aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
14,910 Commits
7 Branches
155 Tags
192 MiB
master
main-7.0.x
master-6.0.x
master-5.0.x
master-4.1.x
master-4.0.x
master-3.2.x
suricata-7.0.8
suricata-7.0.7
suricata-7.0.6
suricata-6.0.20
suricata-7.0.5
suricata-6.0.19
suricata-6.0.18
suricata-7.0.4
suricata-6.0.17
suricata-7.0.3
suricata-6.0.16
suricata-7.0.2
suricata-6.0.15
suricata-7.0.1
suricata-6.0.14
suricata-7.0.0
suricata-7.0.0-rc2
suricata-6.0.13
suricata-6.0.12
suricata-6.0.11
suricata-7.0.0-rc1
suricata-6.0.10
suricata-6.0.9
suricata-7.0.0-beta1
suricata-6.0.8
suricata-6.0.7
suricata-6.0.6
suricata-5.0.10
suricata-6.0.5
suricata-5.0.9
suricata-6.0.4
suricata-5.0.8
suricata-6.0.3
suricata-5.0.7
suricata-6.0.2
suricata-5.0.6
suricata-6.0.1
suricata-5.0.5
suricata-4.1.10
suricata-4.1.9
suricata-5.0.4
suricata-6.0.0
suricata-6.0.0-rc1
suricata-6.0.0-beta1
suricata-5.0.3
suricata-4.1.8
suricata-4.1.7
suricata-5.0.2
suricata-4.1.6
suricata-5.0.1
suricata-5.0.0
suricata-5.0.0-rc1
suricata-4.1.5
suricata-5.0.0-beta1
suricata-4.1.4
suricata-4.1.3
suricata-4.0.7
suricata-4.1.2
suricata-4.1.1
suricata-4.1.0
suricata-4.0.6
suricata-4.1.0-rc2
suricata-4.1.0-rc1
suricata-4.0.5
suricata-4.1.0-beta1
suricata-4.0.4
suricata-4.0.3
suricata-4.0.2
suricata-3.2.5
suricata-4.0.1
suricata-3.2.4
suricata-4.0.0
suricata-4.0.0-rc2
suricata-3.2.3
suricata-4.0.0-rc1
suricata-4.0.0-beta1
suricata-3.2.2
suricata-3.1.4
suricata-3.2.1
suricata-3.2
suricata-3.2RC1
suricata-3.1.3
suricata-3.2beta1
suricata-3.1.2
suricata-3.1.1
suricata-3.1
suricata-3.0.2
suricata-3.1RC1
suricata-3.0.1
suricata-3.0.1RC1
suricata-3.0
suricata-2.0.11
suricata-3.0RC3
suricata-3.0RC2
suricata-3.0RC1
suricata-2.0.10
suricata-2.0.9
suricata-2.1beta4
suricata-2.0.8
suricata-2.0.7
suricata-2.1beta3
suricata-2.0.6
suricata-2.0.5
suricata-2.1beta2
suricata-2.0.4
suricata-2.1beta1
suricata-2.0.3
suricata-2.0.2
suricata-2.0.1
suricata-2.0.1rc1
suricata-2.0
suricata-2.0rc3
suricata-2.0rc2
suricata-2.0rc1
suricata-2.0beta2
suricata-1.4.7
suricata-1.4.6
suricata-1.4.5
suricata-2.0beta1
suricata-1.4.4
suricata-1.4.3
suricata-1.4.2
suricata-1.4.1
suricata-1.3.6
suricata-1.4
suricata-1.3.5
suricata-1.4rc1
suricata-1.3.4
suricata-1.4beta3
suricata-1.3.3
suricata-1.4beta2
suricata-1.3.2
suricata-1.4beta1
suricata-1.3.1
suricata-1.3
suricata-1.3rc1
suricata-1.3beta2
suricata-1.3beta1
suricata-1.2.1
suricata-1.2
suricata-1.2rc1
suricata-1.2beta1
suricata-1.1.1
suricata-0.8.2
suricata-1.0.0
suricata-1.0.1
suricata-1.0.2
suricata-1.0.3
suricata-1.0.4
suricata-1.0.5
suricata-1.1
suricata-1.1beta1
suricata-1.1beta2
suricata-1.1beta3
suricata-1.1rc1
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'b12a35c3cf'
${ noResults }
Commit Graph

14910 Commits (b12a35c3cf90cb900335cf28dc5c366955088a6b)
 

Author SHA1 Message Date
Juliana Fajardini e306bc6ecc exception: fix use of master switch with default 
If an exception policy wasn't set up individually, use the GetDefault
function to pick one. This will check for the master switch option and
handle 'auto' cases.

