rdp: enable by default

Redmine issue:
https://redmine.openinfosecfoundation.org/issues/3255

diff --git a/rust/src/rdp/rdp.rs b/rust/src/rdp/rdp.rs
index 80c70ac343e6a27ac8d6d073e4443afd9ebcad3b..603504c82a894fa0a16d16ea802e10eefdeefad5 100644 (file)
--- a/rust/src/rdp/rdp.rs
+++ b/rust/src/rdp/rdp.rs
@@ -22,7 +22,6 @@
 use crate::core::{
     self, AppProto, DetectEngineState, Flow, ALPROTO_UNKNOWN, IPPROTO_TCP,
 };
-use crate::conf;
 use nom;
 use crate::applayer::*;
 use crate::rdp::parser::*;
@@ -537,12 +536,6 @@ pub unsafe extern "C" fn rs_rdp_register_parser() {
         set_tx_detect_flags: None,
     };
 
-    /* For 5.0 we want this disabled by default, so check that it
-     * has been explicitly enabled. */
-    if !conf::conf_get_bool("app-layer.protocols.rdp.enabled") {
-        return;
-    }
-
     let ip_proto_str = std::ffi::CString::new("tcp").unwrap();
 
     if AppLayerProtoDetectConfProtoDetectionEnabled(

diff --git a/src/output-json-rdp.c b/src/output-json-rdp.c
index bb80464378d42f077a7962bb2ed0272aeeac32a0..d28336ce1117a174f0b2bbddb4ec18000ce1d476 100644 (file)
--- a/src/output-json-rdp.c
+++ b/src/output-json-rdp.c
@@ -156,9 +156,6 @@ static TmEcode JsonRdpLogThreadDeinit(ThreadVars *t, void *data)
 
 void JsonRdpLogRegister(void)
 {
-    if (ConfGetNode("app-layer.protocols.rdp") == NULL) {
-        return;
-    }
     /* Register as an eve sub-module. */
     OutputRegisterTxSubModule(
         LOGGER_JSON_RDP,

diff --git a/suricata.yaml.in b/suricata.yaml.in
index 16cfa150de653b3811b628aa7423c72a4b17c9eb..f0897a1539e8ae0cb40eb8d304d00ea70ea3c033 100644 (file)
--- a/suricata.yaml.in
+++ b/suricata.yaml.in
@@ -257,7 +257,7 @@ outputs:
 
         #- dnp3
         - ftp
-        #- rdp
+        - rdp
         - nfs
         - smb
         - tftp
@@ -745,9 +745,8 @@ app-layer:
     ftp:
       enabled: yes
       # memcap: 64mb
-    # RDP, disabled by default.
     rdp:
-      #enabled: no
+      #enabled: yes
     ssh:
       enabled: yes
     smtp: