[Oisf-users] suricata-update some small nits

[Jason Ish]

Hi Russel,

On 2018-03-28 05:18 PM, Russell Fulton wrote:
> Hi
> 
> I have suricata-update working now but I find I need to have the —*-conf flags to get the conf files loaded even when they are in the default location.
> 
> I tried putting an invalid file name for the disable-conf in the yaml but it did not generate an error.

When using the default location of /etc/suricata/disable.conf do you see 
the following:

29/3/2018 -- 07:39:43 - <Info> -- Loading /etc/suricata/disable.conf.

So by default, a disable.conf will be looked for at 
/etc/suricata/disable.conf, or as specified with suricata-conf in the 
configuration file. But as you've noticed, it silently continues if you 
specify a file that doesn't exist. That is for handling the default case 
of picking up the file if it exists, or treating like it wasn't 
configured if it doesn't exist. We could probably clean this up by 
distinguishing if this value was set by the user or not, and error if 
explicitly set by the user. I'll look into this.

If this continues, can you tell me how you install suricata-update, the 
paths you are using, etc?

> 
> No big deal I can live with the command line for the moment :)
> 
> also in the update.yaml I had
> 
> local: with nothing in the list.  This caused suricata-update to crash when it tried to iterate the local config.   Adding [] fixed that.

Thanks for pointing that out, to be fixed a.s.a.p.

> 
> I was looking at the code and trying to figure out where the routines that parse the conf files are — config.py handles the yaml but I cant find anything else.

Look at main.py, around line 1224. You'll see that an attempt to load 
the disable, enable, etc. files is only made if the file specified exists.

Thanks for the feedback.

Jason