Bug#895342: marked as done (suricata: new version fails to start if eth0 not present)

Debian Bug Tracking System Wed, 18 Apr 2018 02:09:47 -0700

Your message dated Wed, 18 Apr 2018 11:07:32 +0200
with message-id 
<caoksjbgir+vri7m+b1nrxy76vhkbnm3_qa2rlqhya4f98dl...@mail.gmail.com>
and subject line suricata: new version fails to start if eth0 not present
has caused the Debian Bug report #895342,
regarding suricata: new version fails to start if eth0 not present
to be marked as done.


This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
895342: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=895342
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

--- Begin Message ---

Package: suricata
Version: 1:4.0.4-1
Severity: serious
User: ubuntu-de...@lists.ubuntu.com
Usertags: origin-ubuntu bionic autopkgtest

Dear maintainers,

The latest version of suricata is failing its autopkgtests in Ubuntu because
the suricata daemon does not start in the test environment.  This appears to
be due to the fact that the default suricata config assumes eth0 as an
interface name, but the testbed has ens2 as its default interface:

# /usr/bin/suricata --af-packet -c /etc/suricata/suricata.yaml --pidfile 
/var/run/suricata.pid 
10/4/2018 -- 05:31:56 - <Notice> - This is Suricata version 4.0.4 RELEASE
10/4/2018 -- 05:31:56 - <Warning> - [ERRCODE: SC_ERR_SYSCALL(50)] - Failure 
when trying to get MTU via ioctl for 'eth0': No such device (19)
10/4/2018 -- 05:31:56 - <Warning> - [ERRCODE: SC_ERR_SYSCALL(50)] - Failure 
when trying to get MTU via ioctl for 'eth0': No such device (19)
10/4/2018 -- 05:31:56 - <Warning> - [ERRCODE: SC_ERR_NO_RULES(42)] - No rule 
files match the pattern /etc/suricata/rules/botcc.rules
10/4/2018 -- 05:31:56 - <Warning> - [ERRCODE: SC_ERR_NO_RULES(42)] - No rule 
files match the pattern /etc/suricata/rules/ciarmy.rules
10/4/2018 -- 05:31:56 - <Warning> - [ERRCODE: SC_ERR_NO_RULES(42)] - No rule 
files match the pattern /etc/suricata/rules/compromised.rules
10/4/2018 -- 05:31:56 - <Warning> - [ERRCODE: SC_ERR_NO_RULES(42)] - No rule 
files match the pattern /etc/suricata/rules/drop.rules
10/4/2018 -- 05:31:56 - <Warning> - [ERRCODE: SC_ERR_NO_RULES(42)] - No rule 
files match the pattern /etc/suricata/rules/dshield.rules
10/4/2018 -- 05:31:56 - <Warning> - [ERRCODE: SC_ERR_NO_RULES(42)] - No rule 
files match the pattern /etc/suricata/rules/emerging-attack_response.rules
10/4/2018 -- 05:31:56 - <Warning> - [ERRCODE: SC_ERR_NO_RULES(42)] - No rule 
files match the pattern /etc/suricata/rules/emerging-chat.rules
10/4/2018 -- 05:31:56 - <Warning> - [ERRCODE: SC_ERR_NO_RULES(42)] - No rule 
files match the pattern /etc/suricata/rules/emerging-current_events.rules
10/4/2018 -- 05:31:56 - <Warning> - [ERRCODE: SC_ERR_NO_RULES(42)] - No rule 
files match the pattern /etc/suricata/rules/emerging-dns.rules
10/4/2018 -- 05:31:56 - <Warning> - [ERRCODE: SC_ERR_NO_RULES(42)] - No rule 
files match the pattern /etc/suricata/rules/emerging-dos.rules
10/4/2018 -- 05:31:56 - <Warning> - [ERRCODE: SC_ERR_NO_RULES(42)] - No rule 
files match the pattern /etc/suricata/rules/emerging-exploit.rules
10/4/2018 -- 05:31:56 - <Warning> - [ERRCODE: SC_ERR_NO_RULES(42)] - No rule 
files match the pattern /etc/suricata/rules/emerging-ftp.rules
10/4/2018 -- 05:31:56 - <Warning> - [ERRCODE: SC_ERR_NO_RULES(42)] - No rule 
files match the pattern /etc/suricata/rules/emerging-imap.rules
10/4/2018 -- 05:31:56 - <Warning> - [ERRCODE: SC_ERR_NO_RULES(42)] - No rule 
files match the pattern /etc/suricata/rules/emerging-malware.rules
10/4/2018 -- 05:31:56 - <Warning> - [ERRCODE: SC_ERR_NO_RULES(42)] - No rule 
files match the pattern /etc/suricata/rules/emerging-misc.rules
10/4/2018 -- 05:31:56 - <Warning> - [ERRCODE: SC_ERR_NO_RULES(42)] - No rule 
files match the pattern /etc/suricata/rules/emerging-mobile_malware.rules
10/4/2018 -- 05:31:56 - <Warning> - [ERRCODE: SC_ERR_NO_RULES(42)] - No rule 
files match the pattern /etc/suricata/rules/emerging-netbios.rules
10/4/2018 -- 05:31:56 - <Warning> - [ERRCODE: SC_ERR_NO_RULES(42)] - No rule 
files match the pattern /etc/suricata/rules/emerging-p2p.rules
10/4/2018 -- 05:31:56 - <Warning> - [ERRCODE: SC_ERR_NO_RULES(42)] - No rule 
files match the pattern /etc/suricata/rules/emerging-policy.rules
10/4/2018 -- 05:31:56 - <Warning> - [ERRCODE: SC_ERR_NO_RULES(42)] - No rule 
files match the pattern /etc/suricata/rules/emerging-pop3.rules
10/4/2018 -- 05:31:56 - <Warning> - [ERRCODE: SC_ERR_NO_RULES(42)] - No rule 
files match the pattern /etc/suricata/rules/emerging-rpc.rules
10/4/2018 -- 05:31:56 - <Warning> - [ERRCODE: SC_ERR_NO_RULES(42)] - No rule 
files match the pattern /etc/suricata/rules/emerging-scan.rules
10/4/2018 -- 05:31:56 - <Warning> - [ERRCODE: SC_ERR_NO_RULES(42)] - No rule 
files match the pattern /etc/suricata/rules/emerging-smtp.rules
10/4/2018 -- 05:31:56 - <Warning> - [ERRCODE: SC_ERR_NO_RULES(42)] - No rule 
files match the pattern /etc/suricata/rules/emerging-snmp.rules
10/4/2018 -- 05:31:56 - <Warning> - [ERRCODE: SC_ERR_NO_RULES(42)] - No rule 
files match the pattern /etc/suricata/rules/emerging-sql.rules
10/4/2018 -- 05:31:56 - <Warning> - [ERRCODE: SC_ERR_NO_RULES(42)] - No rule 
files match the pattern /etc/suricata/rules/emerging-telnet.rules
10/4/2018 -- 05:31:56 - <Warning> - [ERRCODE: SC_ERR_NO_RULES(42)] - No rule 
files match the pattern /etc/suricata/rules/emerging-tftp.rules
10/4/2018 -- 05:31:56 - <Warning> - [ERRCODE: SC_ERR_NO_RULES(42)] - No rule 
files match the pattern /etc/suricata/rules/emerging-trojan.rules
10/4/2018 -- 05:31:56 - <Warning> - [ERRCODE: SC_ERR_NO_RULES(42)] - No rule 
files match the pattern /etc/suricata/rules/emerging-user_agents.rules
10/4/2018 -- 05:31:56 - <Warning> - [ERRCODE: SC_ERR_NO_RULES(42)] - No rule 
files match the pattern /etc/suricata/rules/emerging-voip.rules
10/4/2018 -- 05:31:56 - <Warning> - [ERRCODE: SC_ERR_NO_RULES(42)] - No rule 
files match the pattern /etc/suricata/rules/emerging-web_client.rules
10/4/2018 -- 05:31:56 - <Warning> - [ERRCODE: SC_ERR_NO_RULES(42)] - No rule 
files match the pattern /etc/suricata/rules/emerging-web_server.rules
10/4/2018 -- 05:31:56 - <Warning> - [ERRCODE: SC_ERR_NO_RULES(42)] - No rule 
files match the pattern /etc/suricata/rules/emerging-worm.rules
10/4/2018 -- 05:31:56 - <Warning> - [ERRCODE: SC_ERR_NO_RULES(42)] - No rule 
files match the pattern /etc/suricata/rules/tor.rules
10/4/2018 -- 05:31:56 - <Error> - [ERRCODE: SC_ERR_AFP_CREATE(190)] - Unable to 
find type for iface "eth0": No such device
10/4/2018 -- 05:31:56 - <Notice> - all 1 packet processing threads, 4 
management threads initialized, engine started.
10/4/2018 -- 05:31:56 - <Error> - [ERRCODE: SC_ERR_AFP_CREATE(190)] - Unable to 
find iface eth0: No such device
10/4/2018 -- 05:31:56 - <Error> - [ERRCODE: SC_ERR_AFP_CREATE(190)] - Couldn't 
init AF_PACKET socket, fatal error
10/4/2018 -- 05:31:56 - <Error> - [ERRCODE: SC_ERR_FATAL(171)] - thread 
W#01-eth0 failed
#

