I am writing a python programme to control and configure suricata.yaml. I;m now trying to use configparser to do the work but it seems there are no keys to identify which section am in. For example, i want to read the address-groups so the user can configure which network to scan without going to yaml to edit the value.Can i name some section header in the yaml file?
Not following … address-groups is in the vars section.
If you run suricata --dump-config -c /path/to/suricata.yaml you’ll see something like:
$ src/suricata --dump-config -c suricata.yaml|grep vars.address-groups
vars.address-groups = (null)
vars.address-groups.HOME_NET = [192.168.0.0/16,10.0.0.0/8,172.16.0.0/12]
vars.address-groups.EXTERNAL_NET = !$HOME_NET
vars.address-groups.HTTP_SERVERS = $HOME_NET
vars.address-groups.SMTP_SERVERS = $HOME_NET
vars.address-groups.SQL_SERVERS = $HOME_NET
vars.address-groups.DNS_SERVERS = $HOME_NET
vars.address-groups.TELNET_SERVERS = $HOME_NET
vars.address-groups.AIM_SERVERS = $EXTERNAL_NET
vars.address-groups.DC_SERVERS = $HOME_NET
vars.address-groups.DNP3_SERVER = $HOME_NET
vars.address-groups.DNP3_CLIENT = $HOME_NET
vars.address-groups.MODBUS_CLIENT = $HOME_NET
vars.address-groups.MODBUS_SERVER = $HOME_NET
vars.address-groups.ENIP_CLIENT = $HOME_NET
vars.address-groups.ENIP_SERVER = $HOME_NET
Python’s configparser module is for INI files. The Suricata configuration is a YAML file, so you’ll want to look into Python’s yaml module.