suricata: Rule files are now located in /var/lib/suricata

Place the rulefiles from now in "/var/lib/suricata".

Fixes #11834

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>

diff --git a/config/cfgroot/ids-functions.pl b/config/cfgroot/ids-functions.pl
index a514d79893cc7029c7213798d490fb9840e52e0d..3f6cb3ee2edf8312672163f47e028db5286f34d6 100644 (file)
--- a/config/cfgroot/ids-functions.pl
+++ b/config/cfgroot/ids-functions.pl
@@ -35,7 +35,7 @@ our $rulestarball = "/var/tmp/idsrules.tar.gz";
 our $storederrorfile = "/tmp/ids_storederror";
 
 # Location where the rulefiles are stored.
-our $rulespath = "/etc/suricata/rules";
+our $rulespath = "/var/lib/suricata";
 
 # File which contains a list of all supported ruleset sources.
 # (Sourcefire, Emergingthreads, etc..)

diff --git a/config/rootfiles/common/suricata b/config/rootfiles/common/suricata
index 0a4d9c3a47a2f70f9fb47480d53816761ae4f172..98504c46fa809535aa5828d7047c1862497f8587 100644 (file)
--- a/config/rootfiles/common/suricata
+++ b/config/rootfiles/common/suricata
@@ -1,8 +1,4 @@
 etc/suricata
-#etc/suricata/rules
-etc/suricata/rules/classification.config
-etc/suricata/rules/reference.config
-etc/suricata/rules/threshold.config
 etc/suricata/suricata.yaml
 usr/bin/suricata
 #usr/bin/suricatasc
@@ -43,6 +39,10 @@ usr/bin/suricata
 #usr/share/doc/suricata/Ubuntu_Installation_from_GIT.txt
 #usr/share/doc/suricata/Windows.txt
 #usr/share/man/man1/suricata.1
+#var/lib/suricata
+var/lib/suricata/classification.config
+var/lib/suricata/reference.config
+var/lib/suricata/threshold.config
 var/log/suricata
 #var/log/suricata/certs
 #var/log/suricata/files

diff --git a/config/suricata/suricata.yaml b/config/suricata/suricata.yaml
index 94e488cd173d49738a88682c4e299abd7b93b574..54e7e519c0ab8c5f8206b3ca09174bd9d6b0bd36 100644 (file)
--- a/config/suricata/suricata.yaml
+++ b/config/suricata/suricata.yaml
@@ -40,14 +40,14 @@ vars:
 ##
 ## Ruleset specific options.
 ##
-default-rule-path: /etc/suricata/rules
+default-rule-path: /var/lib/suricata
 rule-files:
     # Include enabled ruleset files from external file.
     include: /var/ipfire/suricata/suricata-used-rulefiles.yaml
 
-classification-file: /etc/suricata/rules/classification.config
-reference-config-file: /etc/suricata/rules/reference.config
-# threshold-file: /etc/suricata/threshold.config
+classification-file: /var/lib/suricata/classification.config
+reference-config-file: /var/lib/suricata/reference.config
+# threshold-file: /var/lib/suricata/threshold.config
 
 
 ##

diff --git a/lfs/suricata b/lfs/suricata
index ca234549eabc1c4c14c73f2f2581d5e32225f1a2..3cabd73c8ecd3d8178e375480c6493a51b0c4552 100644 (file)
--- a/lfs/suricata
+++ b/lfs/suricata
@@ -88,8 +88,16 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
 
        # Install IPFire related config file.
        install -m 0644 $(DIR_SRC)/config/suricata/suricata.yaml /etc/suricata
-       -mkdir -p /etc/suricata/rules
-       mv /etc/suricata/*.config /etc/suricata/rules/
+
+       # Create emtpy rules directory.
+       -mkdir -p /var/lib/suricata
+
+       # Move config files for references, threshold and classification
+       # to the rules directory.
+       mv /etc/suricata/*.config /var/lib/suricata
+
+       # Create logging directory.
        -mkdir -p /var/log/suricata
+
        @rm -rf $(DIR_APP)
        @$(POSTBUILD)

diff --git a/src/misc-progs/suricatactrl.c b/src/misc-progs/suricatactrl.c
index cc674e0f50567051fc2880014d6f3d5e159f31c6..00f861ba3463e7af39071d022293f27afbd6f31d 100644 (file)
--- a/src/misc-progs/suricatactrl.c
+++ b/src/misc-progs/suricatactrl.c
@@ -32,7 +32,7 @@ int main(int argc, char *argv[]) {
        } else if (strcmp(argv[1], "reload") == 0) {
                safe_system("/etc/rc.d/init.d/suricata reload");
        } else if (strcmp(argv[1], "fix-rules-dir") == 0) {
-               safe_system("chown -R nobody:nobody /etc/suricata/rules/");
+               safe_system("chown -R nobody:nobody /var/lib/suricata");
        } else {
                fprintf(stderr, "\nBad argument given.\n\nsuricatactrl (start|stop|restart|reload)\n\n");
                exit(1);