suricata: Do not load rules for dnp3 and modbus.

Message ID 20211216192336.2595-1-stefan.schantl@ipfire.org
State Accepted
Commit d0885624067d40da7f6ff26c6be66fc39ab73d12
Headers show
Series suricata: Do not load rules for dnp3 and modbus. | expand

Commit Message

Stefan Schantl Dec. 16, 2021, 7:23 p.m. UTC
The parsers for those are disabled in the suricata config so
the rules are not needed, on the contrary they massively will spam
warnings when launching suricate because of the disabled parsers.

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
---
 config/suricata/suricata-default-rules.yaml | 2 --
 1 file changed, 2 deletions(-)

Comments

Michael Tremer Dec. 17, 2021, 10:17 a.m. UTC | #1
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>

This makes a lot of sense. Thank you.

> On 16 Dec 2021, at 20:23, Stefan Schantl <stefan.schantl@ipfire.org> wrote:
> 
> The parsers for those are disabled in the suricata config so
> the rules are not needed, on the contrary they massively will spam
> warnings when launching suricate because of the disabled parsers.
> 
> Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
> ---
> config/suricata/suricata-default-rules.yaml | 2 --
> 1 file changed, 2 deletions(-)
> 
> diff --git a/config/suricata/suricata-default-rules.yaml b/config/suricata/suricata-default-rules.yaml
> index 64493e462..d6c358add 100644
> --- a/config/suricata/suricata-default-rules.yaml
> +++ b/config/suricata/suricata-default-rules.yaml
> @@ -5,13 +5,11 @@
>  - /usr/share/suricata/rules/app-layer-events.rules
>  - /usr/share/suricata/rules/decoder-events.rules
>  - /usr/share/suricata/rules/dhcp-events.rules
> - - /usr/share/suricata/rules/dnp3-events.rules
>  - /usr/share/suricata/rules/dns-events.rules
>  - /usr/share/suricata/rules/files.rules
>  - /usr/share/suricata/rules/http-events.rules
>  - /usr/share/suricata/rules/ipsec-events.rules
>  - /usr/share/suricata/rules/kerberos-events.rules
> - - /usr/share/suricata/rules/modbus-events.rules
>  - /usr/share/suricata/rules/nfs-events.rules
>  - /usr/share/suricata/rules/ntp-events.rules
>  - /usr/share/suricata/rules/smb-events.rules
> -- 
> 2.30.2
>

Patch

diff --git a/config/suricata/suricata-default-rules.yaml b/config/suricata/suricata-default-rules.yaml
index 64493e462..d6c358add 100644
--- a/config/suricata/suricata-default-rules.yaml
+++ b/config/suricata/suricata-default-rules.yaml
@@ -5,13 +5,11 @@ 
  - /usr/share/suricata/rules/app-layer-events.rules
  - /usr/share/suricata/rules/decoder-events.rules
  - /usr/share/suricata/rules/dhcp-events.rules
- - /usr/share/suricata/rules/dnp3-events.rules
  - /usr/share/suricata/rules/dns-events.rules
  - /usr/share/suricata/rules/files.rules
  - /usr/share/suricata/rules/http-events.rules
  - /usr/share/suricata/rules/ipsec-events.rules
  - /usr/share/suricata/rules/kerberos-events.rules
- - /usr/share/suricata/rules/modbus-events.rules
  - /usr/share/suricata/rules/nfs-events.rules
  - /usr/share/suricata/rules/ntp-events.rules
  - /usr/share/suricata/rules/smb-events.rules