[Oisf-users] suricata-update some small nits
ish at unx.ca
Thu Mar 29 13:47:25 UTC 2018
On 2018-03-28 05:18 PM, Russell Fulton wrote:
> I have suricata-update working now but I find I need to have the —*-conf flags to get the conf files loaded even when they are in the default location.
> I tried putting an invalid file name for the disable-conf in the yaml but it did not generate an error.
When using the default location of /etc/suricata/disable.conf do you see
29/3/2018 -- 07:39:43 - <Info> -- Loading /etc/suricata/disable.conf.
So by default, a disable.conf will be looked for at
/etc/suricata/disable.conf, or as specified with suricata-conf in the
configuration file. But as you've noticed, it silently continues if you
specify a file that doesn't exist. That is for handling the default case
of picking up the file if it exists, or treating like it wasn't
configured if it doesn't exist. We could probably clean this up by
distinguishing if this value was set by the user or not, and error if
explicitly set by the user. I'll look into this.
If this continues, can you tell me how you install suricata-update, the
paths you are using, etc?
> No big deal I can live with the command line for the moment :)
> also in the update.yaml I had
> local: with nothing in the list. This caused suricata-update to crash when it tried to iterate the local config. Adding  fixed that.
Thanks for pointing that out, to be fixed a.s.a.p.
> I was looking at the code and trying to figure out where the routines that parse the conf files are — config.py handles the yaml but I cant find anything else.
Look at main.py, around line 1224. You'll see that an attempt to load
the disable, enable, etc. files is only made if the file specified exists.
Thanks for the feedback.
More information about the Oisf-users