Comments (39)
Scirius is now running suricata in test mode to check validity of rulesets.
I've just pushed to git a fix fcca67d to permit user to specify the path to suricata binary in local_settings.py. Try to use the SURICATA_BINARY variable to allow scirius to start suricata in test mode.
from scirius.
After $ git pull
:
$ python manage.py migrate
Operations to perform:
Synchronize unmigrated apps: staticfiles, messages, django_tables2, bootstrap3
Apply all migrations: sessions, admin, suricata, auth, rules, contenttypes, accounts
Synchronizing apps without migrations:
Creating tables...
Running deferred SQL...
Installing custom SQL...
Running migrations:
Rendering model states... DONE
Applying accounts.0001_initial...Traceback (most recent call last):
File "manage.py", line 10, in <module>
execute_from_command_line(sys.argv)
File "/usr/local/lib/python2.7/site-packages/django/core/management/__init__.py", line 338, in execute_from_command_line
utility.execute()
File "/usr/local/lib/python2.7/site-packages/django/core/management/__init__.py", line 330, in execute
self.fetch_command(subcommand).run_from_argv(self.argv)
File "/usr/local/lib/python2.7/site-packages/django/core/management/base.py", line 393, in run_from_argv
self.execute(*args, **cmd_options)
File "/usr/local/lib/python2.7/site-packages/django/core/management/base.py", line 444, in execute
output = self.handle(*args, **options)
File "/usr/local/lib/python2.7/site-packages/django/core/management/commands/migrate.py", line 222, in handle
executor.migrate(targets, plan, fake=fake, fake_initial=fake_initial)
File "/usr/local/lib/python2.7/site-packages/django/db/migrations/executor.py", line 110, in migrate
self.apply_migration(states[migration], migration, fake=fake, fake_initial=fake_initial)
File "/usr/local/lib/python2.7/site-packages/django/db/migrations/executor.py", line 148, in apply_migration
state = migration.apply(state, schema_editor)
File "/usr/local/lib/python2.7/site-packages/django/db/migrations/migration.py", line 115, in apply
operation.database_forwards(self.app_label, schema_editor, old_state, project_state)
File "/usr/local/lib/python2.7/site-packages/django/db/migrations/operations/models.py", line 59, in database_forwards
schema_editor.create_model(model)
File "/usr/local/lib/python2.7/site-packages/django/db/backends/base/schema.py", line 286, in create_model
self.execute(sql, params or None)
File "/usr/local/lib/python2.7/site-packages/django/db/backends/base/schema.py", line 111, in execute
cursor.execute(sql, params)
File "/usr/local/lib/python2.7/site-packages/django/db/backends/utils.py", line 79, in execute
return super(CursorDebugWrapper, self).execute(sql, params)
File "/usr/local/lib/python2.7/site-packages/django/db/backends/utils.py", line 64, in execute
return self.cursor.execute(sql, params)
File "/usr/local/lib/python2.7/site-packages/django/db/utils.py", line 97, in __exit__
six.reraise(dj_exc_type, dj_exc_value, traceback)
File "/usr/local/lib/python2.7/site-packages/django/db/backends/utils.py", line 62, in execute
return self.cursor.execute(sql)
File "/usr/local/lib/python2.7/site-packages/django/db/backends/sqlite3/base.py", line 316, in execute
return Database.Cursor.execute(self, query)
django.db.utils.OperationalError: table "accounts_sciriususer" already exists
Then:
$ /usr/local/bin/python /usr/local/var/www/scirius/manage.py runserver
Performing system checks...
System check identified no issues (0 silenced).
You have unapplied migrations; your app may not work properly until they are applied.
Run 'python manage.py migrate' to apply them.
August 30, 2015 - 16:45:41
Django version 1.8.4, using settings 'scirius.settings'
Starting development server at http://127.0.0.1:8000/
Quit the server with CONTROL-C.
[30/Aug/2015 16:45:53] "GET /rules/info?query=disk HTTP/1.1" 200 48
[30/Aug/2015 16:45:53] "GET /rules/info?query=memory HTTP/1.1" 200 95
[30/Aug/2015 16:45:53] "GET /rules/es?query=health HTTP/1.1" 200 349
[30/Aug/2015 16:45:53] "GET /rules/info?query=status HTTP/1.1" 200 18
Why?
from scirius.
Hi,
Run:
python manage.py migrate accounts --fake 0001_initial
To fix the migration issue.
from scirius.
