Project

General

Profile

Actions

Bug #985

closed

default config generates rule warnings and errors

Added by Marc-Andre Heroux about 11 years ago. Updated over 10 years ago.

Status:
Closed
Priority:
Low
Assignee:
Target version:
Affected Versions:
Effort:
Difficulty:
Label:

Description

Hi,
I have installed the current stable version on my system LVCC based Ubuntu 12.04 LTS.
I downloaded and deployed rules from the .gz package. I manualy installed emerging-icmp.rules in the goal of eliminate the icmp rules error but a warning remains.
I was unable to find the virus rules.

Running sudo suricata -c /etc/suricata/suricata.yaml -i eth0

Everything work fine, except the following:

2/10/2013 -- 02:37:05 - <Warning> - [ERRCODE: SC_ERR_NO_RULES(42)] - No rules loaded from /etc/suricata/rules/emerging-icmp.rules
2/10/2013 -- 02:37:06 - <Error> - [ERRCODE: SC_ERR_OPENING_RULE_FILE(41)] - opening rule file /etc/suricata/rules/emerging-virus.rules: No such file or directory.
2/10/2013 -- 02:37:32 - <Warning> - [ERRCODE: SC_ERR_FOPEN(44)] - Error opening file: "/etc/suricata//threshold.config": No such file or directory

If it's not new, please ignore it. I am new to the project so there will be a learning curve, I agree.
Have a good one,
Marc-Andre!


Files

suricata (12.3 KB) suricata startup log Marc-Andre Heroux, 10/02/2013 01:55 AM
Actions #1

Updated by Victor Julien about 11 years ago

  • Subject changed from Suricata version 1.4.6 RELEASE - rules warings and errors to Suricata version 1.4.6 RELEASE - rules warnings and errors
Actions #2

Updated by Victor Julien about 11 years ago

2/10/2013 -- 02:37:05 - <Warning> - [ERRCODE: SC_ERR_NO_RULES(42)] - No rules loaded from /etc/suricata/rules/emerging-icmp.rules

Indicates that no rules were loaded. So it's either empty or there were errors. In case of errors they should have been printed above this line.
Actions #3

Updated by Marc-Andre Heroux about 11 years ago

Victor Julien wrote:

[...]
Indicates that no rules were loaded. So it's either empty or there were errors. In case of errors they should have been printed above this line.

I see - in the file emerging-icmp.rules - everything is in comment. I will try to remove a comment and relaod Suricata.

What about emerging-virus.rules? Is their a rules file available somewhere on the ftp tree?

Regards,
Marc-Andre

Actions #4

Updated by Victor Julien about 11 years ago

Emerging Threats rules have their origin here: https://rules.emergingthreatspro.com/open/

Actions #5

Updated by Marc-Andre Heroux about 11 years ago

I appreciate the information - I will have a look at it.
In order to update rules, is there an existing linux script to do this automatically? Else, I may create one.

Actions #7

Updated by Victor Julien almost 11 years ago

  • Target version changed from 1.4.7 to 2.0rc1
Actions #8

Updated by Victor Julien almost 11 years ago

  • Assignee set to OISF Dev
Actions #9

Updated by Victor Julien almost 11 years ago

  • Target version changed from 2.0rc1 to 2.0rc2
Actions #10

Updated by Victor Julien over 10 years ago

  • Assignee changed from OISF Dev to Victor Julien
Actions #11

Updated by Victor Julien over 10 years ago

  • Status changed from New to Closed
  • % Done changed from 0 to 100

Updated default config to disable emerging-icmp.rules, updated the ruleset that is downloaded, so these issues should be gone.

https://github.com/inliniac/suricata/pull/870

Actions #12

Updated by Victor Julien over 10 years ago

  • Tracker changed from Optimization to Bug
  • Subject changed from Suricata version 1.4.6 RELEASE - rules warnings and errors to default config generates rule warnings and errors
Actions

Also available in: Atom PDF