Bug #1196
closed/etc/suricata/rules/dns-events.rules missing in suricata 2.0.1-2ubuntu2
Description
Starting it with the default rules gets you this
1/6/2014 -- 13:36:02 - <Error> - [ERRCODE: SC_ERR_OPENING_RULE_FILE(41)] - opening rule file /etc/suricata/rules/dns-events.rules: No such file or directory.
following solves this problem:
root@nids:/etc/suricata/rules# wget https://raw.githubusercontent.com/inliniac/suricata/master/rules/dns-events.rules
Updated by Peter Manev almost 10 years ago
Was that a clean install or an upgrade ?
Updated by Robert Penz almost 10 years ago
Peter Manev wrote:
Was that a clean install or an upgrade ?
Clean install on a newly installed Ubuntu 14.04 64bit server ... I downloaded just some hours ago following ISO ubuntu-14.04-server-amd64.iso and did a minimal install (with OpenSSH) nothing else.
Updated by Peter Manev almost 10 years ago
Which repo did you do the install from ?
Updated by Robert Penz almost 10 years ago
Peter Manev wrote:
Which repo did you do the install from ?
I did following:
add-apt-repository ppa:oisf/suricata-stable
apt-get update
apt-get install suricata
Here is the complete console log:
root@nids:~# sudo add-apt-repository ppa:oisf/suricata-stable
Suricata IDS/IPS/NSM stable packages
http://www.openinfosecfoundation.org/
http://planet.suricata-ids.org/
http://suricata-ids.org/
Suricata IDS/IPS/NSM - Suricata is a high performance Intrusion Detection and Prevention System and Network Security Monitoring engine.
Open Source and owned by a community run non-profit foundation, the Open Information Security Foundation (OISF). Suricata is developed by the OISF, its supporting vendors and the community.
This Engine supports:
Multi-Threading - provides for extremely fast and flexible operation on multicore systems.
File Extraction, MD5 matching - over 4000 file types recognized and extracted from live traffic.
TLS/SSL certificate matching/logging
IEEE 802.1ad (QinQ) and IEEE 802.1Q (VLAN) support
All JSON output/logging capability
NSM runmode
Automatic Protocol Detection (IPv4/6, TCP, UDP, ICMP, HTTP, TLS, FTP, SMB, DNS )
Gzip Decompression
Fast IP Matching
Hardware acceleration on CUDA GPU cards
and many more great features -
http://suricata-ids.org/features/all-features/
More info: https://launchpad.net/~oisf/+archive/suricata-stable
Press [ENTER] to continue or ctrl-c to cancel adding it
gpg: keyring `/tmp/tmp9sl3a6ej/secring.gpg' created
gpg: keyring `/tmp/tmp9sl3a6ej/pubring.gpg' created
gpg: requesting key 66EB736F from hkp server keyserver.ubuntu.com
gpg: /tmp/tmp9sl3a6ej/trustdb.gpg: trustdb created
gpg: key 66EB736F: public key "Launchpad PPA for Peter Manev" imported
gpg: Total number processed: 1
gpg: imported: 1 (RSA: 1)
OK
root@nids:~# sudo apt-get update
Ign http://security.ubuntu.com trusty-security InRelease
Ign http://at.archive.ubuntu.com trusty InRelease
Ign http://at.archive.ubuntu.com trusty-updates InRelease
Ign http://at.archive.ubuntu.com trusty-backports InRelease
Ign http://ppa.launchpad.net trusty InRelease
Hit http://security.ubuntu.com trusty-security Release.gpg
Hit http://at.archive.ubuntu.com trusty Release.gpg
Get:1 http://ppa.launchpad.net trusty Release.gpg [316 B]
Hit http://security.ubuntu.com trusty-security Release
Get:2 http://ppa.launchpad.net trusty Release [14.0 kB]
