I am writing a python programme to control and configure suricata.yaml. I;m now trying to use configparser to do the work but it seems there are no keys to identify which section am in. For example, i want to read the address-groups so the user can configure which network to scan without going to yaml to edit the value.Can i name some section header in the yaml file?
Not following …
address-groups is in the
If you run
suricata --dump-config -c /path/to/suricata.yaml you’ll see something like:
$ src/suricata --dump-config -c suricata.yaml|grep vars.address-groups vars.address-groups = (null) vars.address-groups.HOME_NET = [192.168.0.0/16,10.0.0.0/8,172.16.0.0/12] vars.address-groups.EXTERNAL_NET = !$HOME_NET vars.address-groups.HTTP_SERVERS = $HOME_NET vars.address-groups.SMTP_SERVERS = $HOME_NET vars.address-groups.SQL_SERVERS = $HOME_NET vars.address-groups.DNS_SERVERS = $HOME_NET vars.address-groups.TELNET_SERVERS = $HOME_NET vars.address-groups.AIM_SERVERS = $EXTERNAL_NET vars.address-groups.DC_SERVERS = $HOME_NET vars.address-groups.DNP3_SERVER = $HOME_NET vars.address-groups.DNP3_CLIENT = $HOME_NET vars.address-groups.MODBUS_CLIENT = $HOME_NET vars.address-groups.MODBUS_SERVER = $HOME_NET vars.address-groups.ENIP_CLIENT = $HOME_NET vars.address-groups.ENIP_SERVER = $HOME_NET
configparser module is for INI files. The Suricata configuration is a YAML file, so you’ll want to look into Python’s yaml module.