No rule files match the pattern /etc/suricata/rules/.

Issues related to applications and software problems
Post Reply
hack3rcon
Posts: 757
Joined: 2014/11/24 11:04:37

No rule files match the pattern /etc/suricata/rules/.

Post by hack3rcon » 2019/02/06 09:28:31

Hello.
I installed "Suricata-IDS 4.1.2" and when I run it then it show me below error:

Code: Select all

# suricata -c /etc/suricata/suricata.yaml -i enp0s3
6/2/2019 -- 04:21:43 - <Notice> - This is Suricata version 4.1.2 RELEASE
6/2/2019 -- 04:21:43 - <Warning> - [ERRCODE: SC_ERR_NO_RULES(42)] - No rule files match the pattern /etc/suricata/rules/botcc.rules
6/2/2019 -- 04:21:43 - <Warning> - [ERRCODE: SC_ERR_NO_RULES(42)] - No rule files match the pattern /etc/suricata/rules/ciarmy.rules
6/2/2019 -- 04:21:43 - <Warning> - [ERRCODE: SC_ERR_NO_RULES(42)] - No rule files match the pattern /etc/suricata/rules/compromised.rules
6/2/2019 -- 04:21:43 - <Warning> - [ERRCODE: SC_ERR_NO_RULES(42)] - No rule files match the pattern /etc/suricata/rules/drop.rules
6/2/2019 -- 04:21:43 - <Warning> - [ERRCODE: SC_ERR_NO_RULES(42)] - No rule files match the pattern /etc/suricata/rules/dshield.rules
6/2/2019 -- 04:21:43 - <Warning> - [ERRCODE: SC_ERR_NO_RULES(42)] - No rule files match the pattern /etc/suricata/rules/emerging-attack_response.rules
6/2/2019 -- 04:21:43 - <Warning> - [ERRCODE: SC_ERR_NO_RULES(42)] - No rule files match the pattern /etc/suricata/rules/emerging-chat.rules
6/2/2019 -- 04:21:43 - <Warning> - [ERRCODE: SC_ERR_NO_RULES(42)] - No rule files match the pattern /etc/suricata/rules/emerging-current_events.rules
6/2/2019 -- 04:21:43 - <Warning> - [ERRCODE: SC_ERR_NO_RULES(42)] - No rule files match the pattern /etc/suricata/rules/emerging-dns.rules
6/2/2019 -- 04:21:43 - <Warning> - [ERRCODE: SC_ERR_NO_RULES(42)] - No rule files match the pattern /etc/suricata/rules/emerging-dos.rules
6/2/2019 -- 04:21:43 - <Warning> - [ERRCODE: SC_ERR_NO_RULES(42)] - No rule files match the pattern /etc/suricata/rules/emerging-exploit.rules
6/2/2019 -- 04:21:43 - <Warning> - [ERRCODE: SC_ERR_NO_RULES(42)] - No rule files match the pattern /etc/suricata/rules/emerging-ftp.rules
6/2/2019 -- 04:21:43 - <Warning> - [ERRCODE: SC_ERR_NO_RULES(42)] - No rule files match the pattern /etc/suricata/rules/emerging-imap.rules
6/2/2019 -- 04:21:43 - <Warning> - [ERRCODE: SC_ERR_NO_RULES(42)] - No rule files match the pattern /etc/suricata/rules/emerging-malware.rules
6/2/2019 -- 04:21:43 - <Warning> - [ERRCODE: SC_ERR_NO_RULES(42)] - No rule files match the pattern /etc/suricata/rules/emerging-misc.rules
6/2/2019 -- 04:21:43 - <Warning> - [ERRCODE: SC_ERR_NO_RULES(42)] - No rule files match the pattern /etc/suricata/rules/emerging-mobile_malware.rules
6/2/2019 -- 04:21:43 - <Warning> - [ERRCODE: SC_ERR_NO_RULES(42)] - No rule files match the pattern /etc/suricata/rules/emerging-netbios.rules
6/2/2019 -- 04:21:43 - <Warning> - [ERRCODE: SC_ERR_NO_RULES(42)] - No rule files match the pattern /etc/suricata/rules/emerging-p2p.rules
6/2/2019 -- 04:21:43 - <Warning> - [ERRCODE: SC_ERR_NO_RULES(42)] - No rule files match the pattern /etc/suricata/rules/emerging-policy.rules
6/2/2019 -- 04:21:43 - <Warning> - [ERRCODE: SC_ERR_NO_RULES(42)] - No rule files match the pattern /etc/suricata/rules/emerging-pop3.rules
6/2/2019 -- 04:21:43 - <Warning> - [ERRCODE: SC_ERR_NO_RULES(42)] - No rule files match the pattern /etc/suricata/rules/emerging-rpc.rules
6/2/2019 -- 04:21:43 - <Warning> - [ERRCODE: SC_ERR_NO_RULES(42)] - No rule files match the pattern /etc/suricata/rules/emerging-scan.rules
6/2/2019 -- 04:21:43 - <Warning> - [ERRCODE: SC_ERR_NO_RULES(42)] - No rule files match the pattern /etc/suricata/rules/emerging-smtp.rules
6/2/2019 -- 04:21:43 - <Warning> - [ERRCODE: SC_ERR_NO_RULES(42)] - No rule files match the pattern /etc/suricata/rules/emerging-snmp.rules
6/2/2019 -- 04:21:43 - <Warning> - [ERRCODE: SC_ERR_NO_RULES(42)] - No rule files match the pattern /etc/suricata/rules/emerging-sql.rules
6/2/2019 -- 04:21:43 - <Warning> - [ERRCODE: SC_ERR_NO_RULES(42)] - No rule files match the pattern /etc/suricata/rules/emerging-telnet.rules
6/2/2019 -- 04:21:43 - <Warning> - [ERRCODE: SC_ERR_NO_RULES(42)] - No rule files match the pattern /etc/suricata/rules/emerging-tftp.rules
6/2/2019 -- 04:21:43 - <Warning> - [ERRCODE: SC_ERR_NO_RULES(42)] - No rule files match the pattern /etc/suricata/rules/emerging-trojan.rules
6/2/2019 -- 04:21:43 - <Warning> - [ERRCODE: SC_ERR_NO_RULES(42)] - No rule files match the pattern /etc/suricata/rules/emerging-user_agents.rules
6/2/2019 -- 04:21:43 - <Warning> - [ERRCODE: SC_ERR_NO_RULES(42)] - No rule files match the pattern /etc/suricata/rules/emerging-voip.rules
6/2/2019 -- 04:21:43 - <Warning> - [ERRCODE: SC_ERR_NO_RULES(42)] - No rule files match the pattern /etc/suricata/rules/emerging-web_client.rules
6/2/2019 -- 04:21:43 - <Warning> - [ERRCODE: SC_ERR_NO_RULES(42)] - No rule files match the pattern /etc/suricata/rules/emerging-web_server.rules
6/2/2019 -- 04:21:43 - <Warning> - [ERRCODE: SC_ERR_NO_RULES(42)] - No rule files match the pattern /etc/suricata/rules/emerging-worm.rules
6/2/2019 -- 04:21:43 - <Warning> - [ERRCODE: SC_ERR_NO_RULES(42)] - No rule files match the pattern /etc/suricata/rules/tor.rules
6/2/2019 -- 04:21:44 - <Notice> - all 1 packet processing threads, 4 management threads initialized, engine started.
In "/etc/suricata" directory no "rules" directory existed and I created a shortcut for it:

