Fedora has issued an advisory on July 20: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JJWELU75TPOICUA2UGNZDY7QQJBB7HYJ/ For Cauldron, version 7.0.6 will fix those problems. For Mageia 9, version 6.0.20 will fix at least CVE-2024-37151 and CVE-2024-38535.
Whiteboard: (none) => MGA9TOOSource RPM: (none) => suricata-7.0.1-2.mga10.src.rpmCVE: (none) => CVE-2024-37151, CVE-2024-38534, CVE-2024-38535, CVE-2024-38536Status comment: (none) => Fixed upstream in 7.0.6 and, maybe partially, 6.0.20
Assigning to DavidG who now nurses this pkg.
Assignee: bugsquad => geiger.david68210
Fixed for Cauldron! mga9 fails to build for now :(
Whiteboard: MGA9TOO => (none)Version: Cauldron => 9
Assigning to QA, Packages in 9/Core/Updates_testing: ====================== lib64htp-devel-6.0.20-1.mga9 lib64htp2-6.0.20-1.mga9 libhtp-devel-6.0.20-1.mga9 libhtp2-6.0.20-1.mga9 suricata-6.0.20-1.mga9 From SRPMS: suricata-6.0.20-1.mga9.src.rpm
Assignee: geiger.david68210 => qa-bugs
Keywords: (none) => advisory
RH x86_64 LC_ALL=C urpmi --auto --auto-update medium "QA Testing (64-bit)" is up-to-date medium "Core Release (distrib1)" is up-to-date medium "Core Updates (distrib3)" is up-to-date medium "Nonfree Release (distrib11)" is up-to-date medium "Nonfree Updates (distrib13)" is up-to-date medium "Tainted Release (distrib21)" is up-to-date medium "Tainted Updates (distrib23)" is up-to-date medium "Core 32bit Release (distrib31)" is up-to-date medium "Core 32bit Updates (distrib32)" is up-to-date medium "Nonfree 32bit Release (distrib36)" is up-to-date medium "Tainted 32bit Release (distrib41)" is up-to-date medium "Tainted 32bit Updates (distrib42)" is up-to-date installing lib64htp2-6.0.20-1.mga9.x86_64.rpm suricata-6.0.20-1.mga9.x86_64.rpm from //home/katnatek/qa-testing/x86_64 Preparing... ################################################################################################## 1/2: lib64htp2 ################################################################################################## 2/2: suricata ################################################################################################## 1/2: removing suricata-6.0.13-1.mga9.x86_64 ################################################################################################## 2/2: removing lib64htp2-6.0.13-1.mga9.x86_64 ################################################################################################## Reference Bug#30375 comment#8 suricata -v Suricata 6.0.20 USAGE: suricata [OPTIONS] [BPF FILTER] -c <path> : path to configuration file -T : test configuration file (use with -c) -i <dev or ip> : run in pcap live mode -F <bpf filter file> : bpf filter file -r <path> : run in pcap file/offline mode -q <qid[:qid]> : run in inline nfqueue mode (use colon to specify a range of queues) -s <path> : path to signature file loaded in addition to suricata.yaml settings (optional) -S <path> : path to signature file loaded exclusively (optional) -l <dir> : default log directory -D : run as daemon -k [all|none] : force checksum check (all) or disabled it (none) -V : display Suricata version -v : be more verbose (use multiple times to increase verbosity) --list-app-layer-protos : list supported app layer protocols --list-keywords[=all|csv|<kword>] : list keywords