Project

General

Profile

Documentation #7138

Updated by Lu 99 5 months ago

Hi ! how are you. Thanks for this great tool.  

 I'm on a Ubuntu based system and installed suricata 7.0.6 

 I follwed "security advice":https://docs.suricata.io/en/latest/security.html and I'm runing suricata as suricata user.  

 Then I followed instructions to add a new ruleset: 
 <pre> 
 sudo suricata-update enable-source oisf/trafficid 
 </pre> 

 But when trying to update and merge the ruleset, I got this error: 
 <pre> 
 sudo suricata-update 
 [...] 
 4/7/2024 -- 11:30:06 - <Info> -- Enabled 136 rules for flowbit dependencies. 
 4/7/2024 -- 11:30:06 - <Info> -- Backing up current rules. 
 4/7/2024 -- 11:30:08 - <Info> -- Writing rules to /var/lib/suricata/rules/suricata.rules: total: 50940; enabled: 38724; added: 34; removed 0; modified: 0 
 4/7/2024 -- 11:30:08 - <Info> -- Writing /var/lib/suricata/rules/classification.config 
 4/7/2024 -- 11:30:08 - <Info> -- Testing with suricata -T. 
 4/7/2024 -- 11:30:08 - <Error> -- Error opening file: "/tmp/tmpror979xf/fast.log": Permission denied 
 4/7/2024 -- 11:30:08 - <Error> -- output module "fast": setup failed 
 4/7/2024 -- 11:30:08 - <Error> -- Suricata test failed, aborting. 
 4/7/2024 -- 11:30:08 - <Error> -- Restoring previous rules. 
 </pre> 

 I guess is easy to solve changing some permissions at /tmp or adding suricata to some group, but not sure exactly what the best way and would be nice to do it together and improve documentation.

Back