Package Details: suricata 7.0.3-1

Git Clone URL: https://aur.archlinux.org/suricata.git (read-only, click to copy)
Package Base: suricata
Description: A high performance Network IDS, IPS and Network Security Monitoring engine
Upstream URL: https://suricata.io/
Licenses: GPL2
Conflicts: suricata-nfqueue
Submitter: Dragonlord
Maintainer: jskier (amish)
Last Packager: jskier
Votes: 32
Popularity: 0.009563
First Submitted: 2010-01-03 21:02 (UTC)
Last Updated: 2024-02-26 15:11 (UTC)

Latest Comments

1 2 3 4 5 6 Next › Last »

SoBC commented on 2023-08-01 10:33 (UTC) (edited on 2023-08-01 10:33 (UTC) by SoBC)

Hi, seems like libunwind and libbpf are missing as dependencies, as configuration yields the following error:

checking for unw_backtrace in -lunwind... no

   libunwind library and development headers not found
   stacktrace on unexpected termination due to signal not possible

checking for elf_begin in -lelf... (cached) yes
checking for bpf_object__open in -lbpf... no

   libbpf library and development headers not found but
   needed to use eBPF code. It can be found at
   https://github.com/libbpf/libbpf

stimunix commented on 2023-05-01 18:46 (UTC)

Hi jskier,

Assuming a search key-id to your name, which one is in use for the package? I'd like to only grab the one I need.

jskier commented on 2023-05-01 16:46 (UTC)

@stimunix, read this: https://wiki.archlinux.org/title/GnuPG#Searching_and_receiving_keys

stimunix commented on 2023-05-01 16:08 (UTC) (edited on 2023-05-01 16:09 (UTC) by stimunix)

Hello, I tried to install the package, however I got the following error.

==> Verifying source file signatures with gpg...
suricata-6.0.10.tar.gz ... FAILED (unknown public key 2BA9C98CCDF1E93A)
==> ERROR: One or more PGP signatures could not be verified!

jnbrains commented on 2023-01-19 16:39 (UTC)

In what way does this package 'conflicts' with rustup!?

jskier commented on 2023-01-06 17:06 (UTC)

@k96hkh, interesting, I was able to replicate this. The run-as config delegates the daemon to the suricata user / group, which is a problem because I believe this fast.log is set to root permissions.

I'll try to think of a solution for this beyond removing run-as from config. If I run suricata-update as suricata user, that error goes away, but it causes this CAP permission error. I have updated the forum posting you referenced for help on this.

k96hkh commented on 2022-12-31 13:42 (UTC) (edited on 2023-01-05 19:37 (UTC) by k96hkh)

Hello, have run into a small issue with the suricata-update. It appears to work fine as long there are no updates but if there are the update fails at "suricata -T" when the suricata-update.service is triggered by the timer. Same result if I run the service directly or "sudo suricata-update" as instructed in the Suricata user guide

31/12/2022 -- 10:50:53 - <Info> -- Writing rules to /var/lib/suricata/rules/suricata.rules: total: 39969; enabled: 32203; added: 65; removed 2; modified: 1296
31/12/2022 -- 10:50:54 - <Info> -- Writing /var/lib/suricata/rules/classification.config
31/12/2022 -- 10:50:54 - <Info> -- Testing with suricata -T.
31/12/2022 -- 10:50:54 - <Error> -- [ERRCODE: SC_ERR_FOPEN(44)] - Error opening file: "/tmp/tmpbn4c1yr0/fast.log": Permission denied
31/12/2022 -- 10:50:54 - <Error> -- [ERRCODE: SC_ERR_INVALID_ARGUMENT(13)] - output module "fast": setup failed
31/12/2022 -- 10:50:54 - <Error> -- Suricata test failed, aborting.
31/12/2022 -- 10:50:54 - <Error> -- Restoring previous rules.

I found this on the suricata forum https://forum.suricata.io/t/suricata-update-errcode-when-suricata-t-runs/1083. And if I comment out the "run as" I get this result.


31/12/2022 -- 13:50:17 - <Info> -- Backing up current rules.
31/12/2022 -- 13:50:22 - <Info> -- Writing rules to /var/lib/suricata/rules/suricata.rules: total: 39969; enabled: 32203; added: 65; removed 2; modified: 1296
31/12/2022 -- 13:50:23 - <Info> -- Writing /var/lib/suricata/rules/classification.config
31/12/2022 -- 13:50:23 - <Info> -- Testing with suricata -T.
31/12/2022 -- 13:51:01 - <Info> -- Done.

Can't figure out where the ownership falls between the chairs.

jskier commented on 2022-12-16 20:29 (UTC)

It looks like ebpf code was cleaned up in 7 dev branch, based upon testing. I will probably take this package to v7 once stable, however, I did request that the upstream devs backport the fix to 6.x, if it continues.

https://redmine.openinfosecfoundation.org/issues/5200

k96hkh commented on 2022-12-14 20:12 (UTC)

Hi @jskier, builds fine now, thanks!

jskier commented on 2022-12-13 15:05 (UTC)

Hi @k96hkh, I've been working a patch for that. It is indeed upstream, there is some old C code which needs to be updated. I have removed ebpf support temporarily from this package so that it will compile for now.

Re: / thanks for the llc error output, there may be another dependency missing for ebpf support, which I'll add once this is updated, or I create a suitable patch.