suricata
suricata copied to clipboard
security: prevents process creation
Link to redmine ticket: https://redmine.openinfosecfoundation.org/issues/5373
Describe changes:
- optionally calls
setrlimit(RLIMIT_NPROC, 0)
to prevent process creation by Suricata process
Modifies #7858 with better doc
libhtp-pr: 366
Codecov Report
Merging #7862 (2c6689e) into master (fe91506) will decrease coverage by
0.05%
. The diff coverage is75.00%
.
@@ Coverage Diff @@
## master #7862 +/- ##
==========================================
- Coverage 75.99% 75.94% -0.06%
==========================================
Files 665 666 +1
Lines 185963 186003 +40
==========================================
- Hits 141327 141256 -71
- Misses 44636 44747 +111
Flag | Coverage Δ | |
---|---|---|
fuzzcorpus | 60.45% <0.00%> (-0.40%) |
:arrow_down: |
suricata-verify | 52.71% <75.00%> (+0.20%) |
:arrow_up: |
unittests | 60.68% <0.00%> (-0.02%) |
:arrow_down: |
Flags with carried forward coverage won't be shown. Click here to find out more.
Information:
ERROR: QA failed on tlpw1_files_sha256.
field | baseline | test | % |
---|---|---|---|
tlpw1_stats_chk | |||
.app_layer.error.http.parser | 64 | 47 | 73.44% |
tlpr1_stats_chk | |||
.app_layer.error.http.parser | 1548 | 1103 | 71.25% |
generic_stats_chk | |||
.capture.kernel_drops | 0 | 75424 | - |
.flow.end.tcp_state.syn_sent | 0 | 161 | - |
.flow.end.tcp_state.fin_wait1 | 0 | 36 | - |
.flow.end.tcp_state.fin_wait2 | 0 | 8 | - |
.flow.end.tcp_state.time_wait | 0 | 7 | - |
.flow.end.tcp_state.last_ack | 0 | 5 | - |
.flow.end.tcp_state.close_wait | 0 | 37 | - |
.tcp.reassembly_gap | 80952 | 90337 | 111.59% |
.app_layer.error.http.parser | 0 | 10 | - |
.app_layer.error.ftp.gap | 0 | 1 | - |
.app_layer.error.smtp.gap | 0 | 20 | - |
.app_layer.error.dcerpc_tcp.parser | 0 | 10 | - |
Pipeline 9204
Waits for CI fix cf https://github.com/OISF/suricata/pull/7871
Replaced by https://github.com/OISF/suricata/pull/7914