aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
You cannot select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
master
main-7.0.x
master-6.0.x
master-5.0.x
master-4.1.x
master-4.0.x
master-3.2.x
suricata-8.0.0
suricata-7.0.11
suricata-8.0.0-rc1
suricata-8.0.0-beta1
suricata-7.0.10
suricata-7.0.9
suricata-7.0.8
suricata-7.0.7
suricata-7.0.6
suricata-6.0.20
suricata-7.0.5
suricata-6.0.19
suricata-6.0.18
suricata-7.0.4
suricata-6.0.17
suricata-7.0.3
suricata-6.0.16
suricata-7.0.2
suricata-6.0.15
suricata-7.0.1
suricata-6.0.14
suricata-7.0.0
suricata-7.0.0-rc2
suricata-6.0.13
suricata-6.0.12
suricata-6.0.11
suricata-7.0.0-rc1
suricata-6.0.10
suricata-6.0.9
suricata-7.0.0-beta1
suricata-6.0.8
suricata-6.0.7
suricata-6.0.6
suricata-5.0.10
suricata-6.0.5
suricata-5.0.9
suricata-6.0.4
suricata-5.0.8
suricata-6.0.3
suricata-5.0.7
suricata-6.0.2
suricata-5.0.6
suricata-6.0.1
suricata-5.0.5
suricata-4.1.10
suricata-4.1.9
suricata-5.0.4
suricata-6.0.0
suricata-6.0.0-rc1
suricata-6.0.0-beta1
suricata-5.0.3
suricata-4.1.8
suricata-4.1.7
suricata-5.0.2
suricata-4.1.6
suricata-5.0.1
suricata-5.0.0
suricata-5.0.0-rc1
suricata-4.1.5
suricata-5.0.0-beta1
suricata-4.1.4
suricata-4.1.3
suricata-4.0.7
suricata-4.1.2
suricata-4.1.1
suricata-4.1.0
suricata-4.0.6
suricata-4.1.0-rc2
suricata-4.1.0-rc1
suricata-4.0.5
suricata-4.1.0-beta1
suricata-4.0.4
suricata-4.0.3
suricata-4.0.2
suricata-3.2.5
suricata-4.0.1
suricata-3.2.4
suricata-4.0.0
suricata-4.0.0-rc2
suricata-3.2.3
suricata-4.0.0-rc1
suricata-4.0.0-beta1
suricata-3.2.2
suricata-3.1.4
suricata-3.2.1
suricata-3.2
suricata-3.2RC1
suricata-3.1.3
suricata-3.2beta1
suricata-3.1.2
suricata-3.1.1
suricata-3.1
suricata-3.0.2
suricata-3.1RC1
suricata-3.0.1
suricata-3.0.1RC1
suricata-3.0
suricata-2.0.11
suricata-3.0RC3
suricata-3.0RC2
suricata-3.0RC1
suricata-2.0.10
suricata-2.0.9
suricata-2.1beta4
suricata-2.0.8
suricata-2.0.7
suricata-2.1beta3
suricata-2.0.6
suricata-2.0.5
suricata-2.1beta2
suricata-2.0.4
suricata-2.1beta1
suricata-2.0.3
suricata-2.0.2
suricata-2.0.1
suricata-2.0.1rc1
suricata-2.0
suricata-2.0rc3
suricata-2.0rc2
suricata-2.0rc1
suricata-2.0beta2
suricata-1.4.7
suricata-1.4.6
suricata-1.4.5
suricata-2.0beta1
suricata-1.4.4
suricata-1.4.3
suricata-1.4.2
suricata-1.4.1
suricata-1.3.6
suricata-1.4
suricata-1.3.5
suricata-1.4rc1
suricata-1.3.4
suricata-1.4beta3
suricata-1.3.3
suricata-1.4beta2
suricata-1.3.2
suricata-1.4beta1
suricata-1.3.1
suricata-1.3
suricata-1.3rc1
suricata-1.3beta2
suricata-1.3beta1
suricata-1.2.1
suricata-1.2
suricata-1.2rc1
suricata-1.2beta1
suricata-1.1.1
suricata-0.8.2
suricata-1.0.0
suricata-1.0.1
suricata-1.0.2
suricata-1.0.3
suricata-1.0.4
suricata-1.0.5
suricata-1.1
suricata-1.1beta1
suricata-1.1beta2
suricata-1.1beta3
suricata-1.1rc1
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '833a738dd1'
${ noResults }
suricata/Makefile.am

74 lines
3.0 KiB
Makefile
Raw Normal View History Unescape Escape

Initial add of the files.