Code: Select all

# ln -s /usr/share/suricata/rules/ /etc/suricata/
But, the problem existed. Any idea?

Thank you.

hack3rcon
Posts: 757
Joined: 2014/11/24 11:04:37

Re: No rule files match the pattern /etc/suricata/rules/.

Post by hack3rcon » 2019/02/10 12:45:40

Any idea?

chemal
Posts: 776
Joined: 2013/12/08 19:44:49

Re: No rule files match the pattern /etc/suricata/rules/.

Post by chemal » 2019/02/10 22:57:01

Read the docs? https://suricata-ids.org/docs/

You might also consider installing from EPEL.

hack3rcon
Posts: 757
Joined: 2014/11/24 11:04:37

Re: No rule files match the pattern /etc/suricata/rules/.

Post by hack3rcon » 2019/02/11 16:05:02

chemal wrote:
2019/02/10 22:57:01
Read the docs? https://suricata-ids.org/docs/

You might also consider installing from EPEL.
I did and the version in EPEL is old.

chemal
Posts: 776
Joined: 2013/12/08 19:44:49

Re: No rule files match the pattern /etc/suricata/rules/.

Post by chemal » 2019/02/11 16:24:29

Source installs are not supported here.

And https://redmine.openinfosecfoundation.o ... tart_Guide has
Step two

After downloading and installing Suricata, continue with the Basic Setup. During the Basic Setup you create a directory for Suricata and its configuration files. You learn to start the engine for the first time, and to see if you made it already run correctly.

Step three

Of course Suricata needs rules to do its job. To learn more about rules, how to use and install them, read the information in Rule Management with Oinkmaster.

hack3rcon
Posts: 757
Joined: 2014/11/24 11:04:37

Re: No rule files match the pattern /etc/suricata/rules/.

