Project

General

Profile

Actions
Copy link

Feature #4136

open
VJ JI

configure: use Suricata-Update managed classification.config

Feature #4136: configure: use Suricata-Update managed classification.config

Added by Victor Julien over 5 years ago. Updated 10 months ago.

Status:
Assigned
Priority:
Normal
Assignee:
Jason Ish
Target version:
9.0.0-beta1
Effort:
Difficulty:
Label:

Description

Since Suricata-Update 1.2.0 it can manage the classification.config. By default Suricata won't use this yet.

VJ Updated by Victor Julien over 5 years ago Actions
Copy link
 #1

  • Project changed from Suricata-Update to Suricata
  • Assignee changed from Shivani Bhardwaj to OISF Dev
  • Target version set to 7.0.0-beta1

VJ Updated by Victor Julien almost 5 years ago Actions
Copy link
 #2

  • Assignee changed from OISF Dev to Juliana Fajardini Reichow

JI Updated by Jason Ish almost 5 years ago Actions
Copy link
 #3

  • Assignee changed from Juliana Fajardini Reichow to Jason Ish

JI Updated by Jason Ish over 4 years ago Actions
Copy link
 #4

  • Assignee changed from Jason Ish to Shivani Bhardwaj

Most ./configure updates. If Suricata-Update is bundled, use the location that SU outputs to, otherwise use the current default.

SB Updated by Shivani Bhardwaj over 4 years ago Actions
Copy link
 #5

  • Status changed from New to Assigned
  • Priority changed from Normal to High

SB Updated by Shivani Bhardwaj over 4 years ago Actions
Copy link
 #6

  • Status changed from Assigned to In Review

VJ Updated by Victor Julien over 3 years ago Actions
Copy link
 #7

  • Target version changed from 7.0.0-beta1 to 8.0.0-beta1

JI Updated by Jason Ish over 3 years ago Actions
Copy link
 #8

@Victor Julien Do you think its too late to get this into 7.0 rc?

I'm a little hesitant to just do the simple swap of loading "/var/lib/suricata/rules/classification.config" instead of "/etc/suricata/classification.config". I think we need something a little more fail proof. Like:

- load /var/lib/suricata/rules/classification.config
- load /usr/share/suricata/classification.config (this already exists with 7.0)
- if exists, load /etc/suricata/classification.config replacing existing classifications. This allows users the ability to override priorities and such.

Suricata has enough context to know what to do in the majority of the uses cases that the classification file could be removed from suricata.yaml.

SB Updated by Shivani Bhardwaj almost 3 years ago Actions
Copy link
 #9

  • Status changed from In Review to Assigned

SB Updated by Shivani Bhardwaj over 2 years ago Actions
Copy link
 #10

  • Priority changed from High to Normal

JI Updated by Jason Ish about 2 years ago Actions
Copy link
 #11

  • Assignee changed from Shivani Bhardwaj to Jason Ish

VJ Updated by Victor Julien about 1 year ago Actions
Copy link
 #12

  • Target version changed from 8.0.0-beta1 to 8.0.0-rc1

SB Updated by Shivani Bhardwaj 12 months ago Actions
Copy link
 #13

  • Subject changed from use Suricata-Update managed classification.config to configure: use Suricata-Update managed classification.config

VJ Updated by Victor Julien 10 months ago Actions
Copy link
 #14

  • Target version changed from 8.0.0-rc1 to 9.0.0-beta1
Actions
Copy link

Also available in: PDF Atom