suricata
suricata copied to clipboard
security: prevents process creation
Link to redmine ticket: https://redmine.openinfosecfoundation.org/issues/5373
Describe changes:
- optionally calls
setrlimit(RLIMIT_NPROC, 0)
to prevent process creation by Suricata process
Modifies #7448 by excluding windows which does not have setrlimit
Codecov Report
Merging #7458 (7dada0f) into master (43d28f2) will decrease coverage by
0.01%
. The diff coverage is85.71%
.
@@ Coverage Diff @@
## master #7458 +/- ##
==========================================
- Coverage 75.88% 75.86% -0.02%
==========================================
Files 657 657
Lines 189473 189474 +1
==========================================
- Hits 143775 143743 -32
- Misses 45698 45731 +33
Flag | Coverage Δ | |
---|---|---|
fuzzcorpus | 60.51% <0.00%> (-0.09%) |
:arrow_down: |
suricata-verify | 52.00% <85.71%> (+0.02%) |
:arrow_up: |
unittests | 60.89% <0.00%> (-0.01%) |
:arrow_down: |
Flags with carried forward coverage won't be shown. Click here to find out more.
Would this also prevent new threads to be created? Thinking about rule reloads
ERROR:
ERROR: QA failed on tlpw1_files_sha256.
ERROR: QA failed on tlpr1_alerts_cmp.
Pipeline 7650
Would this also prevent new threads to be created? Thinking about rule reloads
Tried rule reload and got
[9124] 3/6/2022 -- 10:24:14 - (detect-engine.c:4510) <Notice> (DetectEngineReload) -- rule reload complete
So, looks good, right ?
ERROR:
ERROR: QA failed on tlpw1_files_sha256.
ERROR: QA failed on tlpr1_alerts_cmp.
Pipeline 7650 WARNING: THERE IS A KNOWN BAD BASELINE WITH PACKET DROPS. bE MINDFUL OF ANY RESULTS.
Replaced by https://github.com/OISF/suricata/pull/7842