suricata: Set correct ownership for default rules file.

[people/pmueller/ipfire-2.x.git] / lfs / suricata

diff --git a/lfs/suricata b/lfs/suricata
index 96c2b33fe45833e2181bdaafdad62f7a17caacf0..a870e3668c63216096e02dc9a6221c146d9ce10a 100644 (file)
--- a/lfs/suricata
+++ b/lfs/suricata
@@ -71,6 +71,7 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
        @$(PREBUILD)
        @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar zxf $(DIR_DL)/$(DL_FILE)
        cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/suricata-5.0-stream-tcp-Handle-retransmitted-SYN-with-TSval.patch
+       cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/suricata-disable-sid-2210059.patch
        cd $(DIR_APP) && LDFLAGS="$(LDFLAGS)" ./configure \
                --prefix=/usr \
                --sysconfdir=/etc \
@@ -99,15 +100,19 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
        # Install yaml file for loading default rules.
        install -m 0664 $(DIR_SRC)/config/suricata/suricata-default-rules.yaml /var/ipfire/suricata
 
+       # Set correct ownership for the default rules file.
+       chown nobody:nobody /var/ipfire/suricata/suricata-default-rules.yaml
+
        # Create emtpy rules directory.
        -mkdir -p /var/lib/suricata
 
        # Move config files for references, threshold and classification
        # to the rules directory.
-       mv /etc/suricata/*.config /var/lib/suricata
+       rm -rfv /etc/suricata/*.config
 
-       # Set correct permissions for the files.
-       chmod 644 /var/lib/suricata/*.config
+       # Set correct ownership for the classifiction config file.
+       # (File has to be writeable for the nobody user)
+       chown nobody:nobody /usr/share/suricata/classification.config
 
        # Set correct ownership for /var/lib/suricata and the
        # contained files