implemented by the engine --list-runmodes : list supported runmodes --runmode <runmode_id> : specific runmode modification the engine should run. The argument supplied should be the id for the runmode obtained by running --list-runmodes --engine-analysis : print reports on analysis of different sections in the engine and exit. Please have a look at the conf parameter engine-analysis on what reports can be printed --pidfile <file> : write pid to this file --init-errors-fatal : enable fatal failure on signature init error --disable-detection : disable detection engine --dump-config : show the running configuration --dump-features : display provided features --build-info : display build information --pcap[=<dev>] : run in pcap mode, no value select interfaces from suricata.yaml --pcap-file-continuous : when running in pcap mode with a directory, continue checking directory for pcaps until interrupted --pcap-file-delete : when running in replay mode (-r with directory or file), will delete pcap files that have been processed when done --pcap-file-recursive : will descend into subdirectories when running in replay mode (-r) --pcap-buffer-size : size of the pcap buffer value from 0 - 2147483647 --af-packet[=<dev>] : run in af-packet mode, no value select interfaces from suricata.yaml --simulate-ips : force engine into IPS mode. Useful for QA --user <user> : run suricata as this user after init --group <group> : run suricata as this group after init --erf-in <path> : process an ERF file --unix-socket[=<file>] : use unix socket to control suricata work --reject-dev <dev> : send reject packets from this interface --set name=value : set a configuration value To run the engine with default configuration on interface eth0 with signature file "signatures.rules", run the command as: suricata -c suricata.yaml -s signatures.rules -i eth0 suricata -v -i eno1 12/9/2024 -- 12:27:42 - <Notice> - This is Suricata version 6.0.20 RELEASE running in SYSTEM mode 12/9/2024 -- 12:27:42 - <Info> - CPUs/cores online: 4 12/9/2024 -- 12:27:42 - <Info> - Setting engine mode to IDS mode by default 12/9/2024 -- 12:27:42 - <Info> - master exception-policy set to: auto 12/9/2024 -- 12:27:42 - <Info> - Found an MTU of 1500 for 'eno1' 12/9/2024 -- 12:27:42 - <Info> - Found an MTU of 1500 for 'eno1' 12/9/2024 -- 12:27:42 - <Info> - fast output device (regular) initialized: fast.log 12/9/2024 -- 12:27:42 - <Info> - eve-log output device (regular) initialized: eve.json 12/9/2024 -- 12:27:42 - <Info> - stats output device (regular) initialized: stats.log 12/9/2024 -- 12:27:42 - <Info> - Running in live mode, activating unix socket 12/9/2024 -- 12:27:42 - <Warning> - [ERRCODE: SC_ERR_NO_RULES(42)] - No rule files match the pattern /var/lib/suricata/rules/suricata.rules 12/9/2024 -- 12:27:42 - <Warning> - [ERRCODE: SC_ERR_NO_RULES_LOADED(43)] - 1 rule files specified, but no rules were loaded! 12/9/2024 -- 12:27:42 - <Info> - Threshold config parsed: 0 rule(s) found 12/9/2024 -- 12:27:42 - <Info> - 0 signatures processed. 0 are IP-only rules, 0 are inspecting packet payload, 0 inspect application layer, 0 are decoder event only 12/9/2024 -- 12:27:42 - <Info> - Going to use 4 thread(s) 12/9/2024 -- 12:27:42 - <Info> - Running in live mode, activating unix socket 12/9/2024 -- 12:27:42 - <Info> - Using unix socket file '/var/run/suricata/suricata-command.socket' 12/9/2024 -- 12:27:42 - <Notice> - all 4 packet processing threads, 4 management threads initialized, engine started. 