Actions
Bug #6149
closedexceptions: 'auto' policy not considered valid value in IDS mode
Affected Versions:
Effort:
Difficulty:
Label:
Description
When in IDS mode, Suricata issues a warning that 'auto' isn't a valid config option, and proceeds to setting
the master switch (and possibly other values, too) to `ignore` (see image attached).
Two fixes needed:
- 'auto' is valid, it just defaults to 'ignore' in IDS mode, so no warning should happen
- the "exception policy: exception policy" is confusing, reword the message
The function for parsing the master switch should probably be re-worked to avoid that last part.
Files
.png){kind=link}
Updated by Juliana Fajardini Reichow 11 months ago
(Should have been obvious, but hadn't realized: this happens when 'exception-policy' is set to 'auto' in the suricata.yaml file.)
Updated by Juliana Fajardini Reichow 11 months ago
- Affected Versions 7.0.0-rc2 added
Updated by Juliana Fajardini Reichow 11 months ago
- Status changed from New to In Review
Updated by Juliana Fajardini Reichow 11 months ago
- Status changed from In Review to Closed
PR merged: https://github.com/OISF/suricata/pull/9032
Actions