/tmp/tmpm296mhk5/fast.log\ permission denied

hello ,
i can’t execute the following script :

sudo suricata-update
#on copie les règles dans le bon dossier
sudo cp -r /usr/var/lib/suricata/rules/suricata.rules /usr/share/suricata/rules/suricata.rules
#on associe les accès du dossier à un bon utilisateur
sudo chown -R suricata:suricata /usr/var/lib/suricata/rules
sudo chown -R suricata:suricata /usr/share/suricata/rules/
#on associe les bonnes persmissions
sudo chmod 755 /usr/var/lib/suricata/rules/suricata.rules
#on redémarre correctement les services avec le redémarrage de tous les démons qui sont des programmes tournant en arrière plan comme sous windows, que l'on peut aussi appeler des services
sudo systemctl daemon-reload && sudo systemctl restart suricata.service 

without having this error :

rging-deleted.rules
6/9/2024 -- 12:24:47 - <Info> -- Loaded 52443 rules.
6/9/2024 -- 12:24:47 - <Info> -- Disabled 5 rules.
6/9/2024 -- 12:24:47 - <Info> -- Enabled 0 rules.
6/9/2024 -- 12:24:47 - <Info> -- Modified 0 rules.
6/9/2024 -- 12:24:47 - <Info> -- Dropped 0 rules.
6/9/2024 -- 12:24:48 - <Info> -- Enabled 136 rules for flowbit dependencies.
6/9/2024 -- 12:24:48 - <Info> -- Backing up current rules.
6/9/2024 -- 12:24:50 - <Info> -- Writing rules to /usr/var/lib/suricata/rules/suricata.rules: total: 52443; enabled: 39802; added: 42; removed 2; modified: 1169
6/9/2024 -- 12:24:50 - <Info> -- Writing /usr/var/lib/suricata/rules/classification.config
6/9/2024 -- 12:24:51 - <Info> -- Testing with suricata -T.
{"timestamp":"2024-09-06T12:24:51.185556+0200","log_level":"Error","event_type":"engine","engine":{"message":"Error opening file: \"/tmp/tmpi791hebg/fast.log\": Permission denied","thread_name":"Suricata-Main","module":"logopenfile"}}
{"timestamp":"2024-09-06T12:24:51.185861+0200","log_level":"Error","event_type":"engine","engine":{"message":"output module \"fast\": setup failed","thread_name":"Suricata-Main","module":"runmodes"}}
6/9/2024 -- 12:24:51 - <Error> -- Suricata test failed, aborting.
6/9/2024 -- 12:24:51 - <Error> -- Restoring previous rules.
alexandre@alexandre-developpeur:~/Documents$ 

why ?i wrote this : sudo setfacl -m u:suricata:rwx /tmp

best regards

Do you have Suricata configured to run as a non-root user with run-as in your suricata.yaml?

normally yes but I’m reinstalling everything

I still have the problem, the installation script for suricata is as follows : ./scripts/bundle.sh ./autogen.sh \ autoreconf -i \ sudo chmod +x ./autogen.sh ./configure --prefix=/usr/ --bindir=/usr/bin/ --sbindir=/usr/sbin/ --libdir=/usr/lib/ --sysconfdir=/etc/ --enable-python --enable-debug --enable-unittests --enable-ebpf-build --enable-geoip --enable-af-packet --enable-nflog --with-libpcap-includes=/usr/local/include --with-libpcap-libraries=/usr/lib/x86_64-linux-gnu/ --with-libhtp-includes=/usr/local/include/htp --with-libhtp-libraries=/usr/lib --with-libyaml-libraries=/usr/lib/x86_64-linux-gnu --enable-nfqueue \ && cargo install --force cbindgen && sudo make -j10 && sudo make install-full, and then i put this in shell :

 sudo chmod -R 750  /usr/bin/share/doc/suricata
sudo chmod -R 750  /usr/bin/share/suricata
sudo chmod -R 750  /usr/bin/lib/suricata
sudo chmod -R 750  /usr/bin/var/run/suricata
sudo chmod -R 750  /usr/bin/var/lib/suricata
sudo chmod -R 750  /usr/bin/suricata
sudo chmod -R 750  /usr/share/doc/suricata
sudo chmod -R 750  /usr/share/suricata
sudo chmod -R 750  /usr/lib/suricata
sudo chmod -R 750  /usr/lib/suricata/python/suricata
sudo chmod -R 750  /usr/var/run/suricata
sudo chmod -R 750 /usr/var/lib/suricata
sudo chmod -R 750 /usr/var/log/suricata
sudo chmod -R 750 /usr/local/share/doc/suricata
sudo chmod -R 750  /usr/local/share/suricata
sudo chmod -R 750 /usr/local/lib/suricata
sudo chmod -R 750 /usr/local/var/run/suricata
sudo chmod -R 750  /usr/local/var/lib/suricata
sudo chmod -R 750 /usr/local/var/log/suricata
sudo chmod -R 750 /usr/local/etc/suricata


