From: Jason Ish Date: Fri, 24 Nov 2017 15:14:12 +0000 (-0600) Subject: put all tests in a tests/ directory X-Git-Tag: suricata-6.0.4~570 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=6fc3a03cc2e63a644b7c25345ebbca677e7179a0;p=thirdparty%2Fsuricata-verify.git put all tests in a tests/ directory --- diff --git a/.gitignore b/.gitignore index 6057b530d..03af0bd3b 100644 --- a/.gitignore +++ b/.gitignore @@ -1,3 +1,3 @@ -/*/output +/tests/*/output /private *~ diff --git a/README.md b/README.md index c65c96917..935acd80a 100644 --- a/README.md +++ b/README.md @@ -27,7 +27,7 @@ Or to run a single test: Note: You may want to add something like: ``` - include: ../etc/suricata-3.1.2 + include: ../../etc/suricata-3.1.2 ``` to the top and then just make the necessary overrides in the tests suricata.yaml. diff --git a/dns-tcp-multirequest-buffer-1/suricata.yaml b/dns-tcp-multirequest-buffer-1/suricata.yaml deleted file mode 100644 index 0ad41e5e0..000000000 --- a/dns-tcp-multirequest-buffer-1/suricata.yaml +++ /dev/null @@ -1,4 +0,0 @@ -%YAML 1.1 ---- - -include: ../etc/suricata-3.1.2.yaml diff --git a/dns-udp-double-request-response/suricata.yaml b/dns-udp-double-request-response/suricata.yaml deleted file mode 100644 index 0ad41e5e0..000000000 --- a/dns-udp-double-request-response/suricata.yaml +++ /dev/null @@ -1,4 +0,0 @@ -%YAML 1.1 ---- - -include: ../etc/suricata-3.1.2.yaml diff --git a/dns-udp-nxdomain-soa/suricata.yaml b/dns-udp-nxdomain-soa/suricata.yaml deleted file mode 100644 index 0ad41e5e0..000000000 --- a/dns-udp-nxdomain-soa/suricata.yaml +++ /dev/null @@ -1,4 +0,0 @@ -%YAML 1.1 ---- - -include: ../etc/suricata-3.1.2.yaml diff --git a/dns-udp-unsolicited-response/suricata.yaml b/dns-udp-unsolicited-response/suricata.yaml deleted file mode 100644 index 0ad41e5e0..000000000 --- a/dns-udp-unsolicited-response/suricata.yaml +++ /dev/null @@ -1,4 +0,0 @@ -%YAML 1.1 ---- - -include: ../etc/suricata-3.1.2.yaml diff --git a/run.py b/run.py index cf8aaa9be..5ce8b0ef6 100755 --- a/run.py +++ b/run.py @@ -169,12 +169,10 @@ def main(): passed = 0 failed = 0 - for dirpath, dirnames, filenames in os.walk(topdir): + for dirpath, dirnames, filenames in os.walk(os.path.join(topdir, "tests")): # The top directory is not a test... - if dirpath == topdir: - dirnames.remove(".git") - dirnames.remove("etc") + if dirpath == os.path.join(topdir, "tests"): continue # We only want to go one level deep. diff --git a/alert-testmyids-not-established/README.md b/tests/alert-testmyids-not-established/README.md similarity index 100% rename from alert-testmyids-not-established/README.md rename to tests/alert-testmyids-not-established/README.md diff --git a/alert-testmyids-not-established/check.sh b/tests/alert-testmyids-not-established/check.sh similarity index 90% rename from alert-testmyids-not-established/check.sh rename to tests/alert-testmyids-not-established/check.sh index 07286d592..da29c9396 100755 --- a/alert-testmyids-not-established/check.sh +++ b/tests/alert-testmyids-not-established/check.sh @@ -1,6 +1,6 @@ #! /bin/sh -. ../functions.sh +. ../../util/functions.sh # Should have one fast log entry. n=$(cat output/fast.log | wc -l | xargs) diff --git a/alert-testmyids-not-established/default.yaml b/tests/alert-testmyids-not-established/default.yaml similarity index 99% rename from alert-testmyids-not-established/default.yaml rename to tests/alert-testmyids-not-established/default.yaml index fc7691a03..044175fec 100644 --- a/alert-testmyids-not-established/default.yaml +++ b/tests/alert-testmyids-not-established/default.yaml @@ -47,7 +47,7 @@ vars: ## Step 2: select the rules to enable or disable ## -default-rule-path: /home/jason/projects/oisf/etc/suricata/rules +default-rule-path: /home/jason/projects/oi../../etc/suricata/rules rule-files: - botcc.rules - ciarmy.rules @@ -100,9 +100,9 @@ rule-files: # - modbus-events.rules # available in suricata sources under rules dir # - app-layer-events.rules # available in suricata sources under rules dir -classification-file: ../etc/classification.config -reference-config-file: ../etc/reference.config -# threshold-file: /home/jason/projects/oisf/etc/suricata/threshold.config +classification-file: ../../etc/classification.config +reference-config-file: ../../etc/reference.config +# threshold-file: /home/jason/projects/oi../../etc/suricata/threshold.config ## @@ -428,7 +428,7 @@ outputs: # https://redmine.openinfosecfoundation.org/projects/suricata/wiki/Lua_Output - lua: enabled: no - #scripts-dir: /etc/suricata/lua-output/ + #scripts-dir../../etc/suricata/lua-output/ scripts: # - script1.lua @@ -924,8 +924,8 @@ legacy: # - alert # IP Reputation -#reputation-categories-file: /home/jason/projects/oisf/etc/suricata/iprep/categories.txt -#default-reputation-path: /home/jason/projects/oisf/etc/suricata/iprep +#reputation-categories-file: /home/jason/projects/oi../../etc/suricata/iprep/categories.txt +#default-reputation-path: /home/jason/projects/oi../../etc/suricata/iprep #reputation-files: # - reputation.list @@ -1516,7 +1516,7 @@ pfring: # For FreeBSD ipfw(8) divert(4) support. # Please make sure you have ipfw_load="YES" and ipdivert_load="YES" -# in /etc/loader.conf or kldload'ing the appropriate kernel modules. +# i../../etc/loader.conf or kldload'ing the appropriate kernel modules. # Additionally, you need to have an ipfw rule for the engine to see # the packets from ipfw. For Example: # diff --git a/alert-testmyids-not-established/input.pcap b/tests/alert-testmyids-not-established/input.pcap similarity index 100% rename from alert-testmyids-not-established/input.pcap rename to tests/alert-testmyids-not-established/input.pcap diff --git a/alert-testmyids-not-established/suricata.yaml b/tests/alert-testmyids-not-established/suricata.yaml similarity index 100% rename from alert-testmyids-not-established/suricata.yaml rename to tests/alert-testmyids-not-established/suricata.yaml diff --git a/alert-testmyids-not-established/test.rules b/tests/alert-testmyids-not-established/test.rules similarity index 100% rename from alert-testmyids-not-established/test.rules rename to tests/alert-testmyids-not-established/test.rules diff --git a/alert-testmyids/check.sh b/tests/alert-testmyids/check.sh similarity index 90% rename from alert-testmyids/check.sh rename to tests/alert-testmyids/check.sh index 07286d592..da29c9396 100755 --- a/alert-testmyids/check.sh +++ b/tests/alert-testmyids/check.sh @@ -1,6 +1,6 @@ #! /bin/sh -. ../functions.sh +. ../../util/functions.sh # Should have one fast log entry. n=$(cat output/fast.log | wc -l | xargs) diff --git a/alert-testmyids/default.yaml b/tests/alert-testmyids/default.yaml similarity index 99% rename from alert-testmyids/default.yaml rename to tests/alert-testmyids/default.yaml index fc7691a03..044175fec 100644 --- a/alert-testmyids/default.yaml +++ b/tests/alert-testmyids/default.yaml @@ -47,7 +47,7 @@ vars: ## Step 2: select the rules to enable or disable ## -default-rule-path: /home/jason/projects/oisf/etc/suricata/rules +default-rule-path: /home/jason/projects/oi../../etc/suricata/rules rule-files: - botcc.rules - ciarmy.rules @@ -100,9 +100,9 @@ rule-files: # - modbus-events.rules # available in suricata sources under rules dir # - app-layer-events.rules # available in suricata sources under rules dir -classification-file: ../etc/classification.config -reference-config-file: ../etc/reference.config -# threshold-file: /home/jason/projects/oisf/etc/suricata/threshold.config +classification-file: ../../etc/classification.config +reference-config-file: ../../etc/reference.config +# threshold-file: /home/jason/projects/oi../../etc/suricata/threshold.config ## @@ -428,7 +428,7 @@ outputs: # https://redmine.openinfosecfoundation.org/projects/suricata/wiki/Lua_Output - lua: enabled: no - #scripts-dir: /etc/suricata/lua-output/ + #scripts-dir../../etc/suricata/lua-output/ scripts: # - script1.lua @@ -924,8 +924,8 @@ legacy: # - alert # IP Reputation -#reputation-categories-file: /home/jason/projects/oisf/etc/suricata/iprep/categories.txt -#default-reputation-path: /home/jason/projects/oisf/etc/suricata/iprep +#reputation-categories-file: /home/jason/projects/oi../../etc/suricata/iprep/categories.txt +#default-reputation-path: /home/jason/projects/oi../../etc/suricata/iprep #reputation-files: # - reputation.list @@ -1516,7 +1516,7 @@ pfring: # For FreeBSD ipfw(8) divert(4) support. # Please make sure you have ipfw_load="YES" and ipdivert_load="YES" -# in /etc/loader.conf or kldload'ing the appropriate kernel modules. +# i../../etc/loader.conf or kldload'ing the appropriate kernel modules. # Additionally, you need to have an ipfw rule for the engine to see # the packets from ipfw. For Example: # diff --git a/alert-testmyids/input.pcap b/tests/alert-testmyids/input.pcap similarity index 100% rename from alert-testmyids/input.pcap rename to tests/alert-testmyids/input.pcap diff --git a/alert-testmyids/suricata.yaml b/tests/alert-testmyids/suricata.yaml similarity index 100% rename from alert-testmyids/suricata.yaml rename to tests/alert-testmyids/suricata.yaml diff --git a/alert-testmyids/test.rules b/tests/alert-testmyids/test.rules similarity index 100% rename from alert-testmyids/test.rules rename to tests/alert-testmyids/test.rules diff --git a/dnp3-dnp3_data-alert/README.md b/tests/dnp3-dnp3_data-alert/README.md similarity index 100% rename from dnp3-dnp3_data-alert/README.md rename to tests/dnp3-dnp3_data-alert/README.md diff --git a/dnp3-dnp3_data-alert/check.sh b/tests/dnp3-dnp3_data-alert/check.sh similarity index 85% rename from dnp3-dnp3_data-alert/check.sh rename to tests/dnp3-dnp3_data-alert/check.sh index a51df6f86..7f4a0d584 100755 --- a/dnp3-dnp3_data-alert/check.sh +++ b/tests/dnp3-dnp3_data-alert/check.sh @@ -1,6 +1,6 @@ #! /bin/sh -. ../functions.sh +. ../../util/functions.sh # Should have 4 DNP3 data match alerts. n=$(grep "DNP3 Data match" output/eve.json | wc -l | xargs) diff --git a/dnp3-dnp3_data-alert/input.pcap b/tests/dnp3-dnp3_data-alert/input.pcap similarity index 100% rename from dnp3-dnp3_data-alert/input.pcap rename to tests/dnp3-dnp3_data-alert/input.pcap diff --git a/dnp3-dnp3_func-alert/suricata.yaml b/tests/dnp3-dnp3_data-alert/suricata.yaml similarity index 88% rename from dnp3-dnp3_func-alert/suricata.yaml rename to tests/dnp3-dnp3_data-alert/suricata.yaml index 3ef1b531a..d416631d6 100644 --- a/dnp3-dnp3_func-alert/suricata.yaml +++ b/tests/dnp3-dnp3_data-alert/suricata.yaml @@ -1,7 +1,7 @@ %YAML 1.1 --- -include: ../etc/suricata-3.1.2.yaml +include: ../../etc/suricata-3.1.2.yaml outputs: - eve-log: diff --git a/dnp3-dnp3_data-alert/test.rules b/tests/dnp3-dnp3_data-alert/test.rules similarity index 100% rename from dnp3-dnp3_data-alert/test.rules rename to tests/dnp3-dnp3_data-alert/test.rules diff --git a/dnp3-dnp3_func-alert/README.md b/tests/dnp3-dnp3_func-alert/README.md similarity index 100% rename from dnp3-dnp3_func-alert/README.md rename to tests/dnp3-dnp3_func-alert/README.md diff --git a/dnp3-dnp3_func-alert/check.sh b/tests/dnp3-dnp3_func-alert/check.sh similarity index 91% rename from dnp3-dnp3_func-alert/check.sh rename to tests/dnp3-dnp3_func-alert/check.sh index 38ea75ff8..ae197aad2 100755 --- a/dnp3-dnp3_func-alert/check.sh +++ b/tests/dnp3-dnp3_func-alert/check.sh @@ -1,6 +1,6 @@ #! /bin/sh -. ../functions.sh +. ../../util/functions.sh # Should have one alert sid 1. n=$(jq_count output/eve.json 'select(.alert.signature_id == 1)') diff --git a/dnp3-dnp3_func-alert/input.pcap b/tests/dnp3-dnp3_func-alert/input.pcap similarity index 100% rename from dnp3-dnp3_func-alert/input.pcap rename to tests/dnp3-dnp3_func-alert/input.pcap diff --git a/dnp3-dnp3_data-alert/suricata.yaml b/tests/dnp3-dnp3_func-alert/suricata.yaml similarity index 88% rename from dnp3-dnp3_data-alert/suricata.yaml rename to tests/dnp3-dnp3_func-alert/suricata.yaml index 3ef1b531a..d416631d6 100644 --- a/dnp3-dnp3_data-alert/suricata.yaml +++ b/tests/dnp3-dnp3_func-alert/suricata.yaml @@ -1,7 +1,7 @@ %YAML 1.1 --- -include: ../etc/suricata-3.1.2.yaml +include: ../../etc/suricata-3.1.2.yaml outputs: - eve-log: diff --git a/dnp3-dnp3_func-alert/test.rules b/tests/dnp3-dnp3_func-alert/test.rules similarity index 100% rename from dnp3-dnp3_func-alert/test.rules rename to tests/dnp3-dnp3_func-alert/test.rules diff --git a/dnp3/check.sh b/tests/dnp3/check.sh similarity index 82% rename from dnp3/check.sh rename to tests/dnp3/check.sh index fc57e6bca..ef0fcfaf7 100755 --- a/dnp3/check.sh +++ b/tests/dnp3/check.sh @@ -1,6 +1,6 @@ #! /bin/sh -. ../functions.sh +. ../../util/functions.sh n=$(jq_count output/eve.json 'select(.event_type == "dnp3")') assert_eq 55 "$n" "bad dnp3 event count" diff --git a/dnp3/input.pcap b/tests/dnp3/input.pcap similarity index 100% rename from dnp3/input.pcap rename to tests/dnp3/input.pcap diff --git a/dnp3/suricata.yaml b/tests/dnp3/suricata.yaml similarity index 94% rename from dnp3/suricata.yaml rename to tests/dnp3/suricata.yaml index 63b4f9144..de9d78cea 100644 --- a/dnp3/suricata.yaml +++ b/tests/dnp3/suricata.yaml @@ -1,7 +1,7 @@ %YAML 1.1 --- -include: ../etc/suricata-3.1.2.yaml +include: ../../etc/suricata-3.1.2.yaml outputs: - eve-log: diff --git a/dns-json-log/check.sh b/tests/dns-json-log/check.sh similarity index 100% rename from dns-json-log/check.sh rename to tests/dns-json-log/check.sh diff --git a/dns-json-log/expected/dns.json b/tests/dns-json-log/expected/dns.json similarity index 100% rename from dns-json-log/expected/dns.json rename to tests/dns-json-log/expected/dns.json diff --git a/dns-json-log/input.pcap b/tests/dns-json-log/input.pcap similarity index 100% rename from dns-json-log/input.pcap rename to tests/dns-json-log/input.pcap diff --git a/dns-json-log/suricata.yaml b/tests/dns-json-log/suricata.yaml similarity index 99% rename from dns-json-log/suricata.yaml rename to tests/dns-json-log/suricata.yaml index dd98cc5e1..d05c3c4f4 100644 --- a/dns-json-log/suricata.yaml +++ b/tests/dns-json-log/suricata.yaml @@ -399,7 +399,7 @@ outputs: # https://redmine.openinfosecfoundation.org/projects/suricata/wiki/Lua_Output - lua: enabled: no - #scripts-dir: /etc/suricata/lua-output/ + #scripts-dir../../etc/suricata/lua-output/ scripts: # - script1.lua @@ -592,7 +592,7 @@ legacy: # You can specify a threshold config file by setting "threshold-file" # to the path of the threshold config file: -# threshold-file: /etc/suricata/threshold.config +# threshold-file../../etc/suricata/threshold.config # The detection engine builds internal groups of signatures. The engine # allow us to specify the profile to use for them, to manage memory on an @@ -1113,7 +1113,7 @@ pcap-file: # For FreeBSD ipfw(8) divert(4) support. # Please make sure you have ipfw_load="YES" and ipdivert_load="YES" -# in /etc/loader.conf or kldload'ing the appropriate kernel modules. +# i../../etc/loader.conf or kldload'ing the appropriate kernel modules. # Additionally, you need to have an ipfw rule for the engine to see # the packets from ipfw. For Example: # @@ -1139,7 +1139,7 @@ ipfw: # Set the default rule path here to search for the files. # if not set, it will look at the current working dir -default-rule-path: /home/jason/projects/oisf/etc/suricata/rules +default-rule-path: /home/jason/projects/oi../../etc/suricata/rules rule-files: - botcc.rules - ciarmy.rules @@ -1192,8 +1192,8 @@ rule-files: # - modbus-events.rules # available in suricata sources under rules dir - app-layer-events.rules # available in suricata sources under rules dir -classification-file: /home/jason/projects/oisf/etc/suricata/classification.config -reference-config-file: /home/jason/projects/oisf/etc/suricata/reference.config +classification-file: /home/jason/projects/oi../../etc/suricata/classification.config +reference-config-file: /home/jason/projects/oi../../etc/suricata/reference.config # Holds variables that would be used by the engine. vars: @@ -1255,8 +1255,8 @@ vars: # - alert # IP Reputation -#reputation-categories-file: /home/jason/projects/oisf/etc/suricata/iprep/categories.txt -#default-reputation-path: /home/jason/projects/oisf/etc/suricata/iprep +#reputation-categories-file: /home/jason/projects/oi../../etc/suricata/iprep/categories.txt +#default-reputation-path: /home/jason/projects/oi../../etc/suricata/iprep #reputation-files: # - reputation.list diff --git a/dns-json-log/vars.sh b/tests/dns-json-log/vars.sh similarity index 100% rename from dns-json-log/vars.sh rename to tests/dns-json-log/vars.sh diff --git a/dns-tcp-multirequest-buffer-1/README b/tests/dns-tcp-multirequest-buffer-1/README similarity index 100% rename from dns-tcp-multirequest-buffer-1/README rename to tests/dns-tcp-multirequest-buffer-1/README diff --git a/dns-tcp-multirequest-buffer-1/check.sh b/tests/dns-tcp-multirequest-buffer-1/check.sh similarity index 100% rename from dns-tcp-multirequest-buffer-1/check.sh rename to tests/dns-tcp-multirequest-buffer-1/check.sh diff --git a/dns-tcp-multirequest-buffer-1/dns-tcp-multirequest-buffer.pcap b/tests/dns-tcp-multirequest-buffer-1/dns-tcp-multirequest-buffer.pcap similarity index 100% rename from dns-tcp-multirequest-buffer-1/dns-tcp-multirequest-buffer.pcap rename to tests/dns-tcp-multirequest-buffer-1/dns-tcp-multirequest-buffer.pcap diff --git a/tests/dns-tcp-multirequest-buffer-1/suricata.yaml b/tests/dns-tcp-multirequest-buffer-1/suricata.yaml new file mode 100644 index 000000000..502e7076d --- /dev/null +++ b/tests/dns-tcp-multirequest-buffer-1/suricata.yaml @@ -0,0 +1,4 @@ +%YAML 1.1 +--- + +include: ../../etc/suricata-3.1.2.yaml diff --git a/dns-tcp-ts-gap/README.md b/tests/dns-tcp-ts-gap/README.md similarity index 100% rename from dns-tcp-ts-gap/README.md rename to tests/dns-tcp-ts-gap/README.md diff --git a/dns-tcp-ts-gap/check.sh b/tests/dns-tcp-ts-gap/check.sh similarity index 94% rename from dns-tcp-ts-gap/check.sh rename to tests/dns-tcp-ts-gap/check.sh index 9bdc789f6..b8f936265 100755 --- a/dns-tcp-ts-gap/check.sh +++ b/tests/dns-tcp-ts-gap/check.sh @@ -1,6 +1,6 @@ #! /bin/sh -. ../functions.sh +. ../../util/functions.sh # As a request was missing, we should have 2 requests, but 26 # responses, as each request resulted in 12 responses. diff --git a/dns-tcp-ts-gap/input.pcap b/tests/dns-tcp-ts-gap/input.pcap similarity index 100% rename from dns-tcp-ts-gap/input.pcap rename to tests/dns-tcp-ts-gap/input.pcap diff --git a/dns-tcp-ts-gap/original.pcap_ b/tests/dns-tcp-ts-gap/original.pcap_ similarity index 100% rename from dns-tcp-ts-gap/original.pcap_ rename to tests/dns-tcp-ts-gap/original.pcap_ diff --git a/dns-tcp-www-google-com/README.md b/tests/dns-tcp-www-google-com/README.md similarity index 100% rename from dns-tcp-www-google-com/README.md rename to tests/dns-tcp-www-google-com/README.md diff --git a/dns-tcp-www-google-com/check.sh b/tests/dns-tcp-www-google-com/check.sh similarity index 92% rename from dns-tcp-www-google-com/check.sh rename to tests/dns-tcp-www-google-com/check.sh index 6e4bcc9ed..307cdc5d7 100755 --- a/dns-tcp-www-google-com/check.sh +++ b/tests/dns-tcp-www-google-com/check.sh @@ -1,6 +1,6 @@ #! /bin/sh -. ../functions.sh +. ../../util/functions.sh # One DNS request. n=$(jq_count output/eve.json 'select(.event_type == "dns") | select(.dns.type == "query")') diff --git a/dns-tcp-www-google-com/dns.pcap b/tests/dns-tcp-www-google-com/dns.pcap similarity index 100% rename from dns-tcp-www-google-com/dns.pcap rename to tests/dns-tcp-www-google-com/dns.pcap diff --git a/dns-tcp-www-google-com/suricata.yaml b/tests/dns-tcp-www-google-com/suricata.yaml similarity index 61% rename from dns-tcp-www-google-com/suricata.yaml rename to tests/dns-tcp-www-google-com/suricata.yaml index 1c013dadb..311725564 100644 --- a/dns-tcp-www-google-com/suricata.yaml +++ b/tests/dns-tcp-www-google-com/suricata.yaml @@ -1,7 +1,7 @@ %YAML 1.1 --- -include: ../etc/suricata-3.1.2.yaml +include: ../../etc/suricata-3.1.2.yaml # Remove stats logging. stats: diff --git a/dns-udp-dig-a-www-suricata-ids-org/README.md b/tests/dns-udp-dig-a-www-suricata-ids-org/README.md similarity index 100% rename from dns-udp-dig-a-www-suricata-ids-org/README.md rename to tests/dns-udp-dig-a-www-suricata-ids-org/README.md diff --git a/dns-udp-dig-a-www-suricata-ids-org/check.sh b/tests/dns-udp-dig-a-www-suricata-ids-org/check.sh similarity index 93% rename from dns-udp-dig-a-www-suricata-ids-org/check.sh rename to tests/dns-udp-dig-a-www-suricata-ids-org/check.sh index 6179a189f..56e6cbc35 100755 --- a/dns-udp-dig-a-www-suricata-ids-org/check.sh +++ b/tests/dns-udp-dig-a-www-suricata-ids-org/check.sh @@ -1,6 +1,6 @@ #! /bin/sh -. ../functions.sh +. ../../util/functions.sh n=$(cat output/eve.json | jq -c 'select(.dns.type == "query")' | wc -l | xargs) assert_eq 1 $n diff --git a/dns-udp-dig-a-www-suricata-ids-org/dig-a-www.suricata-ids.org.pcap b/tests/dns-udp-dig-a-www-suricata-ids-org/dig-a-www.suricata-ids.org.pcap similarity index 100% rename from dns-udp-dig-a-www-suricata-ids-org/dig-a-www.suricata-ids.org.pcap rename to tests/dns-udp-dig-a-www-suricata-ids-org/dig-a-www.suricata-ids.org.pcap diff --git a/dns-udp-dns-log-unanswered/README.md b/tests/dns-udp-dns-log-unanswered/README.md similarity index 100% rename from dns-udp-dns-log-unanswered/README.md rename to tests/dns-udp-dns-log-unanswered/README.md diff --git a/dns-udp-dns-log-unanswered/check.sh b/tests/dns-udp-dns-log-unanswered/check.sh similarity index 100% rename from dns-udp-dns-log-unanswered/check.sh rename to tests/dns-udp-dns-log-unanswered/check.sh diff --git a/dns-udp-dns-log-unanswered/dnslookups2.pcap b/tests/dns-udp-dns-log-unanswered/dnslookups2.pcap similarity index 100% rename from dns-udp-dns-log-unanswered/dnslookups2.pcap rename to tests/dns-udp-dns-log-unanswered/dnslookups2.pcap diff --git a/dns-udp-dns-log-unanswered/skip.sh b/tests/dns-udp-dns-log-unanswered/skip.sh similarity index 100% rename from dns-udp-dns-log-unanswered/skip.sh rename to tests/dns-udp-dns-log-unanswered/skip.sh diff --git a/dns-udp-dns-log-unanswered/suricata.yaml b/tests/dns-udp-dns-log-unanswered/suricata.yaml similarity index 67% rename from dns-udp-dns-log-unanswered/suricata.yaml rename to tests/dns-udp-dns-log-unanswered/suricata.yaml index a8303b3f4..323fd50fa 100644 --- a/dns-udp-dns-log-unanswered/suricata.yaml +++ b/tests/dns-udp-dns-log-unanswered/suricata.yaml @@ -1,7 +1,7 @@ %YAML 1.1 --- -include: ../etc/suricata-3.1.2.yaml +include: ../../etc/suricata-3.1.2.yaml outputs: - dns-log: diff --git a/dns-udp-dns-log-unanswered/vars.sh b/tests/dns-udp-dns-log-unanswered/vars.sh similarity index 100% rename from dns-udp-dns-log-unanswered/vars.sh rename to tests/dns-udp-dns-log-unanswered/vars.sh diff --git a/dns-udp-double-request-response/README.txt b/tests/dns-udp-double-request-response/README.txt