aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
10,403 Commits
10 Branches
154 Tags
165 MiB
dependabot/github_actions/actions/checkout-4.2.1
dependabot/github_actions/github/codeql-action-3.26.12
dependabot/github_actions/actions/upload-artifact-4.4.3
master
main-7.0.x
master-6.0.x
master-5.0.x
master-4.1.x
master-4.0.x
master-3.2.x
suricata-7.0.7
suricata-7.0.6
suricata-6.0.20
suricata-7.0.5
suricata-6.0.19
suricata-6.0.18
suricata-7.0.4
suricata-6.0.17
suricata-7.0.3
suricata-6.0.16
suricata-7.0.2
suricata-6.0.15
suricata-7.0.1
suricata-6.0.14
suricata-7.0.0
suricata-7.0.0-rc2
suricata-6.0.13
suricata-6.0.12
suricata-6.0.11
suricata-7.0.0-rc1
suricata-6.0.10
suricata-6.0.9
suricata-7.0.0-beta1
suricata-6.0.8
suricata-6.0.7
suricata-6.0.6
suricata-5.0.10
suricata-6.0.5
suricata-5.0.9
suricata-6.0.4
suricata-5.0.8
suricata-6.0.3
suricata-5.0.7
suricata-6.0.2
suricata-5.0.6
suricata-6.0.1
suricata-5.0.5
suricata-4.1.10
suricata-4.1.9
suricata-5.0.4
suricata-6.0.0
suricata-6.0.0-rc1
suricata-6.0.0-beta1
suricata-5.0.3
suricata-4.1.8
suricata-4.1.7
suricata-5.0.2
suricata-4.1.6
suricata-5.0.1
suricata-5.0.0
suricata-5.0.0-rc1
suricata-4.1.5
suricata-5.0.0-beta1
suricata-4.1.4
suricata-4.1.3
suricata-4.0.7
suricata-4.1.2
suricata-4.1.1
suricata-4.1.0
suricata-4.0.6
suricata-4.1.0-rc2
suricata-4.1.0-rc1
suricata-4.0.5
suricata-4.1.0-beta1
suricata-4.0.4
suricata-4.0.3
suricata-4.0.2
suricata-3.2.5
suricata-4.0.1
suricata-3.2.4
suricata-4.0.0
suricata-4.0.0-rc2
suricata-3.2.3
suricata-4.0.0-rc1
suricata-4.0.0-beta1
suricata-3.2.2
suricata-3.1.4
suricata-3.2.1
suricata-3.2
suricata-3.2RC1
suricata-3.1.3
suricata-3.2beta1
suricata-3.1.2
suricata-3.1.1
suricata-3.1
suricata-3.0.2
suricata-3.1RC1
suricata-3.0.1
suricata-3.0.1RC1
suricata-3.0
suricata-2.0.11
suricata-3.0RC3
suricata-3.0RC2
suricata-3.0RC1
suricata-2.0.10
suricata-2.0.9
suricata-2.1beta4
suricata-2.0.8
suricata-2.0.7
suricata-2.1beta3
suricata-2.0.6
suricata-2.0.5
suricata-2.1beta2
suricata-2.0.4
suricata-2.1beta1
suricata-2.0.3
suricata-2.0.2
suricata-2.0.1
suricata-2.0.1rc1
suricata-2.0
suricata-2.0rc3
suricata-2.0rc2
suricata-2.0rc1
suricata-2.0beta2
suricata-1.4.7
suricata-1.4.6
suricata-1.4.5
suricata-2.0beta1
suricata-1.4.4
suricata-1.4.3
suricata-1.4.2
suricata-1.4.1
suricata-1.3.6
suricata-1.4
suricata-1.3.5
suricata-1.4rc1
suricata-1.3.4
suricata-1.4beta3
suricata-1.3.3
suricata-1.4beta2
suricata-1.3.2
suricata-1.4beta1
suricata-1.3.1
suricata-1.3
suricata-1.3rc1
suricata-1.3beta2
suricata-1.3beta1
suricata-1.2.1
suricata-1.2
suricata-1.2rc1
suricata-1.2beta1
suricata-1.1.1
suricata-0.8.2
suricata-1.0.0
suricata-1.0.1
suricata-1.0.2
suricata-1.0.3
suricata-1.0.4
suricata-1.0.5
suricata-1.1
suricata-1.1beta1
suricata-1.1beta2
suricata-1.1beta3
suricata-1.1rc1
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '03da49bfaa'
${ noResults }
Commit Graph

10403 Commits (03da49bfaa62a6901ab29058b3e991b2d4ae10ec)
 

Author SHA1 Message Date
Jason Ish 03da49bfaa suricata-update: don't install if requirements not met 
Don't try to run suricata-update if its not installed.

