Project

General

Profile

Actions
Copy link

Bug #3138

closed

Don't install Suricata provided rules to /etc/suricata/rules as part of make install-rules.

Added by Jason Ish about 5 years ago. Updated about 5 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Jason Ish
Target version:
5.0rc1
Affected Versions:
4.1.4
Effort:
Difficulty:
Label:

Description

Suricata 4.1 started to install the engine provided rules to /usr/share/suricata/rules as part of the normal make install process, however "make install-rules" continued to install the rules to /etc/suricata/rules which is something we want to move away from.

The issue here is to no longer install engine provided rules to /etc/suricata/rules under any circumstance. Currently a "make install-rules" will run Suricata-Update if it is bundled, otherwise it will fallback to the old behaviour and install the engine provided rules to /etc/suricata/rules, then expand the ET open ruleset into this directory. None of which is very management in the future, and doesn't update the engine provided rules on update.

This will not change the behaviour for 4.1 rules using the release package as this is the behaviour they already got as Suricata-Update is bundled. This is just to make the experience consistent between bundled and non-bundled Suricata-Update builds of Suricata.

Related issues 1 (0 open1 closed)

Related to Suricata - Feature #2168: Rules files from Suricata sources (like decoder-events.rules) are packaged as config files and may not be updated on package update.ClosedActions
Actions
Copy link
 #1

Updated by Jason Ish about 5 years ago

  • Related to Feature #2168: Rules files from Suricata sources (like decoder-events.rules) are packaged as config files and may not be updated on package update. added
Actions
Copy link
 #2

Updated by Jason Ish about 5 years ago

  • Status changed from Assigned to Closed
Actions
Copy link

Also available in: Atom PDF