Installed from rpm (suricata-6.0.2-1.el7.x86_64)
drwxr-sr-x 2 root suricata 4096 May 4 22:43 rules
drwxr-sr-x 4 root suricata 4096 Apr 29 20:40 update
It’s running as root so perm shouldn’t be an issue unless there is some caveat I’m not aware of.
Oddly the rule file is created with 600
-rw------- 1 root suricata 44171023 May 4 22:49 suricata.rules
But when I change to 644 it seems to work on et but not etpro
If it’s running as root, why does this matter? Is there a way to create the rule files with necessary permissions? Also, does suricata service need to be restarted after updating or it takes effect? Thanks