The 'make install-rules' target would try to run suricata-update
when it was detected that it was bundled, but didn't consider
if suricata-update was actually installed.
 5 years ago
Victor Julien d19ded6c43 stream: fix progress for min_inspect_depth 
Make sure progress don't exceed raw_progress.
 5 years ago
Victor Julien 5f15e7c6a4 smtp: implement min_inspect_depth logic 
Implement min_inspect_depth for SMTP so that file_data and
regular stream matches don't go out of sync on the stream start.

Added toserver bytes tracking.

Bug #3190.
 5 years ago
Victor Julien 58e48bcb87 debug: make it easier to trace flush logic 5 years ago
Victor Julien 728d19eaac configure: don't print ERROR if we don't exit 5 years ago
Victor Julien 876f05aa28 eve/dhcp: remove leftover template comments 5 years ago
Victor Julien 9716c24ba1 eve/alert: clean up proto metadata 
Use a switch statement to select the protocol specific function.
 5 years ago
Victor Julien f66e12f7af dns: rename rust files and funcs 5 years ago
Victor Julien 842037d327 jansson: remove explicit <jansson.h> includes 
Header is included from suricata-common.h
 5 years ago
Victor Julien edd2cd626f jansson: remove HAVE_LIBJANSSON guards 5 years ago
Victor Julien b4318a11e3 rust: remove build system HAVE_RUST guards 5 years ago
Victor Julien 5e9714e384 rust: remove all HAVE_RUST guards 5 years ago
Philippe Antoine 6921608673 http: updates suricata.yaml comments 
As well as the userguide documentation about suricata.yaml
 5 years ago
Jason Ish c44f82cf4c configure: fix python major version check on python 2.6 
Python 2.6 doesn't use a named tuple for the version info,
instead use the index of the major version which works
on Python 2.6 upwards.
 5 years ago
Jason Ish a3cdef2b4d rust: run tests with same features as build 
Cargo check wasn't being passed --features so could have a different
configuration than the build.
 5 years ago
Jason Ish 389272f4c7 rustup: handle rustup for sudo and su 
If rustup is in use, and a user uses sudo or su for the make
install, the install may fail with a "no default toolchain"
error.

To prevent this, detect at configure if rustup is being used,
then set RUSTUP_HOME for all calls to cargo.
 5 years ago
Jason Ish 1b6eee829f python: fixes for installing from path with spaces 
Related to Redmine issue:
https://redmine.openinfosecfoundation.org/issues/2668
 5 years ago
Jason Ish 6e981fd15a rust: fix build when source directory has spaces in it 
Redmine issue:
https://redmine.openinfosecfoundation.org/issues/2668
 5 years ago
Jason Ish a1ee536daa configure: no, followed by reason for python tools 
This:
  Install suricatactl:                     no, requires distutils
instead of this:
  Install suricatasc:                      requires distutils
 5 years ago
Jason Ish 109cf36866 configure: generic instructions for missing python modules 
Instead of telling the user what packages to install for missing
Python modules, give generic instructions about what module
needs to be installed.

It is getting tricky to get these package names correct
across distributions.
 5 years ago
Jason Ish 26dcef1290 suricata-update: build before install 
Run the Python build independent of install. Prevents files
in the tree becoming owned by root.
 5 years ago
Jason Ish c4b856ea99 configure: detect python major version 
For informational purposes only when notifying what Python
modules are required during ./configure.
 5 years ago
Jason Ish 00ad7a911f configure: don't detect python version 
Don't detect the Python version, it is not needed anyways,
all we need is the Python path.

Also, python2 --version prints to stderr, while python3
prints to stdout, leading to some odd output during
./configure (but fixable).
 5 years ago
Jason Ish 9111b9df57 doc: cleanup enging logging 
Attempt cleanup the engine logging a bit.

