Project

General

Profile

Actions

Bug #3138

closed

Don't install Suricata provided rules to /etc/suricata/rules as part of make install-rules.

Added by Jason Ish over 5 years ago. Updated over 5 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Target version:
Affected Versions:
Effort:
Difficulty:
Label:

Description

Suricata 4.1 started to install the engine provided rules to /usr/share/suricata/rules as part of the normal make install process, however "make install-rules" continued to install the rules to /etc/suricata/rules which is something we want to move away from.

The issue here is to no longer install engine provided rules to /etc/suricata/rules under any circumstance. Currently a "make install-rules" will run Suricata-Update if it is bundled, otherwise it will fallback to the old behaviour and install the engine provided rules to /etc/suricata/rules, then expand the ET open ruleset into this directory. None of which is very management in the future, and doesn't update the engine provided rules on update.

This will not change the behaviour for 4.1 rules using the release package as this is the behaviour they already got as Suricata-Update is bundled. This is just to make the experience consistent between bundled and non-bundled Suricata-Update builds of Suricata.


Related issues 1 (0 open1 closed)

Related to Suricata - Feature #2168: Rules files from Suricata sources (like decoder-events.rules) are packaged as config files and may not be updated on package update.ClosedActions
Actions #1

Updated by Jason Ish over 5 years ago

  • Related to Feature #2168: Rules files from Suricata sources (like decoder-events.rules) are packaged as config files and may not be updated on package update. added
Actions #2

Updated by Jason Ish over 5 years ago

  • Status changed from Assigned to Closed
Actions

Also available in: Atom PDF