RES=0
+export PYTHONPATH=python/
# Get listen interface and "ping" target address
IFACE=$(ip r|grep default|awk '{print $5}')
echo $IFACE
echo "ERROR no alerts for sid 1"
RES=1
fi
+CHECK=$(jq -c 'select(.alert.signature_id == 222)' ./eve.json | wc -l)
+if [ $CHECK -ne 1 ]; then
+ echo "ERROR alerts count off for sid 222 (datasets)"
+ RES=1
+fi
+JSON=$(python3 python/bin/suricatasc -v -c "dataset-clear ipv4-list ipv4" /var/run/suricata/suricata-command.socket)
+echo $JSON
+
+sleep 5
+CHECK=$(jq -c 'select(.alert.signature_id == 222)' ./eve.json | wc -l)
+if [ $CHECK -ne 2 ]; then
+ echo "ERROR alerts count off for sid 222 (datasets)"
+ RES=1
+fi
echo "SURIPID $SURIPID PINGPID $PINGPID"
cp .github/workflows/live/icmp2.rules suricata.rules
# trigger the reload
-export PYTHONPATH=python/
+JSON=$(python3 python/bin/suricatasc -c "iface-list" /var/run/suricata/suricata-command.socket)
+PIFACE=$(echo $JSON | jq -r .message.ifaces[0])
+JSON=$(python3 python/bin/suricatasc -c "iface-stat $PIFACE")
+STATSCHECK=$(echo $JSON | jq '.message.pkts > 0')
+if [ $STATSCHECK = false ]; then
+ echo "ERROR unix socket stats check failed"
+ RES=1
+fi
python3 python/bin/suricatasc -c "reload-rules" /var/run/suricata/suricata-command.socket
+
+JSON=$(python3 python/bin/suricatasc -c "iface-bypassed-stat" /var/run/suricata/suricata-command.socket)
+echo $JSON
+JSON=$(python3 python/bin/suricatasc -c "capture-mode" /var/run/suricata/suricata-command.socket)
+if [ "$(echo $JSON | jq -r .message)" != "AF_PACKET_DEV" ]; then
+ echo "ERROR unix socket capture mode check failed"
+ RES=1
+fi
+JSON=$(python3 python/bin/suricatasc -c "dump-counters" /var/run/suricata/suricata-command.socket)
+STATSCHECK=$(echo $JSON | jq '.message.uptime >= 15')
+if [ $STATSCHECK = false ]; then
+ echo "ERROR unix socket dump-counters uptime check failed"
+ RES=1
+fi
+JSON=$(python3 python/bin/suricatasc -c "memcap-list" /var/run/suricata/suricata-command.socket)
+echo $JSON
+JSON=$(python3 python/bin/suricatasc -c "running-mode" /var/run/suricata/suricata-command.socket)
+echo $JSON
+if [ "$(echo $JSON | jq -r .message)" != "$RUNMODE" ]; then
+ echo "ERROR unix socket runmode check failed"
+ RES=1
+fi
+JSON=$(python3 python/bin/suricatasc -c "version" /var/run/suricata/suricata-command.socket)
+echo $JSON
+JSON=$(python3 python/bin/suricatasc -c "uptime" /var/run/suricata/suricata-command.socket)
+echo $JSON
+STATSCHECK=$(echo $JSON | jq '.message >= 15')
+if [ $STATSCHECK = false ]; then
+ echo "ERROR unix socket uptime check failed"
+ RES=1
+fi
sleep 15
+JSON=$(python3 python/bin/suricatasc -c "add-hostbit $GW test 60" /var/run/suricata/suricata-command.socket)
+echo $JSON
+sleep 15
# check stats and alerts
STATSCHECK=$(jq -c 'select(.event_type == "stats")' ./eve.json | tail -n1 | jq '.stats.capture.kernel_packets > 0')
if [ $STATSCHECK = false ]; then
echo "ERROR no alerts for sid 2"
RES=1
fi
+JSON=$(python3 python/bin/suricatasc -c "list-hostbit $GW" /var/run/suricata/suricata-command.socket)
+CHECK=$(echo $JSON|jq -r .message.hostbits[0].name)
+if [ "$CHECK" != "test" ]; then
+ echo "ERROR hostbit listing failed"
+ RES=1
+fi
+JSON=$(python3 python/bin/suricatasc -c "remove-hostbit $GW test" /var/run/suricata/suricata-command.socket)
kill -INT $PINGPID
wait $PINGPID
projects / thirdparty / suricata.git / commitdiff