Get:3 http://ppa.launchpad.net trusty/main amd64 Packages [1904 B]
Hit http://at.archive.ubuntu.com trusty-updates Release.gpg
Hit http://security.ubuntu.com trusty-security/main Sources
Get:4 http://ppa.launchpad.net trusty/main i386 Packages [1893 B]
Hit http://security.ubuntu.com trusty-security/restricted Sources
Hit http://at.archive.ubuntu.com trusty-backports Release.gpg
Hit http://at.archive.ubuntu.com trusty Release
Hit http://security.ubuntu.com trusty-security/universe Sources
Ign http://ppa.launchpad.net trusty/main Translation-en
Hit http://security.ubuntu.com trusty-security/multiverse Sources
Hit http://at.archive.ubuntu.com trusty-updates Release
Hit http://at.archive.ubuntu.com trusty-backports Release
Hit http://security.ubuntu.com trusty-security/main amd64 Packages
Hit http://security.ubuntu.com trusty-security/restricted amd64 Packages
Hit http://security.ubuntu.com trusty-security/universe amd64 Packages
Hit http://at.archive.ubuntu.com trusty/main Sources
Hit http://security.ubuntu.com trusty-security/multiverse amd64 Packages
Hit http://at.archive.ubuntu.com trusty/restricted Sources
Hit http://security.ubuntu.com trusty-security/main i386 Packages
Hit http://security.ubuntu.com trusty-security/restricted i386 Packages
Hit http://security.ubuntu.com trusty-security/universe i386 Packages
Hit http://security.ubuntu.com trusty-security/multiverse i386 Packages
Hit http://at.archive.ubuntu.com trusty/universe Sources
Hit http://security.ubuntu.com trusty-security/main Translation-en
Hit http://security.ubuntu.com trusty-security/multiverse Translation-en
Hit http://security.ubuntu.com trusty-security/restricted Translation-en
Hit http://security.ubuntu.com trusty-security/universe Translation-en
Hit http://at.archive.ubuntu.com trusty/multiverse Sources
Hit http://at.archive.ubuntu.com trusty/main amd64 Packages
Hit http://at.archive.ubuntu.com trusty/restricted amd64 Packages
Hit http://at.archive.ubuntu.com trusty/universe amd64 Packages
Hit http://at.archive.ubuntu.com trusty/multiverse amd64 Packages
Hit http://at.archive.ubuntu.com trusty/main i386 Packages
Hit http://at.archive.ubuntu.com trusty/restricted i386 Packages
Hit http://at.archive.ubuntu.com trusty/universe i386 Packages
Hit http://at.archive.ubuntu.com trusty/multiverse i386 Packages
Hit http://at.archive.ubuntu.com trusty/main Translation-en
Hit http://at.archive.ubuntu.com trusty/multiverse Translation-en
Hit http://at.archive.ubuntu.com trusty/restricted Translation-en
Hit http://at.archive.ubuntu.com trusty/universe Translation-en
Hit http://at.archive.ubuntu.com trusty-updates/main Sources
Hit http://at.archive.ubuntu.com trusty-updates/restricted Sources
Hit http://at.archive.ubuntu.com trusty-updates/universe Sources
Hit http://at.archive.ubuntu.com trusty-updates/multiverse Sources
Hit http://at.archive.ubuntu.com trusty-updates/main amd64 Packages
Hit http://at.archive.ubuntu.com trusty-updates/restricted amd64 Packages
Hit http://at.archive.ubuntu.com trusty-updates/universe amd64 Packages
Hit http://at.archive.ubuntu.com trusty-updates/multiverse amd64 Packages
Hit http://at.archive.ubuntu.com trusty-updates/main i386 Packages
Hit http://at.archive.ubuntu.com trusty-updates/restricted i386 Packages
Hit http://at.archive.ubuntu.com trusty-updates/universe i386 Packages