$ python manage.py migrate accounts --fake 0001_initial
usage: manage.py migrate [-h] [--version] [-v {0,1,2,3}] [--settings SETTINGS]
[--pythonpath PYTHONPATH] [--traceback] [--no-color]
[--noinput] [--no-initial-data] [--database DATABASE]
[--fake] [--fake-initial] [--list]
[app_label] [migration_name]
manage.py migrate: error: unrecognized arguments: 0001_initial
from scirius.
Try to put fake just after migrate.
from scirius.
$ python manage.py migrate --fake accounts 0001_initial
Operations to perform:
Target specific migration: 0001_initial, from accounts
Running migrations:
Rendering model states... DONE
Applying accounts.0001_initial... FAKED
$ /usr/local/bin/python /usr/local/var/www/scirius/manage.py runserver
Performing system checks...
System check identified no issues (0 silenced).
You have unapplied migrations; your app may not work properly until they are applied.
Run 'python manage.py migrate' to apply them.
August 30, 2015 - 17:39:33
Django version 1.8.4, using settings 'scirius.settings'
Starting development server at http://127.0.0.1:8000/
Quit the server with CONTROL-C.
It's still there(((
from scirius.
retry the migrate command :)
from scirius.
it didn't help. So I've retried with --fake and got:
$ python manage.py migrate --fake accounts 0001_initial
Operations to perform:
Target specific migration: 0001_initial, from accounts
Running migrations:
No migrations to apply.
Your models have changes that are not yet reflected in a migration, and so won't be applied.
Run 'manage.py makemigrations' to make new migrations, and then re-run 'manage.py migrate' to apply them.
should I try this?
from scirius.
What is the output of
python manage.py migrate
?
from scirius.
$ python manage.py migrate
Operations to perform:
Synchronize unmigrated apps: staticfiles, messages, django_tables2, bootstrap3
Apply all migrations: sessions, admin, suricata, auth, rules, contenttypes, accounts
Synchronizing apps without migrations:
Creating tables...
Running deferred SQL...
Installing custom SQL...
Running migrations:
Rendering model states... DONE
Applying rules.0041_source_authkey... OK
Applying suricata.0001_initial...Traceback (most recent call last):
File "manage.py", line 10, in <module>
execute_from_command_line(sys.argv)
File "/usr/local/lib/python2.7/site-packages/django/core/management/__init__.py", line 338, in execute_from_command_line
utility.execute()
File "/usr/local/lib/python2.7/site-packages/django/core/management/__init__.py", line 330, in execute
self.fetch_command(subcommand).run_from_argv(self.argv)
File "/usr/local/lib/python2.7/site-packages/django/core/management/base.py", line 393, in run_from_argv
self.execute(*args, **cmd_options)
File "/usr/local/lib/python2.7/site-packages/django/core/management/base.py", line 444, in execute
output = self.handle(*args, **options)
File "/usr/local/lib/python2.7/site-packages/django/core/management/commands/migrate.py", line 222, in handle
executor.migrate(targets, plan, fake=fake, fake_initial=fake_initial)
File "/usr/local/lib/python2.7/site-packages/django/db/migrations/executor.py", line 110, in migrate
self.apply_migration(states[migration], migration, fake=fake, fake_initial=fake_initial)
File "/usr/local/lib/python2.7/site-packages/django/db/migrations/executor.py", line 148, in apply_migration
state = migration.apply(state, schema_editor)
File "/usr/local/lib/python2.7/site-packages/django/db/migrations/migration.py", line 115, in apply
operation.database_forwards(self.app_label, schema_editor, old_state, project_state)
File "/usr/local/lib/python2.7/site-packages/django/db/migrations/operations/models.py", line 59, in database_forwards
schema_editor.create_model(model)
File "/usr/local/lib/python2.7/site-packages/django/db/backends/base/schema.py", line 286, in create_model
self.execute(sql, params or None)
File "/usr/local/lib/python2.7/site-packages/django/db/backends/base/schema.py", line 111, in execute
cursor.execute(sql, params)
File "/usr/local/lib/python2.7/site-packages/django/db/backends/utils.py", line 79, in execute
return super(CursorDebugWrapper, self).execute(sql, params)
File "/usr/local/lib/python2.7/site-packages/django/db/backends/utils.py", line 64, in execute
return self.cursor.execute(sql, params)
File "/usr/local/lib/python2.7/site-packages/django/db/utils.py", line 97, in __exit__
six.reraise(dj_exc_type, dj_exc_value, traceback)
File "/usr/local/lib/python2.7/site-packages/django/db/backends/utils.py", line 62, in execute
return self.cursor.execute(sql)
File "/usr/local/lib/python2.7/site-packages/django/db/backends/sqlite3/base.py", line 316, in execute
return Database.Cursor.execute(self, query)
django.db.utils.OperationalError: table "suricata_suricata" already exists
from scirius.
