Actions
Support #3506
closedErrors while starting up 5.0.2 on Centos 7.7.1908
Affected Versions:
Label:
Beginner
Description
Hello to all! I installed version 5.0.2 from source in Centos 7.7.1908 following this guide:
https://redmine.openinfosecfoundation.org/projects/suricata/wiki/CentOS_Installation
with install-full option and no errors or warnings
Issuing the initial test command:
sudo suricata -c /etc/suricata/suricata.yaml -s /var/lib/suricata/rules/suricata.rules -i enp7s0
I get the following two repeating error types
SC_ERR_DUPLICATE_SIG(176)
SC_ERR_INVALID_SIGNATURE(39)
each for a different rule:
[30678] 28/2/2020 -- 15:07:12 - (detect-parse.c:2313) <Error> (DetectEngineAppendSig) -- [ERRCODE: SC_ERR_DUPLICATE_SIG(176)] - Duplicate signature "alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SPECIFIC_APPS Gazi Download Portal SQL Injection Attempt -- down_indir.asp id DELETE"; flow:established,to_server; content:"/down_indir.asp?"; nocase; http_uri; content:"id="; nocase; http_uri; content:"DELETE"; nocase; http_uri; pcre:"/DELETE.+FROM/Ui"; reference:cve,CVE-2007-2810; reference:url,www.securityfocus.com/bid/23714; reference:url,doc.emergingthreats.net/2004002; classtype:web-application-attack; sid:2004002; rev:9; metadata:affected_product Web_Server_Applications, attack_target Web_Server, deployment Datacenter, tag SQL_Injection, signature_severity Major, created_at 2010_07_30, updated_at 2019_09_27;)"
[30678] 28/2/2020 -- 15:07:12 - (detect-engine-loader.c:185) <Error> (DetectLoadSigFile) -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SPECIFIC_APPS Gazi Download Portal SQL Injection Attempt -- down_indir.asp id DELETE"; flow:established,to_server; content:"/down_indir.asp?"; nocase; http_uri; content:"id="; nocase; http_uri; content:"DELETE"; nocase; http_uri; pcre:"/DELETE.+FROM/Ui"; reference:cve,CVE-2007-2810; reference:url,www.securityfocus.com/bid/23714; reference:url,doc.emergingthreats.net/2004002; classtype:web-application-attack; sid:2004002; rev:9; metadata:affected_product Web_Server_Applications, attack_target Web_Server, deployment Datacenter, tag SQL_Injection, signature_severity Major, created_at 2010_07_30, updated_at 2019_09_27;)" from file /var/lib/suricata/rules/suricata.rules at line 1
As I am a newbie into Suricata IDS, can you suggest possible corrections to have it start up properly?
Files
Actions