Also a include a verbatim excerpt of the default configuration
here for reference purposes.
 5 years ago
Jason Ish c97195bf0b doc: -v verbose option documentation update 
Update -v documentation to reflect the new behaviour discussed
in bug #1851 where -v changes the log level to fixed levels
instead of an offset of the default log level configured
in suricata.yaml.
 5 years ago
Jason Ish 8425259c88 help: better description for -v 
-v: be more verbose (use multiple times to increase verbosity)
 5 years ago
Jason Ish 71c53484ee logging: used fixed levels of verbosity for -v, -vv... 
Change the meaning of the verbosity flag to change the log
level to fixed levels instead of being relative to whats
configured.

-v    => INFO
-vv   => PERF
-vvv  => CONIFG
-vvvv => DEBUG

But do now allow -v to decrease the verbosity.

Bug #1851
 5 years ago
Jason Ish 89634b6508 logging: respect individual log levels 
The log level of individual loggers (console, file, syslog) was
being capped by the default log level. For example, if the
default log level was notice, setting the file level to info
would still result in notice level logging.

Bug #3210
 5 years ago
Konstantin Klinger 808ea0dba9 app-layer: remove obsolete msn protocol detection 5 years ago
Victor Julien 6d2bd6607e datasets: make clear the feature is experimental 5 years ago
Victor Julien ebecaca7ea eve/anomaly: enable by default 
Default config will only enable 'app-layer' type within the anomaly
logger.
 5 years ago
Victor Julien ea3d9c3230 htp: require 0.5.31 5 years ago
Victor Julien 514c7c1a04 yaml: minor improvements 5 years ago
Victor Julien cec8067001 yaml: clean up 'autofp-scheduler' option 5 years ago
Jeff Lucovsky d514a38913 log/anomaly: remove leading underscore from static var 5 years ago
Jeff Lucovsky 17c3e22ecd doc/eve.alert: Expand metadata description 5 years ago
Jeff Lucovsky 95879c0d5a logging/alert: Warn if metadata not selected 
Warn when HTTP body logging has been selected but applayer/metadata
logging is not configured.
 5 years ago
Jeff Lucovsky 883cad1a86 logging/anomaly: Clarify anomaly logging 
Clarify the description of the anomaly logging types.
 5 years ago
Jeff Lucovsky af615baaf7 logging/alert: Expand alert logging description 
Clarify the configuration requirements for alerts and http-body logging.
 5 years ago
Jeff Lucovsky 354074bac6 ftp: Handle malformed RETR/STOR 
Ensure that RETR (STOR) have a filename -- otherwise, treat the command
string as malformed.

Added unittests for each command and verified that SEGV's occur without
parser change and no longer occur with the parser change.
 5 years ago
Fabrice Fontaine 61becb29bf configure.ac: fix --disable-geoip 
$enableval should be used to know if the user has passed --enable-geoip
or --disable-geoip

Fixes:
 - http://autobuild.buildroot.org/results/a7a34f760ae5fe0922fdb720b8234dbcd85ed222

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
 5 years ago
Jason Ish 99d9e09599 config: install classification.config (and ref) to $datadir 
Install classification.config and reference.config to $datadir,
where they can be updated on every upgrade.

This required moving them into a sub-directory for autotools
to do its thing.

Redmine issue:
https://redmine.openinfosecfoundation.org/issues/3209
 5 years ago
Victor Julien 7609adb05d Revert "runmode: consider test mode a user mode" 
This reverts commit 6dca50a322.

The test mode should actually test in system mode by default as
that is what tools like Suricata-Update need before issuing a
reload command.
 5 years ago
Victor Julien 0771eb1e0e detect/ja3: print error for one rule only 
Use 'silent error' logic for any other rules using ja3 as well.
 5 years ago
Victor Julien 4d44ca7739 detect/parse: allow signature parsing to fail silently 
A sigmatches 'Setup' function may indicate it intends to fail
silently after the first error. It will return -2 instead of -1
in this case.

This is tracked in the DetectEngineCtx object, so errors will
be shown again at rule reloads.
 5 years ago
Victor Julien aa5a6ab5f1 detect/parser: minor cleanup 5 years ago
Victor Julien c582fd28d9 tls/ja3: allow 'auto' setting for ja3 5 years ago
Victor Julien ca5226f0c7 tls/ja3: try to enable ja3 if rule keywords need it 5 years ago
Victor Julien 29dcd98ed1 tls/ja3: add way to check active config 5 years ago
Victor Julien 788c9f8f11 tls/ja3: don't disable; allowing runtime enabling 5 years ago