Project

General

Profile

Actions
Copy link

Bug #4330

open

file hash parameter in yaml accepts non valid values

Added by Peter Manev almost 5 years ago. Updated 17 days ago.

Status:
In Review
Priority:
Normal
Assignee:
James Kaddu
Target version:
9.0.0-beta1
Affected Versions:
8.0.0
Effort:
Difficulty:
Label:
Beginner, C, Good First Issue

Description

/opt/suritest/bin/suricata --dump-config |grep shanani
outputs.1.eve-log.types.4.files.force-hash.0 = shananigans

/opt/suritest/bin/suricata -S /dev/null  -l logs/  --runmode=autofp  -T
[2744673] 16/2/2021 -- 11:33:21 - (suricata.c:1616) <Info> (ParseCommandLine) -- Running suricata under test mode
[2744673] 16/2/2021 -- 11:33:21 - (suricata.c:1060) <Notice> (LogVersion) -- This is Suricata version 7.0.0-dev (6bfc5afa2 2021-02-13) running in SYSTEM mode
[2744673] 16/2/2021 -- 11:33:21 - (decode-erspan.c:55) <Warning> (DecodeERSPANConfig) -- [ERRCODE: SC_WARN_ERSPAN_CONFIG(329)] - ERSPAN Type I is no longer configurable and it is always enabled; ignoring configuration setting.
[2744673] 16/2/2021 -- 11:33:21 - (suricata.c:2775) <Notice> (SuricataMain) -- Configuration provided was successfully loaded. Exiting.

Note that this is likely not an issue in the --dump-config command, but rather that the file logger force-hash configuration accepts unknown values, for example:

        - files:
            force-magic: no   # force logging magic on all logged files
            # force logging of checksums, available hash functions are md5,
            # sha1 and sha256
            force-hash: [shanani]

does not result in a startup error with suricata -c /my/suricata.yaml -T.

Related issues 1 (1 open0 closed)

Related to Suricata - Bug #2091: nonexistent/misspelled custom fields accepted during parsing of suricata.yamlNewCommunity TicketActions
Actions
Copy link

Also available in: Atom PDF