Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Solus Linux failures #61

Open
philrz opened this issue Jan 17, 2021 · 1 comment
Open

Solus Linux failures #61

philrz opened this issue Jan 17, 2021 · 1 comment
Labels
bug Something isn't working community

Comments

@philrz
Copy link
Contributor

philrz commented Jan 17, 2021
edited
Loading

A community user reported:

Hi, I need some help with suricata and brim. Looks like its not working on my installation
I'm on Solus Linux and had to copy a magic.mgc to /usr/share/file/ and /usr/share/misc/magic.mgc from ubuntu system to make it work
I thing this could be the problem
Because without this magic.mgc file:
image
can those magic files be part of the app instead ?

Indeed, it looks like we take this approach of bundling the magic file on macOS bundling today, so I expect we could do the same thing in Linux now that we know there's some distros that lack the file in the common location.

In addition to the magic file, additional testing has also revealed a problem with SSL certs, as attempts to run the suricataupdater on Solus failed to download the Emerging Threats rule set due to error SSL: CERTIFICATE_VERIFY_FAILED. We'd seen the same on CentOS, and to address that we added the following to the suricataupdater script:

ca_path="$(openssl version -d | cut -d ' ' -f 2)"
ca_path="${ca_path//\"}"

SSL_CERT_FILE="$ca_path/cert.pem" ...

However, on Solus Linux, that cert.pem file is not present in that location and my web searches did not turn up any hits on Solus Linux packages that include it. The problem seems to be specific to how Suricata Update works, though, because tools like curl and wget on Solus have no problem downloading the rules from the same URL that's failing with Suricata update.

We confirmed that we could make it work by manually copying over a cert.pem from a CentOS system, and a community user was able to make it work by pointing at a specific cert:

SSL_CERT_FILE=/etc/ssl/certs/DigiCert_Global_Root_CA.pem ./usr/lib/brim/resources/app/zdeps/suricata/bin/suricata-update

Finally, if we make this all smooth, then there'd still be the higher-level question of a Brim installer that works on Solus, as the package formats we currently create like .deb and .rpm are not supported. The community user that reported this issue was working around that problem by manually unpacking the .deb:

Download the .deb file;
Unpack the .deb file with ar x brim_amd64.deb, which usually has data.tar.xz, control.tar.xz and debian-binary (text file with package containing a number / version).
All I need is to extract data.tar.xz and run brim from the current usr/bin folder

As we went on to discuss, one of the approaches described in brimdata/zui#685 might be the way to go.
@philrz philrz added bug Something isn't working community labels Jan 17, 2021
@philrz philrz changed the title Failure on Solus Linux due to lack of magic file Solus Linux failures Jan 19, 2021
@philrz
Copy link
Contributor Author

philrz commented Jun 18, 2021

The fix in #62 is expected to help with the "magic" portion of this, but the problems with the SSL cert and package formats are still assumed to be present.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working community
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@philrz