Enhancing cuckoo with suricata

fuzo · May 6, 2021, 7:25pm

I am new using Suricata and I need help resolving the problem below. I was following Enhancing Your Cuckoo Sandbox with Suricata webinar and I ran into this problem below:
I ran the following command to run suricata in socket mode
sudo suricata -c /etc/suricata/suricata.yaml -k none --runmode=autofp --user=cuckoo–unix-socket -vvv

and I got the following messege:
“To run the engine with default configuration on interface eth0 with signature file “signatures.rules”, run the command as:
suricata -c suricata.yaml -s signatures.rules -i eth0”

I changed eth0 in the suricata.yaml file to my system interface name, I ran the command “suricata -c suricata.yaml -s signatures.rules -i eth0” and got the error message below:

[ERRCODE: SC_ERR_NO_RULES(42)] - No rule files match the pattern signatures.rules
6/5/2021 – 15:16:31 - - all 32 packet processing threads, 4 management threads initialized, engine started.

I hope someone will be able to help me out.
Thanks,
Francis

ish · May 7, 2021, 3:39pm

There is a typo in the above command, please check if this is also what you used on the command line. You may have wanted:

sudo suricata -c /etc/suricata/suricata.yaml -k none --runmode=autofp --user=cuckoo --unix-socket -vvv

fuzo · May 7, 2021, 5:49pm

You are right. That was the problem.

Thank you very much,
Francis

fuzo · May 8, 2021, 2:57am

You are right. It worked when I corrected the typo.

Thank you very much.
Francis

Topic		Replies	Views
Signature rule not loaded Help	7	7758	December 3, 2021
Running Suricata default in Windows Rules	3	608	May 24, 2023
Seems parameters '--unix-socket' and '--af-apcket' are incompatible?	3	253	September 19, 2023
<Warning> - [ERRCODE: SC_ERR_NO_RULES(42)] - No rule files match the pattern /var/lib/suricata/rules/local.rules Help	4	8364	December 19, 2023
Ubuntu. No such directory. [ERRCODE: SC_ERR_NO_RULES(42)] Help	6	2517	January 27, 2021

Enhancing cuckoo with suricata

Related topics