Zentyal Forum, Linux Small Business Server
Zentyal Server => Other modules => Topic started by: Coarch on April 26, 2021, 05:48:36 pm
-
Zentyal 7.0
Enabling the IDS/IPS module on the outgoing ethernet interface disables internet traffic. Has anyone seen this happen before? Any ideas?
-
Hello,
I have a similar problem. Zentyal 7.0, suricata 6.0.2, zentyal-ips 7.0.0, used virtual machine and br0 and eth0 interfaces
I installed the zentyal-ips package and it also installed the dependency suricata package. I enabled IDS/IPS and setup it on br0 then it disable all traffic (services) over LAN and suricata.service doesn't run and zentyal-ips module disabled.
When I enabled IDS/IPS and setup it on eth0 then LAN traffic enabled but suricata.service doesn't run and zentyal-ips module "Running".
I removed zentyal-ips and suricata then I install they again.
root@srv04:~# apt-get --purge remove zentyal-ips
root@srv04:~# apt-get --purge remove suricata
root@srv04:~# rm -rf /var/log/suricata
root@srv04:~# rm -rf /etc/suricata
root@srv04:~# rm -rf /etc/default/suricata
root@srv04:~# apt-get install zentyal-ips
I checked suricata status
root@srv04:~# systemctl status suricata.service
● suricata.service - LSB: Next Generation IDS/IPS
Loaded: loaded (/etc/init.d/suricata; generated)
Active: active (running) since Mon 2021-05-17 13:35:41 CEST; 35s ago
Docs: man:systemd-sysv-generator(8)
Tasks: 14 (limit: 19013)
Memory: 83.1M
CGroup: /system.slice/suricata.service
└─383442 /usr/bin/suricata -c /etc/suricata/suricata.yaml --pidfile /var/run/suricata.pid --af-packet -D>
máj 17 13:35:41 srv04 systemd[1]: Starting LSB: Next Generation IDS/IPS...
máj 17 13:35:41 srv04 suricata[383422]: Starting suricata in IDS (af-packet) mode... done.
máj 17 13:35:41 srv04 systemd[1]: Started LSB: Next Generation IDS/IPS.
I don't understand why it used suricata.yaml when /etc/default/suricata includes SURCONF=/etc/suricata/suricata-debian.yaml parameter.
I enabled IDS/IPS on Webadmin but not setup it any interface and suricata.service exited and doesn't use SURFCONF parameter
root@srv04:~# systemctl status suricata.service
● suricata.service - LSB: Next Generation IDS/IPS
Loaded: loaded (/etc/init.d/suricata; generated)
Active: active (exited) since Mon 2021-05-17 13:38:27 CEST; 1min 4s ago
Docs: man:systemd-sysv-generator(8)
Tasks: 0 (limit: 19013)
Memory: 0B
CGroup: /system.slice/suricata.service
máj 17 13:38:27 srv04 systemd[1]: Starting LSB: Next Generation IDS/IPS...
máj 17 13:38:27 srv04 suricata[391965]: Starting suricata in IPS (nfqueue) mode... done.
máj 17 13:38:27 srv04 systemd[1]: Started LSB: Next Generation IDS/IPS.
Can someone help me?
Thanks and Regards
-
Hello there,
Please see https://github.com/zentyal/zentyal/issues/2037 for further information. The proposed fix seems to be valid and will be integrated shortly. BR.
-
Hello webmaster,
thank your for the link. I now understand what this problem is and I am glad that they are already working on solving it.
Thanks and Regards
-
Hey guys, I seem to be having somewhat the same issues.
After enabling Suricata, I cannot login to Zentyal remotely. After disabling it, I have connectivity restored.
I wanted to confirm that this is not a conflict with RADIUS?
-
Hi Guys,
Somebody can help in this case, because i wish to use the IPS.
Please help!
BR,
GáborS
-
Hi,
Somebody can help in this case?
I tried to install on a clean install, same result.
I not installed anything only suricata and same result.
BR,
GáborS
-
Hi,
What error are you getting and what version of Zentyal are you using?
—
“This world is ours, and by the Holy Light we will keep it safe, now and forever".
-
I made a fresh install(now in january 2024) of last version of Zentyal (7. ish...) and same problem persist, so any solution recommended by support?