Run a fake on this one too :)
python manage.py migrate --fake suricata 0001_initial
or backup and run
python manage.py migrate --fake suricata
from scirius.
$ python manage.py migrate --fake suricata 0001_initial
Operations to perform:
Target specific migration: 0001_initial, from suricata
Running migrations:
Rendering model states... DONE
Applying suricata.0001_initial... FAKED
$ python manage.py migrate
Operations to perform:
Synchronize unmigrated apps: staticfiles, messages, django_tables2, bootstrap3
Apply all migrations: sessions, admin, suricata, auth, rules, contenttypes, accounts
Synchronizing apps without migrations:
Creating tables...
Running deferred SQL...
Installing custom SQL...
Running migrations:
No migrations to apply.
Your models have changes that are not yet reflected in a migration, and so won't be applied.
Run 'manage.py makemigrations' to make new migrations, and then re-run 'manage.py migrate' to apply them.
from scirius.
OK, it seems you have made it 👍
Oh no in fact.
from scirius.
Oh! You are right! Thanx very much, man!
from scirius.
So what exactly should I try now with SURICATA_BINARY
?
from scirius.
Set it to the path on your system to suricata program/binary
from scirius.
ok so now added SURICATA_BINARY = "/usr/local/bin/suricata"
to my local_settings.py, restarted the daemon and tried to update again... Got this:
and
from scirius.
Interesting, do you have something below "Ruleset has errors" ?
from scirius.
and my system status still looks like this:
I guess because of that unix socket issue... just saying…
from scirius.
Nothing below "Ruleset has errors"
from scirius.
Wait! I've refreshed the page and got this:
wtf? lol
from scirius.
ok :) can you open URLOFRULESET/test and put here the result ?
from scirius.
{"status": false, "errors": {"message": "30/8/2015 -- 18:10:34 - <Error> - [ERRCODE: SC_ERR_ACTION_ORDER(3)] - action-order, the config didn't specify all of the actions. Please, use \"pass\",\"drop\",\"alert\",\"reject\". You have to specify all of them, without quotes and without capital letters\n"}, "rules_count": 26208}
from scirius.
ok, looks like you need a newer suricata for now (git version). Stamus is packaging it but for linux Debian.
from scirius.
you mean Development 2.1beta4 version? I'm now using Stable 2.0.8 from homebrew…
I'm almost there…
from scirius.
Yes, 2.1beta4 and even git for better result if possible.
from scirius.
Will try 2.1beta4 first (it's packaged) and then if it doesn't work I will add head to homebrew
from scirius.
So I've restarted suricata manually and got looooong output (github even didn't allow me to paste it because it's more than 262144 characters).. lol Here is just a part of it:
$ sudo /usr/local/bin/suricata -c /usr/local/etc/suricata/suricata.yaml -i en2
Password:
30/8/2015 -- 11:25:42 - <Notice> - This is Suricata version 2.1beta4 RELEASE
30/8/2015 -- 11:25:42 - <Warning> - [ERRCODE: SC_ERR_MODBUS_CONFIG(241)] - no Modbus TCP config found, enabling Modbus detection on port 502.
30/8/2015 -- 11:25:42 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg: "DNP3_BAD_CRC"; sid:1; gid:145; rev: 1; metadata: rule-type preproc; classtype:protocol-command-decode; )" from file /usr/local/etc/suricata/rules/scirius.rules at line 2
30/8/2015 -- 11:25:42 - <Error> - [ERRCODE: SC_ERR_RULE_KEYWORD_UNKNOWN(102)] - unknown rule keyword 'sd_pattern'.
30/8/2015 -- 11:25:42 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert tcp $HOME_NET any -> $EXTERNAL_NET [80,20,25,143,110] (msg:"SENSITIVE-DATA Credit Card Numbers"; metadata:service http, service smtp, service ftp-data, service imap, service pop3; sd_pattern:2,credit_card; classtype:sdf; sid:2; gid:138; rev:1;)" from file /usr/local/etc/suricata/rules/scirius.rules at line 3
30/8/2015 -- 11:25:42 - <Error> - [ERRCODE: SC_ERR_RULE_KEYWORD_UNKNOWN(102)] - unknown rule keyword 'sd_pattern'.
