Project

General

Profile

Actions

Bug #3182

open

warn user on wildcard usage without quotes

Added by Peter Manev about 3 years ago. Updated about 3 years ago.

Status:
New
Priority:
Normal
Assignee:
Target version:
Affected Versions:
Effort:
Difficulty:
Label:

Description

It would be helpful if Suricata warns on wildcard use without quotation marks for command line parameter override.

Example.
It seems that when wildcard rules are passed on the command line without being surrounded with quotes Suricata does not complain and it only loads the first rulefile available.

:~/Work/Suricata/tests/tmp$ sudo /opt/suritest/bin/suricata -c /opt/suritest/etc/suricata/suricata.yaml -S rules/*.rules -T
[19161] 19/9/2019 -- 14:33:15 - (suricata.c:1884) <Info> (ParseCommandLine) -- Running suricata under test mode
[19161] 19/9/2019 -- 14:33:15 - (suricata.c:1075) <Notice> (LogVersion) -- This is Suricata version 5.0.0-dev (d4bc46038 2019-09-17) running in SYSTEM mode
[19161] 19/9/2019 -- 14:33:17 - (suricata.c:3023) <Notice> (main) -- Configuration provided was successfully loaded. Exiting.

loads only activex.rules from the ETOpen/Pro ruleset in the rules folder.

In the case where the wildcard is passed the full set is loaded.

:~/Work/Suricata/tests/tmp$ sudo /opt/suritest/bin/suricata -c /opt/suritest/etc/suricata/suricata.yaml -S "rules/*.rules" -T
[19169] 19/9/2019 -- 14:33:19 - (suricata.c:1884) <Info> (ParseCommandLine) -- Running suricata under test mode
[19169] 19/9/2019 -- 14:33:19 - (suricata.c:1075) <Notice> (LogVersion) -- This is Suricata version 5.0.0-dev (d4bc46038 2019-09-17) running in SYSTEM mode
[19169] 19/9/2019 -- 14:36:50 - (suricata.c:3023) <Notice> (main) -- Configuration provided was successfully loaded. Exiting.

Without passing the quotes it does not load all rules but does not complain either.

Actions #1

Updated by Andreas Herz about 3 years ago

  • Assignee set to OISF Dev
  • Target version set to TBD
Actions

Also available in: Atom PDF