17 years ago
# not a GNU package. You can remove this line, if
# have all needed files, that a GNU package needs
AUTOMAKE_OPTIONS = foreign 1.4
b86
16 years ago
ACLOCAL_AMFLAGS = -I m4
Add install-conf command to build system. This patch adds support for customisation of suricata.yaml and automatic download of emerging threat GPL rules. By running 'make install-full' after 'make install', files necessary to run suricata are copied in the configuration directory and the latest ruleset is downloaded and installed. Suricata can then be run without files edition. This patch has a special treatment for the windows build which requires some different paths. suricata.yaml is also updated to load all rules files provided by emergingthreat ruleset.
14 years ago
EXTRA_DIST = ChangeLog COPYING LICENSE suricata.yaml.in \
doc: security policy
4 years ago
threshold.config SECURITY.md \
config: install classification.config (and ref) to $datadir Install classification.config and reference.config to $datadir, where they can be updated on every upgrade. This required moving them into a sub-directory for autotools to do its thing. Redmine issue: https://redmine.openinfosecfoundation.org/issues/3209
6 years ago
$(SURICATA_UPDATE_DIR) \
automake: add acsite.m4 to EXTRA_DIST This file is required to successfully re-run autoreconf, which many packaging tools will do even on a prepared distribution archive.
5 years ago
lua \
devguide: drop use of mscgen script in builds/make Currently, it seems easier to upload the diagram images to git than to try to make the image generation script work with out of the tree builds and other corner cases. This means, however, that one must activelly remember to update msc diagram files, run the script and re-add new png files, if those ever need to be updated. To raise awareness to that, a watermark was added to the diagram images. Also removed configuration steps that added mscgen as dependency (locally and for workflow builds and readthedocs).
3 years ago
acsite.m4 \
examples/plugin: simplify Makefile Simplify the Makefile by avoiding automake and providing our own Makefile.in that is suitable for in-tree builds of the plugin and can also serve as an example for standalone plugins. But the bigger benefit of this is to allow building the example plugin even with --disable-shared provided to configure, as this is just a phony limitation imposed by automake/libtool.
1 year ago
scripts/generate-images.sh \
doc: port user install and build instruction from master-6.0.x Ticket: #6686
2 years ago
scripts/docs-almalinux9-minimal-build.sh \
scripts/docs-ubuntu-debian-minimal-build.sh \
doc/userguide: generate eve documentation Add EVE documentation for QUIC and Pgsql to their respective sections of the userguide. Also add a complete EVE reference as an appendix. Other protocols can be done, but its a manual process to document in the schema, then add the glue to pull them into the documentation. The documentation is generated during "make dist", or if it doesn't exist, "conf.py" will attempt to generate the eve documentation for building on Readthedocs.
2 years ago
scripts/evedoc.py \
examples: program linking against library Provide an example of an extremely simple application that links against Suricata. This provides a Makefile integrated with the Suricata build system for in-tree building, as well as an example Makefile for building out of tree. Currently this application just wraps SuricataMain and does nothing else.
