Fedora has issued an advisory today (May 7): https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/ZFDZEYHMOYBANQU6NAZYRPEDAPRZEXET/ Issues were found via fuzz testing and fixed in 5.0.3 and 4.1.8: https://suricata-ids.org/2020/04/28/suricata-4-1-8-released/
Guillaume is the active maintainer, so assigning this to you.
Assignee: bugsquad => guillomovitch
Updated package uploaded by Guillaume. Advisory: ======================== Updated suricata packages fix security vulnerabilities: The suricata package has been updated to version 4.1.8, which fixes security issues and other bugs. See the upstream announcements for details. References: https://suricata-ids.org/2020/02/13/suricata-4-1-7-released/ https://suricata-ids.org/2020/04/28/suricata-4-1-8-released/ ======================== Updated packages in core/updates_testing: ======================== suricata-4.1.8-1.mga7 libhtp2-4.1.8-1.mga7 libhtp-devel-4.1.8-1.mga7 from suricata-4.1.8-1.mga7.src.rpm
Assignee: guillomovitch => qa-bugsCC: (none) => guillomovitch
MGA7-64 Plasma on Lenovo B50 No installation issues. Ref to bug 25956 for testing, got a bit further, but still.... This laptop connects with wifi. # suricata-update 10/5/2020 -- 10:31:37 - <Info> -- Using data-directory /var/lib/suricata. 10/5/2020 -- 10:31:37 - <Info> -- Using Suricata configuration /etc/suricata/suricata.yaml 10/5/2020 -- 10:31:37 - <Info> -- Using /etc/suricata/rules for Suricata provided rules. 10/5/2020 -- 10:31:37 - <Info> -- Found Suricata version 4.1.8 at /usr/sbin/suricata. 10/5/2020 -- 10:31:37 - <Info> -- Loading /etc/suricata/suricata.yaml and a lot more and at the end: 10/5/2020 -- 10:31:42 - <Info> -- Loaded 26836 rules. 10/5/2020 -- 10:31:43 - <Info> -- Disabled 14 rules. 10/5/2020 -- 10:31:43 - <Info> -- Enabled 0 rules. 10/5/2020 -- 10:31:43 - <Info> -- Modified 0 rules. 10/5/2020 -- 10:31:43 - <Info> -- Dropped 0 rules. 10/5/2020 -- 10:31:43 - <Info> -- Enabled 124 rules for flowbit dependencies. 10/5/2020 -- 10:31:43 - <Info> -- Creating directory /var/lib/suricata/rules. 10/5/2020 -- 10:31:43 - <Info> -- Backing up current rules. 10/5/2020 -- 10:31:43 - <Info> -- Writing rules to /var/lib/suricata/rules/suricata.rules: total: 26836; enabled: 20128; added: 26836; removed 0; modified: 0 10/5/2020 -- 10:31:43 - <Info> -- Testing with suricata -T. 10/5/2020 -- 10:32:04 - <Info> -- Done. So that seems OK. # systemctl start suricata No feedback from this command, usuallythis meas it's OK, but # systemctl -l status suricata ● suricata.service - Suricata Intrusion Detection Service Loaded: loaded (/usr/lib/systemd/system/suricata.service; disabled; vendor preset: disabled) Active: failed (Result: exit-code) since Sun 2020-05-10 10:32:38 CEST; 19s ago Process: 16888 ExecStart=/sbin/suricata -c /etc/suricata/suricata.yaml $OPTIONS (code=exited, status=1/FAILURE) Main PID: 16888 (code=exited, status=1/FAILURE) May 10 10:32:38 mach5.hviaene.thuis suricata[16888]: 10/5/2020 -- 10:32:38 - <Warning> - [ERRCODE: SC_ERR_SYSCALL(50)] - F> May 10 10:32:38 mach5.hviaene.thuis suricata[16888]: 10/5/2020 -- 10:32:38 - <Warning> - [ERRCODE: SC_ERR_NO_RULES(42)] - > May 10 10:32:38 mach5.hviaene.thuis suricata[16888]: 10/5/2020 -- 10:32:38 - <Warning> - [ERRCODE: SC_ERR_NO_RULES_LOADED(> May 10 10:32:38 mach5.hviaene.thuis suricata[16888]: 10/5/2020 -- 10:32:38 - <Error> - [ERRCODE: SC_ERR_AFP_CREATE(190)] -> May 10 10:32:38 mach5.hviaene.thuis suricata[16888]: 10/5/2020 -- 10:32:38 - <Notice> - all 4 packet processing threads, 4> May 10 10:32:38 mach5.hviaene.thuis suricata[16888]: 10/5/2020 -- 10:32:38 - <Error> - [ERRCODE: SC_ERR_AFP_CREATE(190)] -> May 10 10:32:38 mach5.hviaene.thuis suricata[16888]: 10/5/2020 -- 10:32:38 - <Error> - [ERRCODE: SC_ERR_AFP_CREATE(190)] -> May 10 10:32:38 mach5.hviaene.thuis suricata[16888]: 10/5/2020 -- 10:32:38 - <Error> - [ERRCODE: SC_ERR_FATAL(171)] - thre> May 10 10:32:38 mach5.hviaene.thuis systemd[1]: suricata.service: Main process exited, code=exited, status=1/FAILURE May 10 10:32:38 mach5.hviaene.thuis systemd[1]: suricata.service: Failed with result 'exit-code'. # tail /var/log/suricata/suricata.log 10/5/2020 -- 10:32:38 - <Notice> - This is Suricata version 4.1.8 RELEASE 10/5/2020 -- 10:32:38 - <Warning> - [ERRCODE: SC_ERR_SYSCALL(50)] - Failure when trying to get MTU via ioctl for 'eth0': No such device (19) 10/5/2020 -- 10:32:38 - <Warning> - [ERRCODE: SC_ERR_SYSCALL(50)] - Failure when trying to get MTU via ioctl for 'eth0': No such device (19) 10/5/2020 -- 10:32:38 - <Warning> - [ERRCODE: SC_ERR_NO_RULES(42)] - No rule files match the pattern /var/lib/suricata/rules/suricata.rules 10/5/2020 -- 10:32:38 - <Warning> - [ERRCODE: SC_ERR_NO_RULES_LOADED(43)] - 1 rule files specified, but no rule was loaded at all! 10/5/2020 -- 10:32:38 - <Error> - [ERRCODE: SC_ERR_AFP_CREATE(190)] - Unable to find type for iface "eth0": No such device 10/5/2020 -- 10:32:38 - <Notice> - all 4 packet processing threads, 4 management threads initialized, engine started. 