Previous versions of suricata also had a default interface name of eth0
configured, but this was not a fatal error; the suricata daemon still
started and the tests could be run.

I'm filing this as serious because it seems to me that neither of these
behaviors - either starting up and being ineffective because it's running on
the wrong interface, or failing to start up because the interface is
hard-coded and not present - is a reasonable default behavior for an IDS.  I
think the interface should either be autodetected or prompted for at install
time.

Feel free to downgrade if you disagree.

In any case, while the autopkgtests do not pass, the new version of suricata
will not be included in the Ubuntu release, as regressing autopkgtests are
considered release blockers there.

-- 
Steve Langasek                   Give me a lever long enough and a Free OS
Debian Developer                   to set it on, and I can move the world.
Ubuntu Developer                                    http://www.debian.org/
slanga...@ubuntu.com                                     vor...@debian.org

signature.asc
Description: PGP signature

--- End Message ---

--- Begin Message ---

If you check debian/tests/systemd-service-test.sh [0], the interface
in use by the config file is decided at runtime.

What autopkgtest tests are you running?

This seem like an ubuntu specific issue. All tests in debian are going
fine, both in unstable and in testing [1].
This Debian bug may result in the package being removed from Debian
testing for no actual reason.

Closing this bug now as it seems totally bogus.

[0] 
https://salsa.debian.org/pkg-suricata-team/pkg-suricata/blob/master/debian/tests/systemd-service-test.sh
[1] https://ci.debian.net/packages/s/suricata/

--- End Message ---

Bug#895342: marked as done (suricata: new version fails to start if eth0 not present)

Reply via email to