Project

General

Profile

Actions

Bug #835

closed

Unix Socket not working as expected

Added by Peter Manev over 11 years ago. Updated over 11 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Target version:
Affected Versions:
Effort:
Difficulty:
Label:

Description

As per instructions -
https://redmine.openinfosecfoundation.org/projects/suricata/wiki/Interacting_via_Unix_Socket

and using "--enable-unix-socket" in the configure line
there is a failure to start Unix socket on Suricata 1.4.1/1.4.2/1.4.3 releases :

root@ubuntu64LTS:/var/log/suricata# suricatasc
Traceback (most recent call last):
  File "/usr/bin/suricatasc", line 19, in <module>
    from suricatasc import *
ImportError: No module named suricatasc

The issue is not present on 1.4 , but there we do not need to specify "--enable-unix-socket"
during build time. It gets automatically detected if the required dependency packages are in place.

Thank you

Actions #1

Updated by Victor Julien over 11 years ago

  • Status changed from New to Assigned
  • Assignee set to Eric Leblond
  • Target version set to 1.4.4
Actions #2

Updated by Eric Leblond over 11 years ago

This really seems to be a packaging issue. I've just done an uninstall, manual cleaning, install and the python module as well as the script are correctly installed.

Peter: Can you provide me the debian directory used to build the package ?

Actions #3

Updated by Peter Manev over 11 years ago

I was not using a package.

Clean VM machine ->

wget http://www.openinfosecfoundation.org/download/suricata-1.4.3.tar.gz
tar -zxf suricata-1.4.3.tar.gz 
cd suricata-1.4.3/
./configure  --enable-unix-socket --prefix=/usr/ --sysconfdir=/etc/ --localstatedir=/var/ --enable-non-bundled-htp  --enable-geoip --with-libnss-libraries=/usr/lib --with-libnss-includes=/usr/include/nss/ --with-libnspr-libraries=/usr/lib --with-libnspr-includes=/usr/include/nspr

Then when I tried to start it I got the issue.

Actions #4

Updated by Eric Leblond over 11 years ago

  • Status changed from Assigned to Closed
  • % Done changed from 0 to 100

This is a python issue. Running:

PYTHONPATH=/usr/lib/python3.7/site-packages suricatasc

is fixing the issue.

Furthermore, if we don't use the --prefix=/usr flag in configure, suricatasc is working fine. As prefixing to /usr is not the way to do a compilation, I stay on my position and the one that need to be fixed is python setup.

Actions #5

Updated by Victor Julien over 11 years ago

Eric Leblond wrote:

Furthermore, if we don't use the --prefix=/usr flag in configure, suricatasc is working fine. As prefixing to /usr is not the way to do a compilation, I stay on my position and the one that need to be fixed is python setup.

Whats wrong with passing --prefix=/usr? I use it all the time. Also, we suggest it to the user at the end of configure:

"To install Suricata into /usr/bin/suricata, have the config /etc/suricata and use /var/log/suricata as log dir, use: ./configure --prefix=/usr/ --sysconfdir=/etc/ --localstatedir=/var/"

Actions #6

Updated by Eric Leblond over 11 years ago

The point is that it can conflict with package. Manually compiled software should be installed under /usr/local.

Extract from Filesystem Hierarchy Standard (http://www.pathname.com/fhs/)

4.8.2. /usr/local : Local hierarchy
4.8.2.1. Purpose
The /usr/local hierarchy is for use by the system administrator when installing software locally. It needs to
be safe from being overwritten when the system software is updated. It may be used for programs and data that
are shareable amongst a group of hosts, but not found in /usr.
Locally installed software must be placed within /usr/local rather than /usr unless it is being installed to
replace or upgrade software in /usr.

Actions #7

Updated by Peter Manev over 11 years ago

...rather than /usr unless it is being installed to
replace or upgrade software in /usr.


Which is exactly the case with Ubuntu PPA.
....It needs to
be safe from being overwritten when the system software is updated.

Which again is exactly the case with our Ubuntu PPA - where we need to specify /usr prefix, where the users would be able to just do
apt-get update && apt-get upgrade

to easily upgrade to another version of Suricata.

Then

...Furthermore, if we don't use the --prefix=/usr flag in configure, suricatasc is working fine.

It does not seem correct to me, to tell a user - don't use --prefix=/usr flag in order to use unix-socket, otherwise it won't work.

I don't entirely agree with your position Eric.

Plus if this is the case I think (Python path update) - it should be included in the wiki.

Actions #8

Updated by Eric Leblond over 11 years ago

What do you want me to do there ? I'm ok this is an issue if the use has to set PYTHONPATH and it should at least be included in the wiki. But it is not to us to fix this in the code. I'm using standard python-distutils to install the module. And if it don't work then it is not my fault.

For ubuntu PPA, you need to look at how project that are using a embedded python module are doing to have it inside their package. I know NuFW has the same thing inside so you could have a look at how they (read pollux) have fixed this.

Actions #9

Updated by Peter Manev over 11 years ago

PYTHONPATH=/usr/lib/python3.7/site-packages suricatasc

So is it safe to use Python 2.7 as well or only Python 3.x should be used ?

When you run the PYTHONPATH command , does unix-socket still work with prefix=/usr/ or one should just avoid using prefix=/usr/ in order to use unix-socket functionality?

Actions

Also available in: Atom PDF