DROP_CONF_KEY = "drop-conf"
LOCAL_CONF_KEY = "local"
OUTPUT_KEY = "output"
+DIST_RULE_DIRECTORY_KEY = "dist-rule-directory"
DEFAULT_UPDATE_YAML_PATH = "/etc/suricata/update.yaml"
"/etc/suricata/suricata-debian.yaml"
]
+DEFAULT_DIST_RULE_PATH = [
+ "/etc/suricata/rules",
+]
+
DEFAULT_CONFIG = {
"disable-conf": "/etc/suricata/disable.conf",
"enable-conf": "/etc/suricata/enable.conf",
0, os.path.join(
build_info["sysconfdir"], "suricata/suricata.yaml"))
+ if "sysconfdir" in build_info:
+ DEFAULT_DIST_RULE_PATH.insert(
+ 0, os.path.join(build_info["sysconfdir"], "suricata/rules"))
+
# Set the data-directory prefix to that of the --localstatedir
# found in the build-info.
if not DATA_DIRECTORY_KEY in _config and "localstatedir" in build_info:
logger.info("Using Suricata configuration %s" % (conf))
_config["suricata-conf"] = conf
break
+
+ if not DIST_RULE_DIRECTORY_KEY in _config:
+ for path in DEFAULT_DIST_RULE_PATH:
+ if os.path.exists(path):
+ logger.info("Using %s for Suricata provided rules.", path)
+ _config[DIST_RULE_DIRECTORY_KEY] = path
+ break
"tls-events.rules",
]
- dist_rule_path = "/etc/suricata/rules"
+ dist_rule_path = config.get(config.DIST_RULE_DIRECTORY_KEY)
+ if not dist_rule_path:
+ logger.warning("No distribution rule directory found.")
+ return
if not os.path.exists(dist_rule_path):
logger.warning("Distribution rule directory not found: %s",