Pakon (suricata) won't start

Hi,

I finally had some time to play with pakon/suricata. Unfortunately, my turris seems unable to run suricata. Starting suricata manually with

/usr/bin/suricata -c /etc/suricata/suricata.yaml -q 10 --pidfile /var/run/suricata/suricata.pid -vvv

returns

2/1/2018 – 22:03:35 - - Including configuration dir /etc/suricata/conf.d.
2/1/2018 – 22:03:35 - - Including configuration dir /etc/suricata/output_conf.d at parent node outputs.
2/1/2018 – 22:03:35 - - This is Suricata version 4.0.0 RELEASE
2/1/2018 – 22:03:35 - - CPUs/cores online: 2
2/1/2018 – 22:03:35 - - luajit states preallocated: 128
2/1/2018 – 22:03:35 - - ‘default’ server has ‘request-body-minimal-inspect-size’ set to 32479 and ‘request-body-inspect-window’ set to 4025 after randomization.
2/1/2018 – 22:03:35 - - ‘default’ server has ‘response-body-minimal-inspect-size’ set to 40141 and ‘response-body-inspect-window’ set to 16688 after randomization.
2/1/2018 – 22:03:35 - - DNS request flood protection level: 500
2/1/2018 – 22:03:35 - - DNS per flow memcap (state-memcap): 524288
2/1/2018 – 22:03:35 - - DNS global memcap: 16777216
2/1/2018 – 22:03:35 - - Protocol detection and parser disabled for modbus protocol.
2/1/2018 – 22:03:35 - - Protocol detection and parser disabled for enip protocol.
2/1/2018 – 22:03:35 - - Protocol detection and parser disabled for DNP3.
2/1/2018 – 22:03:35 - - NFQ running in REPEAT mode with mark 2/2
2/1/2018 – 22:03:35 - - allocated 262144 bytes of memory for the host hash… 4096 buckets of size 64
2/1/2018 – 22:03:35 - - preallocated 1000 hosts of size 84
2/1/2018 – 22:03:35 - - host memory usage: 346144 bytes, maximum: 33554432
Aborted

Unfortunately, I have no idea where to get more information why it aborted - the config files are straight out of the package. My system consists of a fairy basic installation - except adblock 3.1.0 and some lxc containers no further packages are installed. Also the system was factory resetted using a medkit image not too long ago. However, the installation of pakon gave

…
Configuring pakon-lists.
Configuring libedit.
Configuring sqlite3-cli.
Configuring pakon.
Command failed: Not found
Command failed: Not found

without specifying which commands were not found. I guess this only means I should restart suricata by hand and is somewhat unrelated.

Has someone encountered this problem and got a solution?

Hannes

Restarting suricata and executing the whole post-install procedure of pakon didn’t work for me - also waiting for some hours or rebooting the device had no effect. Since suricata is not running (even after restarting suricata, removing pid file and restarting, … pidof suricata returns no value) this is somehow expected.

At the moment, I suspect that somehow the installed suricata package is incompatible with my router (configuration?). But this is mostly shooting into the dark…

That shouldn’t be a problem anymore, manual restart shouldn’t be needed since 3.9.1.

Thanks for reporting that, there are multiple users reporting this.

I created issue for that: https://gitlab.labs.nic.cz/turris/turris-os-packages/issues/131

The problem is that I’m still not able to reproduce it, it doesn’t happen on my testing routers. Also, the same configuration works for some users and I still wasn’t able to spot the difference between these users. But I’m working on it right now, hopefully I’ll be able to figure it out.

Thank you very much for looking into this! If it helps, I can give you remote access or send you more details (diagnostics from foris, logs, … )

Remote access could be actually really useful, I would finally have one router affected by this.

Thank you for your offer to help, I really appreciate that. I’ll write you a message (here on forum).

This issue seems to be pinned down too. Many thanks to @Hannes for providing us remote access to his router, so we were able to debug this issues (we weren’t able to reproduce it on any of our testing routers here).

You can expect the fix with 3.9.2, that should be released soon.