aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
10,387 Commits
7 Branches
155 Tags
194 MiB
master
main-7.0.x
master-6.0.x
master-5.0.x
master-4.1.x
master-4.0.x
master-3.2.x
suricata-7.0.8
suricata-7.0.7
suricata-7.0.6
suricata-6.0.20
suricata-7.0.5
suricata-6.0.19
suricata-6.0.18
suricata-7.0.4
suricata-6.0.17
suricata-7.0.3
suricata-6.0.16
suricata-7.0.2
suricata-6.0.15
suricata-7.0.1
suricata-6.0.14
suricata-7.0.0
suricata-7.0.0-rc2
suricata-6.0.13
suricata-6.0.12
suricata-6.0.11
suricata-7.0.0-rc1
suricata-6.0.10
suricata-6.0.9
suricata-7.0.0-beta1
suricata-6.0.8
suricata-6.0.7
suricata-6.0.6
suricata-5.0.10
suricata-6.0.5
suricata-5.0.9
suricata-6.0.4
suricata-5.0.8
suricata-6.0.3
suricata-5.0.7
suricata-6.0.2
suricata-5.0.6
suricata-6.0.1
suricata-5.0.5
suricata-4.1.10
suricata-4.1.9
suricata-5.0.4
suricata-6.0.0
suricata-6.0.0-rc1
suricata-6.0.0-beta1
suricata-5.0.3
suricata-4.1.8
suricata-4.1.7
suricata-5.0.2
suricata-4.1.6
suricata-5.0.1
suricata-5.0.0
suricata-5.0.0-rc1
suricata-4.1.5
suricata-5.0.0-beta1
suricata-4.1.4
suricata-4.1.3
suricata-4.0.7
suricata-4.1.2
suricata-4.1.1
suricata-4.1.0
suricata-4.0.6
suricata-4.1.0-rc2
suricata-4.1.0-rc1
suricata-4.0.5
suricata-4.1.0-beta1
suricata-4.0.4
suricata-4.0.3
suricata-4.0.2
suricata-3.2.5
suricata-4.0.1
suricata-3.2.4
suricata-4.0.0
suricata-4.0.0-rc2
suricata-3.2.3
suricata-4.0.0-rc1
suricata-4.0.0-beta1
suricata-3.2.2
suricata-3.1.4
suricata-3.2.1
suricata-3.2
suricata-3.2RC1
suricata-3.1.3
suricata-3.2beta1
suricata-3.1.2
suricata-3.1.1
suricata-3.1
suricata-3.0.2
suricata-3.1RC1
suricata-3.0.1
suricata-3.0.1RC1
suricata-3.0
suricata-2.0.11
suricata-3.0RC3
suricata-3.0RC2
suricata-3.0RC1
suricata-2.0.10
suricata-2.0.9
suricata-2.1beta4
suricata-2.0.8
suricata-2.0.7
suricata-2.1beta3
suricata-2.0.6
suricata-2.0.5
suricata-2.1beta2
suricata-2.0.4
suricata-2.1beta1
suricata-2.0.3
suricata-2.0.2
suricata-2.0.1
suricata-2.0.1rc1
suricata-2.0
suricata-2.0rc3
suricata-2.0rc2
suricata-2.0rc1
suricata-2.0beta2
suricata-1.4.7
suricata-1.4.6
suricata-1.4.5
suricata-2.0beta1
suricata-1.4.4
suricata-1.4.3
suricata-1.4.2
suricata-1.4.1
suricata-1.3.6
suricata-1.4
suricata-1.3.5
suricata-1.4rc1
suricata-1.3.4
suricata-1.4beta3
suricata-1.3.3
suricata-1.4beta2
suricata-1.3.2
suricata-1.4beta1
suricata-1.3.1
suricata-1.3
suricata-1.3rc1
suricata-1.3beta2
suricata-1.3beta1
suricata-1.2.1
suricata-1.2
suricata-1.2rc1
suricata-1.2beta1
suricata-1.1.1
suricata-0.8.2
suricata-1.0.0
suricata-1.0.1
suricata-1.0.2
suricata-1.0.3
suricata-1.0.4
suricata-1.0.5
suricata-1.1
suricata-1.1beta1
suricata-1.1beta2
suricata-1.1beta3
suricata-1.1rc1
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '1b6eee829f'
${ noResults }
Commit Graph

