Documentation #7138
Updated by Lu 99 5 months ago
Hi ! how are you. Thanks for this great tool.
I'm on a Ubuntu based system and installed suricata 7.0.6
I follwed "security advice":https://docs.suricata.io/en/latest/security.html and I'm runing suricata as suricata user.
Then I followed instructions to add a new ruleset:
<pre>
sudo suricata-update enable-source oisf/trafficid
</pre>
But when trying to update and merge the ruleset, I got this error:
<pre>
sudo suricata-update
[...]
4/7/2024 -- 11:30:06 - <Info> -- Enabled 136 rules for flowbit dependencies.
4/7/2024 -- 11:30:06 - <Info> -- Backing up current rules.
4/7/2024 -- 11:30:08 - <Info> -- Writing rules to /var/lib/suricata/rules/suricata.rules: total: 50940; enabled: 38724; added: 34; removed 0; modified: 0
4/7/2024 -- 11:30:08 - <Info> -- Writing /var/lib/suricata/rules/classification.config
4/7/2024 -- 11:30:08 - <Info> -- Testing with suricata -T.
4/7/2024 -- 11:30:08 - <Error> -- Error opening file: "/tmp/tmpror979xf/fast.log": Permission denied
4/7/2024 -- 11:30:08 - <Error> -- output module "fast": setup failed
4/7/2024 -- 11:30:08 - <Error> -- Suricata test failed, aborting.
4/7/2024 -- 11:30:08 - <Error> -- Restoring previous rules.
</pre>
I guess is easy to solve changing some permissions at /tmp or adding suricata to some group, but not sure exactly what the best way and would be nice to do it together and improve documentation.
Back