similarity index 100% rename from dns-udp-double-request-response/README.txt rename to tests/dns-udp-double-request-response/README.txt diff --git a/dns-udp-double-request-response/check.sh b/tests/dns-udp-double-request-response/check.sh similarity index 100% rename from dns-udp-double-request-response/check.sh rename to tests/dns-udp-double-request-response/check.sh diff --git a/dns-udp-double-request-response/dns-udp-double-request-response.pcap b/tests/dns-udp-double-request-response/dns-udp-double-request-response.pcap similarity index 100% rename from dns-udp-double-request-response/dns-udp-double-request-response.pcap rename to tests/dns-udp-double-request-response/dns-udp-double-request-response.pcap diff --git a/tests/dns-udp-double-request-response/suricata.yaml b/tests/dns-udp-double-request-response/suricata.yaml new file mode 100644 index 000000000..502e7076d --- /dev/null +++ b/tests/dns-udp-double-request-response/suricata.yaml @@ -0,0 +1,4 @@ +%YAML 1.1 +--- + +include: ../../etc/suricata-3.1.2.yaml diff --git a/dns-udp-eve-log-aaaa-only/README.md b/tests/dns-udp-eve-log-aaaa-only/README.md similarity index 100% rename from dns-udp-eve-log-aaaa-only/README.md rename to tests/dns-udp-eve-log-aaaa-only/README.md diff --git a/dns-udp-eve-log-aaaa-only/check.sh b/tests/dns-udp-eve-log-aaaa-only/check.sh similarity index 89% rename from dns-udp-eve-log-aaaa-only/check.sh rename to tests/dns-udp-eve-log-aaaa-only/check.sh index ef8ffd303..16997d8c7 100755 --- a/dns-udp-eve-log-aaaa-only/check.sh +++ b/tests/dns-udp-eve-log-aaaa-only/check.sh @@ -1,6 +1,6 @@ #! /bin/sh -. ../functions.sh +. ../../util/functions.sh n=$(jq_count output/eve.json 'select(.dns.rrtype == "AAAA")') assert_eq 2 $n "expected 2 aaaa records" diff --git a/dns-udp-eve-log-aaaa-only/dns-udp-google.com-a-aaaa-mx.pcap b/tests/dns-udp-eve-log-aaaa-only/dns-udp-google.com-a-aaaa-mx.pcap similarity index 100% rename from dns-udp-eve-log-aaaa-only/dns-udp-google.com-a-aaaa-mx.pcap rename to tests/dns-udp-eve-log-aaaa-only/dns-udp-google.com-a-aaaa-mx.pcap diff --git a/dns-udp-eve-log-aaaa-only/suricata.yaml b/tests/dns-udp-eve-log-aaaa-only/suricata.yaml similarity index 100% rename from dns-udp-eve-log-aaaa-only/suricata.yaml rename to tests/dns-udp-eve-log-aaaa-only/suricata.yaml diff --git a/dns-udp-eve-log-answer-only/check.sh b/tests/dns-udp-eve-log-answer-only/check.sh similarity index 87% rename from dns-udp-eve-log-answer-only/check.sh rename to tests/dns-udp-eve-log-answer-only/check.sh index b61a5e149..7a255d006 100755 --- a/dns-udp-eve-log-answer-only/check.sh +++ b/tests/dns-udp-eve-log-answer-only/check.sh @@ -1,6 +1,6 @@ #! /bin/sh -. ../functions.sh +. ../../util/functions.sh # Should be no answers. n=$(jq_count output/eve.json 'select(.event_type == "dns") | select(.dns.type != "answer")') diff --git a/dns-udp-eve-log-answer-only/dns-udp-google.com-a-aaaa-mx.pcap b/tests/dns-udp-eve-log-answer-only/dns-udp-google.com-a-aaaa-mx.pcap similarity index 100% rename from dns-udp-eve-log-answer-only/dns-udp-google.com-a-aaaa-mx.pcap rename to tests/dns-udp-eve-log-answer-only/dns-udp-google.com-a-aaaa-mx.pcap diff --git a/dns-udp-eve-log-answer-only/suricata.yaml b/tests/dns-udp-eve-log-answer-only/suricata.yaml similarity index 100% rename from dns-udp-eve-log-answer-only/suricata.yaml rename to tests/dns-udp-eve-log-answer-only/suricata.yaml diff --git a/dns-udp-eve-log-mx-only/check.sh b/tests/dns-udp-eve-log-mx-only/check.sh similarity index 82% rename from dns-udp-eve-log-mx-only/check.sh rename to tests/dns-udp-eve-log-mx-only/check.sh index 639a4d436..f6b5a13d7 100755 --- a/dns-udp-eve-log-mx-only/check.sh +++ b/tests/dns-udp-eve-log-mx-only/check.sh @@ -1,6 +1,6 @@ #! /bin/sh -. ../functions.sh +. ../../util/functions.sh n=$(jq_count output/eve.json 'select(.dns.rrtype != "MX")') assert_eq 0 $n "only expected mx records" diff --git a/dns-udp-eve-log-mx-only/dns-udp-google.com-a-aaaa-mx.pcap b/tests/dns-udp-eve-log-mx-only/dns-udp-google.com-a-aaaa-mx.pcap similarity index 100% rename from dns-udp-eve-log-mx-only/dns-udp-google.com-a-aaaa-mx.pcap rename to tests/dns-udp-eve-log-mx-only/dns-udp-google.com-a-aaaa-mx.pcap diff --git a/dns-udp-eve-log-mx-only/suricata.yaml b/tests/dns-udp-eve-log-mx-only/suricata.yaml similarity index 100% rename from dns-udp-eve-log-mx-only/suricata.yaml rename to tests/dns-udp-eve-log-mx-only/suricata.yaml diff --git a/dns-udp-eve-log-query-only/check.sh b/tests/dns-udp-eve-log-query-only/check.sh similarity index 87% rename from dns-udp-eve-log-query-only/check.sh rename to tests/dns-udp-eve-log-query-only/check.sh index 8fffed0ee..3f8aaad27 100755 --- a/dns-udp-eve-log-query-only/check.sh +++ b/tests/dns-udp-eve-log-query-only/check.sh @@ -1,6 +1,6 @@ #! /bin/sh -. ../functions.sh +. ../../util/functions.sh # Should be no answers. n=$(jq_count output/eve.json 'select(.event_type == "dns") | select(.dns.type != "query")') diff --git a/dns-udp-eve-log-query-only/dns-udp-google.com-a-aaaa-mx.pcap b/tests/dns-udp-eve-log-query-only/dns-udp-google.com-a-aaaa-mx.pcap similarity index 100% rename from dns-udp-eve-log-query-only/dns-udp-google.com-a-aaaa-mx.pcap rename to tests/dns-udp-eve-log-query-only/dns-udp-google.com-a-aaaa-mx.pcap diff --git a/dns-udp-eve-log-query-only/suricata.yaml b/tests/dns-udp-eve-log-query-only/suricata.yaml similarity index 100% rename from dns-udp-eve-log-query-only/suricata.yaml rename to tests/dns-udp-eve-log-query-only/suricata.yaml diff --git a/dns-udp-eve-log-txt/README.md b/tests/dns-udp-eve-log-txt/README.md similarity index 100% rename from dns-udp-eve-log-txt/README.md rename to tests/dns-udp-eve-log-txt/README.md diff --git a/dns-udp-eve-log-txt/check.sh b/tests/dns-udp-eve-log-txt/check.sh similarity index 100% rename from dns-udp-eve-log-txt/check.sh rename to tests/dns-udp-eve-log-txt/check.sh diff --git a/dns-udp-eve-log-txt/dns-txt-google.com.pcap b/tests/dns-udp-eve-log-txt/dns-txt-google.com.pcap similarity index 100% rename from dns-udp-eve-log-txt/dns-txt-google.com.pcap rename to tests/dns-udp-eve-log-txt/dns-txt-google.com.pcap diff --git a/dns-udp-nxdomain-soa/README.md b/tests/dns-udp-nxdomain-soa/README.md similarity index 100% rename from dns-udp-nxdomain-soa/README.md rename to tests/dns-udp-nxdomain-soa/README.md diff --git a/dns-udp-nxdomain-soa/check.sh b/tests/dns-udp-nxdomain-soa/check.sh similarity index 86% rename from dns-udp-nxdomain-soa/check.sh rename to tests/dns-udp-nxdomain-soa/check.sh index 4f9582758..dd64e003d 100755 --- a/dns-udp-nxdomain-soa/check.sh +++ b/tests/dns-udp-nxdomain-soa/check.sh @@ -1,6 +1,6 @@ #! /bin/sh -. ../functions.sh +. ../../util/functions.sh # Look for 2 responses with rcode == "NXDOMAIN". n=$(jq_count output/eve.json 'select(.dns.rcode == "NXDOMAIN")') diff --git a/dns-udp-nxdomain-soa/dns-udp-nxdomain-soa.pcap b/tests/dns-udp-nxdomain-soa/dns-udp-nxdomain-soa.pcap similarity index 100% rename from dns-udp-nxdomain-soa/dns-udp-nxdomain-soa.pcap rename to tests/dns-udp-nxdomain-soa/dns-udp-nxdomain-soa.pcap diff --git a/tests/dns-udp-nxdomain-soa/suricata.yaml b/tests/dns-udp-nxdomain-soa/suricata.yaml new file mode 100644 index 000000000..502e7076d --- /dev/null +++ b/tests/dns-udp-nxdomain-soa/suricata.yaml @@ -0,0 +1,4 @@ +%YAML 1.1 +--- + +include: ../../etc/suricata-3.1.2.yaml diff --git a/dns-udp-unsolicited-response/README.md b/tests/dns-udp-unsolicited-response/README.md similarity index 100% rename from dns-udp-unsolicited-response/README.md rename to tests/dns-udp-unsolicited-response/README.md diff --git