search

PiRogueToolSuite / deb-packages

PiRogue Debian packages
https://pts-project.org/
GNU General Public License v3.0
2 stars 2 forks source link

Suricata warnings when installing pirogue-base #34

Open THouriezPEReN opened 4 months ago

THouriezPEReN commented 4 months ago

Hello,

Today i installed pirogue OS on a pi4 and a pi5 with current version v2.1.0.

While performing the latest part of the install (sudo apt install pirogue-base -y), both install gave a similar warning message:

<Warning> -- [ERRCODE: SC_ERR_CONF_YAML_ERROR(242)] - A
pp-Layer protocol mqtt enable status not set, so enabling by default. This beha
vior will change in Suricata 7, so please update your config. See ticket #4744 
for more details.

I did not investigate further since install seemed to complete successfully.

CyrilBrulebois commented 3 months ago

Hi @THouriezPEReN, and thanks for the report.

Yes, we have the following warnings during the installation process:

15/8/2024 -- 11:54:11 - <Warning> -- Source has been deprecated: sslbl/ssl-fp-blacklist: Renamed to abuse.ch/sslbl-blacklist
15/8/2024 -- 11:54:17 - <Warning> -- Disabling ja3 rules as ja3 fingerprints are not enabled.
15/8/2024 -- 11:54:19 - <Warning> -- [ERRCODE: SC_ERR_CONF_YAML_ERROR(242)] - App-Layer protocol snmp enable status not set, so enabling by default. This behavior will change in Suricata 7, so please update your config. See ticket #4744 for more details.
15/8/2024 -- 11:54:19 - <Warning> -- [ERRCODE: SC_ERR_CONF_YAML_ERROR(242)] - App-Layer protocol sip enable status not set, so enabling by default. This behavior will change in Suricata 7, so please update your config. See ticket #4744 for more details.
15/8/2024 -- 11:54:19 - <Warning> -- [ERRCODE: SC_ERR_CONF_YAML_ERROR(242)] - App-Layer protocol rfb enable status not set, so enabling by default. This behavior will change in Suricata 7, so please update your config. See ticket #4744 for more details.
15/8/2024 -- 11:54:19 - <Warning> -- [ERRCODE: SC_ERR_CONF_YAML_ERROR(242)] - App-Layer protocol mqtt enable status not set, so enabling by default. This behavior will change in Suricata 7, so please update your config. See ticket #4744 for more details.
15/8/2024 -- 11:54:19 - <Warning> -- [ERRCODE: SC_ERR_CONF_YAML_ERROR(242)] - App-Layer protocol rdp enable status not set, so enabling by default. This behavior will change in Suricata 7, so please update your config. See ticket #4744 for more details.
15/8/2024 -- 11:54:19 - <Warning> -- [ERRCODE: SC_ERR_CONF_YAML_ERROR(242)] - App-Layer protocol http2 enable status not set, so enabling by default. This behavior will change in Suricata 7, so please update your config. See ticket #4744 for more details.
15/8/2024 -- 11:54:19 - <Warning> -- [ERRCODE: SC_ERR_CONF_YAML_ERROR(242)] - App-Layer protocol http2 enable status not set, so enabling by default. This behavior will change in Suricata 7, so please update your config. See ticket #4744 for more details.

(Courtesy of /var/log/apt/term.log)

Since that comes from pirogue-eve-collector (which pulls suricata in), I'm moving this issue to the deb-packages repository.