From: Jason Ish Date: Fri, 2 Feb 2018 20:16:49 +0000 (-0600) Subject: determine defaults from suricata binary X-Git-Tag: 1.0.0rc1~24 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=d31aa386956ff09a596af7293e43cb86ee3ae6c1;p=thirdparty%2Fsuricata-update.git determine defaults from suricata binary Look at --build-info and base the default configuration and data directories based on --sysconfdir and --localstatedir. For example, if one were to have installed suricata-update and suricata with --prefix /opt/suricata, suricata-update will now use these defaults: - /opt/suricata/etc/suricata/suricata.yaml - /opt/suricata/var/lib/suricata --- diff --git a/suricata/update/config.py b/suricata/update/config.py index 842e3b9..610ed56 100644 --- a/suricata/update/config.py +++ b/suricata/update/config.py @@ -20,6 +20,9 @@ import logging import yaml +import suricata.update.engine +from suricata.update.exceptions import ApplicationError + logger = logging.getLogger() DEFAULT_DATA_DIRECTORY = "/var/lib/suricata" @@ -54,7 +57,6 @@ DEFAULT_CONFIG = { "enable-conf": "/etc/suricata/enable.conf", "drop-conf": "/etc/suricata/drop.conf", "modify-conf": "/etc/suricata/modify.conf", - "suricata-conf": "/etc/suricata/suricata.conf", "sources": [], LOCAL_CONF_KEY: [], @@ -125,11 +127,6 @@ def init(args): _args = args _config.update(DEFAULT_CONFIG) - for suriyaml in DEFAULT_SURICATA_YAML_PATH: - if os.path.exists(suriyaml): - _config["suricata-conf"] = suriyaml - break - if args.config: logger.info("Loading %s", args.config) with open(args.config, "rb") as fileobj: @@ -158,3 +155,43 @@ def init(args): val = getattr(args, arg) logger.debug("Setting configuration value %s -> %s", key, val) _config[key] = val + + # Find and set the path to suricata if not provided. + if "suricata" in _config: + if not os.path.exists(_config["suricata"]): + raise ApplicationError( + "Configured path to suricata does not exist: %s" % ( + _config["suricata"])) + else: + suricata_path = suricata.update.engine.get_path() + if not suricata_path: + logger.warning("No suricata application binary found on path.") + else: + _config["suricata"] = suricata_path + + if "suricata" in _config: + build_info = suricata.update.engine.get_build_info(_config["suricata"]) + + # Set the first suricata.yaml to check for to the one in the + # --sysconfdir provided by build-info. + if not "suricata_conf" in _config and "sysconfdir" in build_info: + DEFAULT_SURICATA_YAML_PATH.insert( + 0, os.path.join( + build_info["sysconfdir"], "suricata/suricata.yaml")) + + # Set the data-directory prefix to that of the --localstatedir + # found in the build-info. + if not DATA_DIRECTORY_KEY in _config and "localstatedir" in build_info: + data_directory = os.path.join( + build_info["localstatedir"], "lib/suricata") + logger.info("Using data-directory %s.", data_directory) + _config[DATA_DIRECTORY_KEY] = data_directory + + # If suricata-conf not provided on the command line or in the + # configuration file, look for it. + if not "suricata-conf" in _config: + for conf in DEFAULT_SURICATA_YAML_PATH: + if os.path.exists(conf): + logger.info("Using Suricata configuration %s" % (conf)) + _config["suricata-conf"] = conf + break diff --git a/suricata/update/engine.py b/suricata/update/engine.py index 17080d3..d8743e5 100644 --- a/suricata/update/engine.py +++ b/suricata/update/engine.py @@ -34,6 +34,27 @@ logger = logging.getLogger() SuricataVersion = namedtuple( "SuricataVersion", ["major", "minor", "patch", "full", "short", "raw"]) +def get_build_info(suricata): + build_info = {} + build_info_output = subprocess.check_output([suricata, "--build-info"]) + for line in build_info_output.split("\n"): + line = line.strip() + if line.startswith("--prefix"): + build_info["prefix"] = line.split()[-1].strip() + elif line.startswith("--sysconfdir"): + build_info["sysconfdir"] = line.split()[-1].strip() + elif line.startswith("--localstatedir"): + build_info["localstatedir"] = line.split()[-1].strip() + + if not "prefix" in build_info: + logger.warning("--prefix not found in build-info.") + if not "sysconfdir" in build_info: + logger.warning("--sysconfdir not found in build-info.") + if not "localstatedir" in build_info: + logger.warning("--localstatedir not found in build-info.") + + return build_info + class Configuration: """An abstraction over the Suricata configuration file.""" diff --git a/suricata/update/main.py b/suricata/update/main.py index f04d77e..b6e4b54 100644 --- a/suricata/update/main.py +++ b/suricata/update/main.py @@ -1076,11 +1076,7 @@ def _main(): if args.quiet: logger.setLevel(logging.WARNING) - try: - config.init(args) - except Exception as err: - logger.error("Failed to load configuration: %s", err) - return 1 + config.init(args) # Error out if any reserved/unimplemented arguments were set. unimplemented_args = [ @@ -1097,17 +1093,7 @@ def _main(): logger.debug("This is suricata-update version %s (rev: %s); Python: %s" % ( version, revision, sys.version.replace("\n", "- "))) - # Check for Suricata binary... - if config.get("suricata"): - if not os.path.exists(config.get("suricata")): - logger.error("Specified path to suricata does not exist: %s", - config.get("suricata")) - return 1 - suricata_path = config.get("suricata") - else: - suricata_path = suricata.update.engine.get_path() - if not suricata_path: - logger.warning("No suricata application binary found on path.") + suricata_path = config.get("suricata") # Now parse the Suricata version. If provided on the command line, # use that, otherwise attempt to get it from Suricata.