# May be overrided by the --reload-command command line option.
#reload-command: sudo systemctl reload suricata
-# Remote rule sources.
+# Remote rule sources. Simply a list of URLs.
sources:
- # Emerging Threats Open
- - source: etopen
- # Emerging Threats Pro
- - source: etpro
- code: xxxxx
- # A URL
- - source: url
- url: https://sslbl.abuse.ch/blacklist/sslblacklist.rules
+ # Emerging Threats Open with the Suricata version dynamically replaced.
+ - https://rules.emergingthreats.net/open/suricata-%(__version__)s/emerging.rules.tar.gz
+ # The SSL blacklist, which is just a standalone rule file.
+ - https://sslbl.abuse.ch/blacklist/sslblacklist.rules
# A list of local rule sources. Each entry can be a rule file, a
# directory or a wild card specification.
urls.append(url)
if config.get("sources"):
- for source in config.get("sources"):
- source_name = None
- if "source" in source :
- source_name = source["source"]
- else:
- logger.error("Source is missing the \"source\" field.")
- continue
-
- if source_name == "url":
- urls.append(source["url"])
- elif source_name == "etopen":
- urls.append(resolve_etopen_url(suricata_version))
- else:
- logger.error(
- "Unknown source: %s; "
- "try running suricata-update update-sources",
- source["source"])
-
- # If no URLs, default to ET/Open.
- if not urls:
- logger.info("No sources configured, will use Emerging Threats Open")
- urls.append(resolve_etopen_url(suricata_version))
+ for url in config.get("sources"):
+ url = url % internal_params
+ logger.debug("Adding source %s.", url)
+ urls.append(url)
- # If --etopen is on the command line, make sure its added.
- if config.get("etopen"):
+ # If --etopen is on the command line, make sure its added. Or if
+ # there are no URLs, default to ET/Open.
+ if config.get("etopen") or not urls:
+ if not urls:
+ logger.info("No sources configured, will use Emerging Threats Open")
urls.append(resolve_etopen_url(suricata_version))
# Converting the URLs to a set removed dupes.
projects / thirdparty / suricata-update.git / commitdiff
