From patchwork Fri Oct 17 11:09:24 2025
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Adolf Belka <adolf.belka@ipfire.org>
X-Patchwork-Id: 9214
Return-Path: <development+bounces-1226-patchwork=ipfire.org@lists.ipfire.org>
Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange x25519)
	(Client CN "mail01.haj.ipfire.org", Issuer "R13" (verified OK))
	by web04.haj.ipfire.org (Postfix) with ESMTPS id 4cp2CG244Gz3wb0
	for <patchwork@web04.haj.ipfire.org>; Fri, 17 Oct 2025 11:09:30 +0000 (UTC)
Received: from mail02.haj.ipfire.org (mail02.haj.ipfire.org [172.28.1.201])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange x25519)
	(Client CN "mail02.haj.ipfire.org", Issuer "E8" (verified OK))
	by mail01.ipfire.org (Postfix) with ESMTPS id 4cp2CF5Hb8z3t5
	for <patchwork@ipfire.org>; Fri, 17 Oct 2025 11:09:29 +0000 (UTC)
Received: from mail02.haj.ipfire.org (localhost [IPv6:::1])
	by mail02.haj.ipfire.org (Postfix) with ESMTP id 4cp2CF4Z0Cz2y5k
	for <patchwork@ipfire.org>; Fri, 17 Oct 2025 11:09:29 +0000 (UTC)
X-Original-To: development@lists.ipfire.org
Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange x25519 server-signature ECDSA (secp384r1) server-digest SHA384
	 client-signature RSA-PSS (4096 bits) client-digest SHA256)
	(Client CN "mail01.haj.ipfire.org", Issuer "R13" (verified OK))
	by mail02.haj.ipfire.org (Postfix) with ESMTPS id 4cp2CC0gM1z2xP7
	for <development@lists.ipfire.org>; Fri, 17 Oct 2025 11:09:27 +0000 (UTC)
Received: from [127.0.0.1] (localhost [127.0.0.1])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange x25519 server-signature RSA-PSS (4096 bits) server-digest
 SHA256)
	(No client certificate requested)
	by mail01.ipfire.org (Postfix) with ESMTPSA id 4cp2CB39K8ztr;
	Fri, 17 Oct 2025 11:09:26 +0000 (UTC)
DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=ipfire.org;
	s=202003ed25519; t=1760699366;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:cc:mime-version:mime-version:
	 content-transfer-encoding:content-transfer-encoding;
	bh=bD0SVhxlSmWCmNfNKz5vRr8J+0fIx3hpz0KdZcw79gM=;
	b=hy7kzMsoC4WW2cZ1XaX9xsb+4MorxSWSUQ8PsZE+h7DAYRbaD7qiLkrNLCIWEOgZkIb8Zr
	0E9YrZEq01KZPqBA==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ipfire.org;
 s=202003rsa;
	t=1760699366;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:cc:mime-version:mime-version:
	 content-transfer-encoding:content-transfer-encoding;
	bh=bD0SVhxlSmWCmNfNKz5vRr8J+0fIx3hpz0KdZcw79gM=;
	b=pgb1seo8iG8lCf1LHVlruKFvUjZ4czPonZiHtTdlt5nRP7ScWOU1qabWfUS+UB8xSWT5n7
	tR25n08fAPLidPuX8hNK4aAvIhY3Uy/yMu8TG3hhic7BLXxOxxYo51+k6NC8kWgszt2RrF
	slBNU38s1X9LD5fq41wg66qDFRhxlZ2+pWPc/BHt8EQjC7K+dqMTbFaB2CYMKbV5vxZ7z0
	x9ULkthGjciSUcz2LrkF5XgJ9q4HGGO9KYPaWdjZ/H0JsFfGwFAzr5GDjbAHssYqmwec/+
	lLgrg4uDbnbReMoF2JqL8IbtSWMOXnZUd+zrC+2wmxw7sGVhtXRlLfvZukySdw==
From: Adolf Belka <adolf.belka@ipfire.org>
To: development@lists.ipfire.org
Cc: Adolf Belka <adolf.belka@ipfire.org>
Subject: [PATCH v2] suricata: Support Zabbix requirements
Date: Fri, 17 Oct 2025 13:09:24 +0200
Message-ID: <20251017110924.3477775-1-adolf.belka@ipfire.org>
Precedence: list
List-Id: <development.lists.ipfire.org>
List-Subscribe: <https://lists.ipfire.org/>,
 <mailto:development+subscribe@lists.ipfire.org?subject=subscribe>
List-Unsubscribe: <https://lists.ipfire.org/>,
 <mailto:development+unsubscribe@lists.ipfire.org?subject=unsubscribe>
List-Post: <mailto:development@lists.ipfire.org>
List-Help: <mailto:development+help@lists.ipfire.org?subject=help>
Sender: <development@lists.ipfire.org>
Mail-Followup-To: <development@lists.ipfire.org>
MIME-Version: 1.0

- The Zabbix addon will use the unix socket and also the suricatasc tool.
- Update configure to enable unix-socket
- Update rootfile to uncomment suricatasc
- This v2 version also sets the unix socket to yes in suricata.yaml

Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
---
 config/rootfiles/common/suricata | 2 +-
 config/suricata/suricata.yaml    | 2 +-
 lfs/suricata                     | 3 ++-
 3 files changed, 4 insertions(+), 3 deletions(-)

diff --git a/config/rootfiles/common/suricata b/config/rootfiles/common/suricata
index 2bfc3babd..518920abd 100644
--- a/config/rootfiles/common/suricata
+++ b/config/rootfiles/common/suricata
@@ -3,7 +3,7 @@ etc/suricata/suricata.yaml
 usr/bin/suricata
 usr/bin/suricata-watcher
 #usr/bin/suricatactl
-#usr/bin/suricatasc
+usr/bin/suricatasc
 usr/sbin/convert-ids-backend-files
 #usr/share/doc/suricata
 #usr/share/doc/suricata/AUTHORS
diff --git a/config/suricata/suricata.yaml b/config/suricata/suricata.yaml
index 31c8d3897..dd3492eb6 100644
--- a/config/suricata/suricata.yaml
+++ b/config/suricata/suricata.yaml
@@ -1140,7 +1140,7 @@ runmode: workers
 # activated in live capture mode. You can use the filename variable to set
 # the file name of the socket.
 unix-command:
-  enabled: auto
+  enabled: yes
   #filename: custom.socket
 
 # Magic file. The extension .mgc is added to the value here.
diff --git a/lfs/suricata b/lfs/suricata
index e84c604c6..95403be78 100644
--- a/lfs/suricata
+++ b/lfs/suricata
@@ -83,7 +83,8 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
 		--with-libjansson-libraries=/usr/lib \
 		--with-libjansson-includes=/usr/include \
 		--disable-suricata-update \
-		--enable-rust
+		--enable-rust \
+		--enable-unix-socket
 
 	cd $(DIR_APP) && make $(MAKETUNING)
 	cd $(DIR_APP) && make install