1 year ago
examples/plugins
http: Use libhtp-rs. Ticket: #2696 There are a lot of changes here, which are described below. In general these changes are renaming constants to conform to the libhtp-rs versions (which are generated by cbindgen); making all htp types opaque and changing struct->member references to htp_struct_member() function calls; and a handful of changes to offload functionality onto libhtp-rs from suricata, such as URI normalization and transaction cleanup. Functions introduced to handle opaque htp_tx_t: - tx->parsed_uri => htp_tx_parsed_uri(tx) - tx->parsed_uri->path => htp_uri_path(htp_tx_parsed_uri(tx) - tx->parsed_uri->hostname => htp_uri_hostname(htp_tx_parsed_uri(tx)) - htp_tx_get_user_data() => htp_tx_user_data(tx) - htp_tx_is_http_2_upgrade(tx) convenience function introduced to detect response status 101 and “Upgrade: h2c" header. Functions introduced to handle opaque htp_tx_data_t: - d->len => htp_tx_data_len() - d->data => htp_tx_data_data() - htp_tx_data_tx(data) function to get the htp_tx_t from the htp_tx_data_t - htp_tx_data_is_empty(data) convenience function introduced to test if the data is empty. Other changes: Build libhtp-rs as a crate inside rust. Update autoconf to no longer use libhtp as an external dependency. Remove HAVE_HTP feature defines since they are no longer needed. Make function arguments and return values const where possible htp_tx_destroy(tx) will now free an incomplete transaction htp_time_t replaced with standard struct timeval Callbacks from libhtp now provide the htp_connp_t and the htp_tx_data_t as separate arguments. This means the connection parser is no longer fetched from the transaction inside callbacks. SCHTPGenerateNormalizedUri() functionality moved inside libhtp-rs, which now provides normalized URI values. The normalized URI is available with accessor function: htp_tx_normalized_uri() Configuration settings added to control the behaviour of the URI normalization: - htp_config_set_normalized_uri_include_all() - htp_config_set_plusspace_decode() - htp_config_set_convert_lowercase() - htp_config_set_double_decode_normalized_query() - htp_config_set_double_decode_normalized_path() - htp_config_set_backslash_convert_slashes() - htp_config_set_bestfit_replacement_byte() - htp_config_set_convert_lowercase() - htp_config_set_nul_encoded_terminates() - htp_config_set_nul_raw_terminates() - htp_config_set_path_separators_compress() - htp_config_set_path_separators_decode() - htp_config_set_u_encoding_decode() - htp_config_set_url_encoding_invalid_handling() - htp_config_set_utf8_convert_bestfit() - htp_config_set_normalized_uri_include_all() - htp_config_set_plusspace_decode() Constants related to configuring uri normalization: - HTP_URL_DECODE_PRESERVE_PERCENT => HTP_URL_ENCODING_HANDLING_PRESERVE_PERCENT - HTP_URL_DECODE_REMOVE_PERCENT => HTP_URL_ENCODING_HANDLING_REMOVE_PERCENT - HTP_URL_DECODE_PROCESS_INVALID => HTP_URL_ENCODING_HANDLING_PROCESS_INVALID htp_config_set_field_limits(soft_limit, hard_limit) changed to htp_config_set_field_limit(limit) because libhtp didn't implement soft limits. libhtp logging API updated to provide HTP_LOG_CODE constants along with the message. This eliminates the need to perform string matching on message text to map log messages to HTTP_DECODER_EVENT values, and the HTP_LOG_CODE values can be used directly. In support of this, HTP_DECODER_EVENT values are mapped to their corresponding HTP_LOG_CODE values. New log events to describe additional anomalies: HTP_LOG_CODE_REQUEST_TOO_MANY_LZMA_LAYERS HTP_LOG_CODE_RESPONSE_TOO_MANY_LZMA_LAYERS HTP_LOG_CODE_PROTOCOL_CONTAINS_EXTRA_DATA HTP_LOG_CODE_CONTENT_LENGTH_EXTRA_DATA_START HTP_LOG_CODE_CONTENT_LENGTH_EXTRA_DATA_END HTP_LOG_CODE_SWITCHING_PROTO_WITH_CONTENT_LENGTH HTP_LOG_CODE_DEFORMED_EOL HTP_LOG_CODE_PARSER_STATE_ERROR HTP_LOG_CODE_MISSING_OUTBOUND_TRANSACTION_DATA HTP_LOG_CODE_MISSING_INBOUND_TRANSACTION_DATA HTP_LOG_CODE_ZERO_LENGTH_DATA_CHUNKS HTP_LOG_CODE_REQUEST_LINE_UNKNOWN_METHOD HTP_LOG_CODE_REQUEST_LINE_UNKNOWN_METHOD_NO_PROTOCOL HTP_LOG_CODE_REQUEST_LINE_UNKNOWN_METHOD_INVALID_PROTOCOL HTP_LOG_CODE_REQUEST_LINE_NO_PROTOCOL HTP_LOG_CODE_RESPONSE_LINE_INVALID_PROTOCOL HTP_LOG_CODE_RESPONSE_LINE_INVALID_RESPONSE_STATUS