From: Jason Ish <jason.ish@oisf.net>
Date: Mon, 2 Sep 2019 17:02:47 +0000 (-0600)
Subject: rules: no longer install rules to /etc/suricata/rules
X-Git-Tag: suricata-5.0.0-rc1~79
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=3c11665317d779c24652267bd0a27e63ecda6766;p=thirdparty%2Fsuricata.git

rules: no longer install rules to /etc/suricata/rules

Stop falling back to the old method of installing rules into
/etc/suricata/rules if Suricata-Update is not available.

The goal here is to move away from the behaviour of installing
rules to /etc/suricata/rules as part of the default install
process. The engine provided rules are already installed to
/usr/share/suricata/rules, which can then be used as input
to rule management tools such as Suricata-Update.

This does not change the behaviour for Suricata release users
with the bundled Suricata-Update.

Also removes Oinkmaster and PulledPork suggestion for rule
management.
---

diff --git a/Makefile.am b/Makefile.am
index c6558a7b8a..ff4ba7ef01 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -37,38 +37,19 @@ if HAVE_SURICATA_UPDATE
 		--suricata-conf $(DESTDIR)$(sysconfdir)/suricata/suricata.yaml \
 		--no-test --no-reload
 else
-	install -d "$(DESTDIR)$(e_sysconfrulesdir)"
-if HAVE_FETCH_COMMAND
-if HAVE_WGET_COMMAND
-	$(HAVE_WGET) -qO - https://rules.emergingthreats.net/open/suricata-4.0/emerging.rules.tar.gz | tar -x -z -C "$(DESTDIR)$(e_sysconfdir)" -f -
-else
-	$(HAVE_CURL) -s https://rules.emergingthreats.net/open/suricata-4.0/emerging.rules.tar.gz | tar -x -z -C "$(DESTDIR)$(e_sysconfdir)" -f -
-endif
-else
-	@echo "UNABLE to load ruleset wget or curl are not installed on system."
+	echo "error: rules not installed as suricata-update not available"
+	exit 1
 endif
-	@test -e "$(DESTDIR)$(e_sysconfrulesdir)decoder-events.rules" || install -m 600 "$(top_srcdir)/rules/decoder-events.rules" "$(DESTDIR)$(e_sysconfrulesdir)"
-	@test -e "$(DESTDIR)$(e_sysconfrulesdir)stream-events.rules" || install -m 600 "$(top_srcdir)/rules/stream-events.rules" "$(DESTDIR)$(e_sysconfrulesdir)"
-	@test -e "$(DESTDIR)$(e_sysconfrulesdir)smtp-events.rules" || install -m 600 "$(top_srcdir)/rules/smtp-events.rules" "$(DESTDIR)$(e_sysconfrulesdir)"
-	@test -e "$(DESTDIR)$(e_sysconfrulesdir)http-events.rules" || install -m 600 "$(top_srcdir)/rules/http-events.rules" "$(DESTDIR)$(e_sysconfrulesdir)"
-	@test -e "$(DESTDIR)$(e_sysconfrulesdir)dns-events.rules" || install -m 600 "$(top_srcdir)/rules/dns-events.rules" "$(DESTDIR)$(e_sysconfrulesdir)"
-	@test -e "$(DESTDIR)$(e_sysconfrulesdir)tls-events.rules" || install -m 600 "$(top_srcdir)/rules/tls-events.rules" "$(DESTDIR)$(e_sysconfrulesdir)"
-	@test -e "$(DESTDIR)$(e_sysconfrulesdir)modbus-events.rules" || install -m 600 "$(top_srcdir)/rules/modbus-events.rules" "$(DESTDIR)$(e_sysconfrulesdir)"
-	@test -e "$(DESTDIR)$(e_sysconfrulesdir)app-layer-events.rules" || install -m 600 "$(top_srcdir)/rules/app-layer-events.rules" "$(DESTDIR)$(e_sysconfrulesdir)"
-	@test -e "$(DESTDIR)$(e_sysconfrulesdir)dnp3-events.rules" || install -m 600 "$(top_srcdir)/rules/dnp3-events.rules" "$(DESTDIR)$(e_sysconfrulesdir)"
-	@test -e "$(DESTDIR)$(e_sysconfrulesdir)dhcp-events.rules" || install -m 600 "$(top_srcdir)/rules/dhcp-events.rules" "$(DESTDIR)$(e_sysconfrulesdir)"
-	@test -e "$(DESTDIR)$(e_sysconfrulesdir)ipsec-events.rules" || install -m 600 "$(top_srcdir)/rules/ipsec-events.rules" "$(DESTDIR)$(e_sysconfrulesdir)"
-	@test -e "$(DESTDIR)$(e_sysconfrulesdir)kerberos-events.rules" || install -m 600 "$(top_srcdir)/rules/kerberos-events.rules" "$(DESTDIR)$(e_sysconfrulesdir)"
-	@test -e "$(DESTDIR)$(e_sysconfrulesdir)nfs-events.rules" || install -m 600 "$(top_srcdir)/rules/nfs-events.rules" "$(DESTDIR)$(e_sysconfrulesdir)"
-	@test -e "$(DESTDIR)$(e_sysconfrulesdir)ntp-events.rules" || install -m 600 "$(top_srcdir)/rules/ntp-events.rules" "$(DESTDIR)$(e_sysconfrulesdir)"
-	@test -e "$(DESTDIR)$(e_sysconfrulesdir)smb-events.rules" || install -m 600 "$(top_srcdir)/rules/smb-events.rules" "$(DESTDIR)$(e_sysconfrulesdir)"
 	@echo ""
-	@echo "You can now start suricata by running as root something like '$(DESTDIR)$(bindir)/suricata -c $(DESTDIR)$(e_sysconfdir)/suricata.yaml -i eth0'."
+	@echo "You can now start suricata by running as root something like:"
+	@echo "  $(DESTDIR)$(bindir)/suricata -c $(DESTDIR)$(e_sysconfdir)suricata.yaml -i eth0"
 	@echo ""
 	@echo "If a library like libhtp.so is not found, you can run suricata with:"
-	@echo "'LD_LIBRARY_PATH="$(DESTDIR)$(prefix)/lib" "$(DESTDIR)$(bindir)/suricata" -c "$(DESTDIR)$(e_sysconfdir)/suricata.yaml" -i eth0'."
+	@echo "  LD_LIBRARY_PATH="$(DESTDIR)$(prefix)/lib" "$(DESTDIR)$(bindir)/suricata" -c "$(DESTDIR)$(e_sysconfdir)suricata.yaml" -i eth0"
+	@echo ""
+	@echo "The Emerging Threats Open rules are now installed. Rules can be"
+	@echo "updated and managed with the suricata-update tool."
+	@echo ""
+	@echo "For more information please see:"
+	@echo "  https://suricata.readthedocs.io/en/latest/rule-management/index.html"
 	@echo ""
-	@echo "While rules are installed now, it's highly recommended to use a rule manager for maintaining rules."
-	@echo "The three most common are Suricata-Update, Oinkmaster and Pulledpork. For a guide see:"
-	@echo "https://suricata.readthedocs.io/en/latest/rule-management/index.html"
-endif