a/dns-udp-unsolicited-response/check.sh b/tests/dns-udp-unsolicited-response/check.sh similarity index 100% rename from dns-udp-unsolicited-response/check.sh rename to tests/dns-udp-unsolicited-response/check.sh diff --git a/dns-udp-unsolicited-response/dns-events.rules b/tests/dns-udp-unsolicited-response/dns-events.rules similarity index 100% rename from dns-udp-unsolicited-response/dns-events.rules rename to tests/dns-udp-unsolicited-response/dns-events.rules diff --git a/dns-udp-unsolicited-response/dns-response-2x.pcap b/tests/dns-udp-unsolicited-response/dns-response-2x.pcap similarity index 100% rename from dns-udp-unsolicited-response/dns-response-2x.pcap rename to tests/dns-udp-unsolicited-response/dns-response-2x.pcap diff --git a/dns-udp-unsolicited-response/skip.sh b/tests/dns-udp-unsolicited-response/skip.sh similarity index 100% rename from dns-udp-unsolicited-response/skip.sh rename to tests/dns-udp-unsolicited-response/skip.sh diff --git a/tests/dns-udp-unsolicited-response/suricata.yaml b/tests/dns-udp-unsolicited-response/suricata.yaml new file mode 100644 index 000000000..502e7076d --- /dev/null +++ b/tests/dns-udp-unsolicited-response/suricata.yaml @@ -0,0 +1,4 @@ +%YAML 1.1 +--- + +include: ../../etc/suricata-3.1.2.yaml diff --git a/dns-udp-z-flag-fp/README.md b/tests/dns-udp-z-flag-fp/README.md similarity index 100% rename from dns-udp-z-flag-fp/README.md rename to tests/dns-udp-z-flag-fp/README.md diff --git a/dns-udp-z-flag-fp/check.sh b/tests/dns-udp-z-flag-fp/check.sh similarity index 82% rename from dns-udp-z-flag-fp/check.sh rename to tests/dns-udp-z-flag-fp/check.sh index 3ac9bfcc7..6b9072d55 100755 --- a/dns-udp-z-flag-fp/check.sh +++ b/tests/dns-udp-z-flag-fp/check.sh @@ -1,6 +1,6 @@ #! /bin/sh -. ../functions.sh +. ../../util/functions.sh # Check that there are no events. n=$(cat output/fast.log | wc -l | xargs) diff --git a/dns-udp-z-flag-fp/dns-events.rules b/tests/dns-udp-z-flag-fp/dns-events.rules similarity index 100% rename from dns-udp-z-flag-fp/dns-events.rules rename to tests/dns-udp-z-flag-fp/dns-events.rules diff --git a/dns-udp-z-flag-fp/suricatafpdnsdecoder.pcap b/tests/dns-udp-z-flag-fp/suricatafpdnsdecoder.pcap similarity index 100% rename from dns-udp-z-flag-fp/suricatafpdnsdecoder.pcap rename to tests/dns-udp-z-flag-fp/suricatafpdnsdecoder.pcap diff --git a/eve-dns/check.sh b/tests/eve-dns/check.sh similarity index 89% rename from eve-dns/check.sh rename to tests/eve-dns/check.sh index d0998c400..9490460c1 100755 --- a/eve-dns/check.sh +++ b/tests/eve-dns/check.sh @@ -1,6 +1,6 @@ #! /bin/sh -. ../functions.sh +. ../../util/functions.sh # 4 queries. n=$(jq_count output/eve.json 'select(.dns.type == "query")') diff --git a/eve-dns/input.pcap b/tests/eve-dns/input.pcap similarity index 100% rename from eve-dns/input.pcap rename to tests/eve-dns/input.pcap diff --git a/eve-dns/suricata.yaml b/tests/eve-dns/suricata.yaml similarity index 99% rename from eve-dns/suricata.yaml rename to tests/eve-dns/suricata.yaml index 8fa70c889..093163ada 100644 --- a/eve-dns/suricata.yaml +++ b/tests/eve-dns/suricata.yaml @@ -391,7 +391,7 @@ outputs: # https://redmine.openinfosecfoundation.org/projects/suricata/wiki/Lua_Output - lua: enabled: no - #scripts-dir: /etc/suricata/lua-output/ + #scripts-dir../../etc/suricata/lua-output/ scripts: # - script1.lua @@ -584,7 +584,7 @@ legacy: # You can specify a threshold config file by setting "threshold-file" # to the path of the threshold config file: -# threshold-file: /etc/suricata/threshold.config +# threshold-file../../etc/suricata/threshold.config # The detection engine builds internal groups of signatures. The engine # allow us to specify the profile to use for them, to manage memory on an @@ -1105,7 +1105,7 @@ pcap-file: # For FreeBSD ipfw(8) divert(4) support. # Please make sure you have ipfw_load="YES" and ipdivert_load="YES" -# in /etc/loader.conf or kldload'ing the appropriate kernel modules. +# i../../etc/loader.conf or kldload'ing the appropriate kernel modules. # Additionally, you need to have an ipfw rule for the engine to see # the packets from ipfw. For Example: # @@ -1131,7 +1131,7 @@ ipfw: # Set the default rule path here to search for the files. # if not set, it will look at the current working dir -default-rule-path: /home/jason/projects/oisf/etc/suricata/rules +default-rule-path: /home/jason/projects/oi../../etc/suricata/rules rule-files: - botcc.rules - ciarmy.rules @@ -1184,8 +1184,8 @@ rule-files: # - modbus-events.rules # available in suricata sources under rules dir - app-layer-events.rules # available in suricata sources under rules dir -classification-file: /home/jason/projects/oisf/etc/suricata/classification.config -reference-config-file: /home/jason/projects/oisf/etc/suricata/reference.config +classification-file: /home/jason/projects/oi../../etc/suricata/classification.config +reference-config-file: /home/jason/projects/oi../../etc/suricata/reference.config # Holds variables that would be used by the engine. vars: @@ -1247,8 +1247,8 @@ vars: # - alert # IP Reputation -#reputation-categories-file: /home/jason/projects/oisf/etc/suricata/iprep/categories.txt -#default-reputation-path: /home/jason/projects/oisf/etc/suricata/iprep +#reputation-categories-file: /home/jason/projects/oi../../etc/suricata/iprep/categories.txt +#default-reputation-path: /home/jason/projects/oi../../etc/suricata/iprep #reputation-files: # - reputation.list diff --git a/eve-dns/vars.sh b/tests/eve-dns/vars.sh similarity index 100% rename from eve-dns/vars.sh rename to tests/eve-dns/vars.sh diff --git a/lua-output-dns/README.md b/tests/lua-output-dns/README.md similarity index 100% rename from lua-output-dns/README.md rename to tests/lua-output-dns/README.md diff --git a/lua-output-dns/check.sh b/tests/lua-output-dns/check.sh similarity index 100% rename from lua-output-dns/check.sh rename to tests/lua-output-dns/check.sh diff --git a/lua-output-dns/suricata.yaml b/tests/lua-output-dns/suricata.yaml similarity index 52% rename from lua-output-dns/suricata.yaml rename to tests/lua-output-dns/suricata.yaml index 0b35bcedd..ac257314c 100644 --- a/lua-output-dns/suricata.yaml +++ b/tests/lua-output-dns/suricata.yaml @@ -1,13 +1,13 @@ %YAML 1.1 --- -include: ../etc/suricata-3.1.2.yaml +include: ../../etc/suricata-3.1.2.yaml rule-files: outputs: - lua: enabled: yes - scripts-dir: ../verify/lua-output-dns + scripts-dir: ../verify/tests/lua-output-dns scripts: - test.lua diff --git a/lua-output-dns/test.lua b/tests/lua-output-dns/test.lua similarity index 100% rename from lua-output-dns/test.lua rename to tests/lua-output-dns/test.lua diff --git a/lua-output-dns/test.pcap b/tests/lua-output-dns/test.pcap similarity index 100% rename from lua-output-dns/test.pcap rename to tests/lua-output-dns/test.pcap diff --git a/lua-output-dns/test.rules b/tests/lua-output-dns/test.rules similarity index 100% rename from lua-output-dns/test.rules rename to tests/lua-output-dns/test.rules diff --git a/lua-output-http/README.md b/tests/lua-output-http/README.md similarity index 100% rename from lua-output-http/README.md rename to tests/lua-output-http/README.md diff --git a/lua-output-http/check.sh b/tests/lua-output-http/check.sh similarity index 100% rename from lua-output-http/check.sh rename to tests/lua-output-http/check.sh diff --git a/lua-output-smtp/default.yaml b/tests/lua-output-http/default.yaml similarity index 99% rename from lua-output-smtp/default.yaml rename to tests/lua-output-http/default.yaml index db6125d2e..af883b357 100644 --- a/lua-output-smtp/default.yaml +++ b/tests/lua-output-http/default.yaml @@ -47,7 +47,7 @@ vars: ## Step 2: select the rules to enable or disable ## -default-rule-path: /home/jason/projects/oisf/etc/suricata/rules +default-rule-path: /home/jason/projects/oi../../etc/suricata/rules rule-files: - botcc.rules - ciarmy.rules @@ -100,9 +100,9 @@ rule-files: # - modbus-events.rules # available in suricata sources under rules dir # - app-layer-events.rules # available in suricata sources under rules dir -classification-file: /home/jason/projects/oisf/etc/suricata/classification.config -reference-config-file: /home/jason/projects/oisf/etc/suricata/reference.config -# threshold-file: /home/jason/projects/oisf/etc/suricata/threshold.config +classification-file: /home/jason/projects/oi../../etc/suricata/classification.config +reference-config-file: /home/jason/projects/oi../../etc/suricata/reference.config +# threshold-file: /home/jason/projects/oi../../etc/suricata/threshold.config ## @@ -428,7 +428,7 @@ outputs: # https://redmine.openinfosecfoundation.org/projects/suricata/wiki/Lua_Output - lua: enabled: no - #scripts-dir: /etc/suricata/lua-output/ + #scripts-dir../../etc/suricata/lua-output/ scripts: # - script1.lua @@ -918,8 +918,8 @@ legacy: # - alert # IP Reputation -#reputation-categories-file: /home/jason/projects/oisf/etc/suricata/iprep/categories.txt -#default-reputation-path: /home/jason/projects/oisf/etc/suricata/iprep +#reputation-categories-file: /home/jason/projects/oi../../etc/suricata/iprep/categories.txt +#default-reputation-path: /home/jason/projects/oi../../etc/suricata/iprep #reputation-files: # - reputation.list @@ -1520,7 +1520,7 @@ pfring: # For FreeBSD ipfw(8) divert(4) support. # Please make sure you have ipfw_load="YES" and ipdivert_load="YES" -# in /etc/loader.conf or kldload'ing the appropriate kernel modules. +# i../../etc/loader.conf or kldload'ing the appropriate kernel modules. # Additionally, you need to have an ipfw rule for the engine to see # the packets from ipfw. For Example: # diff --git a/lua-output-http/expected/http_lua.log b/tests/lua-output-http/expected/http_lua.log similarity index 100% rename from lua-output-http/expected/http_lua.log rename to tests/lua-output-http/expected/http_lua.log diff --git a/lua-output-http/http.lua b/tests/lua-output-http/http.lua similarity index 100% rename from lua-output-http/http.lua rename to tests/lua-output-http/http.lua diff --git a/lua-output-http/input.pcap b/tests/lua-output-http/input.pcap similarity index 100% rename from lua-output-http/input.pcap rename to tests/lua-output-http/input.pcap diff --git a/lua-output-http/suricata.yaml b/tests/lua-output-http/suricata.yaml similarity index 68% rename from lua-output-http/suricata.yaml rename to tests/lua-output-http/suricata.yaml index 758089310..7e0bc1785 100644 --- a/lua-output-http/suricata.yaml +++ b/tests/lua-output-http/suricata.yaml @@ -6,6 +6,6 @@ include: default.yaml outputs: - lua: enabled: yes - scripts-dir: ../verify/lua-output-http + scripts-dir: ../verify/tests/lua-output-http scripts: - http.lua diff --git a/lua-output-smtp/README.txt b/tests/lua-output-smtp/README.txt similarity index 100% rename from lua-output-smtp/README.txt rename to tests/lua-output-smtp/README.txt diff --git a/lua-output-smtp/check.sh b/tests/lua-output-smtp/check.sh similarity index 100% rename from lua-output-smtp/check.sh rename to tests/lua-output-smtp/check.sh diff --git a/output-pcap-log/default.yaml b/tests/lua-output-smtp/default.yaml similarity index 99% rename from output-pcap-log/default.yaml rename to tests/lua-output-smtp/default.yaml index db6125d2e..af883b357 100644 --- a/output-pcap-log/default.yaml +++ b/tests/lua-output-smtp/default.yaml @@ -47,7 +47,7 @@ vars: ## Step 2: select the rules to enable or disable ## -default-rule-path: /home/jason/projects/oisf/etc/suricata/rules +default-rule-path: /home/jason/projects/oi../../etc/suricata/rules rule-files: - botcc.rules - ciarmy.rules @@ -100,9 +100,9 @@ rule-files: # - modbus-events.rules # available in suricata sources under rules dir # - app-layer-events.rules # available in suricata sources under rules dir -classification-file: /home/jason/projects/oisf/etc/suricata/classification.config -reference-config-file: /home/jason/projects/oisf/etc/suricata/reference.config -# threshold-file: /home/jason/projects/oisf/etc/suricata/threshold.config +classification-file: /home/jason/projects/oi../../etc/suricata/classification.config +reference-config-file: /home/jason/projects/oi../../etc/suricata/reference.config +# threshold-file: /home/jason/projects/oi../../etc/suricata/threshold.config ## @@ -428,7 +428,7 @@ outputs: # https://redmine.openinfosecfoundation.org/projects/suricata/wiki/Lua_Output - lua: enabled: no - #scripts-dir: /etc/suricata/lua-output/ + #scripts-dir../../etc/suricata/lua-output/ scripts: # - script1.lua @@ -918,8 +918,8 @@ legacy: # - alert # IP Reputation -#reputation-categories-file: /home/jason/projects/oisf/etc/suricata/iprep/categories.txt -#default-reputation-path: /home/jason/projects/oisf/etc/suricata/iprep +#reputation-categories-file: /home/jason/projects/oi../../etc/suricata/iprep/categories.txt +#default-reputation-path: /home/jason/projects/oi../../etc/suricata/iprep #reputation-files: # - reputation.list @@ -1520,7 +1520,7 @@ pfring: # For FreeBSD ipfw(8) divert(4) support. # Please make sure you have ipfw_load="YES" and ipdivert_load="YES" -# in /etc/loader.conf or kldload'ing the appropriate kernel modules. +# i../../etc/loader.conf or kldload'ing the appropriate kernel modules. # Additionally, you need to have an ipfw rule for the engine to see # the packets from ipfw. For Example: # diff --git a/lua-output-smtp/expected/smtp_lua.log b/tests/lua-output-smtp/expected/smtp_lua.log similarity index 100% rename from lua-output-smtp/expected/smtp_lua.log rename to tests/lua-output-smtp/expected/smtp_lua.log diff --git a/lua-output-smtp/input.pcap b/tests/lua-output-smtp/input.pcap similarity index 100% rename from lua-output-smtp/input.pcap rename to tests/lua-output-smtp/input.pcap diff --git a/lua-output-smtp/smtp.lua b/tests/lua-output-smtp/smtp.lua similarity index 100% rename from lua-output-smtp/smtp.lua rename to tests/lua-output-smtp/smtp.lua diff --git a/lua-output-smtp/suricata.yaml b/tests/lua-output-smtp/suricata.yaml similarity index 68% rename from lua-output-smtp/suricata.yaml rename to tests/lua-output-smtp/suricata.yaml index 3c29ccb73..2fd72f7f5 100644 --- a/lua-output-smtp/suricata.yaml +++ b/tests/lua-output-smtp/suricata.yaml @@ -6,6 +6,6 @@ include: default.yaml outputs: - lua: enabled: yes - scripts-dir: ../verify/lua-output-smtp + scripts-dir: ../verify/tests/lua-output-smtp scripts: - smtp.lua diff --git a/output-eve-fileinfo/check.sh b/tests/output-eve-fileinfo/check.sh similarity index 83% rename from output-eve-fileinfo/check.sh rename to tests/output-eve-fileinfo/check.sh index 241ae2ff5..19c998024 100755 --- a/output-eve-fileinfo/check.sh +++ b/tests/output-eve-fileinfo/check.sh @@ -1,6 +1,6 @@ #! /bin/sh -. ../functions.sh +. ../../util/functions.sh filename=$(cat output/eve.json | jq -c .fileinfo.filename) assert_eq '"eicar.com"' "$filename" "bad filename" diff --git a/output-eve-fileinfo/expected/eve.json b/tests/output-eve-fileinfo/expected/eve.json similarity index 100% rename from output-eve-fileinfo/expected/eve.json rename to tests/output-eve-fileinfo/expected/eve.json diff --git a/output-eve-fileinfo/input.pcap b/tests/output-eve-fileinfo/input.pcap similarity index 100% rename from output-eve-fileinfo/input.pcap rename to tests/output-eve-fileinfo/input.pcap