Feature #4136
open
use Suricata-Update managed classification.config
Added by Victor Julien about 4 years ago.
Updated 10 months ago.
Description
Since Suricata-Update 1.2.0 it can manage the classification.config. By default Suricata won't use this yet.
- Project changed from Suricata-Update to Suricata
- Assignee changed from Shivani Bhardwaj to OISF Dev
- Target version set to 7.0.0-beta1
- Assignee changed from OISF Dev to Juliana Fajardini Reichow
- Assignee changed from Juliana Fajardini Reichow to Jason Ish
- Assignee changed from Jason Ish to Shivani Bhardwaj
Most ./configure updates. If Suricata-Update is bundled, use the location that SU outputs to, otherwise use the current default.
- Status changed from New to Assigned
- Priority changed from Normal to High
- Status changed from Assigned to In Review
- Target version changed from 7.0.0-beta1 to 8.0.0-beta1
@Victor Julien Do you think its too late to get this into 7.0 rc?
I'm a little hesitant to just do the simple swap of loading "/var/lib/suricata/rules/classification.config" instead of "/etc/suricata/classification.config". I think we need something a little more fail proof. Like:
- load /var/lib/suricata/rules/classification.config
- load /usr/share/suricata/classification.config (this already exists with 7.0)
- if exists, load /etc/suricata/classification.config replacing existing classifications. This allows users the ability to override priorities and such.
Suricata has enough context to know what to do in the majority of the uses cases that the classification file could be removed from suricata.yaml
.
- Status changed from In Review to Assigned
- Priority changed from High to Normal
- Assignee changed from Shivani Bhardwaj to Jason Ish
Also available in: Atom
PDF