Permission Error Running suricata-update list-sources in Suricata Container #614
-
|
Hello Malcolm team, I'm encountering a permission error when running suricata-update list-sources inside the Suricata container in Malcolm. The error message indicates that the process is unable to execute /usr/bin/suricata due to PermissionError: [Errno 1] Operation not permitted. I executed the command as root within the Suricata container but still faced this issue. Attached is a screenshot of the full error trace. Could you provide guidance on how to resolve this? Thanks in advance! |
Beta Was this translation helpful? Give feedback.
Replies: 2 comments
-
|
In the suricata containers there are actually two suricata binaries, one that is used for live capture (and is given greater capabilities/permissions) and another that is used for "offline" stuff like PCAP analysis, rule updates, etc. This is done for security hardening reasons. The solution is to add the argument |
Beta Was this translation helpful? Give feedback.
-
|
thanks for suggestion |
Beta Was this translation helpful? Give feedback.
In the suricata containers there are actually two suricata binaries, one that is used for live capture (and is given greater capabilities/permissions) and another that is used for "offline" stuff like PCAP analysis, rule updates, etc. This is done for security hardening reasons.
The solution is to add the argument
--suricata /usr/bin/suricata-offlineto calls to tools likesuricata-update.