10/5/2020 -- 10:32:38 - <Error> - [ERRCODE: SC_ERR_AFP_CREATE(190)] - Unable to find iface eth0: No such device 10/5/2020 -- 10:32:38 - <Error> - [ERRCODE: SC_ERR_AFP_CREATE(190)] - Couldn't init AF_PACKET socket, fatal error 10/5/2020 -- 10:32:38 - <Error> - [ERRCODE: SC_ERR_FATAL(171)] - thread W#01-eth0 failed Went into /etc/suricata/suricata.yaml file and replaced eth0 with wmp9s0, andd tried again, but same failure on eth0. Then # suricata -D -i wlp9s0 10/5/2020 -- 10:45:26 - <Notice> - This is Suricata version 4.1.8 RELEASE and # systemctl -l status suricata ● suricata.service - Suricata Intrusion Detection Service Loaded: loaded (/usr/lib/systemd/system/suricata.service; disabled; vendor preset: disabled) Active: failed (Result: exit-code) since Sun 2020-05-10 10:42:03 CEST; 3min 58s ago Process: 19266 ExecStart=/sbin/suricata -c /etc/suricata/suricata.yaml $OPTIONS (code=exited, status=1/FAILURE) Main PID: 19266 (code=exited, status=1/FAILURE) May 10 10:42:03 mach5.hviaene.thuis suricata[19266]: 10/5/2020 -- 10:42:03 - <Warning> - [ERRCODE: SC_ERR_SYSCALL(50)] - F> May 10 10:42:03 mach5.hviaene.thuis suricata[19266]: 10/5/2020 -- 10:42:03 - <Warning> - [ERRCODE: SC_ERR_NO_RULES(42)] - > May 10 10:42:03 mach5.hviaene.thuis suricata[19266]: 10/5/2020 -- 10:42:03 - <Warning> - [ERRCODE: SC_ERR_NO_RULES_LOADED(> May 10 10:42:03 mach5.hviaene.thuis suricata[19266]: 10/5/2020 -- 10:42:03 - <Error> - [ERRCODE: SC_ERR_AFP_CREATE(190)] -> May 10 10:42:03 mach5.hviaene.thuis suricata[19266]: 10/5/2020 -- 10:42:03 - <Notice> - all 4 packet processing threads, 4> May 10 10:42:03 mach5.hviaene.thuis suricata[19266]: 10/5/2020 -- 10:42:03 - <Error> - [ERRCODE: SC_ERR_AFP_CREATE(190)] -> May 10 10:42:03 mach5.hviaene.thuis suricata[19266]: 10/5/2020 -- 10:42:03 - <Error> - [ERRCODE: SC_ERR_AFP_CREATE(190)] -> May 10 10:42:03 mach5.hviaene.thuis suricata[19266]: 10/5/2020 -- 10:42:03 - <Error> - [ERRCODE: SC_ERR_FATAL(171)] - thre> May 10 10:42:03 mach5.hviaene.thuis systemd[1]: suricata.service: Main process exited, code=exited, status=1/FAILURE May 10 10:42:03 mach5.hviaene.thuis systemd[1]: suricata.service: Failed with result 'exit-code'. # ps aux | grep suricata root 3401 0.0 0.0 9044 872 pts/1 S+ 10:46 0:00 grep --color suricata root 31930 33.5 3.8 921348 307612 ? Ssl 10:45 0:21 suricata -D -i wlp9s0 [root@mach5 ~]# tail /var/log/suricata/suricata.log ...snip..... 10/5/2020 -- 10:45:26 - <Notice> - This is Suricata version 4.1.8 RELEASE 10/5/2020 -- 10:45:47 - <Warning> - [ERRCODE: SC_ERR_SYSCALL(50)] - Failure when trying to set feature via ioctl for 'wlp9s0': Operation not supported (95) 10/5/2020 -- 10:45:47 - <Notice> - all 4 packet processing threads, 4 management threads initialized, engine started. Googled on that error and found (a.o.) https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=895342 Not very hopefull....
CC: (none) => herman.viaene
The debian bug is about suricata not detecting automatically the network interface to use, which is not your case. Your problem is more likely related to optional features not supported by your network interface, such as explained here: https://redmine.openinfosecfoundation.org/issues/1976 Anyway, that's just a warning, and unlikely to be a regression from version shipped with mageia 7.
@Guillaume I found that bug report as well while googling, but being more than 3 years old... Anyway, tx for reviewing this. OK'ing then.
Whiteboard: (none) => MGA7-64-OK
Thanks. Validating. Advisory in Comment 2.
Keywords: (none) => validated_updateCC: (none) => andrewsfarm, sysadmin-bugs
Keywords: (none) => advisoryCC: (none) => tmb
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2020-0214.html
Status: NEW => RESOLVEDResolution: (none) => FIXED