30/8/2015 -- 11:25:42 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert tcp $HOME_NET any -> $EXTERNAL_NET [80,20,25,143,110] (msg:"SENSITIVE-DATA U.S. Social Security Numbers (with dashes)"; metadata:service http, service smtp, service ftp-data, service imap, service pop3; sd_pattern:2,us_social; classtype:sdf; sid:3; gid:138; rev:1;)" from file /usr/local/etc/suricata/rules/scirius.rules at line 4
30/8/2015 -- 11:25:42 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg: "DNP3_REASSEMBLY_BUFFER_CLEARED"; sid:4; gid:145; rev: 1; metadata: rule-type preproc; classtype:protocol-command-decode; )" from file /usr/local/etc/suricata/rules/scirius.rules at line 5
30/8/2015 -- 11:25:42 - <Error> - [ERRCODE: SC_ERR_RULE_KEYWORD_UNKNOWN(102)] - unknown rule keyword 'sd_pattern'.
.....
30/8/2015 -- 11:25:52 - <Warning> - [ERRCODE: SC_ERR_EVENT_ENGINE(210)] - signature sid:2018908 has an event var set. The signature event var is given precedence over the threshold.conf one. We'll change this in the future though.
30/8/2015 -- 11:25:52 - <Warning> - [ERRCODE: SC_ERR_EVENT_ENGINE(210)] - signature sid:2019876 has an event var set. The signature event var is given precedence over the threshold.conf one. We'll change this in the future though.
30/8/2015 -- 11:25:52 - <Warning> - [ERRCODE: SC_ERR_EVENT_ENGINE(210)] - signature sid:2020853 has an event var set. The signature event var is given precedence over the threshold.conf one. We'll change this in the future though.
30/8/2015 -- 11:25:52 - <Notice> - all 19 packet processing threads, 4 management threads initialized, engine started.
It doesn't like the rules for some reason...
Actually that happens with previous suricata version too
from scirius.
I use only a single scirius.rules file…
from scirius.
Yes, there is a LOT of errors in VRT rules when loaded by suricata
from scirius.
Oh Ic... Anyways it didn't fix the problem - same "Ruleset has errors . :" and "Validity: False" messages...
But the URLOFRULESET/test
now is filled with those errors (and this is just a small part of it):
picture will show it much better:
from scirius.
Yes so it works :)
If you use latest suricata git then you would have a list of errors instead. But that would not change the amount of errors.
from scirius.
ok but what should I do now? I mean to make it work properly… Validity is still false… and that stupid smile is still there… lol
from scirius.
Ignore errors :/ or fix suricata code to support all VRT rules.
from scirius.
Ic)) So basically you saying that Validity problem is just because of the suricata errors with VRT rules?
from scirius.
Yes.
from scirius.
Gotcha!!! But why would you suggest to use the latest git version of suricata?
from scirius.
It will just improve the output of errors in scirius, a list instead of a single HUGE message.
from scirius.
I get it! Thanx for all that explanations... So I believe suricata developers aware of that problem with VRT...
from scirius.
Related Issues (20)
- Error add public source HOT 7
- KeyError on Hunt whith latest django-webpack-loader (v1.0.0)
- First start issue HOT 5
- Python 2.7???? HOT 5
- does scirius fetch dashboard from kibana? HOT 1
- Scirius CE v3.7.0 GUI problem in safari 15 HOT 2
- docker: Get cyberchef pre-installed in the docker image HOT 2
- Failed to minify the code from this file: ./node_modules/patternfly-react/dist/esm/common/helpers.js:14 HOT 1
- Logging with python requests library error: Forbidden(403) CSRF verification failed HOT 1
- USE_KIBANA/ELASTICSEARCH=0 ignored, still tries to connect HOT 2
- Set python_requires and clarify Python support
- Number of rules on the source page never increments during updates in Scirius
- How to show more than 20 last rules activity in scirius?
- Batch activate commented rules
- Unable to Build Docker Image
- Fails on sources updating HOT 3
- Suricata won't restart after build & push ruleset HOT 3
- Install issues
- Error reading webpack-stats.prod.json
- where is hunt
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from scirius.