12/9/2024 -- 12:27:42 - <Info> - All AFP capture threads are running. 12/9/2024 -- 12:28:11 - <Error> - [ERRCODE: SC_ERR_FATAL(171)] - Hyperscan returned error -1 suricata-update 12/9/2024 -- 12:30:04 - <Info> -- Using data-directory /var/lib/suricata. 12/9/2024 -- 12:30:04 - <Info> -- Using Suricata configuration /etc/suricata/suricata.yaml 12/9/2024 -- 12:30:04 - <Info> -- Using /usr/share/suricata/rules for Suricata provided rules. 12/9/2024 -- 12:30:04 - <Info> -- Found Suricata version 6.0.20 at /usr/bin/suricata. 12/9/2024 -- 12:30:04 - <Info> -- Loading /etc/suricata/suricata.yaml 12/9/2024 -- 12:30:04 - <Info> -- Disabling rules for protocol http2 12/9/2024 -- 12:30:04 - <Info> -- Disabling rules for protocol modbus 12/9/2024 -- 12:30:04 - <Info> -- Disabling rules for protocol dnp3 12/9/2024 -- 12:30:04 - <Info> -- Disabling rules for protocol enip 12/9/2024 -- 12:30:04 - <Info> -- No sources configured, will use Emerging Threats Open 12/9/2024 -- 12:30:04 - <Info> -- Fetching https://rules.emergingthreats.net/open/suricata-6.0.20/emerging.rules.tar.gz. 100% - 4460846/4460846 12/9/2024 -- 12:30:06 - <Info> -- Done. 12/9/2024 -- 12:30:06 - <Info> -- Loading distribution rule file /usr/share/suricata/rules/app-layer-events.rules 12/9/2024 -- 12:30:06 - <Info> -- Loading distribution rule file /usr/share/suricata/rules/decoder-events.rules 12/9/2024 -- 12:30:06 - <Info> -- Loading distribution rule file /usr/share/suricata/rules/dhcp-events.rules 12/9/2024 -- 12:30:06 - <Info> -- Loading distribution rule file /usr/share/suricata/rules/dnp3-events.rules 12/9/2024 -- 12:30:06 - <Info> -- Loading distribution rule file /usr/share/suricata/rules/dns-events.rules 12/9/2024 -- 12:30:06 - <Info> -- Loading distribution rule file /usr/share/suricata/rules/files.rules 12/9/2024 -- 12:30:06 - <Info> -- Loading distribution rule file /usr/share/suricata/rules/http-events.rules 12/9/2024 -- 12:30:06 - <Info> -- Loading distribution rule file /usr/share/suricata/rules/ipsec-events.rules 12/9/2024 -- 12:30:06 - <Info> -- Loading distribution rule file /usr/share/suricata/rules/kerberos-events.rules 12/9/2024 -- 12:30:06 - <Info> -- Loading distribution rule file /usr/share/suricata/rules/modbus-events.rules 12/9/2024 -- 12:30:06 - <Info> -- Loading distribution rule file /usr/share/suricata/rules/nfs-events.rules 12/9/2024 -- 12:30:06 - <Info> -- Loading distribution rule file /usr/share/suricata/rules/ntp-events.rules 12/9/2024 -- 12:30:06 - <Info> -- Loading distribution rule file /usr/share/suricata/rules/smb-events.rules 12/9/2024 -- 12:30:06 - <Info> -- Loading distribution rule file /usr/share/suricata/rules/smtp-events.rules 12/9/2024 -- 12:30:06 - <Info> -- Loading distribution rule file /usr/share/suricata/rules/stream-events.rules 12/9/2024 -- 12:30:06 - <Info> -- Loading distribution rule file /usr/share/suricata/rules/tls-events.rules 12/9/2024 -- 12:30:06 - <Info> -- Ignoring file rules/emerging-deleted.rules 12/9/2024 -- 12:30:10 - <Info> -- Loaded 52451 rules. 