Post by hack3rcon » 2019/02/12 08:28:05

In the config file, I set "default-rule-path: /usr/share/suricata/rules/" and got below message:

Code: Select all

# suricata -c /etc/suricata/suricata.yaml -i enp0s3
12/2/2019 -- 03:26:27 - <Info> - Configuration node 'default-rule-path' redefined.
12/2/2019 -- 03:26:27 - <Info> - Configuration node 'rule-files' redefined.
12/2/2019 -- 03:26:27 - <Notice> - This is Suricata version 4.1.2 RELEASE
12/2/2019 -- 03:26:28 - <Warning> - [ERRCODE: SC_ERR_NO_RULES(42)] - No rule files match the pattern /usr/share/suricata/rules/http-events.rules
12/2/2019 -- 03:26:28 - <Warning> - [ERRCODE: SC_ERR_NO_RULES(42)] - No rule files match the pattern /usr/share/suricata/rules/smtp-events.rules
12/2/2019 -- 03:26:28 - <Warning> - [ERRCODE: SC_ERR_NO_RULES(42)] - No rule files match the pattern /usr/share/suricata/rules/dns-events.rules
12/2/2019 -- 03:26:28 - <Warning> - [ERRCODE: SC_ERR_NO_RULES(42)] - No rule files match the pattern /usr/share/suricata/rules/tls-events.rules
12/2/2019 -- 03:26:28 - <Warning> - [ERRCODE: SC_WARN_FLOWBIT(306)] - flowbit 'HTTP.UncompressedFlash' is checked but not set. Checked in 2016396 and 3 other sigs
12/2/2019 -- 03:26:28 - <Warning> - [ERRCODE: SC_WARN_FLOWBIT(306)] - flowbit 'ET.pdf.in.http' is checked but not set. Checked in 2017150 and 5 other sigs
12/2/2019 -- 03:26:28 - <Warning> - [ERRCODE: SC_WARN_FLOWBIT(306)] - flowbit 'ET.JS.Obfus.Func' is checked but not set. Checked in 2017246 and 1 other sigs
12/2/2019 -- 03:26:28 - <Warning> - [ERRCODE: SC_WARN_FLOWBIT(306)] - flowbit 'et.http.PK' is checked but not set. Checked in 2019835 and 3 other sigs
12/2/2019 -- 03:26:28 - <Warning> - [ERRCODE: SC_WARN_FLOWBIT(306)] - flowbit 'et.JavaArchiveOrClass' is checked but not set. Checked in 2017756 and 15 other sigs
12/2/2019 -- 03:26:28 - <Warning> - [ERRCODE: SC_WARN_FLOWBIT(306)] - flowbit 'et.WinHttpRequest' is checked but not set. Checked in 2019822 and 1 other sigs
12/2/2019 -- 03:26:28 - <Warning> - [ERRCODE: SC_WARN_FLOWBIT(306)] - flowbit 'ET.wininet.UA' is checked but not set. Checked in 2021312 and 0 other sigs
12/2/2019 -- 03:26:28 - <Warning> - [ERRCODE: SC_WARN_FLOWBIT(306)] - flowbit 'et.MS.XMLHTTP.ip.request' is checked but not set. Checked in 2022050 and 1 other sigs
12/2/2019 -- 03:26:28 - <Warning> - [ERRCODE: SC_WARN_FLOWBIT(306)] - flowbit 'et.MS.XMLHTTP.no.exe.request' is checked but not set. Checked in 2022053 and 0 other sigs
12/2/2019 -- 03:26:28 - <Warning> - [ERRCODE: SC_WARN_FLOWBIT(306)] - flowbit 'et.MS.WinHttpRequest.no.exe.request' is checked but not set. Checked in 2022653 and 0 other sigs
12/2/2019 -- 03:26:28 - <Warning> - [ERRCODE: SC_WARN_FLOWBIT(306)] - flowbit 'et.IE7.NoRef.NoCookie' is checked but not set. Checked in 2023671 and 11 other sigs
12/2/2019 -- 03:26:28 - <Warning> - [ERRCODE: SC_WARN_FLOWBIT(306)] - flowbit 'et.MCOFF' is checked but not set. Checked in 2019837 and 1 other sigs
12/2/2019 -- 03:26:28 - <Warning> - [ERRCODE: SC_WARN_FLOWBIT(306)] - flowbit 'min.gethttp' is checked but not set. Checked in 2023711 and 0 other sigs
12/2/2019 -- 03:26:28 - <Warning> - [ERRCODE: SC_WARN_FLOWBIT(306)] - flowbit 'ET.armwget' is checked but not set. Checked in 2024241 and 1 other sigs

hack3rcon
Posts: 757
Joined: 2014/11/24 11:04:37

Re: No rule files match the pattern /etc/suricata/rules/.

Post by hack3rcon » 2019/02/12 08:35:37

I installed it by "yum" too and got the same error.

Post Reply