sudo chown -R suricata:suricata   /usr/bin/share/doc/suricata
sudo chown -R suricata:suricata   /usr/bin/share/suricata
sudo chown -R suricata:suricata   /usr/bin/lib/suricata
sudo chown -R suricata:suricata   /usr/bin/var/run/suricata
sudo chown -R suricata:suricata   /usr/bin/var/lib/suricata
sudo chown -R suricata:suricata   /usr/bin/suricata
sudo chown -R suricata:suricata   /usr/share/doc/suricata
sudo chown -R suricata:suricata   /usr/share/suricata
sudo chown -R suricata:suricata   /usr/lib/suricata
sudo chown -R suricata:suricata   /usr/lib/suricata/python/suricata
sudo chown -R suricata:suricata   /usr/var/run/suricata
sudo chown -R suricata:suricata  /usr/var/lib/suricata
sudo chown -R suricata:suricata  /usr/var/log/suricata
sudo chown -R suricata:suricata  /usr/local/share/doc/suricata
sudo chown -R suricata:suricata  /usr/local/share/suricata
sudo chown -R suricata:suricata  /usr/local/lib/suricata
sudo chown -R suricata:suricata  /usr/local/var/run/suricata
sudo chown -R suricata:suricata   /usr/local/var/lib/suricata
sudo chown -R suricata:suricata  /usr/local/var/log/suricata
sudo chown -R suricata:suricata /usr/local/etc/suricata

sudo setcap cap_net_admin,cap_net_raw,cap_sys_nice+eip /usr/bin/suricata`

the content of my daemon configuration is :

[Unit]
Description=Suricata IDS/IPS service
After=network.target

[Service]
ExecStart=/usr/bin/suricata -c /etc/suricata/suricata.yaml -q 0
ExecReload=/bin/kill -HUP $MAINPID
Restart=on-failure
User=suricata
Group=suricata
WorkingDirectory=/usr/suricata
PIDFile=/run/suricata.pid
LimitNOFILE=65536
StandardOutput=file:/var/log/suricata/suricata.log
StandardError=file:/var/log/suricata/suricata_error.log


[Install]
WantedBy=multi-user.target

Is this a missing right that I need to add to user and group suricata? and my script to update rules is:

 sudo suricata-update
#on copie les règles dans le bon dossier
sudo cp -r /usr/var/lib/suricata/rules/suricata.rules /usr/share/suricata/rules/suricata.rules
#on associe les accès du dossier à un bon utilisateur
sudo chown -R suricata:suricata /usr/var/lib/suricata/rules
sudo chown -R suricata:suricata /usr/share/suricata/rules/
#on associe les bonnes persmissions
sudo chmod 755 /usr/var/lib/suricata/rules/suricata.rules
#on redémarre correctement les services avec le redémarrage de tous les démons qui sont des programmes tournant en arrière plan comme sous windows, que l'on peut aussi appeler des services
sudo systemctl daemon-reload && sudo systemctl restart suricata.service

and the result is :

18/9/2024 -- 16:28:03 - <Info> -- Writing /usr/var/lib/suricata/rules/classification.config
18/9/2024 -- 16:28:03 - <Info> -- Testing with suricata -T.
{"timestamp":"2024-09-18T16:28:03.537904+0200","log_level":"Error","event_type":"engine","engine":{"message":"Error opening file: \"/tmp/tmp7zr9r6wc/fast.log\": Permission denied","thread_name":"Suricata-Main","module":"logopenfile"}}
{"timestamp":"2024-09-18T16:28:03.538271+0200","log_level":"Error","event_type":"engine","engine":{"message":"output module \"fast\": setup failed","thread_name":"Suricata-Main","module":"runmodes"}}
18/9/2024 -- 16:28:03 - <Error> -- Suricata test failed, aborting.
18/9/2024 -- 16:28:03 - <Error> -- Restoring previous rules.
alexandre@alexandre-developpeur:~/Documents$
``` and i've this in /etc/suricata/suricata.yaml :

in my /etc/suricata.yaml:

Run Suricata with a specific user-id and group-id:

run-as:
user: suricata
group: suricata

ok i reinstalled suricata with this script , and no more problem :

 ./scripts/bundle.sh
./autogen.sh \
autoreconf -i \
sudo chmod +x ./autogen.sh
 ./configure --prefix=/usr/            --bindir=/usr/bin/            --sbindir=/usr/sbin/            --libdir=/usr/lib/             --sysconfdir=/etc/             --enable-python             --enable-debug             --enable-unittests             --enable-ebpf-build             --enable-geoip             --enable-af-packet             --enable-nflog             --with-libpcap-includes=/usr/local/include             --with-libpcap-libraries=/usr/lib/x86_64-linux-gnu/             --with-libhtp-includes=/usr/local/include/htp  --with-libhtp-libraries=/usr/lib --with-libyaml-libraries=/usr/lib/x86_64-linux-gnu --enable-nfqueue  \
  &&  cargo install --force cbindgen  && sudo make -j10 && sudo make install-full

no i’ve stilll the same problem :frowning:

iI must regularly reinstall suricata,here my configurations

alexandre@alexandre-developpeur:~$ lsb_release -a
No LSB modules are available.
Distributor ID:	Ubuntu
Description:	Ubuntu 24.04.1 LTS
Release:	24.04
Codename:	noble
alexandre@alexandre-developpeur:~$ uname -r
6.9.9-060909-generic
alexandre@alexandre-developpeur:~$

the file doesn’t exist in tmp directory
regards