SELKS 7 Incorrect interface in Suricata - Configured interface missing after SELKS docker install

29 views
Skip to first unread message

Shane Burkhardt

unread,
Jun 1, 2023, 12:01:43 AM6/1/23
to SELKS
I apologize if this was addressed in another thread, but could not easily find it if it was.

I just installed SELKS 7 docker on UBUNTU 2.04 hyper-v VM. I have two interfaces, eth0 which is the interface for SSH/Web/etc and ETH1 which is connected to a mirrored port for sniffing. 

When running the easy install, it prompted me for the monitoring port, in which I entered ETH1, but it seems that nothing is configured correctly and ETH1 is no longer available when listing interfaces in ifconfig. I can still see ETH0, LO, nad a number of veth, br-, and docker0 interfaces. The suricata.yaml file still shows the default port of ETH0, so nothing was configured by the easy install.

None of the above ports are set in promiscuous mode, and I am not sure if any of these ports equates to the original ETH1 port. I have not used docker in the past, so I have a very rudimentary understanding of how it works. I assumed, maybe wrongly, that the easy install would have properly configured the monitoring port or Suricata, as it prompted me for that. 

How do I identify if any of these ports equate to the original ETH0, or did I somehow screw up the original installation?

Any help is appreciated. 

Shane

Peter Manev

unread,
Jun 1, 2023, 6:56:34 AM6/1/23
to Shane Burkhardt, SELKS
Hi Shane,

Thanks for trying out SELKS.
Did the easy install script finish ok- were there any errors during the process ?

Thank you 

-- 
Regards,
Peter Manev 

On 1 Jun 2023, at 00:01, Shane Burkhardt <ing...@gmail.com> wrote:

I apologize if this was addressed in another thread, but could not easily find it if it was.
--
Discord: Let's talk about SELKS on
https://discord.com/channels/911231224448712714/911238451842666546
Wiki: https://github.com/StamusNetworks/SELKS/wiki
GitHub: https://github.com/StamusNetworks/SELKS
Blog: https://www.stamus-networks.com/blog
Twitter: @StamusN
---
You received this message because you are subscribed to the Google Groups "SELKS" group.
To unsubscribe from this group and stop receiving emails from it, send an email to selks+un...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/selks/f6423cf5-f2a2-45eb-bf18-c4ac1ff3440an%40googlegroups.com.
Reply all
Reply to author
Forward
0 new messages