12/9/2024 -- 12:30:10 - <Info> -- Disabled 14 rules. 12/9/2024 -- 12:30:10 - <Info> -- Enabled 0 rules. 12/9/2024 -- 12:30:10 - <Info> -- Modified 0 rules. 12/9/2024 -- 12:30:10 - <Info> -- Dropped 0 rules. 12/9/2024 -- 12:30:11 - <Info> -- Enabled 136 rules for flowbit dependencies. 12/9/2024 -- 12:30:11 - <Info> -- Creating directory /var/lib/suricata/rules. 12/9/2024 -- 12:30:11 - <Info> -- Backing up current rules. 12/9/2024 -- 12:30:11 - <Info> -- Writing rules to /var/lib/suricata/rules/suricata.rules: total: 52451; enabled: 39746; added: 52451; removed 0; modified: 0 12/9/2024 -- 12:30:11 - <Info> -- Writing /var/lib/suricata/rules/classification.config 12/9/2024 -- 12:30:11 - <Info> -- Testing with suricata -T. 12/9/2024 -- 12:30:39 - <Info> -- Done. Similar output diference could be by interface/version Looks OK, but I wait to see if receive other test
CC: (none) => andrewsfarm
Hmmm, problem in getting it. Have core updates testing enabled, but attempting to update fails with: Errors: ...retrieving failed: wget failed: exited with 5 Is this maybe a mirror sync issue? (aarnet.edu.au) or something else? I'm only seeing 6.0.13 without successfully updating
CC: (none) => tablackwell
(In reply to Tony Blackwell from comment #5) > Hmmm, problem in getting it. Have core updates testing enabled, but > attempting to update fails with: > Errors: > ...retrieving failed: wget failed: exited with 5 > > Is this maybe a mirror sync issue? (aarnet.edu.au) or something else? > I'm only seeing 6.0.13 without successfully updating I see this issue, did you have princeton as mirror? If so, then edit your /etc/urpmi/urpmi.cfg and change https to http , if you use mirror list then remove the repositories and set a good shape repository and remember to use the http version for princeton if you select that
MGA9-64 server Plasma Wayland on HP-Pvillion No installation issues. Repeating tests above: $ suricata -v Suricata 6.0.20 USAGE: suricata [OPTIONS] [BPF FILTER] -c <path> : path to configuration file -T : test configuration file (use with -c) -i <dev or ip> : run in pcap live mode -F <bpf filter file> : bpf filter file etc..... # suricata -c suricata.yaml -s signatures.rules -i wlp0s20u2 16/9/2024 -- 11:59:43 - <Error> - [ERRCODE: SC_ERR_FATAL(171)] - failed to open file: suricata.yaml: No such file or directory Checked on older update 30375 # suricata -v -i wlp0s20u2 16/9/2024 -- 12:01:54 - <Notice> - This is Suricata version 6.0.20 RELEASE running in SYSTEM mode 16/9/2024 -- 12:01:54 - <Info> - CPUs/cores online: 4 16/9/2024 -- 12:01:54 - <Info> - Setting engine mode to IDS mode by default 16/9/2024 -- 12:01:54 - <Info> - master exception-policy set to: auto 16/9/2024 -- 12:01:54 - <Info> - Found an MTU of 1500 for 'wlp0s20u2' 16/9/2024 -- 12:01:54 - <Info> - Found an MTU of 1500 for 'wlp0s20u2' 16/9/2024 -- 12:01:54 - <Info> - fast output device (regular) initialized: fast.log 16/9/2024 -- 12:01:54 - <Info> - eve-log output device (regular) initialized: eve.json 16/9/2024 -- 12:01:54 - <Info> - stats output device (regular) initialized: stats.log 16/9/2024 -- 12:01:54 - <Info> - Running in live mode, activating unix socket 16/9/2024 -- 12:01:54 - <Warning> - [ERRCODE: SC_ERR_NO_RULES(42)] - No rule files match the pattern /var/lib/suricata/rules/suricata.rules 16/9/2024 -- 12:01:54 - <Warning> - [ERRCODE: SC_ERR_NO_RULES_LOADED(43)] - 1 rule files specified, but no rules were loaded! 