[Oisf-users] suricata-update 1.0.4 appears to ignore the ignore option in the config file ??

Shivani Bhardwaj shivanib134 at gmail.com
Wed May 1 05:35:49 UTC 2019 

Hi, Russell!

On Wed, May 1, 2019 at 10:32 AM Russell Fulton <r.fulton at auckland.ac.nz> wrote:
>
> As part of my fiddling around trying to work out what was wrong with my modify rules I installed 1.0.4 (which is what pip gave me)   I see 1.0.5 is announced….
>
I just did a fresh install using
"pip install suricata-update"
It downloaded and installed 1.0.5 just like it mentions on PyPI
(https://pypi.org/project/suricata-update). Could you please check for
any duplicate packages with different users in your system? e.g.
sometimes we tend to install something with pip using sudo and
sometimes with --user option, both are capable of installing packages
differently for different users.
If you're doing the install for a non-root user, do a "pip install
suricata-update --user".
You can check your installed packages for the current user by doing a
"pip list" from the current user.

> I then  noticed that I now am seeing lots of alerts that should be ignored and when I went back to rerun the update I realised that my long ignore list in the config file was being ignored!
>
> I fiddled with things and discovered that I could put --ignore on the command line but my list in the config file did not work.
>
> Has the key in the config file changed?
>
> # List of files to ignore. Overrided by the --ignore command line option.
>
> ignore: [ "dshield.rules","voip.rules","tor.rules","mobile_malware.rules","worm.rules","smtp.rules","dos.rules","drop.rules","info.rules","exploit.rules","scan.rules",”p2p.rules”… ]
>
This was a bug till 1.0.4 but has been fixed in 1.0.5.

Let me know what do you find about the suricata-update version then
I'd be happy to assist you further.
>
> Russell
> _______________________________________________
> Suricata IDS Users mailing list: oisf-users at openinfosecfoundation.org
> Site: http://suricata-ids.org | Support: http://suricata-ids.org/support/
> List: https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
>
> Conference: https://suricon.net
> Trainings: https://suricata-ids.org/training/



-- 
Shivani
https://about.me/shivani.bhardwaj

More information about the Oisf-users mailing list