HTP_LOG_CODE_RESPONSE_BODY_INTERNAL_ERROR HTP_LOG_CODE_REQUEST_BODY_DATA_CALLBACK_ERROR HTP_LOG_CODE_RESPONSE_INVALID_EMPTY_NAME HTP_LOG_CODE_REQUEST_INVALID_EMPTY_NAME HTP_LOG_CODE_RESPONSE_INVALID_LWS_AFTER_NAME HTP_LOG_CODE_RESPONSE_HEADER_NAME_NOT_TOKEN HTP_LOG_CODE_REQUEST_INVALID_LWS_AFTER_NAME HTP_LOG_CODE_LZMA_DECOMPRESSION_DISABLED HTP_LOG_CODE_CONNECTION_ALREADY_OPEN HTP_LOG_CODE_COMPRESSION_BOMB_DOUBLE_LZMA HTP_LOG_CODE_INVALID_CONTENT_ENCODING HTP_LOG_CODE_INVALID_GAP HTP_LOG_CODE_ERROR The new htp_log API supports consuming log messages more easily than walking a list and tracking the current offset. Internally, libhtp-rs now provides log messages as a queue of htp_log_t, which means the application can simply call htp_conn_next_log() to fetch the next log message until the queue is empty. Once the application is done with a log message, they can call htp_log_free() to dispose of it. Functions supporting htp_log_t: htp_conn_next_log(conn) - Get the next log message htp_log_message(log) - To get the text of the message htp_log_code(log) - To get the HTP_LOG_CODE value htp_log_free(log) - To free the htp_log_t
2 years ago
SUBDIRS = rust src plugins qa rules doc etc python ebpf \
build: don't build the lib example by default Don't build the library example by default as it is not needed by most users.
1 year ago
$(SURICATA_UPDATE_DIR)
examples: rename lib capture example to custom To keep the simple example simple, move the lib based capture method example to its own example. Ticket: #7240
1 year ago
DIST_SUBDIRS = $(SUBDIRS) examples/lib/simple examples/lib/custom
import of integrated htp lib and small libnet fixes
16 years ago
autotools: workaround on partial cleaning
12 years ago
CLEANFILES = stamp-h[0-9]*
Add install-conf command to build system. This patch adds support for customisation of suricata.yaml and automatic download of emerging threat GPL rules. By running 'make install-full' after 'make install', files necessary to run suricata are copied in the configuration directory and the latest ruleset is downloaded and installed. Suricata can then be run without files edition. This patch has a special treatment for the windows build which requires some different paths. suricata.yaml is also updated to load all rules files provided by emergingthreat ruleset.
14 years ago
install-data-am:
@echo "Run 'make install-conf' if you want to install initial configuration files. Or 'make install-full' to install configuration and rules";
Makefile: fix race condition in make install-full Use recursive make for the install process so it is executed in a predictable order. Addresses issue: https://redmine.openinfosecfoundation.org/issues/1470 which triggered on OSX/macOS.
9 years ago
install-full:
$(MAKE) install
$(MAKE) install-conf
$(MAKE) install-rules
Add install-conf command to build system. This patch adds support for customisation of suricata.yaml and automatic download of emerging threat GPL rules. By running 'make install-full' after 'make install', files necessary to run suricata are copied in the configuration directory and the latest ruleset is downloaded and installed. Suricata can then be run without files edition. This patch has a special treatment for the windows build which requires some different paths. suricata.yaml is also updated to load all rules files provided by emergingthreat ruleset.
14 years ago
install-conf:
Respect DESTDIR in install-conf and install-rules.
11 years ago
install -d "$(DESTDIR)$(e_sysconfdir)"
@test -e "$(DESTDIR)$(e_sysconfdir)/suricata.yaml" || install -m 600 "$(top_srcdir)/suricata.yaml" "$(DESTDIR)$(e_sysconfdir)"
config: install classification.config (and ref) to $datadir Install classification.config and reference.config to $datadir, where they can be updated on every upgrade. This required moving them into a sub-directory for autotools to do its thing. Redmine issue: https://redmine.openinfosecfoundation.org/issues/3209
6 years ago
@test -e "$(DESTDIR)$(e_sysconfdir)/classification.config" || install -m 600 "$(top_srcdir)/etc/classification.config" "$(DESTDIR)$(e_sysconfdir)"
@test -e "$(DESTDIR)$(e_sysconfdir)/reference.config" || install -m 600 "$(top_srcdir)/etc/reference.config" "$(DESTDIR)$(e_sysconfdir)"
Respect DESTDIR in install-conf and install-rules.
