From: Stefan Schantl <stefan.schantl@ipfire.org>
To: development@lists.ipfire.org
Subject: Re: [PATCH 5/7] suricata: Load *.config files from default location
Date: Mon, 22 Nov 2021 05:21:33 +0100 [thread overview]
Message-ID: <ccaca7b5467a620127ceaf8293f630e172ba5e5e.camel@ipfire.org> (raw)
In-Reply-To: <20211119174458.789486-5-michael.tremer@ipfire.org>
[-- Attachment #1: Type: text/plain, Size: 3075 bytes --]
Hello Michael,
thanks for working on suricata and cleaning / adjusting things.
This commit is very problematic, because it may breaks current
installations.
Currently after downloading a ruleset tarball of a certain provider,
oinkmaster is going to extract the tarball content(rules files and
*.config files) into the rules directory ("/var/lib/suricata") by
deleting the old rules files and overwriting the *.config files - so
they perfectly fits together.
When moving the config files to a new location, we have to take care
about that by moving these files after oinkmaster has launched to the
new location and we also have to take care about file permissions on
the new location.
So I would recommend to hold off this patch until we have a nice
solution for this.
Best regards,
-Stefan
> Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
> ---
> config/rootfiles/common/suricata | 3 ---
> config/suricata/suricata.yaml | 7 +++----
> lfs/suricata | 5 +----
> 3 files changed, 4 insertions(+), 11 deletions(-)
>
> diff --git a/config/rootfiles/common/suricata
> b/config/rootfiles/common/suricata
> index 7c512b033..091245023 100644
> --- a/config/rootfiles/common/suricata
> +++ b/config/rootfiles/common/suricata
> @@ -40,9 +40,6 @@ usr/share/suricata/
> #usr/share/suricata/rules/stream-events.rules
> #usr/share/suricata/rules/tls-events.rules
> var/lib/suricata
> -var/lib/suricata/classification.config
> -var/lib/suricata/reference.config
> -var/lib/suricata/threshold.config
> var/log/suricata
> #var/log/suricata/certs
> #var/log/suricata/files
> diff --git a/config/suricata/suricata.yaml
> b/config/suricata/suricata.yaml
> index 0ad36e705..ba56c6a75 100644
> --- a/config/suricata/suricata.yaml
> +++ b/config/suricata/suricata.yaml
> @@ -69,10 +69,9 @@ rule-files:
> # Include enabled ruleset files from external file
> - !include: /var/ipfire/suricata/suricata-used-rulefiles.yaml
>
> -classification-file: /var/lib/suricata/classification.config
> -reference-config-file: /var/lib/suricata/reference.config
> -threshold-file: /var/lib/suricata/threshold.config
> -
> +classification-file: /usr/share/suricata/classification.config
> +reference-config-file: /usr/share/suricata/reference.config
> +threshold-file: /usr/share/suricata/threshold.config
>
> ##
> ## Logging options.
> diff --git a/lfs/suricata b/lfs/suricata
> index 0a1dcf2b8..38289962f 100644
> --- a/lfs/suricata
> +++ b/lfs/suricata
> @@ -100,10 +100,7 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
>
> # Move config files for references, threshold and
> classification
> # to the rules directory.
> - mv /etc/suricata/*.config /var/lib/suricata
> -
> - # Set correct permissions for the files.
> - chmod 644 /var/lib/suricata/*.config
> + rm -rfv /etc/suricata/*.config
>
> # Set correct ownership for /var/lib/suricata and the
> # contained files
next prev parent reply other threads:[~2021-11-22 4:21 UTC|newest]
Thread overview: 11+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-11-19 17:44 [PATCH 1/7] suricata: Include all default rules Michael Tremer
2021-11-19 17:44 ` [PATCH 2/7] rust: Drop Cargo home directory after build Michael Tremer
2021-11-19 17:44 ` [PATCH 3/7] suricata: Drop extra rootfiles Michael Tremer
2021-11-19 17:44 ` [PATCH 4/7] suricata: This package is supported on all architectures Michael Tremer
2021-11-24 14:54 ` Arne Fitzenreiter
2021-11-24 16:53 ` Michael Tremer
2021-11-19 17:44 ` [PATCH 5/7] suricata: Load *.config files from default location Michael Tremer
2021-11-22 4:21 ` Stefan Schantl [this message]
2021-11-22 9:52 ` Michael Tremer
2021-11-19 17:44 ` [PATCH 6/7] IPS: Do not try to show rules when stat on rules tarball fails Michael Tremer
2021-11-19 17:44 ` [PATCH 7/7] suricata: Handle retransmitted SYN with TSval Michael Tremer
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=ccaca7b5467a620127ceaf8293f630e172ba5e5e.camel@ipfire.org \
--to=stefan.schantl@ipfire.org \
--cc=development@lists.ipfire.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox