Project

General

Profile

Actions

Feature #4136

open

use Suricata-Update managed classification.config

Added by Victor Julien about 4 years ago. Updated 9 months ago.

Status:
Assigned
Priority:
Normal
Assignee:
Target version:
Effort:
Difficulty:
Label:

Description

Since Suricata-Update 1.2.0 it can manage the classification.config. By default Suricata won't use this yet.

Actions #1

Updated by Victor Julien about 4 years ago

  • Project changed from Suricata-Update to Suricata
  • Assignee changed from Shivani Bhardwaj to OISF Dev
  • Target version set to 7.0.0-beta1
Actions #2

Updated by Victor Julien over 3 years ago

  • Assignee changed from OISF Dev to Juliana Fajardini Reichow
Actions #3

Updated by Jason Ish over 3 years ago

  • Assignee changed from Juliana Fajardini Reichow to Jason Ish
Actions #4

Updated by Jason Ish about 3 years ago

  • Assignee changed from Jason Ish to Shivani Bhardwaj

Most ./configure updates. If Suricata-Update is bundled, use the location that SU outputs to, otherwise use the current default.

Actions #5

Updated by Shivani Bhardwaj almost 3 years ago

  • Status changed from New to Assigned
  • Priority changed from Normal to High
Actions #6

Updated by Shivani Bhardwaj almost 3 years ago

  • Status changed from Assigned to In Review
Actions #7

Updated by Victor Julien about 2 years ago

  • Target version changed from 7.0.0-beta1 to 8.0.0-beta1
Actions #8

Updated by Jason Ish about 2 years ago

@Victor Julien Do you think its too late to get this into 7.0 rc?

I'm a little hesitant to just do the simple swap of loading "/var/lib/suricata/rules/classification.config" instead of "/etc/suricata/classification.config". I think we need something a little more fail proof. Like:

- load /var/lib/suricata/rules/classification.config
- load /usr/share/suricata/classification.config (this already exists with 7.0)
- if exists, load /etc/suricata/classification.config replacing existing classifications. This allows users the ability to override priorities and such.

Suricata has enough context to know what to do in the majority of the uses cases that the classification file could be removed from suricata.yaml.

Actions #9

Updated by Shivani Bhardwaj over 1 year ago

  • Status changed from In Review to Assigned
Actions #10

Updated by Shivani Bhardwaj about 1 year ago

  • Priority changed from High to Normal
Actions #11

Updated by Jason Ish 9 months ago

  • Assignee changed from Shivani Bhardwaj to Jason Ish
Actions

Also available in: Atom PDF