Instead of deciding what the auto value should be when we are parsing
the master switch, leave that for when some of the other policies is to
be set via the master switch, when since this can change for specific
exception policies - like for midstream, for instance.

Update exceptions policies documentation to clarify that the default
configuration in IPS when midstream is enabled is `ignore`, not
`drop-flow`.

Bug #6169
 2 years ago
Sascha Steinbiss 1521b77edd rfb: also set unimplemented auth types 2 years ago
Sascha Steinbiss 1606aca881 rfb: ensure logging of incompletely parsed txs 2 years ago
Philippe Antoine a3168fda78 mime: compute full body md5 
Previously, the problem was that nested headers/boundaries were not
used to compute the hash

Solution is to move up the call to the hash computation from
ProcessMimeBody to its caller ProcessMimeEntity, and add a set of
conditions to ensure that we are not in the principal headers.

Ticket: #6185
 2 years ago
Philippe Antoine 2a768dfa95 smtp: avoid counting last eol in file 
As it is part of the boundary

Ticket: #6023

On the way, look for urls even on incomplete lines
 2 years ago
Shivani Bhardwaj 157af18d60 python: remove futile exec perm from files 2 years ago
Shivani Bhardwaj 18947c01e0 suricatasc: update running instructions 2 years ago
Shivani Bhardwaj 4ece79b6de python: remove unneeded setup.py 
We no longer use this script or upload packages to PyPi.
 2 years ago
Shivani Bhardwaj ad03b5ce8b suricatasc: remove unneeded shebang 
The caller for suricatasc is in python/bin. The script is never executed
directly and doesn't need the shebang.
 2 years ago
Jason Ish f870dcd4cc github-ci: allow pull request URL in SV_BRANCH 
Allow the SV_BRANCH variable to contain the full link to an
OISF/suricata-verify pull request. This will cause GitHub to create a
cross-link for us.
 2 years ago
Jason Ish 8511ef5e2d pcap-log: close pcap_dead_handle on close 
Fixes leaked handle on exit.
 2 years ago
Jason Ish d2a5a55e0a log-pcap: one time errors on file open 
If compression was not enabled, the open error was actually suppressed
by default by only being logged at info level, however with
compression it was logged as an error. As opening is retried as long
as it fails to open, make both log as error but wrap in a flag so the
error is logged once until success.
 2 years ago
Jason Ish bf589f0812 log-pcap: only open dumper after successful file open (lz4) 
When LZ4 compression is enabled, open the dumper after successful open
of the file. The dump handle is what forms the check if opening the
file needs to be retried.

Ticket: #5022
 2 years ago
Jeff Lucovsky d822ba58e1 doc/multi-tenant: Clarify live traffic support 
Issue: 5930

This commit clarifies the live traffic support for multi-tenancy.
 2 years ago
Sascha Steinbiss 1f8a5874fb rfb: never return error on unknown traffic 
We only try to parse a small subset of what is possible in
RFB. Currently we only understand some standard auth schemes
and stop parsing when the server-client handshake is complete.
Since in IPS mode returning an error from the parser causes
drops that are likely uncalled for, we do not want to return
errors when we simply do not understand what happens in the
traffic. This addresses Redmine #5912.

Bug: #5912.
 2 years ago
Sascha Steinbiss 836fff3679 rfb: add myself as contributor 2 years ago
Sascha Steinbiss bd1fbf392e rfb: be more strict parsing the version 2 years ago
Jason Ish dd786cd6e4 eve/alert: warn on obsolete flags 
Log a warning but otherwise ignore obsolete flags under
eve-log.alert. This also prevents accidentially turning off app-layer
logging by attempting to disable a single protocol.

These flags have been deprecated since 5.0, time to stop respecting
them.

Ticket: #6175
 2 years ago
Shivani Bhardwaj aeb408dd9d doc: fix typo encryption-handling 2 years ago
Shivani Bhardwaj 6b3dbaa2f2 suricatasc: Don't process empty cmds 2 years ago
Shivani Bhardwaj 84ffe92873 suricatasc: exit successfully on keyboardinterrupt 2 years ago
Shivani Bhardwaj a512338afd suricatasc: add line numbers in error messages 2 years ago
Shivani Bhardwaj 46ce371d9c suricatasc: handle exceptions in caller 2 years ago
Shivani Bhardwaj b42a584f4d suricatasc: handle exceptions interactive mode 2 years ago
Jason Ish 90bb73046c userguide/security: grammar fixes 
Apply grammer fixes brought up in GitHub review comments by Juliana.
 2 years ago
Philippe Antoine d99cbc5e0b detect/http: request/response header support multi buffer 
Ticket: #6163

