import yaml
+import suricata.update.engine
+from suricata.update.exceptions import ApplicationError
+
logger = logging.getLogger()
DEFAULT_DATA_DIRECTORY = "/var/lib/suricata"
"enable-conf": "/etc/suricata/enable.conf",
"drop-conf": "/etc/suricata/drop.conf",
"modify-conf": "/etc/suricata/modify.conf",
- "suricata-conf": "/etc/suricata/suricata.conf",
"sources": [],
LOCAL_CONF_KEY: [],
_args = args
_config.update(DEFAULT_CONFIG)
- for suriyaml in DEFAULT_SURICATA_YAML_PATH:
- if os.path.exists(suriyaml):
- _config["suricata-conf"] = suriyaml
- break
-
if args.config:
logger.info("Loading %s", args.config)
with open(args.config, "rb") as fileobj:
val = getattr(args, arg)
logger.debug("Setting configuration value %s -> %s", key, val)
_config[key] = val
+
+ # Find and set the path to suricata if not provided.
+ if "suricata" in _config:
+ if not os.path.exists(_config["suricata"]):
+ raise ApplicationError(
+ "Configured path to suricata does not exist: %s" % (
+ _config["suricata"]))
+ else:
+ suricata_path = suricata.update.engine.get_path()
+ if not suricata_path:
+ logger.warning("No suricata application binary found on path.")
+ else:
+ _config["suricata"] = suricata_path
+
+ if "suricata" in _config:
+ build_info = suricata.update.engine.get_build_info(_config["suricata"])
+
+ # Set the first suricata.yaml to check for to the one in the
+ # --sysconfdir provided by build-info.
+ if not "suricata_conf" in _config and "sysconfdir" in build_info:
+ DEFAULT_SURICATA_YAML_PATH.insert(
+ 0, os.path.join(
+ build_info["sysconfdir"], "suricata/suricata.yaml"))
+
+ # Set the data-directory prefix to that of the --localstatedir
+ # found in the build-info.
+ if not DATA_DIRECTORY_KEY in _config and "localstatedir" in build_info:
+ data_directory = os.path.join(
+ build_info["localstatedir"], "lib/suricata")
+ logger.info("Using data-directory %s.", data_directory)
+ _config[DATA_DIRECTORY_KEY] = data_directory
+
+ # If suricata-conf not provided on the command line or in the
+ # configuration file, look for it.
+ if not "suricata-conf" in _config:
+ for conf in DEFAULT_SURICATA_YAML_PATH:
+ if os.path.exists(conf):
+ logger.info("Using Suricata configuration %s" % (conf))
+ _config["suricata-conf"] = conf
+ break
SuricataVersion = namedtuple(
"SuricataVersion", ["major", "minor", "patch", "full", "short", "raw"])
+def get_build_info(suricata):
+ build_info = {}
+ build_info_output = subprocess.check_output([suricata, "--build-info"])
+ for line in build_info_output.split("\n"):
+ line = line.strip()
+ if line.startswith("--prefix"):
+ build_info["prefix"] = line.split()[-1].strip()
+ elif line.startswith("--sysconfdir"):
+ build_info["sysconfdir"] = line.split()[-1].strip()
+ elif line.startswith("--localstatedir"):
+ build_info["localstatedir"] = line.split()[-1].strip()
+
+ if not "prefix" in build_info:
+ logger.warning("--prefix not found in build-info.")
+ if not "sysconfdir" in build_info:
+ logger.warning("--sysconfdir not found in build-info.")
+ if not "localstatedir" in build_info:
+ logger.warning("--localstatedir not found in build-info.")
+
+ return build_info
+
class Configuration:
"""An abstraction over the Suricata configuration file."""
if args.quiet:
logger.setLevel(logging.WARNING)
- try:
- config.init(args)
- except Exception as err:
- logger.error("Failed to load configuration: %s", err)
- return 1
+ config.init(args)
# Error out if any reserved/unimplemented arguments were set.
unimplemented_args = [
logger.debug("This is suricata-update version %s (rev: %s); Python: %s" % (
version, revision, sys.version.replace("\n", "- ")))
- # Check for Suricata binary...
- if config.get("suricata"):
- if not os.path.exists(config.get("suricata")):
- logger.error("Specified path to suricata does not exist: %s",
- config.get("suricata"))
- return 1
- suricata_path = config.get("suricata")
- else:
- suricata_path = suricata.update.engine.get_path()
- if not suricata_path:
- logger.warning("No suricata application binary found on path.")
+ suricata_path = config.get("suricata")
# Now parse the Suricata version. If provided on the command line,
# use that, otherwise attempt to get it from Suricata.
projects / thirdparty / suricata-update.git / commitdiff
