Project

General

Profile

Actions

Feature #4136

open

use Suricata-Update managed classification.config

Added by Victor Julien about 2 years ago. Updated 20 days ago.

Status:
In Review
Priority:
High
Target version:
Effort:
Difficulty:
Label:

Description

Since Suricata-Update 1.2.0 it can manage the classification.config. By default Suricata won't use this yet.

Actions #1

Updated by Victor Julien about 2 years ago

  • Project changed from Suricata-Update to Suricata
  • Assignee changed from Shivani Bhardwaj to OISF Dev
  • Target version set to 7.0.0-beta1
Actions #2

Updated by Victor Julien over 1 year ago

  • Assignee changed from OISF Dev to Juliana Fajardini Reichow
Actions #3

Updated by Jason Ish over 1 year ago

  • Assignee changed from Juliana Fajardini Reichow to Jason Ish
Actions #4

Updated by Jason Ish over 1 year ago

  • Assignee changed from Jason Ish to Shivani Bhardwaj

Most ./configure updates. If Suricata-Update is bundled, use the location that SU outputs to, otherwise use the current default.

Actions #5

Updated by Shivani Bhardwaj 12 months ago

  • Status changed from New to Assigned
  • Priority changed from Normal to High
Actions #6

Updated by Shivani Bhardwaj 11 months ago

  • Status changed from Assigned to In Review
Actions #7

Updated by Victor Julien about 1 month ago

  • Target version changed from 7.0.0-beta1 to 8.0beta1
Actions #8

Updated by Jason Ish 20 days ago

@Victor Julien Do you think its too late to get this into 7.0 rc?

I'm a little hesitant to just do the simple swap of loading "/var/lib/suricata/rules/classification.config" instead of "/etc/suricata/classification.config". I think we need something a little more fail proof. Like:

- load /var/lib/suricata/rules/classification.config
- load /usr/share/suricata/classification.config (this already exists with 7.0)
- if exists, load /etc/suricata/classification.config replacing existing classifications. This allows users the ability to override priorities and such.

Suricata has enough context to know what to do in the majority of the uses cases that the classification file could be removed from suricata.yaml.

Actions

Also available in: Atom PDF