Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Bug 977: -T / --init-errors-fatal to process all rules #1224

Closed
wants to merge 1 commit into from
Closed

Bug 977: -T / --init-errors-fatal to process all rules #1224

wants to merge 1 commit into from

Conversation

inliniac
Copy link
Contributor

Have -T / --init-errors-fatal process all rules so that it's easier
to debug problems in ruleset. Otherwise it can be a lengthy fix, test
error cycle if multiple rules have issues.

Convert empty rulefile error into a warning.

Bug #977

@victorjulien
Bug 977: -T / --init-errors-fatal to process all rules
a309186 
Have -T / --init-errors-fatal process all rules so that it's easier
to debug problems in ruleset. Otherwise it can be a lengthy fix, test
error cycle if multiple rules have issues.

Convert empty rulefile error into a warning.

Bug #977
@duanehoward
Copy link

Looks like it works for empty file:

[17308] 21/11/2014 -- 18:21:44 - (detect.c:410) (SigLoadSignatures) -- [ERRCODE: SC_ERR_NO_RULES(42)] - No rules loaded from /etc/suricata/rules/empty.rules
[17308] 21/11/2014 -- 18:21:44 - (detect.c:439) (SigLoadSignatures) -- 12 rule files processed. 9994 rules successfully loaded, 0 rules failed

[17308] 21/11/2014 -- 18:21:52 - (suricata.c:2293) (main) -- Configuration provided was successfully loaded. Exiting.

Also appears to work for multiple broken rules:
[22071] 21/11/2014 -- 18:26:33 - (util-rule-vars.c:89) (SCRuleVarsGetConfVar) -- [ERRCODE: SC_ERR_UNDEFINED_VAR(101)] - Variable "HME_NET" is not defined in configuration file
[22071] 21/11/2014 -- 18:26:33 - (detect.c:354) (DetectLoadSigFile) -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert tcp $HME_NET any -> $EXTERNAL_NET any (msg:"BROKEN RULE 1"; flow:established; content:"|52 61 72 21 1A 07 00|"; tag:session,300,seconds; classtype:misc-activity; sid:6999998; rev:1;)" from file /etc/suricata/rules/empty.rules at line 1
[22071] 21/11/2014 -- 18:26:33 - (detect-content.c:204) (DetectContentDataParse) -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - Invalid hex code assembly in content - "|52 61 72 21 1A 07 00". Invalidating signature
[22071] 21/11/2014 -- 18:26:33 - (detect.c:354) (DetectLoadSigFile) -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert tcp $HOME_NET any -> $EXTERNAL_NET any (msg:"BROKEN RULE 2"; flow:established; content:"|52 61 72 21 1A 07 00"; tag:session,300,seconds; classtype:misc-activity; sid:6999999; rev:6;)" from file /etc/suricata/rules/empty.rules at line 2
[22071] 21/11/2014 -- 18:26:33 - (detect.c:439) (SigLoadSignatures) -- 12 rule files processed. 9994 rules successfully loaded, 2 rules failed

My only concern is that the final exit code is still 0, indicating success, where previously it would exit with a failure. Using -T to test loads before a Suricata restart would currently only require checking the final exit code of suricata -T, this change seems like it will break that though.

@inliniac inliniac mentioned this pull request Nov 23, 2014
Closed
@inliniac
Copy link
Contributor Author

Thanks for testing @duanehoward, fixed up in #1225

@inliniac inliniac closed this Nov 23, 2014
@inliniac inliniac deleted the dev-dash-t-option-v1 branch December 11, 2014 10:32
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Milestone
No milestone
3 participants
@inliniac @duanehoward @victorjulien