]
DEFAULT_CONFIG = {
- "disable-conf": "/etc/suricata/disable.conf",
- "enable-conf": "/etc/suricata/enable.conf",
- "drop-conf": "/etc/suricata/drop.conf",
- "modify-conf": "/etc/suricata/modify.conf",
"sources": [],
LOCAL_CONF_KEY: [],
# Fixup the default locations for Suricata-Update configuration files, but only if
# they exist, otherwise keep the defaults.
+ conf_search_path = ["/etc"]
if "sysconfdir" in build_info:
- configs = (
- ("disable-conf", "disable.conf"),
- ("enable-conf", "enable.conf"),
- ("drop-conf", "drop.conf"),
- ("modify-conf", "modify.conf"),
- )
sysconfdir = build_info["sysconfdir"]
- for key, filename in configs:
- config_path = os.path.join(sysconfdir, "suricata", filename)
+ if not sysconfdir in conf_search_path:
+ conf_search_path.insert(0, sysconfdir)
+ configs = (
+ ("disable-conf", "disable.conf"),
+ ("enable-conf", "enable.conf"),
+ ("drop-conf", "drop.conf"),
+ ("modify-conf", "modify.conf"),
+ )
+ for key, filename in configs:
+ if getattr(args, key.replace("-", "_"), None) is not None:
+ continue
+ if _config.get(key) is not None:
+ continue
+ for conf_dir in conf_search_path:
+ config_path = os.path.join(conf_dir, "suricata", filename)
logger.debug("Looking for {}".format(config_path))
if os.path.exists(config_path):
logger.debug("Found {}".format(config_path))
- val = getattr(args, key.replace("-", "_"), None)
- if val is None:
- logger.debug("Changing default for {} to {}".format(key, config_path))
- _config[key] = config_path
+ logger.debug("Using {} for {}".format(config_path, key))
+ _config[key] = config_path
+ break
# If suricata-conf not provided on the command line or in the
# configuration file, look for it.
# Load user provided disable filters.
disable_conf_filename = config.get("disable-conf")
- if disable_conf_filename and os.path.exists(disable_conf_filename):
- logger.info("Loading %s.", disable_conf_filename)
- disable_matchers += load_matchers(disable_conf_filename)
+ if disable_conf_filename:
+ if os.path.exists(disable_conf_filename):
+ logger.info("Loading %s.", disable_conf_filename)
+ disable_matchers += load_matchers(disable_conf_filename)
+ else:
+ logger.warn("disable-conf file does not exist: {}".format(disable_conf_filename))
# Load user provided enable filters.
enable_conf_filename = config.get("enable-conf")
- if enable_conf_filename and os.path.exists(enable_conf_filename):
- logger.info("Loading %s.", enable_conf_filename)
- enable_matchers += load_matchers(enable_conf_filename)
+ if enable_conf_filename:
+ if os.path.exists(enable_conf_filename):
+ logger.info("Loading %s.", enable_conf_filename)
+ enable_matchers += load_matchers(enable_conf_filename)
+ else:
+ logger.warn("enable-conf file does not exist: {}".format(enable_conf_filename))
# Load user provided modify filters.
modify_conf_filename = config.get("modify-conf")
- if modify_conf_filename and os.path.exists(modify_conf_filename):
- logger.info("Loading %s.", modify_conf_filename)
- modify_filters += load_filters(modify_conf_filename)
+ if modify_conf_filename:
+ if os.path.exists(modify_conf_filename):
+ logger.info("Loading %s.", modify_conf_filename)
+ modify_filters += load_filters(modify_conf_filename)
+ else:
+ logger.warn("modify-conf file does not exist: {}".format(modify_conf_filename))
# Load user provided drop filters.
drop_conf_filename = config.get("drop-conf")
- if drop_conf_filename and os.path.exists(drop_conf_filename):
- logger.info("Loading %s.", drop_conf_filename)
- drop_filters += load_drop_filters(drop_conf_filename)
+ if drop_conf_filename:
+ if os.path.exists(drop_conf_filename):
+ logger.info("Loading %s.", drop_conf_filename)
+ drop_filters += load_drop_filters(drop_conf_filename)
+ else:
+ logger.warn("drop-conf file does not exist: {}".format(drop_conf_filename))
# Load the Suricata configuration if we can.
suriconf = None
projects / thirdparty / suricata-update.git / commitdiff