diff --git a/output-eve-fileinfo/suricata-3.1.yaml b/tests/output-eve-fileinfo/suricata-3.1.yaml similarity index 99% rename from output-eve-fileinfo/suricata-3.1.yaml rename to tests/output-eve-fileinfo/suricata-3.1.yaml index 8fa70c889..093163ada 100644 --- a/output-eve-fileinfo/suricata-3.1.yaml +++ b/tests/output-eve-fileinfo/suricata-3.1.yaml @@ -391,7 +391,7 @@ outputs: # https://redmine.openinfosecfoundation.org/projects/suricata/wiki/Lua_Output - lua: enabled: no - #scripts-dir: /etc/suricata/lua-output/ + #scripts-dir../../etc/suricata/lua-output/ scripts: # - script1.lua @@ -584,7 +584,7 @@ legacy: # You can specify a threshold config file by setting "threshold-file" # to the path of the threshold config file: -# threshold-file: /etc/suricata/threshold.config +# threshold-file../../etc/suricata/threshold.config # The detection engine builds internal groups of signatures. The engine # allow us to specify the profile to use for them, to manage memory on an @@ -1105,7 +1105,7 @@ pcap-file: # For FreeBSD ipfw(8) divert(4) support. # Please make sure you have ipfw_load="YES" and ipdivert_load="YES" -# in /etc/loader.conf or kldload'ing the appropriate kernel modules. +# i../../etc/loader.conf or kldload'ing the appropriate kernel modules. # Additionally, you need to have an ipfw rule for the engine to see # the packets from ipfw. For Example: # @@ -1131,7 +1131,7 @@ ipfw: # Set the default rule path here to search for the files. # if not set, it will look at the current working dir -default-rule-path: /home/jason/projects/oisf/etc/suricata/rules +default-rule-path: /home/jason/projects/oi../../etc/suricata/rules rule-files: - botcc.rules - ciarmy.rules @@ -1184,8 +1184,8 @@ rule-files: # - modbus-events.rules # available in suricata sources under rules dir - app-layer-events.rules # available in suricata sources under rules dir -classification-file: /home/jason/projects/oisf/etc/suricata/classification.config -reference-config-file: /home/jason/projects/oisf/etc/suricata/reference.config +classification-file: /home/jason/projects/oi../../etc/suricata/classification.config +reference-config-file: /home/jason/projects/oi../../etc/suricata/reference.config # Holds variables that would be used by the engine. vars: @@ -1247,8 +1247,8 @@ vars: # - alert # IP Reputation -#reputation-categories-file: /home/jason/projects/oisf/etc/suricata/iprep/categories.txt -#default-reputation-path: /home/jason/projects/oisf/etc/suricata/iprep +#reputation-categories-file: /home/jason/projects/oi../../etc/suricata/iprep/categories.txt +#default-reputation-path: /home/jason/projects/oi../../etc/suricata/iprep #reputation-files: # - reputation.list diff --git a/output-eve-fileinfo/suricata.yaml b/tests/output-eve-fileinfo/suricata.yaml similarity index 100% rename from output-eve-fileinfo/suricata.yaml rename to tests/output-eve-fileinfo/suricata.yaml diff --git a/output-pcap-log/check.sh b/tests/output-pcap-log/check.sh similarity index 100% rename from output-pcap-log/check.sh rename to tests/output-pcap-log/check.sh diff --git a/lua-output-http/default.yaml b/tests/output-pcap-log/default.yaml similarity index 99% rename from lua-output-http/default.yaml rename to tests/output-pcap-log/default.yaml index db6125d2e..af883b357 100644 --- a/lua-output-http/default.yaml +++ b/tests/output-pcap-log/default.yaml @@ -47,7 +47,7 @@ vars: ## Step 2: select the rules to enable or disable ## -default-rule-path: /home/jason/projects/oisf/etc/suricata/rules +default-rule-path: /home/jason/projects/oi../../etc/suricata/rules rule-files: - botcc.rules - ciarmy.rules @@ -100,9 +100,9 @@ rule-files: # - modbus-events.rules # available in suricata sources under rules dir # - app-layer-events.rules # available in suricata sources under rules dir -classification-file: /home/jason/projects/oisf/etc/suricata/classification.config -reference-config-file: /home/jason/projects/oisf/etc/suricata/reference.config -# threshold-file: /home/jason/projects/oisf/etc/suricata/threshold.config +classification-file: /home/jason/projects/oi../../etc/suricata/classification.config +reference-config-file: /home/jason/projects/oi../../etc/suricata/reference.config +# threshold-file: /home/jason/projects/oi../../etc/suricata/threshold.config ## @@ -428,7 +428,7 @@ outputs: # https://redmine.openinfosecfoundation.org/projects/suricata/wiki/Lua_Output - lua: enabled: no - #scripts-dir: /etc/suricata/lua-output/ + #scripts-dir../../etc/suricata/lua-output/ scripts: # - script1.lua @@ -918,8 +918,8 @@ legacy: # - alert # IP Reputation -#reputation-categories-file: /home/jason/projects/oisf/etc/suricata/iprep/categories.txt -#default-reputation-path: /home/jason/projects/oisf/etc/suricata/iprep +#reputation-categories-file: /home/jason/projects/oi../../etc/suricata/iprep/categories.txt +#default-reputation-path: /home/jason/projects/oi../../etc/suricata/iprep #reputation-files: # - reputation.list @@ -1520,7 +1520,7 @@ pfring: # For FreeBSD ipfw(8) divert(4) support. # Please make sure you have ipfw_load="YES" and ipdivert_load="YES" -# in /etc/loader.conf or kldload'ing the appropriate kernel modules. +# i../../etc/loader.conf or kldload'ing the appropriate kernel modules. # Additionally, you need to have an ipfw rule for the engine to see # the packets from ipfw. For Example: # diff --git a/output-pcap-log/expected/log.pcap.1444144603 b/tests/output-pcap-log/expected/log.pcap.1444144603 similarity index 100% rename from output-pcap-log/expected/log.pcap.1444144603 rename to tests/output-pcap-log/expected/log.pcap.1444144603 diff --git a/output-pcap-log/input.pcap b/tests/output-pcap-log/input.pcap similarity index 100% rename from output-pcap-log/input.pcap rename to tests/output-pcap-log/input.pcap diff --git a/output-pcap-log/suricata.yaml b/tests/output-pcap-log/suricata.yaml similarity index 100% rename from output-pcap-log/suricata.yaml rename to tests/output-pcap-log/suricata.yaml diff --git a/output-tcp-data/check.sh b/tests/output-tcp-data/check.sh similarity index 100% rename from output-tcp-data/check.sh rename to tests/output-tcp-data/check.sh diff --git a/output-tcp-data/default.yaml b/tests/output-tcp-data/default.yaml similarity index 99% rename from output-tcp-data/default.yaml rename to tests/output-tcp-data/default.yaml index db6125d2e..af883b357 100644 --- a/output-tcp-data/default.yaml +++ b/tests/output-tcp-data/default.yaml @@ -47,7 +47,7 @@ vars: ## Step 2: select the rules to enable or disable ## -default-rule-path: /home/jason/projects/oisf/etc/suricata/rules +default-rule-path: /home/jason/projects/oi../../etc/suricata/rules rule-files: - botcc.rules - ciarmy.rules @@ -100,9 +100,9 @@ rule-files: # - modbus-events.rules # available in suricata sources under rules dir # - app-layer-events.rules # available in suricata sources under rules dir -classification-file: /home/jason/projects/oisf/etc/suricata/classification.config -reference-config-file: /home/jason/projects/oisf/etc/suricata/reference.config -# threshold-file: /home/jason/projects/oisf/etc/suricata/threshold.config +classification-file: /home/jason/projects/oi../../etc/suricata/classification.config +reference-config-file: /home/jason/projects/oi../../etc/suricata/reference.config +# threshold-file: /home/jason/projects/oi../../etc/suricata/threshold.config ## @@ -428,7 +428,7 @@ outputs: # https://redmine.openinfosecfoundation.org/projects/suricata/wiki/Lua_Output - lua: enabled: no - #scripts-dir: /etc/suricata/lua-output/ + #scripts-dir../../etc/suricata/lua-output/ scripts: # - script1.lua @@ -918,8 +918,8 @@ legacy: # - alert # IP Reputation -#reputation-categories-file: /home/jason/projects/oisf/etc/suricata/iprep/categories.txt -#default-reputation-path: /home/jason/projects/oisf/etc/suricata/iprep +#reputation-categories-file: /home/jason/projects/oi../../etc/suricata/iprep/categories.txt +#default-reputation-path: /home/jason/projects/oi../../etc/suricata/iprep #reputation-files: # - reputation.list @@ -1520,7 +1520,7 @@ pfring: # For FreeBSD ipfw(8) divert(4) support. # Please make sure you have ipfw_load="YES" and ipdivert_load="YES" -# in /etc/loader.conf or kldload'ing the appropriate kernel modules. +# i../../etc/loader.conf or kldload'ing the appropriate kernel modules. # Additionally, you need to have an ipfw rule for the engine to see # the packets from ipfw. For Example: # diff --git a/output-tcp-data/expected/tcp-data.log b/tests/output-tcp-data/expected/tcp-data.log similarity index 100% rename from output-tcp-data/expected/tcp-data.log rename to tests/output-tcp-data/expected/tcp-data.log diff --git a/output-tcp-data/input.pcap b/tests/output-tcp-data/input.pcap similarity index 100% rename from output-tcp-data/input.pcap rename to tests/output-tcp-data/input.pcap diff --git a/output-tcp-data/suricata.yaml b/tests/output-tcp-data/suricata.yaml similarity index 100% rename from output-tcp-data/suricata.yaml rename to tests/output-tcp-data/suricata.yaml diff --git a/proto-mismatch-http-ssh/app-layer-events.rules b/tests/proto-mismatch-http-ssh/app-layer-events.rules similarity index 100% rename from proto-mismatch-http-ssh/app-layer-events.rules rename to tests/proto-mismatch-http-ssh/app-layer-events.rules diff --git a/proto-mismatch-http-ssh/check.sh b/tests/proto-mismatch-http-ssh/check.sh similarity index 100% rename from proto-mismatch-http-ssh/check.sh rename to tests/proto-mismatch-http-ssh/check.sh diff --git a/proto-mismatch-http-ssh/input.pcap b/tests/proto-mismatch-http-ssh/input.pcap similarity index 100% rename from proto-mismatch-http-ssh/input.pcap rename to tests/proto-mismatch-http-ssh/input.pcap diff --git a/single-dns-request/README.md b/tests/single-dns-request/README.md similarity index 100% rename from single-dns-request/README.md rename to tests/single-dns-request/README.md diff --git a/single-dns-request/check.sh b/tests/single-dns-request/check.sh similarity index 93% rename from single-dns-request/check.sh rename to tests/single-dns-request/check.sh index 98038eb2d..0481fdbbb 100755 --- a/single-dns-request/check.sh +++ b/tests/single-dns-request/check.sh @@ -1,6 +1,6 @@ #! /bin/sh -. ../functions.sh +. ../../util/functions.sh # One query for suricon.net. n=$(jq_count output/eve.json 'select(.dns.type == "query") | select(.dns.rrname == "suricon.net")') diff --git a/single-dns-request/input.pcap b/tests/single-dns-request/input.pcap similarity index 100% rename from single-dns-request/input.pcap rename to tests/single-dns-request/input.pcap diff --git a/single-dns-request/suricata.yaml b/tests/single-dns-request/suricata.yaml similarity index 73% rename from single-dns-request/suricata.yaml rename to tests/single-dns-request/suricata.yaml index 9ab347a59..356034273 100644 --- a/single-dns-request/suricata.yaml +++ b/tests/single-dns-request/suricata.yaml @@ -1,7 +1,7 @@ %YAML 1.1 --- -include: ../etc/suricata-3.1.2.yaml +include: ../../etc/suricata-3.1.2.yaml outputs: - eve-log: diff --git a/test-config-empty-rule-file/check.sh b/tests/test-config-empty-rule-file/check.sh similarity index 100% rename from test-config-empty-rule-file/check.sh rename to tests/test-config-empty-rule-file/check.sh diff --git a/test-config-empty-rule-file/empty.rules b/tests/test-config-empty-rule-file/empty.rules similarity index 100% rename from test-config-empty-rule-file/empty.rules rename to tests/test-config-empty-rule-file/empty.rules diff --git a/test-config-empty-rule-file/run.sh b/tests/test-config-empty-rule-file/run.sh similarity index 100% rename from test-config-empty-rule-file/run.sh rename to tests/test-config-empty-rule-file/run.sh diff --git a/test-config-empty-rule-file/suricata.yaml b/tests/test-config-empty-rule-file/suricata.yaml similarity index 53% rename from test-config-empty-rule-file/suricata.yaml rename to tests/test-config-empty-rule-file/suricata.yaml index 33497b837..8914068e2 100644 --- a/test-config-empty-rule-file/suricata.yaml +++ b/tests/test-config-empty-rule-file/suricata.yaml @@ -1,7 +1,7 @@ %YAML 1.1 --- -include: ../etc/suricata-3.1.2.yaml +include: ../../etc/suricata-3.1.2.yaml rule-files: - empty.rules diff --git a/tls-fingerprint-alert/check.sh b/tests/tls-fingerprint-alert/check.sh similarity index 100% rename from tls-fingerprint-alert/check.sh rename to tests/tls-fingerprint-alert/check.sh diff --git a/tls-fingerprint-alert/input.pcap b/tests/tls-fingerprint-alert/input.pcap similarity index 100% rename from tls-fingerprint-alert/input.pcap rename to tests/tls-fingerprint-alert/input.pcap diff --git a/tls-fingerprint-alert/suricata.yaml b/tests/tls-fingerprint-alert/suricata.yaml similarity index 89% rename from tls-fingerprint-alert/suricata.yaml rename to tests/tls-fingerprint-alert/suricata.yaml index d15e658a1..25009ca31 100644 --- a/tls-fingerprint-alert/suricata.yaml +++ b/tests/tls-fingerprint-alert/suricata.yaml @@ -1,7 +1,7 @@ %YAML 1.1 --- -include: ../etc/suricata-3.1.2.yaml +include: ../../etc/suricata-3.1.2.yaml outputs: - eve-log: diff --git a/tls-fingerprint-alert/test.rules b/tests/tls-fingerprint-alert/test.rules similarity index 100% rename from tls-fingerprint-alert/test.rules rename to tests/tls-fingerprint-alert/test.rules diff --git a/tls-fingerprint-alert/vars.sh b/tests/tls-fingerprint-alert/vars.sh similarity index 100% rename from tls-fingerprint-alert/vars.sh rename to tests/tls-fingerprint-alert/vars.sh diff --git a/tls-json-output-ids/check.sh b/tests/tls-json-output-ids/check.sh similarity index 100% rename from tls-json-output-ids/check.sh rename to tests/tls-json-output-ids/check.sh diff --git a/tls-json-output-ids/input.pcap b/tests/tls-json-output-ids/input.pcap similarity index 100% rename from tls-json-output-ids/input.pcap rename to tests/tls-json-output-ids/input.pcap diff --git a/tls-json-output-ips/suricata.yaml b/tests/tls-json-output-ids/suricata.yaml similarity index 86% rename from tls-json-output-ips/suricata.yaml rename to tests/tls-json-output-ids/suricata.yaml index 59517a84b..9ea9c3f36 100644 --- a/tls-json-output-ips/suricata.yaml +++ b/tests/tls-json-output-ids/suricata.yaml @@ -1,7 +1,7 @@ %YAML 1.1 --- -include: ../etc/suricata-3.1.2.yaml +include: ../../etc/suricata-3.1.2.yaml outputs: - eve-log: diff --git a/tls-json-output-ips/check.sh b/tests/tls-json-output-ips/check.sh similarity index 100% rename from tls-json-output-ips/check.sh rename to tests/tls-json-output-ips/check.sh diff --git a/tls-json-output-ips/input.pcap b/tests/tls-json-output-ips/input.pcap similarity index 100% rename from tls-json-output-ips/input.pcap rename to tests/tls-json-output-ips/input.pcap diff --git a/tls-json-output-ids/suricata.yaml b/tests/tls-json-output-ips/suricata.yaml similarity index 86% rename from tls-json-output-ids/suricata.yaml rename to tests/tls-json-output-ips/suricata.yaml index 59517a84b..9ea9c3f36 100644 --- a/tls-json-output-ids/suricata.yaml +++ b/tests/tls-json-output-ips/suricata.yaml @@ -1,7 +1,7 @@ %YAML 1.1 --- -include: ../etc/suricata-3.1.2.yaml +include: ../../etc/suricata-3.1.2.yaml outputs: - eve-log: diff --git a/functions.sh b/util/functions.sh similarity index 100% rename from functions.sh rename to util/functions.sh