SELKS 7 suricata rules not updating
74 views
Skip to first unread message
Darryl Mackay
Dec 1, 2022, 5:21:45 AM12/1/22
to SELKS
Hi all,
I have installed the SELKS 7 desktop and no-desktop iso images and I am unable to get the default source to update and populate through to the rest of Scirius.
Thank you.
Darryl
Peter Manev
Dec 1, 2022, 7:13:32 AM12/1/22
to Darryl Mackay, SELKS
Hi Darryl
Thanks for trying SELKS out.
We also have live chat at discord here - should you wish faster answer
and reach bigger audience
https://discord.com/channels/911231224448712714/911238451842666546
Did the first time setup finish ok?
https://github.com/StamusNetworks/SELKS/wiki/Docker-ISO-setup#interactive-with-latest-updated-containers-and-software
What is th etype of err you get ?
Thank you
Thank you
> --
> Discord: Let's talk about SELKS on
> https://discord.com/channels/911231224448712714/911238451842666546
> Wiki: https://github.com/StamusNetworks/SELKS/wiki
> GitHub: https://github.com/StamusNetworks/SELKS
> Blog: https://www.stamus-networks.com/blog
> Twitter: @StamusN
> ---
> You received this message because you are subscribed to the Google Groups "SELKS" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to selks+un...@googlegroups.com.
> To view this discussion on the web visit https://groups.google.com/d/msgid/selks/75adbb58-6ce9-4501-b4ef-97b013477ad7n%40googlegroups.com.
--
Regards,
Peter Manev
Thanks for trying SELKS out.
We also have live chat at discord here - should you wish faster answer
and reach bigger audience
https://discord.com/channels/911231224448712714/911238451842666546
Did the first time setup finish ok?
https://github.com/StamusNetworks/SELKS/wiki/Docker-ISO-setup#interactive-with-latest-updated-containers-and-software
What is th etype of err you get ?
Thank you
Thank you
> Discord: Let's talk about SELKS on
> https://discord.com/channels/911231224448712714/911238451842666546
> Wiki: https://github.com/StamusNetworks/SELKS/wiki
> GitHub: https://github.com/StamusNetworks/SELKS
> Blog: https://www.stamus-networks.com/blog
> Twitter: @StamusN
> ---
> You received this message because you are subscribed to the Google Groups "SELKS" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to selks+un...@googlegroups.com.
> To view this discussion on the web visit https://groups.google.com/d/msgid/selks/75adbb58-6ce9-4501-b4ef-97b013477ad7n%40googlegroups.com.
--
Regards,
Peter Manev
Darryl Mackay
Dec 2, 2022, 1:58:14 AM12/2/22
to SELKS
Here is the error I get when I try to update the source.
Peter Manev
Dec 2, 2022, 4:12:22 AM12/2/22
to Darryl Mackay, SELKS
Hi Darryl,
Can you please answer the below questions , it would give me a better idea of what is going on :
1 - Did the first time setup finish ok and without errors as per the message in my previous mail?
2 - Is this a fresh install?
3 - Does the SELKs install have an internet connection?
4 - What is the output of
docker logs scirius
?
Thank you
Can you please answer the below questions , it would give me a better idea of what is going on :
1 - Did the first time setup finish ok and without errors as per the message in my previous mail?
2 - Is this a fresh install?
3 - Does the SELKs install have an internet connection?
4 - What is the output of
docker logs scirius
?
Thank you
To view this discussion on the web visit https://groups.google.com/d/msgid/selks/bec1e01b-8c5d-4660-92dd-dbe75d38a9acn%40googlegroups.com.
Regards,
Peter Manev
Darryl Mackay
Dec 2, 2022, 11:35:02 PM12/2/22
to SELKS
Hi Peter,
I have managed to fix the problem regarding the updating. It turns out that the hardware I was trying to run SELKS 7 on, was not up to the task of doing the job. Currently I have SELKS running on a Dell PE R200 with 8GB of RAM and a 500GB HDD. When I go into Portainer and check the containers, they are all reporting either healthy or running. I have the unit setup to monitor activity between a pfSense firewall and the managed network switch at home. I also had a battle with getting the bridge on the SELKS stack to work and succeeded with this. Given some time I may post some screenshots of the traffic for the sake of posterity.
Sorry for the run around.
Darryl
Peter Manev
Dec 3, 2022, 2:39:23 AM12/3/22
to Darryl Mackay, SELKS
Hi Darryl,
Great to hear everything is good now!
How did you manage to get the bridge going ?
I mean what was the problem you had ?
Thanks !
To view this discussion on the web visit https://groups.google.com/d/msgid/selks/2d2cd806-6937-4aff-8be4-67369e61b8c9n%40googlegroups.com.
Darryl Mackay
Dec 3, 2022, 5:38:21 AM12/3/22
to Peter Manev, SELKS
Hi Peter,
To get the bridge working entailed editing the/etc/network/interfaces file as follows:-
auto eth0
iface eth0 inet manual
auto eth1
iface eth1 inet manual
auto br0
iface br0 inet manual
bridge_ports eth0 eth1
bridge_stp off
bridge_waitport 0
bridge_fd 0
Substitute eth0 and eth1 for the corresponding NICs which form the bridge. Next edit the /etc/sysctl.conf file and uncomment the following line:-
# net.ipv4.ip_forward=1
to:-
net.ipv4.ip_forward=1
Save the file and restart the SELKS device. The bridge should be up and running forwarding traffic between the 2 interfaces. The bridge can then be selected as the interface to be monitored. My glitch was trying to get the traffic to forward on the bridge.
My other glitch was dist-upgrading the SELKS device and crashed Suricata completely. I will be reinstalling everything and reading how to update without breaking things. Will be about 2 hours before I can do anything, because of a glorious South African thing called loadshedding.
Darryl
P.S. Sorry for repeating the email. Just wanted to include it to display on the group.
Reply all
Reply to author
Forward
0 new messages