From: Stefan Schantl <stefan.schantl@ipfire.org>
Date: Wed, 29 Aug 2018 10:34:08 +0000 (+0200)
Subject: suricata: Rule files are now located in /var/lib/suricata
X-Git-Tag: v2.23-core131~117^2~156
X-Git-Url: http://git.ipfire.org/?p=ipfire-2.x.git;a=commitdiff_plain;h=21cab141ec018b885abf2849b82acb22684f0c80

suricata: Rule files are now located in /var/lib/suricata

Place the rulefiles from now in "/var/lib/suricata".

Fixes #11834

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
---

diff --git a/config/cfgroot/ids-functions.pl b/config/cfgroot/ids-functions.pl
index a514d79893..3f6cb3ee2e 100644
--- a/config/cfgroot/ids-functions.pl
+++ b/config/cfgroot/ids-functions.pl
@@ -35,7 +35,7 @@ our $rulestarball = "/var/tmp/idsrules.tar.gz";
 our $storederrorfile = "/tmp/ids_storederror";
 
 # Location where the rulefiles are stored.
-our $rulespath = "/etc/suricata/rules";
+our $rulespath = "/var/lib/suricata";
 
 # File which contains a list of all supported ruleset sources.
 # (Sourcefire, Emergingthreads, etc..)
diff --git a/config/rootfiles/common/suricata b/config/rootfiles/common/suricata
index 0a4d9c3a47..98504c46fa 100644
--- a/config/rootfiles/common/suricata
+++ b/config/rootfiles/common/suricata
@@ -1,8 +1,4 @@
 etc/suricata
-#etc/suricata/rules
-etc/suricata/rules/classification.config
-etc/suricata/rules/reference.config
-etc/suricata/rules/threshold.config
 etc/suricata/suricata.yaml
 usr/bin/suricata
 #usr/bin/suricatasc
@@ -43,6 +39,10 @@ usr/bin/suricata
 #usr/share/doc/suricata/Ubuntu_Installation_from_GIT.txt
 #usr/share/doc/suricata/Windows.txt
 #usr/share/man/man1/suricata.1
+#var/lib/suricata
+var/lib/suricata/classification.config
+var/lib/suricata/reference.config
+var/lib/suricata/threshold.config
 var/log/suricata
 #var/log/suricata/certs
 #var/log/suricata/files
diff --git a/config/suricata/suricata.yaml b/config/suricata/suricata.yaml
index 94e488cd17..54e7e519c0 100644
--- a/config/suricata/suricata.yaml
+++ b/config/suricata/suricata.yaml
@@ -40,14 +40,14 @@ vars:
 ##
 ## Ruleset specific options.
 ##
-default-rule-path: /etc/suricata/rules
+default-rule-path: /var/lib/suricata
 rule-files:
     # Include enabled ruleset files from external file.
     include: /var/ipfire/suricata/suricata-used-rulefiles.yaml
 
-classification-file: /etc/suricata/rules/classification.config
-reference-config-file: /etc/suricata/rules/reference.config
-# threshold-file: /etc/suricata/threshold.config
+classification-file: /var/lib/suricata/classification.config
+reference-config-file: /var/lib/suricata/reference.config
+# threshold-file: /var/lib/suricata/threshold.config
 
 
 ##
diff --git a/lfs/suricata b/lfs/suricata
index ca234549ea..3cabd73c8e 100644
--- a/lfs/suricata
+++ b/lfs/suricata
@@ -88,8 +88,16 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
 
 	# Install IPFire related config file.
 	install -m 0644 $(DIR_SRC)/config/suricata/suricata.yaml /etc/suricata
-	-mkdir -p /etc/suricata/rules
-	mv /etc/suricata/*.config /etc/suricata/rules/
+
+	# Create emtpy rules directory.
+	-mkdir -p /var/lib/suricata
+
+	# Move config files for references, threshold and classification
+	# to the rules directory.
+	mv /etc/suricata/*.config /var/lib/suricata
+
+	# Create logging directory.
 	-mkdir -p /var/log/suricata
+
 	@rm -rf $(DIR_APP)
 	@$(POSTBUILD)
diff --git a/src/misc-progs/suricatactrl.c b/src/misc-progs/suricatactrl.c
index cc674e0f50..00f861ba34 100644
--- a/src/misc-progs/suricatactrl.c
+++ b/src/misc-progs/suricatactrl.c
@@ -32,7 +32,7 @@ int main(int argc, char *argv[]) {
 	} else if (strcmp(argv[1], "reload") == 0) {
 		safe_system("/etc/rc.d/init.d/suricata reload");
 	} else if (strcmp(argv[1], "fix-rules-dir") == 0) {
-		safe_system("chown -R nobody:nobody /etc/suricata/rules/");
+		safe_system("chown -R nobody:nobody /var/lib/suricata");
 	} else {
 		fprintf(stderr, "\nBad argument given.\n\nsuricatactrl (start|stop|restart|reload)\n\n");
 		exit(1);