Sorry I am confused. Why do we need two gpg keys, how do you create the specific ones shown in your solution. When I try to run dpkg -i libbpf4.19_4.19.118-2+deb10u1_armhf.deb I get an error
sudo dpkg -i libbpf4.19_4.19.118-2+deb10u1_armhf.de
dpkg-deb: error: 'libbpf4.19_4.19.118-2+deb10u1_armhf.de' is not a Debian format archive
Weird, i get this error E: Invalid operation suricata
on this line apt -t buster-backports suricata. Should suricata already be installed before following those steps. If so, by doing the sudo apt-get method?
I received this error when executing that command. E: The value 'buster-backports' is invalid for APT::Default-Release as such a re lease is not available in the sources
deb http://httpredir.debian.org/debian buster-backports main contrib
in your /etc/apt/sources.list, as mentioned in Jasonās post above (#40)? And run sudo apt update afterwards? Your package manager does not seem to know that you added this extra repository.
Right I donāt think I have done the key generation correctly, can you walk me through it?. The source.list is correct:
sudo apt update
Get:1 http://raspbian.raspberrypi.org/raspbian buster InRelease [15.0 kB]
Get:2 http://archive.raspberrypi.org/debian buster InRelease [32.6 kB]
Get:3 http://httpredir.debian.org/debian buster-backports InRelease [46.7 kB]
Get:4 http://archive.raspberrypi.org/debian buster/main armhf Packages [330 kB]
Err:3 http://httpredir.debian.org/debian buster-backports InRelease
The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 04EE7 237B7D453EC NO_PUBKEY 648ACFD622F3D138
Reading package lists... Done
W: GPG error: http://httpredir.debian.org/debian buster-backports InRelease: The following signatures co uldn't be verified because the public key is not available: NO_PUBKEY 04EE7237B7D453EC NO_PUBKEY 648ACFD 622F3D138
E: The repository 'http://httpredir.debian.org/debian buster-backports InRelease' is not signed.
N: Updating from such a repository can't be done securely, and is therefore disabled by default.
N: See apt-secure(8) manpage for repository creation and user configuration details.
The package manager needs to have the PGP keys to verify package sets from the new repository.
You first have to fetch the keys from a keyserver, e.g. the SKS one:
$ gpg --recv-keys --keyserver ipv4.pool.sks-keyservers.net 04EE7237B7D453EC
gpg: key E0B11894F66AEC98: public key "Debian Archive Automatic Signing Key (9/stretch) <ftpmaster@debian.org>" imported
gpg: Total number processed: 1
gpg: imported: 1
$ gpg --recv-keys --keyserver ipv4.pool.sks-keyservers.net 648ACFD622F3D138
gpg: key DC30D7C23CBBABEE: public key "Debian Archive Automatic Signing Key (10/buster) <ftpmaster@debian.org>" imported
gpg: Total number processed: 1
gpg: imported: 1
then import them into your local APT key store:
$ gpg --export 04EE7237B7D453EC | sudo apt-key add -
OK
$ gpg --export 648ACFD622F3D138 | sudo apt-key add -
OK
That all worked but when I do apt -t buster-backports suricata I get an error saying E: Invalid operation suricata. Should I install suricata at this point using sudo apt-get install suricata?
where install is the operation, -t buster-backports is the -target distribution, and suricata is the package to install via apt.
With libbpf already present, that should pull in the rest of the dependencies from backports.
Okay, so I have suricata 5 and I can now pickup the ICMP packets. The issue now is I canāt seem to install the emerging rules I was using previously. Here is the install script I was using. Are the emerging rules still compatible with suricata v5?
#!/usr/bin/python
import os
import urllib2
suricatadirectory='/etc/suricata/'
md5file=suricatadirectory+'lastmd5'
rulesdirectory=suricatadirectory+'rules.tar.gz'
rulesurl='https://rules.emergingthreats.net/open-nogpl/suricata-2.0/emerging.rules.tar.gz'
#Actualizacion de reglas
def deploynewrules():
os.system("wget " + rulesurl + " -o /tmp/wget.output -O" + rulesdirectory)
os.system("tar -xzf " + rulesdirectory + " -C " + suricatadirectory)
#Comprobar si ha cambiado el md5
def md5change():
re = urllib2.urlopen(rulesurl+".md5")
newmd5 = re.read()
oldmd5file = open(md5file,"r")
oldmd5 = oldmd5file.read()
oldmd5file.close()
if newmd5!=oldmd5 :
md5 = open (md5file,"w")
md5.write(newmd5)
md5.close()
return 1
else:
return 0
def main():
if os.path.exists(md5file):
if md5change():
deploynewrules()
else:
re = urllib2.urlopen(rulesurl+".md5")
newmd5 = re.read()
md5 = open (md5file,"w")
md5.write(newmd5)
md5.close()
deploynewrules()
if __name__ == '__main__':
main()
Yes, The rules are compatible. Change your URL to https://rules.emergingthreats.net/open/suricata-git/emerging.rules.tar.gz and let us know how that works.
Yep,that works thanks! Could someone supply the default suricata.yaml file. I have moved my old one over to the new suricata v5, but it is causing issues.