Hi,
Thank you for testing and your helpful feedback, Mentalic.
@Stefan: Is the Suricata branch based on the latest Core Update 128 branch? If not, that would explain the GeoIP issues.
-Michael
On 4 Mar 2019, at 19:54, Mentalic mentalic@cox.net wrote:
Ran three different installs of tarball over image 5c861701e52ead2620df36049c242255 ipfire-2.x-suricata-rc4_x86_64.tar.gz using a couple different backups. All three had these two snort errors.
./install.sh: line 4: /etc/init.d/snort: No such file or directory /var/ipfire/snort/settings not found - Nothing to do. Exiting!
1)Built without internet access, restored core 128 backup from suricata edition. Tarball installs with allot of geoip errors apparently because file structure and data did not yet exist due to being offline. Backup had Geoip and GeoIP Groups in use. Repeated error: "Could not open /usr/share/xt_geoip/CN.iv4: No such file or directory" After giving internet access and rebooting it cleared up these messages.
2)Built with internet access, restored core 128 backup from suricata edition. Tarball installs with only the two snort errors. ./install.sh: line 4: /etc/init.d/snort: No such file or directory /var/ipfire/snort/settings not found - Nothing to do. Exiting!
- Built with internet access, restored core 127 backup from guardian install. IDS had this error:
Setting up firewall [ OK ] Stopping Collection daemon... [ OK ] Starting Collection daemon... [ OK ] Starting Intrusion Detection System... [ FAIL ] chmod: cannot access '/var/run/suricata.pid': No such file or directory
From IPS interface was able to do a save and IPS then service started.
Regards Wayne
-----Original Message----- From: Development [mailto:development-bounces@lists.ipfire.org] On Behalf Of Mentalic Sent: Sunday, March 03, 2019 11:33 AM To: 'Stefan Schantl'; development@lists.ipfire.org Subject: RE: IPFire meets Suricata - Call for tester
Loaded up the Tarball, reports build 5d04cfe7. Running Blue and orange.
Noticed that the Blue network no longer requires a firewall rule to enable internet access. Only had to add device in Blue Access interface. I like this change.
Regards Wayne
-----Original Message----- From: Development [mailto:development-bounces@lists.ipfire.org] On Behalf Of Stefan Schantl Sent: Sunday, March 03, 2019 8:39 AM To: development@lists.ipfire.org Subject: Re: IPFire meets Suricata - Call for tester
Hello list,
Recently I've uploaded the fourth release candidate.
It fixes the issue of non working IPSec tunnels and tunes the main suricata configuration to better use available system resources.
The new tarball (currently x86_64 only) can be found here:
https://people.ipfire.org/~stevee/suricata/
To start testing download the tarball and place it on your IPFire system. Extract the tarball and launch the install (install.sh) script.
If you already have installed a previous test version or image, with the same steps as noted above you can update the the new version.
As always, if you prefer a fresh installation, the latest image can be grabbed from here (Please note the delay of at least one day until the new ISO is built by the service):
https://nightly.ipfire.org/next-suricata/latest/x86_64/
Thanks for downloading and testing. There are no known bugs so far, as usual please file any bugs to our bugtracker ( https://bugzilla.ipfire.org) and share your feedback on the list.
Best regards,
-Stefan