Project

General

Profile

Bug #2334

--output influences cached index location

Added by Jason Ish over 3 years ago. Updated over 3 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Target version:
Affected Versions:
Effort:
Difficulty:
Label:

Description

The -o parameter sets the output directory where rules are written to. Any downloaded file, including the source index is also cached in a directory under this directory, .cache. This can lead to confusing operation.

For example, the user will update their sources:

suricata-update update-sources

This downloads the index to the default location of /var/lib/suricata/rules/.cache/index as the default --output directory of /var/lib/suricata/rules is used.

The user then wants to update their rules, writing the output to an alternate location:

suricata-update -o /etc/suricata/rules

If the user had enabled et/pro, the index is going to be looked for in /etc/suricata/rules/.cache, not where it is.

One solution is to use -o /etc/suricata/rules when running update-source.

The real issue here is that update-sources reuses the cache directory, and the cache directory was initially under the rules directory to limit the number of directories to deal with permissions on. Now that we use /var/lib/suricata/update, we can put the cache in there as well. Then leave --output strictly as an option to influence the output, and not the cache.

A --state-dir parameter could also be useful to change the default or /var/lib/suricata to something else.

#1

Updated by Jason Ish over 3 years ago

  • Status changed from Assigned to Closed
  • Target version set to 1.0.0b1

Also available in: Atom PDF