Message ID | 20230731204617.1411345-1-adolf.belka@ipfire.org |
---|---|
State | Dropped |
Headers |
Return-Path: <development-bounces@lists.ipfire.org> Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (secp384r1) client-signature ECDSA (secp384r1)) (Client CN "mail01.haj.ipfire.org", Issuer "R3" (verified OK)) by web04.haj.ipfire.org (Postfix) with ESMTPS id 4RF9JP3WnHz3wkQ for <patchwork@web04.haj.ipfire.org>; Mon, 31 Jul 2023 20:46:29 +0000 (UTC) Received: from mail02.haj.ipfire.org (mail02.haj.ipfire.org [172.28.1.201]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (secp384r1) client-signature ECDSA (secp384r1)) (Client CN "mail02.haj.ipfire.org", Issuer "R3" (verified OK)) by mail01.ipfire.org (Postfix) with ESMTPS id 4RF9JL05b6zd6; Mon, 31 Jul 2023 20:46:25 +0000 (UTC) Received: from mail02.haj.ipfire.org (localhost [127.0.0.1]) by mail02.haj.ipfire.org (Postfix) with ESMTP id 4RF9JK5bcSz2ykT; Mon, 31 Jul 2023 20:46:25 +0000 (UTC) Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) client-signature ECDSA (P-384)) (Client CN "mail01.haj.ipfire.org", Issuer "R3" (verified OK)) by mail02.haj.ipfire.org (Postfix) with ESMTPS id 4RF9JJ3gy1z2ySr for <development@lists.ipfire.org>; Mon, 31 Jul 2023 20:46:24 +0000 (UTC) Received: from [127.0.0.1] (localhost [127.0.0.1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (secp384r1) server-digest SHA384) (No client certificate requested) by mail01.ipfire.org (Postfix) with ESMTPSA id 4RF9JF6366zSr; Mon, 31 Jul 2023 20:46:21 +0000 (UTC) DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003ed25519; t=1690836381; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding; bh=bO1kLlGhfgIvz2loCoI8xrjDe4ZBLBeEKMlbfYOtX4E=; b=yA8KveCw41nY65As0emI7oz2QWZD92CzoHnPkhEd26HLhJYAEsxrWnChqxeDBNZz/dYS5o wjiuuWlHPUzJfqAA== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003rsa; t=1690836381; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding; bh=bO1kLlGhfgIvz2loCoI8xrjDe4ZBLBeEKMlbfYOtX4E=; b=qnaTKO/wospNfzkyFpRoTWf3OMncTEnrEqMvRDM6Sh03v9n4sXx11D5XIIcrO/6vAHj+pe urohWUwNlJeSJWtA8jAocPcpyD2zinAn7cEiWVXugVzUn2S8XVvlQTh2VkSL7QIeapKn3i ONynFDGq6eIUpl7h+0xQZTJgB+E+m+OABTK55PcLC3EYjhZ1w5PxB7Uw5NhxyV2MO4dbmT 2YiRMrshKXfEkrwPY64PoJO3bsRyvxohdyghLCG0OzmSCTPTvRHZzDbI8MOEy0LX0F1LAT H4kLSb+A7tvQZnlrR4sv7wFr1iW9a0fvTllyvUAM5jqxVLxD5qlN558/c6pSBw== From: Adolf Belka <adolf.belka@ipfire.org> To: development@lists.ipfire.org Subject: [PATCH] ids-functions.pl: Fixes bug#13203 - snort community rules not extracted Date: Mon, 31 Jul 2023 22:46:17 +0200 Message-ID: <20230731204617.1411345-1-adolf.belka@ipfire.org> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-BeenThere: development@lists.ipfire.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: IPFire development talk <development.lists.ipfire.org> List-Unsubscribe: <https://lists.ipfire.org/mailman/options/development>, <mailto:development-request@lists.ipfire.org?subject=unsubscribe> List-Archive: <http://lists.ipfire.org/pipermail/development/> List-Post: <mailto:development@lists.ipfire.org> List-Help: <mailto:development-request@lists.ipfire.org?subject=help> List-Subscribe: <https://lists.ipfire.org/mailman/listinfo/development>, <mailto:development-request@lists.ipfire.org?subject=subscribe> Errors-To: development-bounces@lists.ipfire.org Sender: "Development" <development-bounces@lists.ipfire.org> |
Series |
ids-functions.pl: Fixes bug#13203 - snort community rules not extracted
|
|
Commit Message
Adolf Belka
July 31, 2023, 8:46 p.m. UTC
- The snort top level directory in the archive has been changed from community.rules to snort3-community.rules so the regex no longer finds the tarball to extract. - Modified the regex to include the current snort naming for the top level archive directory Fixes: Bug#13203 Tested-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> --- config/cfgroot/ids-functions.pl | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)
