Installing the latest version possible of Suricata on the Raspberry Pi 4

Help
1

Hello, I am trying to install the latest version possible of Suricata. I am refraining from simply doing apt-get install suricata as that got me the v4 version the last time I did it.

This question has been posed by me before: Suricata not recognising packets, but tshark does
I have been following the solution provided but I get these errors:

gpg --export 04EE7237B7D453EC | sudo apt-key add -

gpg: WARNING: nothing exported
gpg: no valid OpenPGP data found.

And when I try and install the backport:
sudo apt install -t buster-backports suricata
Reading package lists… Done
E: The value ‘buster-backports’ is invalid for APT::Default-Release as such a re lease is not available in the sources

As before, I am running CLI buster raspbian.

I have added the source to the appropriate file
deb http://httpredir.debian.org/debian buster-backports main contrib

Since this is an old (3 month) method, perhaps their is a new method do this?

Any help appreciated

2

If you added the debian backports repo to your system and did apt update you should end up with Suricata v5 if you install it that way.

See https://packages.debian.org/buster-backports/suricata and https://wiki.debian.org/Backports

3

So running apt-update yields this error.

Hit:1 http://raspbian.raspberrypi.org/raspbian buster InRelease
Hit:2 http://archive.raspberrypi.org/debian buster InRelease
Get:3 http://httpredir.debian.org/debian buster-backports InRelease [46.7 kB]
Err:3 http://httpredir.debian.org/debian buster-backports InRelease
  The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 04EE7237B7D453EC NO_PUBKEY 648ACFD622F3D138
Reading package lists... Done
W: GPG error: http://httpredir.debian.org/debian buster-backports InRelease: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 04EE7237B7D453EC NO_PUBKEY 648ACFD622F3D138
E: The repository 'http://httpredir.debian.org/debian buster-backports InRelease' is not signed.
N: Updating from such a repository can't be done securely, and is therefore disabled by default.
N: See apt-secure(8) manpage for repository creation and user configuration details.

Doing,
gpg --export 04EE7237B7D453EC | sudo apt-key add -

Yields,

gpg: WARNING: nothing exported
gpg: no valid OpenPGP data found.
4

After trying again and running:

gpg --recv-keys --keyserver ipv4.pool.sks-keyservers.net 648ACFD622F3D138

and importing those keys,

and then running

sudo apt install -t buster-backports suricata

I get this error:

Reading package lists... Done
E: The value 'buster-backports' is invalid for APT::Default-Release as such a release is not available in the sources
5

I tried it on a fresh install on my raspi 3 with this source list:

deb http://raspbian.raspberrypi.org/raspbian/ buster main contrib non-free rpi
deb http://deb.debian.org/debian/ buster-backports main contrib non-free

Maybe @satta has an idea why it’s not working in your scenario

6

First of all, you might also need key 04EE7237B7D453EC. In your error message above apt was complaining about two missing keys, 04EE7237B7D453EC and 648ACFD622F3D138.

Also, what’s in your /etc/apt/sources.list? Could you post the contents of that file here? If possible, post the whole contents of a file or the whole output of a command, don’t hand-select individual lines please. There might be interesting lines mixed in between all of the output.