jimoe
(James Moe)
September 23, 2020, 6:41pm
1
opensuse tumbleweed
suricata 5.0.3
Running suricata-update produces this:
Traceback (most recent call last):
File "/usr/local/bin/suricata-update", line 32, in <module>
from suricata.update import main
ModuleNotFoundError: No module named 'suricata'
Suricata was installed using the distributon’s make command “make install”.
There is no problem on another installation.
What is the likely cause for the failure to start?
ish
(Jason Ish)
September 23, 2020, 6:55pm
2
I just did a quick test using the opensuse/tumbleweed
Docker image and it seems to work fine. Can you provide your ./configure
line and your suricata --build-info
output?
jimoe
(James Moe)
September 23, 2020, 7:16pm
3
./configure --enable-nfqueue
This is Suricata version 5.0.3 RELEASE
Features: NFQ PCAP_SET_BUFF AF_PACKET HAVE_PACKET_FANOUT LIBCAP_NG HAVE_HTP_URI_NORMALIZE_HOOK PCRE_JIT HAVE_LIBJANSSON TLS MAGIC RUST
SIMD support: SSE_3
Atomic intrinsics: 1 2 4 8 16 byte(s)
64-bits, Little-endian architecture
GCC version 7.5.0, C version 199901
compiled with _FORTIFY_SOURCE=0
L1 cache line size (CLS)=64
thread local storage method: __thread
compiled with LibHTP v0.5.33, linked against LibHTP v0.5.33
Suricata Configuration:
AF_PACKET support: yes
eBPF support: no
XDP support: no
PF_RING support: no
NFQueue support: yes
NFLOG support: no
IPFW support: no
Netmap support: no
DAG enabled: no
Napatech enabled: no
WinDivert enabled: no
Unix socket enabled: yes
Detection enabled: yes
Libmagic support: yes
libnss support: no
libnspr support: no
libjansson support: yes
hiredis support: no
hiredis async with libevent: no
Prelude support: no
PCRE jit: yes
LUA support: no
libluajit: no
GeoIP2 support: no
Non-bundled htp: no
Old barnyard2 support: no
Hyperscan support: no
Libnet support: no
liblz4 support: no
Rust support: yes
Rust strict mode: no
Rust compiler path: /usr/bin/rustc
Rust compiler version: rustc 1.36.0
Cargo path: /usr/bin/cargo
Cargo version: cargo 1.36.0
Cargo vendor: no
Python support: yes
Python path: /usr/bin/python3
Python distutils yes
Python yaml yes
Install suricatactl: yes
Install suricatasc: yes
Install suricata-update: yes
Profiling enabled: no
Profiling locks enabled: no
Development settings:
Coccinelle / spatch: no
Unit tests enabled: no
Debug output enabled: no
Debug validation enabled: no
Generic build parameters:
Installation prefix: /usr/local
Configuration directory: /usr/local/etc/suricata/
Log directory: /usr/local/var/log/suricata/
--prefix /usr/local
--sysconfdir /usr/local/etc
--localstatedir /usr/local/var
--datarootdir /usr/local/share
Host: x86_64-pc-linux-gnu
Compiler: gcc (exec name) / gcc (real)
GCC Protect enabled: no
GCC march native enabled: yes
GCC Profile enabled: no
Position Independent Executable enabled: no
CFLAGS -g -O2 -march=native -I${srcdir}/../rust/gen/c-headers
PCAP_CFLAGS -I/usr/include
SECCFLAGS
ish
(Jason Ish)
September 23, 2020, 9:08pm
4
Looks like the Python paths are not lining up. Probably an issue on our side, but we won’t know how to fix it unless we can see whats really wrong.
Can you tell me the first line of /usr/local/bin/suricata-update
?
And then tell me what this returns so I can see where the library part of Suricata-Update is installed?
find /usr/local/lib -name main.py
Thanks.
jimoe
(James Moe)
September 24, 2020, 12:38am
5
#!/usr/bin/python3
$ find /usr/local/lib -name main.py
/usr/local/lib/python2.7/site-packages/suricata/ctl/main.py
/usr/local/lib/python2.7/site-packages/suricata/update/main.py
/usr/local/lib/python3.6/site-packages/suricata/ctl/main.py
/usr/local/lib/python3.6/site-packages/suricata/update/main.py
ish
(Jason Ish)
September 24, 2020, 1:33am
6
And what version of Python is this? Its probably something we should add to the build-info in the future.
Tumbleweed is rolling right? My test instance of it is on Python 3.8.
jimoe
(James Moe)
September 24, 2020, 6:07am
7
Yes.
Python 3.8.5
(blah blah blah more than 20 chars)
ish
(Jason Ish)
September 24, 2020, 3:00pm
8
I think a make clean
, followed by a new ./configure ...
, should get you fixed up. Looks like the make install
was done when /usr/bin/python3
was 3.6… And its since been upgraded to 3.8.
This is probably a side affect of us using the proper Python tools for installation.
jimoe
(James Moe)
September 24, 2020, 5:06pm
9
Yes, that fixed it.
Thank you.