lua: enable lua rules by default

author Victor Julien <vjulien@oisf.net>

Tue, 8 Apr 2025 08:15:07 +0000 (10:15 +0200)

committer Victor Julien <vjulien@oisf.net>

Tue, 8 Apr 2025 08:15:10 +0000 (10:15 +0200)
author Victor Julien <vjulien@oisf.net>
Tue, 8 Apr 2025 08:15:07 +0000 (10:15 +0200)
committer Victor Julien <vjulien@oisf.net>
Tue, 8 Apr 2025 08:15:10 +0000 (10:15 +0200)
diff --git a/doc/userguide/configuration/suricata-yaml.rst b/doc/userguide/configuration/suricata-yaml.rst

index 16b208613b5306cfe56afb0f078d12c1cdb9263a..5881a5401deb4464e2d7c045892d71a700722006 100644 (file)
--- a/doc/userguide/configuration/suricata-yaml.rst
+++ b/doc/userguide/configuration/suricata-yaml.rst
@@ -3000,8 +3000,8 @@ can be completely disabled the same as the Suricata 7.0 default:
  
     security:
       lua:
-       # Allow Lua rules. Disabled by default.
-       #allow-rules: false
+       # Allow Lua rules. Enabled by default.
+       #allow-rules: true
  
         # Upper bound of allocations by a Lua rule before it will fail
         #max-bytes: 500000 
diff --git a/doc/userguide/rules/lua-detection.rst b/doc/userguide/rules/lua-detection.rst

index 9ed8d9d1c59652b872e353274ab8310a35f902b0..d47b9e85648a9d9185fbf4cf7836341b95005df5 100644 (file)
--- a/doc/userguide/rules/lua-detection.rst
+++ b/doc/userguide/rules/lua-detection.rst
@@ -3,10 +3,6 @@
  Lua Scripting for Detection
  ===========================
  
-.. note:: Lua is disabled by default for use in rules, it must be
-          enabled in the configuration file. See the ``security.lua``
-          section of ``suricata.yaml`` and enable ``allow-rules``.
-
  Syntax:
  
  ::
diff --git a/src/detect-lua.c b/src/detect-lua.c

index 93df2f944e3a1edbe7324206d586ba3ccec05665..1ba922788ba05b10868a8f889ff7b965f42a7d31 100644 (file)
--- a/src/detect-lua.c
+++ b/src/detect-lua.c
@@ -706,8 +706,7 @@ static int DetectLuaSetup (DetectEngineCtx *de_ctx, Signature *s, const char *st
      /* First check if Lua rules are enabled, by default Lua in rules
       * is disabled. */
      int enabled = 0;
-    (void)SCConfGetBool("security.lua.allow-rules", &enabled);
-    if (!enabled) {
+    if (SCConfGetBool("security.lua.allow-rules", &enabled) == 1 && !enabled) {
          SCLogError("Lua rules disabled by security configuration: security.lua.allow-rules");
          return -1;
      }
diff --git a/suricata.yaml.in b/suricata.yaml.in

index 66e121b12c8b52601b39122d6b63bf02da13bebf..93e2671eb151b0165ca6e505e1df7b080f961f65 100644 (file)
--- a/suricata.yaml.in
+++ b/suricata.yaml.in
@@ -1306,8 +1306,8 @@ security:
          - @e_sysconfdir@
  
    lua:
-    # Allow Lua rules. Disabled by default.
-    #allow-rules: false
+    # Allow Lua rules. Enabled by default.
+    #allow-rules: true
  
  # Some logging modules will use that name in event as identifier. The default
  # value is the hostname
author	Victor Julien <vjulien@oisf.net>
	Tue, 8 Apr 2025 08:15:07 +0000 (10:15 +0200)
committer	Victor Julien <vjulien@oisf.net>
	Tue, 8 Apr 2025 08:15:10 +0000 (10:15 +0200)
doc/userguide/configuration/suricata-yaml.rst		patch \| blob \| blame \| history
doc/userguide/rules/lua-detection.rst		patch \| blob \| blame \| history
src/detect-lua.c		patch \| blob \| blame \| history
suricata.yaml.in		patch \| blob \| blame \| history