Hit http://at.archive.ubuntu.com trusty-updates/multiverse i386 Packages
Hit http://at.archive.ubuntu.com trusty-updates/main Translation-en
Hit http://at.archive.ubuntu.com trusty-updates/multiverse Translation-en
Hit http://at.archive.ubuntu.com trusty-updates/restricted Translation-en
Hit http://at.archive.ubuntu.com trusty-updates/universe Translation-en
Hit http://at.archive.ubuntu.com trusty-backports/main Sources
Hit http://at.archive.ubuntu.com trusty-backports/restricted Sources
Hit http://at.archive.ubuntu.com trusty-backports/universe Sources
Hit http://at.archive.ubuntu.com trusty-backports/multiverse Sources
Hit http://at.archive.ubuntu.com trusty-backports/main amd64 Packages
Hit http://at.archive.ubuntu.com trusty-backports/restricted amd64 Packages
Hit http://at.archive.ubuntu.com trusty-backports/universe amd64 Packages
Hit http://at.archive.ubuntu.com trusty-backports/multiverse amd64 Packages
Hit http://at.archive.ubuntu.com trusty-backports/main i386 Packages
Hit http://at.archive.ubuntu.com trusty-backports/restricted i386 Packages
Hit http://at.archive.ubuntu.com trusty-backports/universe i386 Packages
Hit http://at.archive.ubuntu.com trusty-backports/multiverse i386 Packages
Hit http://at.archive.ubuntu.com trusty-backports/main Translation-en
Hit http://at.archive.ubuntu.com trusty-backports/multiverse Translation-en
Hit http://at.archive.ubuntu.com trusty-backports/restricted Translation-en
Hit http://at.archive.ubuntu.com trusty-backports/universe Translation-en
Fetched 18.1 kB in 11s (1522 B/s)
Reading package lists... Done
root@nids:~# sudo apt-get install suricata
Reading package lists... Done
Building dependency tree
Reading state information... Done
The following extra packages will be installed:
libhtp1 libjansson4 libmnl0 libnet1 libnetfilter-queue1 libnspr4 libnss3 libnss3-nssdb libyaml-0-2
The following NEW packages will be installed:
libhtp1 libjansson4 libmnl0 libnet1 libnetfilter-queue1 libnspr4 libnss3 libnss3-nssdb libyaml-0-2 suricata
0 upgraded, 10 newly installed, 0 to remove and 0 not upgraded.
Need to get 2190 kB of archives.
After this operation, 8077 kB of additional disk space will be used.
Do you want to continue? [Y/n]
Get:1 http://ppa.launchpad.net/oisf/suricata-stable/ubuntu/ trusty/main libhtp1 amd64 0.5.x.201405131738~ubuntu14.04.1 [44.5 kB]
Get:2 http://at.archive.ubuntu.com/ubuntu/ trusty/universe libjansson4 amd64 2.5-2 [25.2 kB]
Get:3 http://ppa.launchpad.net/oisf/suricata-stable/ubuntu/ trusty/main suricata amd64 2.0.1-2ubuntu2 [805 kB]
Get:4 http://at.archive.ubuntu.com/ubuntu/ trusty/main libnet1 amd64 1.1.6+dfsg-2ubuntu1 [41.8 kB]
Get:5 http://at.archive.ubuntu.com/ubuntu/ trusty/main libnspr4 amd64 2:4.10.2-1ubuntu1 [110 kB]
Get:6 http://at.archive.ubuntu.com/ubuntu/ trusty/main libnss3-nssdb all 2:3.15.4-1ubuntu7 [10.6 kB]
Get:7 http://at.archive.ubuntu.com/ubuntu/ trusty/main libnss3 amd64 2:3.15.4-1ubuntu7 [1081 kB]
Get:8 http://at.archive.ubuntu.com/ubuntu/ trusty/main libyaml-0-2 amd64 0.1.4-3ubuntu3 [48.2 kB]
Get:9 http://at.archive.ubuntu.com/ubuntu/ trusty/main libmnl0 amd64 1.0.3-3ubuntu1 [11.4 kB]
Get:10 http://at.archive.ubuntu.com/ubuntu/ trusty/universe libnetfilter-queue1 amd64 1.0.2-1 [12.8 kB]
Fetched 2190 kB in 5s (424 kB/s)
Selecting previously unselected package libjansson4:amd64.
