suricata icon indicating copy to clipboard operation
suricata copied to clipboard

Published 20 hours ago verified publisher icon OISF

config: explicitly enable rdp and sip protocols v1

Open Syoc opened this issue 2 years ago • 6 comments

Make sure these boxes are signed before submitting your Pull Request -- thank you.

  • [X] I have read the contributing guide lines at https://redmine.openinfosecfoundation.org/projects/suricata/wiki/Contributing
  • [X] I have signed the Open Information Security Foundation contribution agreement at https://suricata.io/about/contribution-agreement/
  • [X] I have updated the user guide (in doc/userguide/) to reflect the changes made (if applicable)

Link to redmine ticket: https://redmine.openinfosecfoundation.org/issues/5299

Describe changes:

Explicitly enable rdp and sip protocols in suricata.yaml so we don't get warnings from validation of default config.

#suricata-verify-pr: #suricata-verify-repo: #suricata-verify-branch: #suricata-update-pr: #suricata-update-repo: #suricata-update-branch: #libhtp-pr: #libhtp-repo: #libhtp-branch:

Syoc avatar Apr 27 '22 16:04 Syoc

Codecov Report

Merging #7327 (1974ea0) into master (4bb0096) will decrease coverage by 0.01%. The diff coverage is n/a.

@@            Coverage Diff             @@
##           master    #7327      +/-   ##
==========================================
- Coverage   75.85%   75.83%   -0.02%     
==========================================
  Files         656      656              
  Lines      190065   190066       +1     
==========================================
- Hits       144171   144141      -30     
- Misses      45894    45925      +31
Flag Coverage Δ
fuzzcorpus 60.43% <ø> (-0.08%) :arrow_down:
suricata-verify 51.59% <ø> (+0.03%) :arrow_up:
unittests 61.00% <ø> (-0.02%) :arrow_down:

Flags with carried forward coverage won't be shown. Click here to find out more.

codecov[bot] avatar Apr 27 '22 17:04 codecov[bot]

Please create a redmine ticket demonstrating the issue you're observing. With current master and a default suricata.yaml file, I'm not observing any issues when running src/suricata -c suricata.yaml -T

Perhaps the rules file you're using requires sip and since that's not enabled by default, you're seeing issues?

jlucovsky avatar Apr 27 '22 18:04 jlucovsky

Woops. Edited the link saying redmine. My bad. Can't really find any use of sip or rdp keywords in the rule set I'm using. Description in the redmine ticket should be reproducible.

Syoc avatar Apr 27 '22 18:04 Syoc

So this issue only affects the master-6.0.x branch so shouldn't be considered against master. Its more of a if you don't deal with this now, things might break for you in 7. Maybe explicitly enabling these in the 6.0.x branch is the best thing to do. Won't help with users upgrading from 6.0.5 and older. They'll all get this message.

jasonish avatar Apr 27 '22 18:04 jasonish

I understand. I just think warnings from a default config unnecessary. I can make a new pull request against master-6.0.x if there is interest.

Syoc avatar Apr 27 '22 20:04 Syoc

I understand. I just think warnings from a default config unnecessary. I can make a new pull request against master-6.0.x if there is interest.

Thanks for clarifying things.

One thing to note that while noisy, -T is still successful with the default configuration.

jlucovsky avatar Apr 28 '22 11:04 jlucovsky

Closing as master is right from what I understand and master-6.0.x must be targeted Put a reference to this PR in the ticket

catenacyber avatar Dec 26 '22 16:12 catenacyber