11 years ago
@test -e "$(DESTDIR)$(e_sysconfdir)/threshold.config" || install -m 600 "$(top_srcdir)/threshold.config" "$(DESTDIR)$(e_sysconfdir)"
install -d "$(DESTDIR)$(e_logfilesdir)"
install -d "$(DESTDIR)$(e_logcertsdir)"
install -d "$(DESTDIR)$(e_rundir)"
install -m 770 -d "$(DESTDIR)$(e_localstatedir)"
install: create runtime data directory On installation, make sure the data directory is created. This will usually be /var/lib/suricata/data, but otherwise follows the autoconf/automake instructions. This directory is for runtime state information, which for now is datasets but may be expanded in the future. Suricata already expects this directory to exist for "state" and "save" datasets, but it has been up to the user to create it.
2 years ago
install -m 770 -d "$(DESTDIR)$(e_datadir)"
hyperscan: add caching mechanism for hyperscan contexts Cache Hyperscan serialized databases to disk to prevent compilation of the same databases when Suricata is run again with the same ruleset. Hyperscan binary files are stored per rulegroup in the designated folder, by default in the cached library folder. Since caching is per signature group heads, some chunk of the ruleset can change and it still can reuse part of the unchanged signature groups. Loading *fresh* ET Open ruleset: 19 seconds Loading *cached* ET Open ruleset: 07 seconds Ticket: 7170
9 months ago
install -m 770 -d "$(DESTDIR)$(e_sghcachedir)"
Add install-conf command to build system. This patch adds support for customisation of suricata.yaml and automatic download of emerging threat GPL rules. By running 'make install-full' after 'make install', files necessary to run suricata are copied in the configuration directory and the latest ruleset is downloaded and installed. Suricata can then be run without files edition. This patch has a special treatment for the windows build which requires some different paths. suricata.yaml is also updated to load all rules files provided by emergingthreat ruleset.
14 years ago
install-rules:
suricata-update: don't install if requirements not met Don't try to run suricata-update if its not installed. The 'make install-rules' target would try to run suricata-update when it was detected that it was bundled, but didn't consider if suricata-update was actually installed.
6 years ago
if INSTALL_SURICATA_UPDATE
Makefile: Make libhtp available at install-rules stage So far when "make install-rules" stage was executed, libhtp path was not recognized as ldconfig does not run by this stage. Set "LD_LIBRARY_PATH" since we already know the path where libhtp would be. Closes redmine ticket #2669.
6 years ago
LD_LIBRARY_PATH=$(libdir) $(DESTDIR)$(bindir)/suricata-update \
install-rules: use suricata-update if available If Suricata update was bundled, use it for "install-rules" instead of curl or wget.
7 years ago
--suricata $(DESTDIR)$(bindir)/suricata \
--suricata-conf $(DESTDIR)$(sysconfdir)/suricata/suricata.yaml \
--no-test --no-reload
else
install: better warning on install-full and don't fail If suricata-update is not available on "make install-full", don't exit 1, instead give the reason why its not installed, but still succeed the install.
4 years ago
@echo ""
@echo "Warning: No rules will be downloaded as suricata-update"
@echo " is not available: ${install_suricata_update_reason}"
Use wget or curl to download ruleset.
12 years ago
endif
Config should be set up in sysconfdir/suricata. Add reference to oinkmaster guide.
14 years ago
@echo ""
rules: no longer install rules to /etc/suricata/rules Stop falling back to the old method of installing rules into /etc/suricata/rules if Suricata-Update is not available. The goal here is to move away from the behaviour of installing rules to /etc/suricata/rules as part of the default install process. The engine provided rules are already installed to /usr/share/suricata/rules, which can then be used as input to rule management tools such as Suricata-Update. This does not change the behaviour for Suricata release users with the bundled Suricata-Update. Also removes Oinkmaster and PulledPork suggestion for rule management.
6 years ago
@echo "You can now start suricata by running as root something like:"
@echo " $(DESTDIR)$(bindir)/suricata -c $(DESTDIR)$(e_sysconfdir)suricata.yaml -i eth0"
Config should be set up in sysconfdir/suricata. Add reference to oinkmaster guide.