(Reading database ... 85278 files and directories currently installed.)
Preparing to unpack .../libjansson4_2.5-2_amd64.deb ...
Unpacking libjansson4:amd64 (2.5-2) ...
Selecting previously unselected package libnet1:amd64.
Preparing to unpack .../libnet1_1.1.6+dfsg-2ubuntu1_amd64.deb ...
Unpacking libnet1:amd64 (1.1.6+dfsg-2ubuntu1) ...
Selecting previously unselected package libnspr4:amd64.
Preparing to unpack .../libnspr4_2%3a4.10.2-1ubuntu1_amd64.deb ...
Unpacking libnspr4:amd64 (2:4.10.2-1ubuntu1) ...
Selecting previously unselected package libnss3-nssdb.
Preparing to unpack .../libnss3-nssdb_2%3a3.15.4-1ubuntu7_all.deb ...
Unpacking libnss3-nssdb (2:3.15.4-1ubuntu7) ...
Selecting previously unselected package libnss3:amd64.
Preparing to unpack .../libnss3_2%3a3.15.4-1ubuntu7_amd64.deb ...
Unpacking libnss3:amd64 (2:3.15.4-1ubuntu7) ...
Selecting previously unselected package libyaml-0-2:amd64.
Preparing to unpack .../libyaml-0-2_0.1.4-3ubuntu3_amd64.deb ...
Unpacking libyaml-0-2:amd64 (0.1.4-3ubuntu3) ...
Selecting previously unselected package libmnl0:amd64.
Preparing to unpack .../libmnl0_1.0.3-3ubuntu1_amd64.deb ...
Unpacking libmnl0:amd64 (1.0.3-3ubuntu1) ...
Selecting previously unselected package libnetfilter-queue1.
Preparing to unpack .../libnetfilter-queue1_1.0.2-1_amd64.deb ...
Unpacking libnetfilter-queue1 (1.0.2-1) ...
Selecting previously unselected package libhtp1.
Preparing to unpack .../libhtp1_0.5.x.201405131738~ubuntu14.04.1_amd64.deb ...
Unpacking libhtp1 (0.5.x.201405131738~ubuntu14.04.1) ...
Selecting previously unselected package suricata.
Preparing to unpack .../suricata_2.0.1-2ubuntu2_amd64.deb ...
Unpacking suricata (2.0.1-2ubuntu2) ...
Setting up libjansson4:amd64 (2.5-2) ...
Setting up libnet1:amd64 (1.1.6+dfsg-2ubuntu1) ...
Setting up libnspr4:amd64 (2:4.10.2-1ubuntu1) ...
Setting up libyaml-0-2:amd64 (0.1.4-3ubuntu3) ...
Setting up libmnl0:amd64 (1.0.3-3ubuntu1) ...
Setting up libnetfilter-queue1 (1.0.2-1) ...
Setting up libhtp1 (0.5.x.201405131738~ubuntu14.04.1) ...
Setting up libnss3-nssdb (2:3.15.4-1ubuntu7) ...
Setting up libnss3:amd64 (2:3.15.4-1ubuntu7) ...
Setting up suricata (2.0.1-2ubuntu2) ...
Processing triggers for libc-bin (2.19-0ubuntu6) ...
Updated by Peter Manev almost 10 years ago
Funny thing - the package is not supposed to install any rules....
Similar to - https://redmine.openinfosecfoundation.org/issues/695
Updated by Peter Manev almost 9 years ago
- Status changed from New to Closed
That was fixed a while back ago - closing the bug.