Project

General

Profile

Actions
Copy link

Support #3506

closed

Errors while starting up 5.0.2 on Centos 7.7.1908

Added by Athanasios Viennas about 4 years ago. Updated about 2 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Athanasios Viennas
Affected Versions:
5.0.2
Label:
Beginner

Description

Hello to all! I installed version 5.0.2 from source in Centos 7.7.1908 following this guide:
https://redmine.openinfosecfoundation.org/projects/suricata/wiki/CentOS_Installation
with install-full option and no errors or warnings

Issuing the initial test command: 

sudo suricata -c /etc/suricata/suricata.yaml -s /var/lib/suricata/rules/suricata.rules -i enp7s0

I get the following two repeating error types

SC_ERR_DUPLICATE_SIG(176)
SC_ERR_INVALID_SIGNATURE(39)
each for a different rule: 
[30678] 28/2/2020 -- 15:07:12 - (detect-parse.c:2313) <Error> (DetectEngineAppendSig) -- [ERRCODE: SC_ERR_DUPLICATE_SIG(176)] - Duplicate signature "alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SPECIFIC_APPS Gazi Download Portal SQL Injection Attempt -- down_indir.asp id DELETE"; flow:established,to_server; content:"/down_indir.asp?"; nocase; http_uri; content:"id="; nocase; http_uri; content:"DELETE"; nocase; http_uri; pcre:"/DELETE.+FROM/Ui"; reference:cve,CVE-2007-2810; reference:url,www.securityfocus.com/bid/23714; reference:url,doc.emergingthreats.net/2004002; classtype:web-application-attack; sid:2004002; rev:9; metadata:affected_product Web_Server_Applications, attack_target Web_Server, deployment Datacenter, tag SQL_Injection, signature_severity Major, created_at 2010_07_30, updated_at 2019_09_27;)" 

[30678] 28/2/2020 -- 15:07:12 - (detect-engine-loader.c:185) <Error> (DetectLoadSigFile) -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SPECIFIC_APPS Gazi Download Portal SQL Injection Attempt -- down_indir.asp id DELETE"; flow:established,to_server; content:"/down_indir.asp?"; nocase; http_uri; content:"id="; nocase; http_uri; content:"DELETE"; nocase; http_uri; pcre:"/DELETE.+FROM/Ui"; reference:cve,CVE-2007-2810; reference:url,www.securityfocus.com/bid/23714; reference:url,doc.emergingthreats.net/2004002; classtype:web-application-attack; sid:2004002; rev:9; metadata:affected_product Web_Server_Applications, attack_target Web_Server, deployment Datacenter, tag SQL_Injection, signature_severity Major, created_at 2010_07_30, updated_at 2019_09_27;)" from file /var/lib/suricata/rules/suricata.rules at line 1

As I am a newbie into Suricata IDS, can you suggest possible corrections to have it start up properly?

Files

Download all files
suricata.yaml (68.5 KB) suricata.yaml Suricata Configuration Athanasios Viennas, 02/28/2020 02:59 PM
suricata-build-info.txt (3.69 KB) suricata-build-info.txt Suricata Build Info Athanasios Viennas, 02/28/2020 03:20 PM
suricata-install-output.txt (29.6 KB) suricata-install-output.txt Suricata Install Output Athanasios Viennas, 02/28/2020 07:08 PM
Actions
Copy link

Also available in: Atom PDF