source update

[mimtalendcloud]

I have problem with scirius. When I want to add new source, error is shown: During installation I followed steps in oficial documentation: https://scirius.readthedocs.io/en/latest/installation-ce.html

[pevma]

Did you just enable the public source ? (and the err appeared?) I am also assuming there was no problem with internet connection? (just to double check ).

[mimtalendcloud]

Internet connection is stable. There is no problem with downloading rules using suricata-update. Should I set directory for rules? Or is it set by default?

[pevma]

From the screenshot it seems this is an older version (3.0.1) - the current should be 3.2.0 Could you try to update please and see if the issue persists?

Thank you

-- Regards, Peter Manev

On 21 Mar 2019, at 09:45, mimtalendcloud notifications@github.com wrote:

Internet connection is stable. There is no problem with downloading rules using suricata-update. Should I set directory for rules? Or is it set by default?

— You are receiving this because you commented. Reply to this email directly, view it on GitHub, or mute the thread.

[mimtalendcloud]

I have updated version. The problem persist. My tech specifications: OS: Debian 9 Webpack: 3.11.0 Npm: 6.9.0 node-sass: 4.7.2 django: 1.11.20

[mimtalendcloud]

this warning is shown on console after trying to update sources via web interface

(path/to)/scirius/rules/views.py:1256: YAMLLoadWarning: calling yaml.load() without Loader=... is deprecated, as the default Loader is unsafe. Please read https://msg.pyyaml.org/load for full details. public_sources = yaml.load(yaml_data)

maybe this may cause the problem? I have tried to read url, but no idea what to do with this warning :/

[pevma]

And you have Scirius.rules inside yaml specified correctly , right ?

-- Regards, Peter Manev

On 25 Mar 2019, at 18:11, mimtalendcloud notifications@github.com wrote:

(path/to)/scirius/rules/views.py:1256: YAMLLoadWarning: calling yaml.load() without Loader=... is deprecated, as the default Loader is unsafe. Please read https://msg.pyyaml.org/load for full details. public_sources = yaml.load(yaml_data)

maybe this may cause the problem? I have tried to read url, but no idea what to do with this warning :/

— You are receiving this because you commented. Reply to this email directly, view it on GitHub, or mute the thread.

[mimtalendcloud]

do you think in suricata.yaml?

this is in my suricata.yaml file: default-rule-path: /home/branislav/scirius/rules/ rule-files:

• scirius.rules

[mimtalendcloud]

Can not delete directory [26/Mar/2019 08:33:26] "POST /rules/source/2/update HTTP/1.1" 200 68

this message is from console after trying to update rules

and this is from web interface

[regit]

Suricata is required for the test. If it is installed in a custom place there is a variable that can be used in local_settings.py.

[mimtalendcloud]

I have used default place for suricata. path to suricata.yaml file is /etc/suricata/suricata.yaml

[pevma]

@mimtalendcloud - do you have Suricata installed ?

[mimtalendcloud]

yes I do. Suricata is working correctly.

[pevma]

Where is it installed ? /usr/bin/suricata ?

[mimtalendcloud]

Where is it installed ? /usr/bin/suricata ?

yes

[mimtalendcloud]

[pevma]

Does the problem still persist or you managed to solve it ? (it is not permissions or something similar correct?)

[mathieurbl]

I have the same problem. Moreover I tried to add a custom rule and it's not working anymore. For that I have in my rules directory the file "scirius.rules" with the following rule : When I'm trying to import this rule I fill all the fields like that : But when I hit Submit the upload field is empty and I get this :

[regit]

Can you activate DEBUG mode by setting DEBUG=True in local_settings.py ? And then post the traceback.

[mathieurbl]

I already activated DEBUG mode but I don't know where I can find the traceback.

[pevma]

Hi,

On the web interface - does it display something more ?

-- Regards, Peter Manev

On 15 Apr 2019, at 17:05, mathieurbl notifications@github.com wrote:

I already activated DEBUG mode but I don't know where I can find the traceback.

— You are receiving this because you commented. Reply to this email directly, view it on GitHub, or mute the thread.

[mathieurbl]

Hi, It's doesn't display something more and the problem persist :

[regit]

OK so there is no traceback. Can the scirius write to /tmp/ ?

[mathieurbl]

No, there is no file or directory linked to scirius in my /tmp/

[pevma]

Does Scirius have permissions to write in that folder though ?

[Rajikoro]

I am experiencing exactly the same problem. There are permissions to /tmp.

[Rajikoro]

This doesn't seem like a permissions issue, maybe I did chmod -R 777 /

[Rajikoro]

Works on the latest version from the repository, but there are enough other problems