14 years ago
@echo ""
http: Use libhtp-rs. Ticket: #2696 There are a lot of changes here, which are described below. In general these changes are renaming constants to conform to the libhtp-rs versions (which are generated by cbindgen); making all htp types opaque and changing struct->member references to htp_struct_member() function calls; and a handful of changes to offload functionality onto libhtp-rs from suricata, such as URI normalization and transaction cleanup. Functions introduced to handle opaque htp_tx_t: - tx->parsed_uri => htp_tx_parsed_uri(tx) - tx->parsed_uri->path => htp_uri_path(htp_tx_parsed_uri(tx) - tx->parsed_uri->hostname => htp_uri_hostname(htp_tx_parsed_uri(tx)) - htp_tx_get_user_data() => htp_tx_user_data(tx) - htp_tx_is_http_2_upgrade(tx) convenience function introduced to detect response status 101 and “Upgrade: h2c" header. Functions introduced to handle opaque htp_tx_data_t: - d->len => htp_tx_data_len() - d->data => htp_tx_data_data() - htp_tx_data_tx(data) function to get the htp_tx_t from the htp_tx_data_t - htp_tx_data_is_empty(data) convenience function introduced to test if the data is empty. Other changes: Build libhtp-rs as a crate inside rust. Update autoconf to no longer use libhtp as an external dependency. Remove HAVE_HTP feature defines since they are no longer needed. Make function arguments and return values const where possible htp_tx_destroy(tx) will now free an incomplete transaction htp_time_t replaced with standard struct timeval Callbacks from libhtp now provide the htp_connp_t and the htp_tx_data_t as separate arguments. This means the connection parser is no longer fetched from the transaction inside callbacks. SCHTPGenerateNormalizedUri() functionality moved inside libhtp-rs, which now provides normalized URI values. The normalized URI is available with accessor function: htp_tx_normalized_uri() Configuration settings added to control the behaviour of the URI normalization: - htp_config_set_normalized_uri_include_all() - htp_config_set_plusspace_decode() - htp_config_set_convert_lowercase() - htp_config_set_double_decode_normalized_query() - htp_config_set_double_decode_normalized_path() - htp_config_set_backslash_convert_slashes() - htp_config_set_bestfit_replacement_byte() - htp_config_set_convert_lowercase() - htp_config_set_nul_encoded_terminates() - htp_config_set_nul_raw_terminates() - htp_config_set_path_separators_compress() - htp_config_set_path_separators_decode() - htp_config_set_u_encoding_decode() - htp_config_set_url_encoding_invalid_handling() - htp_config_set_utf8_convert_bestfit() - htp_config_set_normalized_uri_include_all() - htp_config_set_plusspace_decode() Constants related to configuring uri normalization: - HTP_URL_DECODE_PRESERVE_PERCENT => HTP_URL_ENCODING_HANDLING_PRESERVE_PERCENT - HTP_URL_DECODE_REMOVE_PERCENT => HTP_URL_ENCODING_HANDLING_REMOVE_PERCENT - HTP_URL_DECODE_PROCESS_INVALID => HTP_URL_ENCODING_HANDLING_PROCESS_INVALID htp_config_set_field_limits(soft_limit, hard_limit) changed to htp_config_set_field_limit(limit) because libhtp didn't implement soft limits. libhtp logging API updated to provide HTP_LOG_CODE constants along with the message. This eliminates the need to perform string matching on message text to map log messages to HTTP_DECODER_EVENT values, and the HTP_LOG_CODE values can be used directly. In support of this, HTP_DECODER_EVENT values are mapped to their corresponding HTP_LOG_CODE values. New log events to describe additional anomalies: HTP_LOG_CODE_REQUEST_TOO_MANY_LZMA_LAYERS HTP_LOG_CODE_RESPONSE_TOO_MANY_LZMA_LAYERS HTP_LOG_CODE_PROTOCOL_CONTAINS_EXTRA_DATA HTP_LOG_CODE_CONTENT_LENGTH_EXTRA_DATA_START HTP_LOG_CODE_CONTENT_LENGTH_EXTRA_DATA_END HTP_LOG_CODE_SWITCHING_PROTO_WITH_CONTENT_LENGTH HTP_LOG_CODE_DEFORMED_EOL HTP_LOG_CODE_PARSER_STATE_ERROR HTP_LOG_CODE_MISSING_OUTBOUND_TRANSACTION_DATA HTP_LOG_CODE_MISSING_INBOUND_TRANSACTION_DATA HTP_LOG_CODE_ZERO_LENGTH_DATA_CHUNKS