diff mbox series

[1/7] suricata: Include all default rules

Message ID	20211119174458.789486-1-michael.tremer@ipfire.org
State	Accepted
Commit	30f411694c8100086ff836a6d13140acdc68d9dd
Headers	From: Michael Tremer <michael.tremer@ipfire.org> To: development@lists.ipfire.org Subject: [PATCH 1/7] suricata: Include all default rules Date: Fri, 19 Nov 2021 17:44:52 +0000 Message-Id: <20211119174458.789486-1-michael.tremer@ipfire.org> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Precedence: list Cc: Michael Tremer <michael.tremer@ipfire.org> Errors-To: development-bounces@lists.ipfire.org Sender: "Development" <development-bounces@lists.ipfire.org>
Series	[1/7] suricata: Include all default rules \| [1/7] suricata: Include all default rules [2/7] rust: Drop Cargo home directory after build [3/7] suricata: Drop extra rootfiles [4/7] suricata: This package is supported on all architectures [5/7] suricata: Load *.config files from default location [6/7] IPS: Do not try to show rules when stat on rules tarball fails [7/7] suricata: Handle retransmitted SYN with TSval

Commit Message

Michael Tremer 19 Nov 2021, 5:44 p.m. UTC

These rules do not drop anything, but only alert when internal parts of
the engine trigger an event. This will allow us more insight on what is
happening.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
---
 config/rootfiles/common/suricata | 22 ++++++++++++++++++++++
 config/suricata/suricata.yaml    | 24 ++++++++++++++++++++++--
 lfs/suricata                     |  3 ---
 3 files changed, 44 insertions(+), 5 deletions(-)

diff mbox series

Patch

diff --git a/config/rootfiles/common/suricata b/config/rootfiles/common/suricata
index 32358483a..21dbeae64 100644
--- a/config/rootfiles/common/suricata
+++ b/config/rootfiles/common/suricata
@@ -19,6 +19,28 @@  usr/bin/suricata
 #usr/share/man/man1/suricatactl-filestore.1
 #usr/share/man/man1/suricatactl.1
 #usr/share/man/man1/suricatasc.1
+usr/share/suricata/
+#usr/share/suricata/classification.config
+#usr/share/suricata/reference.config
+#usr/share/suricata/rules
+#usr/share/suricata/rules/app-layer-events.rules
+#usr/share/suricata/rules/decoder-events.rules
+#usr/share/suricata/rules/dhcp-events.rules
+#usr/share/suricata/rules/dnp3-events.rules
+#usr/share/suricata/rules/dns-events.rules
+#usr/share/suricata/rules/files.rules
+#usr/share/suricata/rules/http2-events.rules
+#usr/share/suricata/rules/http-events.rules
+#usr/share/suricata/rules/ipsec-events.rules
+#usr/share/suricata/rules/kerberos-events.rules
+#usr/share/suricata/rules/modbus-events.rules
+#usr/share/suricata/rules/mqtt-events.rules
+#usr/share/suricata/rules/nfs-events.rules
+#usr/share/suricata/rules/ntp-events.rules
+#usr/share/suricata/rules/smb-events.rules
+#usr/share/suricata/rules/smtp-events.rules
+#usr/share/suricata/rules/stream-events.rules
+#usr/share/suricata/rules/tls-events.rules
 var/lib/suricata
 var/lib/suricata/classification.config
 var/lib/suricata/reference.config
diff --git a/config/suricata/suricata.yaml b/config/suricata/suricata.yaml
index 6f37671c8..0ad36e705 100644
--- a/config/suricata/suricata.yaml
+++ b/config/suricata/suricata.yaml
@@ -46,8 +46,28 @@  vars:
 ##
 default-rule-path: /var/lib/suricata
 rule-files:
-    # Include enabled ruleset files from external file.
-    include: /var/ipfire/suricata/suricata-used-rulefiles.yaml
+    # Default rules
+    - /usr/share/suricata/rules/app-layer-events.rules
+    - /usr/share/suricata/rules/decoder-events.rules
+    - /usr/share/suricata/rules/dhcp-events.rules
+    - /usr/share/suricata/rules/dnp3-events.rules
+    - /usr/share/suricata/rules/dns-events.rules
+    - /usr/share/suricata/rules/files.rules
+    - /usr/share/suricata/rules/http2-events.rules
+    - /usr/share/suricata/rules/http-events.rules
+    - /usr/share/suricata/rules/ipsec-events.rules
+    - /usr/share/suricata/rules/kerberos-events.rules
+    - /usr/share/suricata/rules/modbus-events.rules
+    - /usr/share/suricata/rules/mqtt-events.rules
+    - /usr/share/suricata/rules/nfs-events.rules
+    - /usr/share/suricata/rules/ntp-events.rules
+    - /usr/share/suricata/rules/smb-events.rules
+    - /usr/share/suricata/rules/smtp-events.rules
+    - /usr/share/suricata/rules/stream-events.rules
+    - /usr/share/suricata/rules/tls-events.rules
+
+    # Include enabled ruleset files from external file
+    - !include: /var/ipfire/suricata/suricata-used-rulefiles.yaml
 
 classification-file: /var/lib/suricata/classification.config
 reference-config-file: /var/lib/suricata/reference.config
diff --git a/lfs/suricata b/lfs/suricata
index c7f189bf4..bd57b829e 100644
--- a/lfs/suricata
+++ b/lfs/suricata
@@ -96,9 +96,6 @@  $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
 	# Install IPFire related config file.
 	install -m 0644 $(DIR_SRC)/config/suricata/suricata.yaml /etc/suricata
 
-	# Remove shipped rules.
-	rm -rvf /usr/share/suricata
-
 	# Create emtpy rules directory.
 	-mkdir -p /var/lib/suricata