That means that we can have rules matching different contents
on different headers.
 2 years ago
Philippe Antoine f31ea90836 http: event on chunk extension 
Chunks extension are defined in rfc2616 section-3.6.1

Ticket: #6159
 2 years ago
Victor Julien 643e674cb2 bpf: remove OpenBSD guards 
libpcap bpf functions are supported now.
 2 years ago
liaozhiyuan a748164d58 dpdk: support multiple same EAL arguments 
DPDK apps can specify multiple arguments of the same
type. YAML format only allows unique keys within a single
node. This commit adds support for multiple EAL arguments
of the same type to be used within suricata.yaml.

Ticket: #5964
 2 years ago
Philippe Antoine e75956717d detect/files: centralize definition of protocols 
Protocols supporting files are only defined in one place, which
gets used by all keywords, which can handle some exceptions
(like HTTP2 not having file names)
 2 years ago
Philippe Antoine 71bab65496 detect/files: reuse AppLayerParserSupportsFiles 
rather than relisting the protocols
 2 years ago
Jason Ish 83afccd932 github-ci: update action: setup-msys2 
Use @v2, hopefully the dependency bot will keep it up to date now.
 2 years ago
Jason Ish 37d68230f8 github-ci: use latest version of actions/upload-artifact 2 years ago
Jason Ish d576be2452 github-ci: update actions/cache to v3.3.1 2 years ago
Jason Ish 3dfd5ddaed github-ci: use same version (3.0.2) for actions/download-artifact 2 years ago
Jason Ish 04ba1a7ef6 github-ci: update actions/checkout to v3.5.3 2 years ago
Juliana Fajardini feb47f9a89 exceptions: fix 'auto' for master switch in IDS 
If the master exception policy was set to 'auto' in IDS mode, instead of
just setting the master switch to the default in this case, which is
'ignore', the engine would switch a warning saying that auto wasn't a
valid config and then set the policy to ignore.

This makes 'auto' work for the master switch in IDS, removes function
for setting IPS option and handles the valid IDS options directly from
the function that parses the master policy, as this was the only place
where the function was still called.

Bug #6149
 2 years ago
Jason Ish 5f598931ac doc/userguide: start on a security chapter 
This is the start of a security consideration chapter, starting with
directions on how to run Suricata as a non-root user.
 2 years ago
Victor Julien ab667d4d19 pcap: fix reopen logic 
Bug: #6081.
 2 years ago
Victor Julien 5f187cba82 pcap/runmodes: silence some info messages 2 years ago
Victor Julien 3049151bc2 pcap: free per thread resources 
Bug: #4750.
 2 years ago
Victor Julien 6c1408c3c2 pcap/file: minor code cleanup 2 years ago
Victor Julien 25396dcd09 threads: cleanup decode_pq handling 2 years ago
Victor Julien 639c5cc4df version: start development towards 7.0.0-rc3 2 years ago
Shivani Bhardwaj da99a69c5b release: 7.0.0-rc2; update changelog 2 years ago
Jason Ish 14daa42e0b doc/userguide: dataset upgrade notes 2 years ago
Jason Ish ed4d27fdc1 config: uncomment datasets configuration 
Uncomment the datasets configuration for easier editing by users.  The
values are left commented out as their defaults.
 2 years ago
Jason Ish 93b64939d1 datasets: flag to disable "write" actions 
Add a new configuration flag, "datasets.rules.allow-write" to control
if rules can contain "save" or "state" rules which allow write access
to the file system.

Ticket: #6123
 2 years ago
Jason Ish f0885a2a2e install: create runtime data directory 
On installation, make sure the data directory is created. This will
usually be /var/lib/suricata/data, but otherwise follows the
autoconf/automake instructions.

This directory is for runtime state information, which for now is
datasets but may be expanded in the future.  Suricata already expects
this directory to exist for "state" and "save" datasets, but it has
been up to the user to create it.
 2 years ago
Jason Ish fd79b337ca datasets: don't allow absolute or paths with directory traversal 
For dataset filenames coming from rules, do not allow filenames that
are absolute or contain a directory traversal with "..". This prevents
datasets from escaping the define data-directory which may allow a bad
rule to overwrite any file that Suricata has permission to write to.

Add a new configuration option,
"datasets.rules.allow-absolute-filenames" to allow absolute filenames
in dataset rules. This will be a way to revert back to the pre 6.0.13
behavior where save/state rules could use any filename.

Ticket: #6118
 2 years ago