From mboxrd@z Thu Jan 1 00:00:00 1970 From: Michael Tremer To: development@lists.ipfire.org Subject: Re: [PATCH 5/7] suricata: Load *.config files from default location Date: Mon, 22 Nov 2021 09:52:06 +0000 Message-ID: In-Reply-To: MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="===============3154486153613068218==" List-Id: --===============3154486153613068218== Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Hello Stefan, Thank you for your feedback. > On 22 Nov 2021, at 04:21, Stefan Schantl wrot= e: >=20 > Hello Michael, >=20 > thanks for working on suricata and cleaning / adjusting things. >=20 > This commit is very problematic, because it may breaks current > installations. >=20 > Currently after downloading a ruleset tarball of a certain provider, > oinkmaster is going to extract the tarball content(rules files and > *.config files) into the rules directory ("/var/lib/suricata") by > deleting the old rules files and overwriting the *.config files - so > they perfectly fits together. >=20 > When moving the config files to a new location, we have to take care > about that by moving these files after oinkmaster has launched to the > new location and we also have to take care about file permissions on > the new location. >=20 > So I would recommend to hold off this patch until we have a nice > solution for this. Okay. I marked this patch as rejected on PW. -Michael >=20 > Best regards, >=20 > -Stefan >> Signed-off-by: Michael Tremer >> --- >> config/rootfiles/common/suricata | 3 --- >> config/suricata/suricata.yaml | 7 +++---- >> lfs/suricata | 5 +---- >> 3 files changed, 4 insertions(+), 11 deletions(-) >>=20 >> diff --git a/config/rootfiles/common/suricata >> b/config/rootfiles/common/suricata >> index 7c512b033..091245023 100644 >> --- a/config/rootfiles/common/suricata >> +++ b/config/rootfiles/common/suricata >> @@ -40,9 +40,6 @@ usr/share/suricata/ >> #usr/share/suricata/rules/stream-events.rules >> #usr/share/suricata/rules/tls-events.rules >> var/lib/suricata >> -var/lib/suricata/classification.config >> -var/lib/suricata/reference.config >> -var/lib/suricata/threshold.config >> var/log/suricata >> #var/log/suricata/certs >> #var/log/suricata/files >> diff --git a/config/suricata/suricata.yaml >> b/config/suricata/suricata.yaml >> index 0ad36e705..ba56c6a75 100644 >> --- a/config/suricata/suricata.yaml >> +++ b/config/suricata/suricata.yaml >> @@ -69,10 +69,9 @@ rule-files: >> # Include enabled ruleset files from external file >> - !include: /var/ipfire/suricata/suricata-used-rulefiles.yaml >> =20 >> -classification-file: /var/lib/suricata/classification.config >> -reference-config-file: /var/lib/suricata/reference.config >> -threshold-file: /var/lib/suricata/threshold.config >> - >> +classification-file: /usr/share/suricata/classification.config >> +reference-config-file: /usr/share/suricata/reference.config >> +threshold-file: /usr/share/suricata/threshold.config >> =20 >> ## >> ## Logging options. >> diff --git a/lfs/suricata b/lfs/suricata >> index 0a1dcf2b8..38289962f 100644 >> --- a/lfs/suricata >> +++ b/lfs/suricata >> @@ -100,10 +100,7 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) >> =20 >> # Move config files for references, threshold and >> classification >> # to the rules directory. >> - mv /etc/suricata/*.config /var/lib/suricata >> - >> - # Set correct permissions for the files. >> - chmod 644 /var/lib/suricata/*.config >> + rm -rfv /etc/suricata/*.config >> =20 >> # Set correct ownership for /var/lib/suricata and the >> # contained files >=20 >=20 --===============3154486153613068218==--