HTP_LOG_CODE_REQUEST_LINE_UNKNOWN_METHOD HTP_LOG_CODE_REQUEST_LINE_UNKNOWN_METHOD_NO_PROTOCOL HTP_LOG_CODE_REQUEST_LINE_UNKNOWN_METHOD_INVALID_PROTOCOL HTP_LOG_CODE_REQUEST_LINE_NO_PROTOCOL HTP_LOG_CODE_RESPONSE_LINE_INVALID_PROTOCOL HTP_LOG_CODE_RESPONSE_LINE_INVALID_RESPONSE_STATUS HTP_LOG_CODE_RESPONSE_BODY_INTERNAL_ERROR HTP_LOG_CODE_REQUEST_BODY_DATA_CALLBACK_ERROR HTP_LOG_CODE_RESPONSE_INVALID_EMPTY_NAME HTP_LOG_CODE_REQUEST_INVALID_EMPTY_NAME HTP_LOG_CODE_RESPONSE_INVALID_LWS_AFTER_NAME HTP_LOG_CODE_RESPONSE_HEADER_NAME_NOT_TOKEN HTP_LOG_CODE_REQUEST_INVALID_LWS_AFTER_NAME HTP_LOG_CODE_LZMA_DECOMPRESSION_DISABLED HTP_LOG_CODE_CONNECTION_ALREADY_OPEN HTP_LOG_CODE_COMPRESSION_BOMB_DOUBLE_LZMA HTP_LOG_CODE_INVALID_CONTENT_ENCODING HTP_LOG_CODE_INVALID_GAP HTP_LOG_CODE_ERROR The new htp_log API supports consuming log messages more easily than walking a list and tracking the current offset. Internally, libhtp-rs now provides log messages as a queue of htp_log_t, which means the application can simply call htp_conn_next_log() to fetch the next log message until the queue is empty. Once the application is done with a log message, they can call htp_log_free() to dispose of it. Functions supporting htp_log_t: htp_conn_next_log(conn) - Get the next log message htp_log_message(log) - To get the text of the message htp_log_code(log) - To get the HTP_LOG_CODE value htp_log_free(log) - To free the htp_log_t
2 years ago
@echo "If a shared library is not found, you can add library paths with:"
rules: no longer install rules to /etc/suricata/rules Stop falling back to the old method of installing rules into /etc/suricata/rules if Suricata-Update is not available. The goal here is to move away from the behaviour of installing rules to /etc/suricata/rules as part of the default install process. The engine provided rules are already installed to /usr/share/suricata/rules, which can then be used as input to rule management tools such as Suricata-Update. This does not change the behaviour for Suricata release users with the bundled Suricata-Update. Also removes Oinkmaster and PulledPork suggestion for rule management.
6 years ago
@echo " LD_LIBRARY_PATH="$(DESTDIR)$(prefix)/lib" "$(DESTDIR)$(bindir)/suricata" -c "$(DESTDIR)$(e_sysconfdir)suricata.yaml" -i eth0"
@echo ""
@echo "The Emerging Threats Open rules are now installed. Rules can be"
@echo "updated and managed with the suricata-update tool."
@echo ""
@echo "For more information please see:"
docs: update url to docs.suricata.io
2 years ago
@echo " https://docs.suricata.io/en/latest/rule-management/index.html"
Config should be set up in sysconfdir/suricata. Add reference to oinkmaster guide.
14 years ago
@echo ""
install: makefile target to install libraries As we don't install the libraries by default, provide a make target, "install-library" to install the libsuricata library files. If shared library support exists, both the static and shared libraries will be installed, otherwise only the static libraries will be installed.
4 years ago
install-library:
cd src && $(MAKE) $@
cd rust && $(MAKE) $@
libsuricata-config: program to print build flags Following the pattern of many other libraries, provide a -config program to output cflags and libs to properly link an application against the library. usage: libsuricata-config [--cflags] [--libs] [--static] --cflags and --libs can be used infividually or together. --static will link against the static libraries instead of the shared library. Note that if the shared library is not available, the static libraries will be provided even without this option.
4 years ago
$(INSTALL) libsuricata-config "$(DESTDIR)$(bindir)/libsuricata-config"
Makefile: break headers and source into 2 vars Split the headers and source into 2 variables. Headers are marked noinst so they don't get automatically installed on "make install". Instead they will be installed by a custom Makefile target, "make install-headers".
5 years ago
install-headers:
cd src && $(MAKE) $@