suricata
suricata copied to clipboard
OISF
security: prevents process creation
Link to redmine ticket: https://redmine.openinfosecfoundation.org/issues/5373
Describe changes:
- optionally calls
setrlimit(RLIMIT_NPROC, 0)to prevent process creation by Suricata process
Modifies #7448 by excluding windows which does not have setrlimit
Codecov Report
Merging #7458 (7dada0f) into master (43d28f2) will decrease coverage by
0.01%. The diff coverage is85.71%.
@@ Coverage Diff @@
## master #7458 +/- ##
==========================================
- Coverage 75.88% 75.86% -0.02%
==========================================
Files 657 657
Lines 189473 189474 +1
==========================================
- Hits 143775 143743 -32
- Misses 45698 45731 +33
| Flag | Coverage Δ | |
|---|---|---|
| fuzzcorpus | 60.51% <0.00%> (-0.09%) |
:arrow_down: |
| suricata-verify | 52.00% <85.71%> (+0.02%) |
:arrow_up: |
| unittests | 60.89% <0.00%> (-0.01%) |
:arrow_down: |
Flags with carried forward coverage won't be shown. Click here to find out more.
![codecov[bot] avatar](https://avatars.githubusercontent.com/in/254?v=4 "Published by a pub.dev verified publisher"){kind=small}
Would this also prevent new threads to be created? Thinking about rule reloads
ERROR:
ERROR: QA failed on tlpw1_files_sha256.
ERROR: QA failed on tlpr1_alerts_cmp.
Pipeline 7650
Would this also prevent new threads to be created? Thinking about rule reloads
Tried rule reload and got
[9124] 3/6/2022 -- 10:24:14 - (detect-engine.c:4510) <Notice> (DetectEngineReload) -- rule reload complete
So, looks good, right ?
ERROR:
ERROR: QA failed on tlpw1_files_sha256.
ERROR: QA failed on tlpr1_alerts_cmp.
Pipeline 7650 WARNING: THERE IS A KNOWN BAD BASELINE WITH PACKET DROPS. bE MINDFUL OF ANY RESULTS.