16/9/2024 -- 12:01:54 - <Info> - Threshold config parsed: 0 rule(s) found 16/9/2024 -- 12:01:54 - <Info> - 0 signatures processed. 0 are IP-only rules, 0 are inspecting packet payload, 0 inspect application layer, 0 are decoder event only 16/9/2024 -- 12:01:55 - <Info> - Going to use 4 thread(s) 16/9/2024 -- 12:01:55 - <Info> - Running in live mode, activating unix socket 16/9/2024 -- 12:01:55 - <Info> - Using unix socket file '/var/run/suricata/suricata-command.socket' 16/9/2024 -- 12:01:55 - <Notice> - all 4 packet processing threads, 4 management threads initialized, engine started. 16/9/2024 -- 12:01:55 - <Info> - All AFP capture threads are running. ^C16/9/2024 -- 12:03:15 - <Notice> - Signal Received. Stopping engine. 16/9/2024 -- 12:03:16 - <Info> - time elapsed 81.101s 16/9/2024 -- 12:03:17 - <Info> - Alerts: 0 16/9/2024 -- 12:03:17 - <Info> - cleaning up signature grouping structure... complete 16/9/2024 -- 12:03:17 - <Notice> - Stats for 'wlp0s20u2': pkts: 124, drop: 0 (0.00%), invalid chksum: 0 Looks same as older test # suricata-update 16/9/2024 -- 12:04:45 - <Info> -- Using data-directory /var/lib/suricata. 16/9/2024 -- 12:04:45 - <Info> -- Using Suricata configuration /etc/suricata/suricata.yaml 16/9/2024 -- 12:04:45 - <Info> -- Using /usr/share/suricata/rules for Suricata provided rules. 16/9/2024 -- 12:04:45 - <Info> -- Found Suricata version 6.0.20 at /usr/bin/suricata. 16/9/2024 -- 12:04:45 - <Info> -- Loading /etc/suricata/suricata.yaml 16/9/2024 -- 12:04:45 - <Info> -- Disabling rules for protocol http2 16/9/2024 -- 12:04:45 - <Info> -- Disabling rules for protocol modbus 16/9/2024 -- 12:04:45 - <Info> -- Disabling rules for protocol dnp3 16/9/2024 -- 12:04:45 - <Info> -- Disabling rules for protocol enip 16/9/2024 -- 12:04:45 - <Info> -- No sources configured, will use Emerging Threats Open 16/9/2024 -- 12:04:45 - <Info> -- Fetching https://rules.emergingthreats.net/open/suricata-6.0.20/emerging.rules.tar.gz. 100% - 4466621/4466621 16/9/2024 -- 12:04:47 - <Info> -- Done. 16/9/2024 -- 12:04:47 - <Info> -- Loading distribution rule file /usr/share/suricata/rules/app-layer-events.rules 16/9/2024 -- 12:04:47 - <Info> -- Loading distribution rule file /usr/share/suricata/rules/decoder-events.rules 16/9/2024 -- 12:04:47 - <Info> -- Loading distribution rule file /usr/share/suricata/rules/dhcp-events.rules 16/9/2024 -- 12:04:47 - <Info> -- Loading distribution rule file /usr/share/suricata/rules/dnp3-events.rules 16/9/2024 -- 12:04:47 - <Info> -- Loading distribution rule file /usr/share/suricata/rules/dns-events.rules 16/9/2024 -- 12:04:47 - <Info> -- Loading distribution rule file /usr/share/suricata/rules/files.rules 16/9/2024 -- 12:04:47 - <Info> -- Loading distribution rule file /usr/share/suricata/rules/http-events.rules 16/9/2024 -- 12:04:47 - <Info> -- Loading distribution rule file /usr/share/suricata/rules/ipsec-events.rules 16/9/2024 -- 12:04:47 - <Info> -- Loading distribution rule file /usr/share/suricata/rules/kerberos-events.rules 16/9/2024 -- 12:04:47 - <Info> -- Loading distribution rule file /usr/share/suricata/rules/modbus-events.rules 16/9/2024 -- 12:04:47 - <Info> -- Loading distribution rule file /usr/share/suricata/rules/nfs-events.rules 16/9/2024 -- 12:04:47 - <Info> -- Loading distribution rule file /usr/share/suricata/rules/ntp-events.rules 16/9/2024 -- 12:04:47 - <Info> -- Loading distribution rule file /usr/share/suricata/rules/smb-events.rules 16/9/2024 -- 12:04:47 - <Info> -- Loading distribution rule file /usr/share/suricata/rules/smtp-events.rules 16/9/2024 -- 12:04:47 - <Info> -- Loading distribution rule file /usr/share/suricata/rules/stream-events.rules 16/9/2024 -- 12:04:47 - <Info> -- Loading distribution rule file /usr/share/suricata/rules/tls-events.rules 16/9/2024 -- 12:04:48 - <Info> -- Ignoring file rules/emerging-deleted.rules 16/9/2024 -- 12:04:58 - <Info> -- Loaded 52478 rules. 16/9/2024 -- 12:05:00 - <Info> -- Disabled 14 rules. 16/9/2024 -- 12:05:00 - <Info> -- Enabled 0 rules. 16/9/2024 -- 12:05:00 - <Info> -- Modified 0 rules. 16/9/2024 -- 12:05:00 - <Info> -- Dropped 0 rules. 16/9/2024 -- 12:05:01 - <Info> -- Enabled 136 rules for flowbit dependencies. 16/9/2024 -- 12:05:01 - <Info> -- Creating directory /var/lib/suricata/rules. 16/9/2024 -- 12:05:01 - <Info> -- Backing up current rules. 16/9/2024 -- 12:05:02 - <Info> -- Writing rules to /var/lib/suricata/rules/suricata.rules: total: 52478; enabled: 39736; added: 52478; removed 0; modified: 0 16/9/2024 -- 12:05:02 - <Info> -- Writing /var/lib/suricata/rules/classification.config 16/9/2024 -- 12:05:03 - <Info> -- Testing with suricata -T. 16/9/2024 -- 12:06:09 - <Info> -- Done. Aha, that shows me the location of suricata.yaml, so # suricata -c /etc/suricata/suricata.yaml -s signatures.rules -i wlp0s20u2 16/9/2024 -- 13:54:39 - <Notice> - This is Suricata version 6.0.20 RELEASE running in SYSTEM mode 16/9/2024 -- 13:55:05 - <Warning> - [ERRCODE: SC_ERR_NO_RULES(42)] - No rule files match the pattern signatures.rules 16/9/2024 -- 13:55:46 - <Notice> - all 4 packet processing threads, 4 management threads initialized, engine started. 16/9/2024 -- 13:55:51 - <Error> - [ERRCODE: SC_ERR_FATAL(171)] - Hyperscan returned error -1 16/9/2024 -- 13:55:51 - <Error> - [ERRCODE: SC_ERR_FATAL(171)] - Hyperscan returned error -1 That is the same error as in Comment 4. If katnanek is happy with that, who am I to disagree. Leaving the honor to katnanek to OK the update.
CC: (none) => herman.viaene
(In reply to Herman Viaene from comment #7) > # suricata -c suricata.yaml -s signatures.rules -i wlp0s20u2 > 16/9/2024 -- 11:59:43 - <Error> - [ERRCODE: SC_ERR_FATAL(171)] - failed to > open file: suricata.yaml: No such file or directory Sorry that line is part of the output of suricata -v > Checked on older update 30375 > > # suricata -v -i wlp0s20u2 > 16/9/2024 -- 12:01:54 - <Notice> - This is Suricata version 6.0.20 RELEASE > running in SYSTEM mode > 16/9/2024 -- 12:01:54 - <Info> - CPUs/cores online: 4 > 16/9/2024 -- 12:01:54 - <Info> - Setting engine mode to IDS mode by default > 16/9/2024 -- 12:01:54 - <Info> - master exception-policy set to: auto > 16/9/2024 -- 12:01:54 - <Info> - Found an MTU of 1500 for 'wlp0s20u2' > 16/9/2024 -- 12:01:54 - <Info> - Found an MTU of 1500 for 'wlp0s20u2' > 16/9/2024 -- 12:01:54 - <Info> - fast output device (regular) initialized: > fast.log > 16/9/2024 -- 