diff options
| author | Christian Breunig <christian@breunig.cc> | 2024-05-23 21:54:41 +0200 |
|---|---|---|
| committer | Christian Breunig <christian@breunig.cc> | 2024-05-23 21:54:41 +0200 |
| commit | 01464a6069fa7cf02d5545c02ed03fa69679c32c (patch) | |
| tree | 8abff24b247a53a5a1c5b3222f74846b0f35c1d5 | |
| parent | 2af04a53a4c1aa30118f4c799eb7d1c4cd63be66 (diff) | |
| download | vyos-1x-01464a6069fa7cf02d5545c02ed03fa69679c32c.tar.gz vyos-1x-01464a6069fa7cf02d5545c02ed03fa69679c32c.zip | |
suricata: T751: use key_mangling in get_config_dict()
| -rw-r--r-- | data/templates/ids/suricata.j2 | 4 | ||||
| -rwxr-xr-x | src/conf_mode/service_suricata.py | 18 |
2 files changed, 11 insertions, 11 deletions
diff --git a/data/templates/ids/suricata.j2 b/data/templates/ids/suricata.j2 index 1bd90b67f..585db93eb 100644 --- a/data/templates/ids/suricata.j2 +++ b/data/templates/ids/suricata.j2 @@ -15,12 +15,12 @@ vars: # more specific is better for alert accuracy and performance address-groups: -{% for (name, value) in suricata['address-group'] %} +{% for (name, value) in suricata['address_group'] %} {{ name }}: "[{{ value | join(',') }}]" {% endfor %} port-groups: -{% for (name, value) in suricata['port-group'] %} +{% for (name, value) in suricata['port_group'] %} {{ name }}: "[{{ value | join(',') }}]" {% endfor %} diff --git a/src/conf_mode/service_suricata.py b/src/conf_mode/service_suricata.py index 06d68a637..69b369e0b 100755 --- a/src/conf_mode/service_suricata.py +++ b/src/conf_mode/service_suricata.py @@ -39,7 +39,7 @@ def get_config(config=None): if not conf.exists(base): return None - suricata = conf.get_config_dict(base, + suricata = conf.get_config_dict(base, key_mangling=('-', '_'), get_first_key=True, with_recursive_defaults=True) return suricata @@ -81,19 +81,19 @@ def verify(suricata): if 'interface' not in suricata: raise ConfigError('No interfaces configured!') - if 'address-group' not in suricata: + if 'address_group' not in suricata: raise ConfigError('No address-group configured!') - if 'port-group' not in suricata: + if 'port_group' not in suricata: raise ConfigError('No port-group configured!') try: - topological_sort(suricata['address-group']) + topological_sort(suricata['address_group']) except (ConfigError,StopIteration) as e: raise ConfigError(f'Invalid address-group: {e}') try: - topological_sort(suricata['port-group']) + topological_sort(suricata['port_group']) except (ConfigError,StopIteration) as e: raise ConfigError(f'Invalid port-group: {e}') @@ -126,12 +126,12 @@ def generate(suricata): return format_group # Format the address group - suricata['address-group'] = map(to_config('address'), - topological_sort(suricata['address-group'])) + suricata['address_group'] = map(to_config('address'), + topological_sort(suricata['address_group'])) # Format the port group - suricata['port-group'] = map(to_config('port'), - topological_sort(suricata['port-group'])) + suricata['port_group'] = map(to_config('port'), + topological_sort(suricata['port_group'])) render(config_file, 'ids/suricata.j2', {'suricata': suricata}) render(rotate_file, 'ids/suricata_logrotate.j2', suricata) |