Ubuntu 20.0.4 suricata 6.0.4 compile error(rules not installed as suricata-update not available)

Help
1

Environment

Distributor ID: Ubuntu
Description: Ubuntu 20.04.3 LTS
Release: 20.04
Codename: focal

Suricata (https://www.openinfosecfoundation.org/download/suricata-6.0.4.tar.gz)

Error

The error was that

make install-conf
make[1]: Entering directory '/home/fancypig/Desktop/suricata-6.0.4'
install -d "/usr/local/etc/suricata/"
install -d "/usr/local/var/log/suricata/files"
install -d "/usr/local/var/log/suricata/certs"
install -d "/usr/local/var/run/"
install -m 770 -d "/usr/local/var/run/suricata"
make[1]: Leaving directory '/home/fancypig/Desktop/suricata-6.0.4'
make install-rules
make[1]: Entering directory '/home/fancypig/Desktop/suricata-6.0.4'
error: rules not installed as suricata-update not available
make[1]: *** [Makefile:932: install-rules] Error 1
make[1]: Leaving directory '/home/fancypig/Desktop/suricata-6.0.4'
make: *** [Makefile:913: install-full] Error 2

The whole process

Install the dependant package

I added the libnss3-devlibnspr4-devlibnspr4-devrustc cargo modules besides the offical guide

sudo apt-get -y install libpcre3 libpcre3-dbg libpcre3-dev \
build-essential autoconf automake libtool libpcap-dev libnet1-dev \
libyaml-0-2 libyaml-dev zlib1g zlib1g-dev libcap-ng-dev libcap-ng0 \
make libmagic-dev libjansson-dev libjansson4 libnss3-dev libnspr4-dev libnspr4-dev rustc cargo pkg-config

Download the Software and make install

wget https://www.openinfosecfoundation.org/download/suricata-6.0.4.tar.gz
tar xzvf suricata-6.0.4.tar.gz
cd suricata-6.0.4
./configure && make && make install-full

And then the problem popped out.

make install-conf
make[1]: Entering directory '/home/fancypig/Desktop/suricata-6.0.4'
install -d "/usr/local/etc/suricata/"
install -d "/usr/local/var/log/suricata/files"
install -d "/usr/local/var/log/suricata/certs"
install -d "/usr/local/var/run/"
install -m 770 -d "/usr/local/var/run/suricata"
make[1]: Leaving directory '/home/fancypig/Desktop/suricata-6.0.4'
make install-rules
make[1]: Entering directory '/home/fancypig/Desktop/suricata-6.0.4'
error: rules not installed as suricata-update not avai :grinning:lable
make[1]: *** [Makefile:932: install-rules] Error 1
make[1]: Leaving directory '/home/fancypig/Desktop/suricata-6.0.4'
make: *** [Makefile:913: install-full] Error 2

I’ve read this article Make Installation fails - #11 by Sylfrena
And I tried the way however it didn’t work.

(cd suricata-update &&
	     curl -L \
	          https://github.com/OISF/suricata-update/archive/master.tar.gz | \
	         tar zxvf - --strip-components=1)

So, how can I solve this problem besides uploading the rules mannually?
(I was suffering from the OCD,just kidding :joy: )
If you can help solve this problem, it’ ll be highly appreciated. :grinning:

2

Hi,

Sorry, it’s not clear how exactly the attempt with getting suricata-update with curl didn’t succeed. Was the command itself not successful, or were you able to get suricata-update that way, but are still getting make errors for make install-config?

3

If you can, its recommended to use Suricata-Update instead of curl, unless you have a strong reason to do so.

At the end of the ./configure there should be something about why suricata-update was not installed. Probably a missing dependency. Might be worth trying to fix that.

eg)

  Python support:                          yes
  Python path:                             /usr/bin/python3
  Python distutils                         yes
  Python yaml                              yes
  Install suricatactl:                     yes
  Install suricatasc:                      yes
  Install suricata-update:                 no, not bundled
1 Like
4

Oh, that is!

 Rust support:                            yes
  Rust strict mode:                        no
  Rust compiler path:                      /usr/bin/rustc
  Rust compiler version:                   rustc 1.53.0
  Cargo path:                              /usr/bin/cargo
  Cargo version:                           cargo 1.53.0
  Cargo vendor:                            yes

  Python support:                          yes
  Python path:                             /usr/bin/python3
  Python distutils                         no
  Python yaml                              yes
  Install suricatactl:                     no, requires distutils
  Install suricatasc:                      no, requires distutils
  Install suricata-update:                 no, requires distutils

Finally, I figured it out.

apt-get install python-distutils-extra

When I used the ./configure, the output was that

  Python support:                          yes
  Python path:                             /usr/bin/python3
  Python distutils                         yes
  Python yaml                              yes
  Install suricatactl:                     yes
  Install suricatasc:                      yes
  Install suricata-update:                 yes


make & make install-full

The problem was solved!

image
image882×573 99.1 KB

1 Like