suricata
suricata copied to clipboard
Published
20 hours ago •
OISF
OISF
security: prevents process creation
Link to redmine ticket: https://redmine.openinfosecfoundation.org/issues/5373
Describe changes:
- optionally calls
setrlimit(RLIMIT_NPROC, 0)to prevent process creation by Suricata process
Modifies #7858 with better doc
libhtp-pr: 366
Codecov Report
Merging #7862 (2c6689e) into master (fe91506) will decrease coverage by
0.05%. The diff coverage is75.00%.
@@ Coverage Diff @@
## master #7862 +/- ##
==========================================
- Coverage 75.99% 75.94% -0.06%
==========================================
Files 665 666 +1
Lines 185963 186003 +40
==========================================
- Hits 141327 141256 -71
- Misses 44636 44747 +111
| Flag | Coverage Δ | |
|---|---|---|
| fuzzcorpus | 60.45% <0.00%> (-0.40%) |
:arrow_down: |
| suricata-verify | 52.71% <75.00%> (+0.20%) |
:arrow_up: |
| unittests | 60.68% <0.00%> (-0.02%) |
:arrow_down: |
Flags with carried forward coverage won't be shown. Click here to find out more.
![codecov[bot] avatar](https://avatars.githubusercontent.com/in/254?v=4 "Published by a pub.dev verified publisher"){kind=small}
Information:
ERROR: QA failed on tlpw1_files_sha256.
| field | baseline | test | % |
|---|---|---|---|
| tlpw1_stats_chk | |||
| .app_layer.error.http.parser | 64 | 47 | 73.44% |
| tlpr1_stats_chk | |||
| .app_layer.error.http.parser | 1548 | 1103 | 71.25% |
| generic_stats_chk | |||
| .capture.kernel_drops | 0 | 75424 | - |
| .flow.end.tcp_state.syn_sent | 0 | 161 | - |
| .flow.end.tcp_state.fin_wait1 | 0 | 36 | - |
| .flow.end.tcp_state.fin_wait2 | 0 | 8 | - |
| .flow.end.tcp_state.time_wait | 0 | 7 | - |
| .flow.end.tcp_state.last_ack | 0 | 5 | - |
| .flow.end.tcp_state.close_wait | 0 | 37 | - |
| .tcp.reassembly_gap | 80952 | 90337 | 111.59% |
| .app_layer.error.http.parser | 0 | 10 | - |
| .app_layer.error.ftp.gap | 0 | 1 | - |
| .app_layer.error.smtp.gap | 0 | 20 | - |
| .app_layer.error.dcerpc_tcp.parser | 0 | 10 | - |
Pipeline 9204
