Suricata-update --no-merge failing

Help
1

Hey team,

I am seeing an issue while running Suricata-update with --no-merge option in version 1.2.0.
However, it runs fine with Suricata-update version 1.1.2
Here is my output:

vagishagupta : suricata-update/ (master) $ sudo ./bin/suricata-update --no-merge

10/2/2021 – 20:40:56 - – Using data-directory /var/lib/suricata.

10/2/2021 – 20:40:56 - – Using Suricata configuration /etc/suricata/suricata.yaml

10/2/2021 – 20:40:56 - – Using /usr/local/share/suricata/rules for Suricata provided rules.

10/2/2021 – 20:40:56 - – Found Suricata version 5.0.3 at /usr/local/bin/suricata.

10/2/2021 – 20:40:56 - – Loading /etc/suricata/suricata.yaml

10/2/2021 – 20:40:56 - – Disabling rules for protocol modbus

10/2/2021 – 20:40:56 - – Disabling rules for protocol enip

10/2/2021 – 20:40:56 - – Disabling rules for protocol dnp3

10/2/2021 – 20:40:56 - – No sources configured, will use Emerging Threats Open

10/2/2021 – 20:40:56 - – Last download less than 15 minutes ago. Not downloading https://rules.emergingthreats.net/open/suricata-5.0.3/emerging.rules.tar.gz.

10/2/2021 – 20:40:56 - – Loading distribution rule file /usr/local/share/suricata/rules/app-layer-events.rules

10/2/2021 – 20:40:56 - – Loading distribution rule file /usr/local/share/suricata/rules/decoder-events.rules

10/2/2021 – 20:40:56 - – Loading distribution rule file /usr/local/share/suricata/rules/dhcp-events.rules

10/2/2021 – 20:40:56 - – Loading distribution rule file /usr/local/share/suricata/rules/dnp3-events.rules

10/2/2021 – 20:40:56 - – Loading distribution rule file /usr/local/share/suricata/rules/dns-events.rules

10/2/2021 – 20:40:56 - – Loading distribution rule file /usr/local/share/suricata/rules/files.rules

10/2/2021 – 20:40:56 - – Loading distribution rule file /usr/local/share/suricata/rules/http-events.rules

10/2/2021 – 20:40:56 - – Loading distribution rule file /usr/local/share/suricata/rules/ipsec-events.rules

10/2/2021 – 20:40:56 - – Loading distribution rule file /usr/local/share/suricata/rules/kerberos-events.rules

10/2/2021 – 20:40:56 - – Loading distribution rule file /usr/local/share/suricata/rules/modbus-events.rules

10/2/2021 – 20:40:56 - – Loading distribution rule file /usr/local/share/suricata/rules/nfs-events.rules

10/2/2021 – 20:40:56 - – Loading distribution rule file /usr/local/share/suricata/rules/ntp-events.rules

10/2/2021 – 20:40:56 - – Loading distribution rule file /usr/local/share/suricata/rules/smb-events.rules

10/2/2021 – 20:40:56 - – Loading distribution rule file /usr/local/share/suricata/rules/smtp-events.rules

10/2/2021 – 20:40:56 - – Loading distribution rule file /usr/local/share/suricata/rules/stream-events.rules

10/2/2021 – 20:40:56 - – Loading distribution rule file /usr/local/share/suricata/rules/tls-events.rules

10/2/2021 – 20:40:56 - – Ignoring file rules/emerging-deleted.rules

10/2/2021 – 20:40:58 - – Loaded 28902 rules.

10/2/2021 – 20:40:58 - – Disabled 14 rules.

10/2/2021 – 20:40:58 - – Enabled 0 rules.

10/2/2021 – 20:40:58 - – Modified 0 rules.

10/2/2021 – 20:40:58 - – Dropped 0 rules.

10/2/2021 – 20:40:58 - – Enabled 145 rules for flowbit dependencies.

10/2/2021 – 20:40:58 - – Backing up current rules.

Traceback (most recent call last):

File “./bin/suricata-update”, line 33, in

sys.exit(main.main())

File “/private/tmp/suricata-6.0.1-orig/suricata-update/suricata/update/main.py”, line 1299, in main

sys.exit(_main())

File “/private/tmp/suricata-6.0.1-orig/suricata-update/suricata/update/main.py”, line 1240, in _main

config.get_output_dir(), os.path.basename(filename)))

File “/System/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/posixpath.py”, line 114, in basename

i = p.rfind(‘/’) + 1

AttributeError: ‘SourceFile’ object has no attribute ‘rfind’

Any help on this will be appreciated.
Thanks

2

Thanks for the report Vagisha. This is a bug, I’ve created an issue here:

https://redmine.openinfosecfoundation.org/issues/4324

Something we need to consider is if we want to support this --no-merge feature. It broke due to a change to handle duplicate filenames, which only works when we output a single file. Duplicate files would still be an issue with --no-merge as one would overwrite the other, the other reason it broke is we don’t have testing for this --no-merge option (oops).

3

Thanks, Jason!

Is there a way to bundle Suricata-update 1.1.2 version coming with suricata 6.0.1?

I tried changing version value to 1.1.2 in versions.py, seems its a static value and doesn’t downgrade my Suricata-update

4

Note that this scenario is not tested… But something like the following could work: