Bug 12260

Summary:	suricata won't start Core 139
Product:	IPFire	Reporter:	DJ-Melo <markus>
Component:	---	Assignee:	Peter Müller <peter.mueller>
Status:	CLOSED FIXED	QA Contact:	Stefan Schantl <stefan.schantl>
Severity:	Crash
Priority:	Will affect an average number of users	CC:	arne.fitzenreiter, michael.tremer, peter.mueller
Version:	2	Keywords:	Security
Hardware:	all
OS:	All
See Also:	https://bugzilla.ipfire.org/show_bug.cgi?id=12166
Bug Depends on:
Bug Blocks:	12257
Attachments:	wui of ips

Description DJ-Melo 2019-12-13 07:19:58 UTC

Created attachment 725 [details]
wui of ips

Hi,

Intrusion Prevention Service not start in 139

Dec 12 20:15:58 cyberdyne suricata: This is Suricata version 4.1.5 RELEASE
Dec 12 20:15:58 cyberdyne suricata: [ERRCODE: SC_ERR_ADDRESS_ENGINE_GENERIC(89)] - failed to parse address " 84.200.69.80 194.150.168.168"
Dec 12 20:15:58 cyberdyne suricata: [ERRCODE: SC_ERR_INVALID_YAML_CONF_ENTRY(139)] - failed to parse address var “DNS_SERVERS” with value “[ 84.200.69.80 194.150.168.168]”. Please check it’s syntax
Dec 12 20:15:58 cyberdyne suricata: [ERRCODE: SC_ERR_INVALID_YAML_CONF_ENTRY(139)] - basic address vars test failed. Please check /etc/suricata/suricata.yaml for errors

I think the error is in the file suricata-dns-servers.yaml.
Here is a space between the bracket and the first ip-address

“[ 84.200.69.80 194.150.168.168]”

same here. IPS is stopped in the log:

[ERRCODE: SC_ERR_ADDRESS_ENGINE_GENERIC(89)] - failed to parse address " 81.3.27 .54 46.182.19.48"
13:49:19 suricata: [ERRCODE: SC_ERR_INVALID_YAML_CONF_ENTRY(139)] - failed to parse address var “DN S_SERVERS” with value “[ 81.3.27.54 46.182.19.48]”. Please check it’s syntax
13:49:19 suricata: [ERRCODE: SC_ERR_INVALID_YAML_CONF_ENTRY(139)] - basic address vars test failed. Please check /etc/suricata/suricata.yaml for errors

also with space "[ 81.3.27.54 46.182.19.48]

I don’t know if that’s the problem

Comment 1 DJ-Melo 2019-12-13 07:42:36 UTC

I think it's related to 12166.

Comment 2 Michael Tremer 2019-12-13 11:50:55 UTC

Stefan, could you please urgently fix this? We will have to rebuild the Core Update after this.

Comment 3 Michael Tremer 2019-12-13 11:54:32 UTC

*** Bug 12256 has been marked as a duplicate of this bug. ***

Comment 4 Peter Müller 2019-12-13 17:29:56 UTC

https://patchwork.ipfire.org/patch/2644/

Comment 5 Peter Müller 2019-12-16 16:22:30 UTC

https://git.ipfire.org/?p=ipfire-2.x.git;a=commit;h=fd2dccaabb2e28cf875d7d81c7faf90f7941f56b

Comment 6 Peter Müller 2020-01-22 20:35:00 UTC

https://blog.ipfire.org/post/ipfire-2-23-core-update-139-released