12:01:54 - <Info> - eve-log output device (regular) > initialized: eve.json > 16/9/2024 -- 12:01:54 - <Info> - stats output device (regular) initialized: > stats.log > 16/9/2024 -- 12:01:54 - <Info> - Running in live mode, activating unix socket > 16/9/2024 -- 12:01:54 - <Warning> - [ERRCODE: SC_ERR_NO_RULES(42)] - No rule > files match the pattern /var/lib/suricata/rules/suricata.rules > 16/9/2024 -- 12:01:54 - <Warning> - [ERRCODE: SC_ERR_NO_RULES_LOADED(43)] - > 1 rule files specified, but no rules were loaded! > 16/9/2024 -- 12:01:54 - <Info> - Threshold config parsed: 0 rule(s) found > 16/9/2024 -- 12:01:54 - <Info> - 0 signatures processed. 0 are IP-only > rules, 0 are inspecting packet payload, 0 inspect application layer, 0 are > decoder event only > 16/9/2024 -- 12:01:55 - <Info> - Going to use 4 thread(s) > 16/9/2024 -- 12:01:55 - <Info> - Running in live mode, activating unix socket > 16/9/2024 -- 12:01:55 - <Info> - Using unix socket file > '/var/run/suricata/suricata-command.socket' > 16/9/2024 -- 12:01:55 - <Notice> - all 4 packet processing threads, 4 > management threads initialized, engine started. > 16/9/2024 -- 12:01:55 - <Info> - All AFP capture threads are running. > ^C16/9/2024 -- 12:03:15 - <Notice> - Signal Received. Stopping engine. > 16/9/2024 -- 12:03:16 - <Info> - time elapsed 81.101s > 16/9/2024 -- 12:03:17 - <Info> - Alerts: 0 > 16/9/2024 -- 12:03:17 - <Info> - cleaning up signature grouping structure... > complete > 16/9/2024 -- 12:03:17 - <Notice> - Stats for 'wlp0s20u2': pkts: 124, drop: > 0 (0.00%), invalid chksum: 0 > Looks same as older test > > # suricata-update > 16/9/2024 -- 12:04:45 - <Info> -- Using data-directory /var/lib/suricata. > 16/9/2024 -- 12:04:45 - <Info> -- Using Suricata configuration > /etc/suricata/suricata.yaml > 16/9/2024 -- 12:04:45 - <Info> -- Using /usr/share/suricata/rules for > Suricata provided rules. > 16/9/2024 -- 12:04:45 - <Info> -- Found Suricata version 6.0.20 at > /usr/bin/suricata. > 16/9/2024 -- 12:04:45 - <Info> -- Loading /etc/suricata/suricata.yaml > 16/9/2024 -- 12:04:45 - <Info> -- Disabling rules for protocol http2 > 16/9/2024 -- 12:04:45 - <Info> -- Disabling rules for protocol modbus > 16/9/2024 -- 12:04:45 - <Info> -- Disabling rules for protocol dnp3 > 16/9/2024 -- 12:04:45 - <Info> -- Disabling rules for protocol enip > 16/9/2024 -- 12:04:45 - <Info> -- No sources configured, will use Emerging > Threats Open > 16/9/2024 -- 12:04:45 - <Info> -- Fetching > https://rules.emergingthreats.net/open/suricata-6.0.20/emerging.rules.tar.gz. > 100% - 4466621/4466621 > 16/9/2024 -- 12:04:47 - <Info> -- Done. > 16/9/2024 -- 12:04:47 - <Info> -- Loading distribution rule file > /usr/share/suricata/rules/app-layer-events.rules > 16/9/2024 -- 12:04:47 - <Info> -- Loading distribution rule file > /usr/share/suricata/rules/decoder-events.rules > 16/9/2024 -- 12:04:47 - <Info> -- Loading distribution rule file > /usr/share/suricata/rules/dhcp-events.rules > 16/9/2024 -- 12:04:47 - <Info> -- Loading distribution rule file > /usr/share/suricata/rules/dnp3-events.rules > 16/9/2024 -- 12:04:47 - <Info> -- Loading distribution rule file > /usr/share/suricata/rules/dns-events.rules > 16/9/2024 -- 12:04:47 - <Info> -- Loading distribution rule file > /usr/share/suricata/rules/files.rules > 16/9/2024 -- 12:04:47 - <Info> -- Loading distribution rule file > /usr/share/suricata/rules/http-events.rules > 16/9/2024 -- 12:04:47 - <Info> -- Loading distribution rule file > /usr/share/suricata/rules/ipsec-events.rules > 16/9/2024 -- 12:04:47 - <Info> -- Loading distribution rule file > /usr/share/suricata/rules/kerberos-events.rules > 16/9/2024 -- 12:04:47 - <Info> -- Loading distribution rule file > /usr/share/suricata/rules/modbus-events.rules > 16/9/2024 -- 12:04:47 - <Info> -- Loading distribution rule file > /usr/share/suricata/rules/nfs-events.rules > 16/9/2024 -- 12:04:47 - <Info> -- Loading distribution rule file > /usr/share/suricata/rules/ntp-events.rules > 16/9/2024 -- 12:04:47 - <Info> -- Loading distribution rule file > /usr/share/suricata/rules/smb-events.rules > 16/9/2024 -- 12:04:47 - <Info> -- Loading distribution rule file > /usr/share/suricata/rules/smtp-events.rules > 16/9/2024 -- 12:04:47 - <Info> -- Loading distribution rule file > /usr/share/suricata/rules/stream-events.rules > 16/9/2024 -- 12:04:47 - <Info> -- Loading distribution rule file > /usr/share/suricata/rules/tls-events.rules > 16/9/2024 -- 12:04:48 - <Info> -- Ignoring file rules/emerging-deleted.rules > 16/9/2024 -- 12:04:58 - <Info> -- Loaded 52478 rules. > 16/9/2024 -- 12:05:00 - <Info> -- Disabled 14 rules. > 16/9/2024 -- 12:05:00 - <Info> -- Enabled 0 rules. > 16/9/2024 -- 12:05:00 - <Info> -- Modified 0 rules. > 16/9/2024 -- 12:05:00 - <Info> -- Dropped 0 rules. > 16/9/2024 -- 12:05:01 - <Info> -- Enabled 136 rules for flowbit dependencies. > 16/9/2024 -- 12:05:01 - <Info> -- Creating directory /var/lib/suricata/rules. > 16/9/2024 -- 12:05:01 - <Info> -- Backing up current rules. > 16/9/2024 -- 12:05:02 - <Info> -- Writing rules to > /var/lib/suricata/rules/suricata.rules: total: 52478; enabled: 39736; added: > 52478; removed 0; modified: 0 > 16/9/2024 -- 12:05:02 - <Info> -- Writing > /var/lib/suricata/rules/classification.config > 16/9/2024 -- 12:05:03 - <Info> -- Testing with suricata -T. > 16/9/2024 -- 12:06:09 - <Info> -- Done. > > Aha, that shows me the location of suricata.yaml, so > # suricata -c /etc/suricata/suricata.yaml -s signatures.rules -i wlp0s20u2 > 16/9/2024 -- 13:54:39 - <Notice> - This is Suricata version 6.0.20 RELEASE > running in SYSTEM mode > 16/9/2024 -- 13:55:05 - <Warning> - [ERRCODE: SC_ERR_NO_RULES(42)] - No rule > files match the pattern signatures.rules > 16/9/2024 -- 13:55:46 - <Notice> - all 4 packet processing threads, 4 > management threads initialized, engine started. > 16/9/2024 -- 13:55:51 - <Error> - [ERRCODE: SC_ERR_FATAL(171)] - Hyperscan > returned error -1 > 16/9/2024 -- 13:55:51 - <Error> - [ERRCODE: SC_ERR_FATAL(171)] - Hyperscan > returned error -1 > That is the same error as in Comment 4. If katnanek is happy with that, who > am I to disagree. Leaving the honor to katnanek to OK the update. Thanks for the trust vote, but I'm just OK seeing that your output is similar to previous and now suricata -v shows something.
Whiteboard: (none) => MGA9-64-OK
Validating.
CC: (none) => sysadmin-bugsKeywords: (none) => validated_update
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2024-0306.html
Status: NEW => RESOLVEDResolution: (none) => FIXED