Comments
Reviewed-by: Bernhard Bitsch <bbitsch@ipfire.org> Am 31.07.2023 um 22:46 schrieb Adolf Belka: > - The snort top level directory in the archive has been changed from community.rules > to snort3-community.rules so the regex no longer finds the tarball to extract. > - Modified the regex to include the current snort naming for the top level archive directory > > Fixes: Bug#13203 > Tested-by: Adolf Belka <adolf.belka@ipfire.org> > Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> > --- > config/cfgroot/ids-functions.pl | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/config/cfgroot/ids-functions.pl b/config/cfgroot/ids-functions.pl > index d97431b4a..f2b2ffc58 100644 > --- a/config/cfgroot/ids-functions.pl > +++ b/config/cfgroot/ids-functions.pl > @@ -572,7 +572,7 @@ sub extractruleset ($) { > # Handle rules files. > } elsif ($file =~ m/\.rules$/) { > # Skip rule files which are not located in the rules directory or archive root. > - next unless(($packed_file =~ /^rules\//) || ($packed_file =~ /^$provider-rules\//) || ($packed_file !~ /\//)); > + next unless(($packed_file =~ /^rules\//) || ($packed_file =~ /^$provider-rules\//) || ($packed_file =~ /^snort3-$provider-rules\//) || ($packed_file !~ /\//)); > > # Skip deleted.rules. > #
Hi All, Please note that I have dropped this patch in Patchwork as on its own it does not fully solve the problem in bug#13203 It allows the snort community rules file to be extracted and placed into /var/lib/suricata and it can then be selected in the customise rules table. However every signature in this rules file then fails when parsed by suricata and so none of them end up loaded. So something else is different and an additional modification is still needed. Regards, Adolf. On 01/08/2023 12:10, Bernhard Bitsch wrote: > Reviewed-by: Bernhard Bitsch <bbitsch@ipfire.org> > > Am 31.07.2023 um 22:46 schrieb Adolf Belka: >> - The snort top level directory in the archive has been changed from >> community.rules >> to snort3-community.rules so the regex no longer finds the tarball >> to extract. >> - Modified the regex to include the current snort naming for the top >> level archive directory >> >> Fixes: Bug#13203 >> Tested-by: Adolf Belka <adolf.belka@ipfire.org> >> Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> >> --- >> config/cfgroot/ids-functions.pl | 2 +- >> 1 file changed, 1 insertion(+), 1 deletion(-) >> >> diff --git a/config/cfgroot/ids-functions.pl >> b/config/cfgroot/ids-functions.pl >> index d97431b4a..f2b2ffc58 100644 >> --- a/config/cfgroot/ids-functions.pl >> +++ b/config/cfgroot/ids-functions.pl >> @@ -572,7 +572,7 @@ sub extractruleset ($) { >> # Handle rules files. >> } elsif ($file =~ m/\.rules$/) { >> # Skip rule files which are not located in the rules >> directory or archive root. >> - next unless(($packed_file =~ /^rules\//) || >> ($packed_file =~ /^$provider-rules\//) || ($packed_file !~ /\//)); >> + next unless(($packed_file =~ /^rules\//) || >> ($packed_file =~ /^$provider-rules\//) || ($packed_file =~ >> /^snort3-$provider-rules\//) || ($packed_file !~ /\//)); >> # Skip deleted.rules. >> #
diff --git a/config/cfgroot/ids-functions.pl b/config/cfgroot/ids-functions.pl index d97431b4a..f2b2ffc58 100644 --- a/config/cfgroot/ids-functions.pl +++ b/config/cfgroot/ids-functions.pl @@ -572,7 +572,7 @@ sub extractruleset ($) { # Handle rules files. } elsif ($file =~ m/\.rules$/) { # Skip rule files which are not located in the rules directory or archive root. - next unless(($packed_file =~ /^rules\//) || ($packed_file =~ /^$provider-rules\//) || ($packed_file !~ /\//)); + next unless(($packed_file =~ /^rules\//) || ($packed_file =~ /^$provider-rules\//) || ($packed_file =~ /^snort3-$provider-rules\//) || ($packed_file !~ /\//)); # Skip deleted.rules. #