Hi Stefan,
I did a fresh install of the latest tar file and ran the convert script. It ran for a bit longer than in the past and then stopped with no errors.
I then went to the WUI page and it showed "Downloading and unpacking new ruleset. Please wait until all operations have completed successfully..."
It is still showing that message after more than 5 minutes and the error log has a large number of the following lines in it:-
Smartmatch is experimental at /srv/web/ipfire/cgi-bin/ids.cgi line 288. Smartmatch is experimental at /srv/web/ipfire/cgi-bin/ids.cgi line 288. Smartmatch is experimental at /srv/web/ipfire/cgi-bin/ids.cgi line 288. Smartmatch is experimental at /srv/web/ipfire/cgi-bin/ids.cgi line 288.
The number of lines keeps increasing with time so it seems something is in a loop. So this time I never even got to see the IDS WUI page. Reloading the IPFire browser and re-selecting IDS gives the same message.
Regards,
Adolf.
On 10/04/2021 22:56, Adolf Belka wrote:
Hi Stefan,
I copied the new tarfile to my ipfire vm testbed machine and extracted it and ran the converter script. No errors. I then used the wui page to add a new provider to the list then selected to customize the rules and ticked the box for the added rules. Then I pressed apply and got a blank white screen again.
The error log has the following:-
Smartmatch is experimental at /srv/web/ipfire/cgi-bin/ids.cgi line 288. Smartmatch is experimental at /srv/web/ipfire/cgi-bin/ids.cgi line 288. Smartmatch is experimental at /srv/web/ipfire/cgi-bin/ids.cgi line 288. Smartmatch is experimental at /srv/web/ipfire/cgi-bin/ids.cgi line 288. Smartmatch is experimental at /srv/web/ipfire/cgi-bin/ids.cgi line 288. Smartmatch is experimental at /srv/web/ipfire/cgi-bin/ids.cgi line 288. Could not open /var/ipfire/suricata/oinkmaster-provider-includes.conf. Permission denied
ls- hal of /var/ipfire/suricata shows the following
drwxr-xr-x 2 nobody nobody 4.0K Apr 10 22:47 . drwxr-xr-x 49 root root 4.0K Apr 5 08:20 .. -rw-r--r-- 1 nobody nobody 0 Dec 14 19:05 ignored -rw-r--r-- 1 root root 21K Apr 1 20:00 oinkmaster.conf -rw-r--r-- 1 nobody nobody 61 Apr 10 14:40 oinkmaster-modify-sids.conf -rw-r--r-- 1 root root 0 Apr 10 14:54 oinkmaster-provider-includes.conf -rw-r--r-- 1 nobody nobody 55 Apr 10 22:47 providers-settings -rw-r--r-- 1 root root 6.0K Apr 5 07:13 ruleset-sources -rw-r--r-- 1 nobody nobody 102 Apr 10 14:54 settings -rw-r--r-- 1 nobody nobody 140 Apr 10 22:41 suricata-dns-servers.yaml -rw-r--r-- 1 nobody nobody 125 Apr 10 14:54 suricata-emerging-used-rulefiles.yaml -rw-r--r-- 1 nobody nobody 159 Apr 10 22:41 suricata-homenet.yaml -rw-r--r-- 1 nobody nobody 98 Apr 10 14:40 suricata-http-ports.yaml -rw-r--r-- 1 nobody nobody 95 Apr 10 14:54 suricata-static-included-rulefiles.yaml -rw-r--r-- 1 nobody nobody 76 Apr 10 22:47 suricata-urlhaus-used-rulefiles.yaml -rw-r--r-- 1 nobody nobody 214 Apr 10 14:54 suricata-used-providers.yaml
Three of the files are owned root:root while all the others are nobody:nobody
The above was with extracting and applying the updated tar file on top of IPFire after running the last version.
I will do a fresh clone of my IPFire vm and then repeat the tar extraction and convert and see if that gives any difference.
Regards,
Adolf
On 10/04/2021 20:25, Stefan Schantl wrote:
Hello list followers,
after getting a lot of feedback and bug reports I'm happy to announce the third test version for the new IDS system.
https://people.ipfire.org/~stevee/ids-multiple-providers/ids-multiple-provid...
If you just join testing, please omit the installation instructions from the initial Mail from this list.
The converter script now works as expected and runs very smooth.
As usual please post your feedback and opinions to this list and any remain bugs to our bugtracker. (https://bugzilla.ipfire.org)
A big thanks in advance,
-Stefan