Hello to everyone,
I am trying to adopt lua script for detection of self-signed certificates as mentioned in this post Finding self signed TLS certificates - Suricata and Luajit scripting, so I downloaded the lua script from this link:
placed the script file name in suricata.yaml file, restarted suricata docker container and got an error:
[1 - Suricata-Main] 2024-10-29 16:07:26 Info: output-lua: enabling script self_signed_cert.lua
[1 - Suricata-Main] 2024-10-29 16:07:26 Error: output-lua: unknown key and/or value: k=‘tls’, v=‘true’
[1 - Suricata-Main] 2024-10-29 16:07:26 Error: output-lua: couldn’t initialize script
[1 - Suricata-Main] 2024-10-29 16:07:26 Warning: runmodes: output module “lua”: setup failed
which means that TLS package cannot be found from init function that loads tls package:
function init (args)
local needs = {}
needs[“tls”] = tostring(true)
return needs
end
I was doing a little reserach and found no difference in Suricata 8 documentation so there should be no reason not to load this part of code.
Because I couldn’t find any related documentation that leads to this error I decided to ask if did you had this issue and how can I resolve it?
Below I left some info about the installation:
Suricata version 8.0.0-dev in docker container (SELKS 10) - container info
Build info:
This is Suricata version 8.0.0-dev (f0dbfe863 2024-06-08)
Features: NFQ PCAP_SET_BUFF AF_PACKET HAVE_PACKET_FANOUT LIBCAP_NG LIBNET1.1 HAVE_HTP_URI_NORMALIZE_HOOK PCRE_JIT HAVE_NSS HTTP2_DECOMPRESSION HAVE_LUA HAVE_JA3 HAVE_JA4 HAVE_LIBJANSSON TLS TLS_C11 MAGIC RUST POPCNT64
SIMD support: SSE_4_2 SSE_4_1 SSE_3 SSE_2
Atomic intrinsics: 1 2 4 8 16 byte(s)
64-bits, Little-endian architecture
GCC version 11.4.1 20231218 (Red Hat 11.4.1-3), C version 201112
compiled with _FORTIFY_SOURCE=0
L1 cache line size (CLS)=64
thread local storage method: _Thread_local
compiled with LibHTP v0.5.48, linked against LibHTP v0.5.48
Suricata Configuration:
AF_PACKET support: yes
AF_XDP support: no
DPDK support: yes
eBPF support: yes
XDP support: yes
PF_RING support: no
NFQueue support: yes
NFLOG support: no
IPFW support: no
Netmap support: no
DAG enabled: no
Napatech enabled: no
WinDivert enabled: no
Unix socket enabled: yes
Detection enabled: yes
Libmagic support: yes
libjansson support: yes
hiredis support: yes
hiredis async with libevent: yes
PCRE jit: yes
GeoIP2 support: yes
JA3 support: yes
JA4 support: yes
Non-bundled htp: no
Hyperscan support: yes
Libnet support: yes
liblz4 support: yes
Landlock support: yes
Systemd support: yes
Rust support: yes
Rust strict mode: no
Rust compiler path: /usr/bin/rustc
Rust compiler version: rustc 1.75.0 (82e1608df 2023-12-21) (Red Hat 1.75.0-1.el9)
Cargo path: /usr/bin/cargo
Cargo version: cargo 1.75.0
Python support: yes
Python path: /usr/bin/python3
Install suricatactl: yes
Install suricatasc: yes
Install suricata-update: yes
Profiling enabled: no
Profiling locks enabled: no
Profiling rules enabled: no
Plugin support (experimental): yes
DPDK Bond PMD: no
Development settings:
Coccinelle / spatch: no
Unit tests enabled: no
Debug output enabled: no
Debug validation enabled: no
Fuzz targets enabled: no
Generic build parameters:
Installation prefix: /usr
Configuration directory: /etc/suricata/
Log directory: /var/log/suricata/
--prefix /usr
--sysconfdir /etc
--localstatedir /var
--datarootdir /usr/share
Host: x86_64-pc-linux-gnu
Compiler: gcc (exec name) / g++ (real)
GCC Protect enabled: no
GCC march native enabled: no
GCC Profile enabled: no
Position Independent Executable enabled: no
CFLAGS -g -O2 -fPIC -std=c11 -I/usr/include/dpdk -include rte_config.h -march=corei7 -mrtm -I${srcdir}/../rust/gen -I${srcdir}/../rust/dist -I../rust/gen
PCAP_CFLAGS
SECCFLAGS