10387 Commits (1b6eee829f6f5a64ec1a4127bf5ea601595d1ae3)
 

Author SHA1 Message Date
Jason Ish 1b6eee829f python: fixes for installing from path with spaces 
Related to Redmine issue:
https://redmine.openinfosecfoundation.org/issues/2668
 5 years ago
Jason Ish 6e981fd15a rust: fix build when source directory has spaces in it 
Redmine issue:
https://redmine.openinfosecfoundation.org/issues/2668
 5 years ago
Jason Ish a1ee536daa configure: no, followed by reason for python tools 
This:
  Install suricatactl:                     no, requires distutils
instead of this:
  Install suricatasc:                      requires distutils
 5 years ago
Jason Ish 109cf36866 configure: generic instructions for missing python modules 
Instead of telling the user what packages to install for missing
Python modules, give generic instructions about what module
needs to be installed.

It is getting tricky to get these package names correct
across distributions.
 5 years ago
Jason Ish 26dcef1290 suricata-update: build before install 
Run the Python build independent of install. Prevents files
in the tree becoming owned by root.
 5 years ago
Jason Ish c4b856ea99 configure: detect python major version 
For informational purposes only when notifying what Python
modules are required during ./configure.
 5 years ago
Jason Ish 00ad7a911f configure: don't detect python version 
Don't detect the Python version, it is not needed anyways,
all we need is the Python path.

Also, python2 --version prints to stderr, while python3
prints to stdout, leading to some odd output during
./configure (but fixable).
 5 years ago
Jason Ish 9111b9df57 doc: cleanup enging logging 
Attempt cleanup the engine logging a bit.

Also a include a verbatim excerpt of the default configuration
here for reference purposes.
 5 years ago
Jason Ish c97195bf0b doc: -v verbose option documentation update 
Update -v documentation to reflect the new behaviour discussed
in bug #1851 where -v changes the log level to fixed levels
instead of an offset of the default log level configured
in suricata.yaml.
 5 years ago
Jason Ish 8425259c88 help: better description for -v 
-v: be more verbose (use multiple times to increase verbosity)
 5 years ago
Jason Ish 71c53484ee logging: used fixed levels of verbosity for -v, -vv... 
Change the meaning of the verbosity flag to change the log
level to fixed levels instead of being relative to whats
configured.

-v    => INFO
-vv   => PERF
-vvv  => CONIFG
-vvvv => DEBUG

But do now allow -v to decrease the verbosity.

Bug #1851
 5 years ago
Jason Ish 89634b6508 logging: respect individual log levels 
The log level of individual loggers (console, file, syslog) was
being capped by the default log level. For example, if the
default log level was notice, setting the file level to info
would still result in notice level logging.

Bug #3210
 5 years ago
Konstantin Klinger 808ea0dba9 app-layer: remove obsolete msn protocol detection 5 years ago
Victor Julien 6d2bd6607e datasets: make clear the feature is experimental 5 years ago
Victor Julien ebecaca7ea eve/anomaly: enable by default 
Default config will only enable 'app-layer' type within the anomaly
logger.
 5 years ago
Victor Julien ea3d9c3230 htp: require 0.5.31 5 years ago
Victor Julien 514c7c1a04 yaml: minor improvements 5 years ago
Victor Julien cec8067001 yaml: clean up 'autofp-scheduler' option 5 years ago
Jeff Lucovsky d514a38913 log/anomaly: remove leading underscore from static var 5 years ago
Jeff Lucovsky 17c3e22ecd doc/eve.alert: Expand metadata description 5 years ago
Jeff Lucovsky 95879c0d5a logging/alert: Warn if metadata not selected 
Warn when HTTP body logging has been selected but applayer/metadata
logging is not configured.
 5 years ago
Jeff Lucovsky 883cad1a86 logging/anomaly: Clarify anomaly logging 
Clarify the description of the anomaly logging types.
 5 years ago
Jeff Lucovsky af615baaf7 logging/alert: Expand alert logging description 
Clarify the configuration requirements for alerts and http-body logging.
 5 years ago
Jeff Lucovsky 354074bac6 ftp: Handle malformed RETR/STOR 
Ensure that RETR (STOR) have a filename -- otherwise, treat the command
string as malformed.

Added unittests for each command and verified that SEGV's occur without
parser change and no longer occur with the parser change.
 5 years ago
Fabrice Fontaine 61becb29bf configure.ac: fix --disable-geoip 
$enableval should be used to know if the user has passed --enable-geoip
or --disable-geoip

Fixes:
 - http://autobuild.buildroot.org/results/a7a34f760ae5fe0922fdb720b8234dbcd85ed222

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
 5 years ago
Jason Ish 99d9e09599 config: install classification.config (and ref) to $datadir 
Install classification.config and reference.config to $datadir,
where they can be updated on every upgrade.

This required moving them into a sub-directory for autotools
to do its thing.

Redmine issue:
https://redmine.openinfosecfoundation.org/issues/3209
 5 years ago
Victor Julien 7609adb05d Revert "runmode: consider test mode a user mode" 
This reverts commit 6dca50a322.

The test mode should actually test in system mode by default as
that is what tools like Suricata-Update need before issuing a
reload command.
 5 years ago
Victor Julien 0771eb1e0e detect/ja3: print error for one rule only 
Use 'silent error' logic for any other rules using ja3 as well.
 5 years ago
Victor Julien 4d44ca7739 detect/parse: allow signature parsing to fail silently 
A sigmatches 'Setup' function may indicate it intends to fail
silently after the first error. It will return -2 instead of -1
in this case.

This is tracked in the DetectEngineCtx object, so errors will
be shown again at rule reloads.
 5 years ago
Victor Julien aa5a6ab5f1 detect/parser: minor cleanup 5 years ago
Victor Julien c582fd28d9 tls/ja3: allow 'auto' setting for ja3 5 years ago
Victor Julien ca5226f0c7 tls/ja3: try to enable ja3 if rule keywords need it 5 years ago
Victor Julien 29dcd98ed1 tls/ja3: add way to check active config 5 years ago
Victor Julien 788c9f8f11 tls/ja3: don't disable; allowing runtime enabling 5 years ago
Victor Julien 4cd3b84606 tls/ja3: allow dynamic enabling of ja3 5 years ago
Victor Julien 09882ec4cb detect/reference: implement strict parsing option 5 years ago
Victor Julien 89a717d41c detect/classtype: implement strict parsing option 5 years ago
Victor Julien b5521b58bc detect/parse: add --strict-rule-keywords option 
Add --strict-rule-keywords commandline option to enable strict rule
parsing.

It can be used without options or with a comma separated list:
--strict-rule-keywords
--strict-rule-keywords=all
--strict-rule-keywords=classtype,reference

Parsing implementations can use SigMatchStrictEnabled to check
if strict parsing is enabled for them and act accordingly.
 5 years ago
Victor Julien 88e26ea914 detect: use named enum for keyword types 5 years ago
Victor Julien 0b40d4ae93 detect/reference: allow undefined references 
References are currently not used in Suricata, so erroring out on
rules using a undefined reference is too harsh.

Just issue a warning once per unique missing reference.
 5 years ago
Victor Julien 61185cc9ba reference: change scope of add func to global 5 years ago
Victor Julien d17a3b3c2b reference: use global defines for size limits 5 years ago
Victor Julien e278953455 detect/reference: code cleanups 5 years ago
Victor Julien 523e91b231 detect/classtype: check size of rule input 5 years ago
Victor Julien e5f6f38481 classtype: handle missing classification.config 
Still initialize the classtype hash table so that the classtypes
rules use can be added to it.

The file missing now reports a warning instead of error, as we
will continue to work.
 5 years ago
Victor Julien 517834e327 classtype: use global defines for size limits 5 years ago
Victor Julien 99bdb54d9f detect/classtype: show file and line for unknown classtype 5 years ago
Victor Julien 43b5234055 detect/priority: use global define for default prio 5 years ago
Victor Julien 954c43daf4 detect/classtype: allow undefined classtypes 
Effect of classification on Suricata's working is minimal. Impact
of adding undefined classtypes is large: rules will fail to load
completely. This also leads multiple lines of log output per rule,
which in a large ruleset can lead to excessive output.

This patch changes the classtype keyword behavior. Instead of erroring
and invalidating a rule, we will merely warn.

The undefined classtype is then defined with a default priority,
so other rules using the classtype will not also warn. This way
there will be just a single warning per missing classtype.
 5 years ago
Victor Julien 323a747f39 classtype: increase id size 
Switch from u8 to u16 to allow for more classtypes.

Rename Signature::class to Signature::class_id to make it clear
it is an id.
 5 years ago