > Smartmatch is experimental at /srv/web/ipfire/cgi-bin/ids.cgi line > > 288. > > Could not open /var/ipfire/suricata/oinkmaster-provider- > > includes.conf. Permission denied > >=20 > >=20 > > ls- hal of /var/ipfire/suricata shows the following > >=20 > > drwxr-xr-x 2 nobody nobody 4.0K Apr 10 22:47 . > > drwxr-xr-x 49 root root 4.0K Apr 5 08:20 .. > > -rw-r--r-- 1 nobody nobody 0 Dec 14 19:05 ignored > > -rw-r--r-- 1 root root 21K Apr 1 20:00 oinkmaster.conf > > -rw-r--r-- 1 nobody nobody 61 Apr 10 14:40 oinkmaster-modify- > > sids.conf > > -rw-r--r-- 1 root root 0 Apr 10 14:54 oinkmaster-provider- > > includes.conf > > -rw-r--r-- 1 nobody nobody 55 Apr 10 22:47 providers-settings > > -rw-r--r-- 1 root root 6.0K Apr 5 07:13 ruleset-sources > > -rw-r--r-- 1 nobody nobody 102 Apr 10 14:54 settings > > -rw-r--r-- 1 nobody nobody 140 Apr 10 22:41 suricata-dns- > > servers.yaml > > -rw-r--r-- 1 nobody nobody 125 Apr 10 14:54 suricata-emerging- > > used-rulefiles.yaml > > -rw-r--r-- 1 nobody nobody 159 Apr 10 22:41 suricata-homenet.yaml > > -rw-r--r-- 1 nobody nobody 98 Apr 10 14:40 suricata-http- > > ports.yaml > > -rw-r--r-- 1 nobody nobody 95 Apr 10 14:54 suricata-static- > > included-rulefiles.yaml > > -rw-r--r-- 1 nobody nobody 76 Apr 10 22:47 suricata-urlhaus- > > used-rulefiles.yaml > > -rw-r--r-- 1 nobody nobody 214 Apr 10 14:54 suricata-used- > > providers.yaml > >=20 > > Three of the files are owned root:root while all the others are > > nobody:nobody > >=20 > >=20 > > The above was with extracting and applying the updated tar file on > > top of IPFire after running the last version. > >=20 > > I will do a fresh clone of my IPFire vm and then repeat the tar > > extraction and convert and see if that gives any difference. > >=20 > >=20 > > Regards, > >=20 > > Adolf > >=20 > > On 10/04/2021 20:25, Stefan Schantl wrote: > > > Hello list followers, > > >=20 > > > after getting a lot of feedback and bug reports I'm happy to > > > announce the third test version for the new IDS system. > > >=20 > > > https://people.ipfire.org/~stevee/ids-multiple-providers/ids-multiple-p= roviders-003.tar.gz > > >=20 > > > If you just join testing, please omit the installation > > > instructions > > > from the initial Mail from this list. > > >=20 > > > The converter script now works as expected and runs very smooth. > > >=20 > > > As usual please post your feedback and opinions to this list and > > > any > > > remain bugs to our bugtracker. (https://bugzilla.ipfire.org) > > >=20 > > > A big thanks in advance, > > >=20 > > > -Stefan > > >=20 --===============4359870961000176934==--