From patchwork Thu Dec 16 19:23:36 2021
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Stefan Schantl <stefan.schantl@ipfire.org>
X-Patchwork-Id: 4921
Return-Path: <development-bounces@lists.ipfire.org>
Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature ECDSA (P-384) server-digest SHA384
	 client-signature ECDSA (P-384) client-digest SHA384)
	(Client CN "mail01.haj.ipfire.org", Issuer "R3" (verified OK))
	by web04.haj.ipfire.org (Postfix) with ESMTPS id 4JFMVD2hd1z3wt3
	for <patchwork@web04.haj.ipfire.org>; Thu, 16 Dec 2021 19:23:48 +0000 (UTC)
Received: from mail02.haj.ipfire.org (mail02.haj.ipfire.org [172.28.1.201])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature ECDSA (P-384) server-digest SHA384
	 client-signature ECDSA (P-384) client-digest SHA384)
	(Client CN "mail02.haj.ipfire.org", Issuer "R3" (verified OK))
	by mail01.ipfire.org (Postfix) with ESMTPS id 4JFMVC0DQjz2MW;
	Thu, 16 Dec 2021 19:23:47 +0000 (UTC)
Received: from mail02.haj.ipfire.org (localhost [127.0.0.1])
	by mail02.haj.ipfire.org (Postfix) with ESMTP id 4JFMVB5J6wz2ydN;
	Thu, 16 Dec 2021 19:23:46 +0000 (UTC)
Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202])
 (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
 key-exchange X25519 server-signature ECDSA (P-384) server-digest SHA384
 client-signature ECDSA (P-384) client-digest SHA384)
 (Client CN "mail01.haj.ipfire.org", Issuer "R3" (verified OK))
 by mail02.haj.ipfire.org (Postfix) with ESMTPS id 4JFMV85yf4z2xLK
 for <development@lists.ipfire.org>; Thu, 16 Dec 2021 19:23:44 +0000 (UTC)
Received: from [127.0.0.1] (localhost [127.0.0.1])
 (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
 key-exchange X25519 server-signature ECDSA (P-384) server-digest SHA384)
 (No client certificate requested)
 by mail01.ipfire.org (Postfix) with ESMTPSA id 4JFMV75f4wzpM;
 Thu, 16 Dec 2021 19:23:43 +0000 (UTC)
DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=ipfire.org;
 s=202003ed25519; t=1639682624;
 h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
 to:to:cc:cc:mime-version:mime-version:
 content-transfer-encoding:content-transfer-encoding;
 bh=8q35RSmoV5F/OR/KCgF2LHvKekEgsnKno73CfL0ZUfE=;
 b=xTL+c4MCm9F5s0ef06F/br7k0NJN/Xt3Jv+SQqajJn9ZBp9oIgf2L+Cu2JD8NdVd8x/RGk
 1g8LeRHc+iQExECg==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ipfire.org;
 s=202003rsa;
 t=1639682624;
 h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
 to:to:cc:cc:mime-version:mime-version:
 content-transfer-encoding:content-transfer-encoding;
 bh=8q35RSmoV5F/OR/KCgF2LHvKekEgsnKno73CfL0ZUfE=;
 b=tBbIP3zgYSjYcNb22x2FRjsVdl/0r8Q2Y6u6zlfOXuPqRGwBSotzhe/VYVuQTQNFm9UJEV
 0ngustvutlT02L7zF/hbv9Dy/3aUbOmdBGKdGLUgW5VtcmXamKHKeJwa1y50sYjzOuzC2R
 KcVrV1wSyEHFm63wn70dXDvASEbPjgpvJrCbuVHvC9FUF8rzsHsMkjpCAXyr2pOALiqz3+
 iem70Yj+c8sN/6ewpxV7JAQS7QRus8kZw5KkMHqxVKZPoFDl5S8J1o9lQo9UxscM26g2ZA
 tn1m+j8jtM9aeFUnLigCWOfPPBjgt6toZxhUsyopt7+Synx0WhiJOCu+NswtEQ==
From: Stefan Schantl <stefan.schantl@ipfire.org>
To: development@lists.ipfire.org
Subject: [PATCH] suricata: Do not load rules for dnp3 and modbus.
Date: Thu, 16 Dec 2021 20:23:36 +0100
Message-Id: <20211216192336.2595-1-stefan.schantl@ipfire.org>
MIME-Version: 1.0
X-BeenThere: development@lists.ipfire.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IPFire development talk <development.lists.ipfire.org>
List-Unsubscribe: <https://lists.ipfire.org/mailman/options/development>,
 <mailto:development-request@lists.ipfire.org?subject=unsubscribe>
List-Archive: <http://lists.ipfire.org/pipermail/development/>
List-Post: <mailto:development@lists.ipfire.org>
List-Help: <mailto:development-request@lists.ipfire.org?subject=help>
List-Subscribe: <https://lists.ipfire.org/mailman/listinfo/development>,
 <mailto:development-request@lists.ipfire.org?subject=subscribe>
Errors-To: development-bounces@lists.ipfire.org
Sender: "Development" <development-bounces@lists.ipfire.org>

The parsers for those are disabled in the suricata config so
the rules are not needed, on the contrary they massively will spam
warnings when launching suricate because of the disabled parsers.

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
---
 config/suricata/suricata-default-rules.yaml | 2 --
 1 file changed, 2 deletions(-)

diff --git a/config/suricata/suricata-default-rules.yaml b/config/suricata/suricata-default-rules.yaml
index 64493e462..d6c358add 100644
--- a/config/suricata/suricata-default-rules.yaml
+++ b/config/suricata/suricata-default-rules.yaml
@@ -5,13 +5,11 @@
  - /usr/share/suricata/rules/app-layer-events.rules
  - /usr/share/suricata/rules/decoder-events.rules
  - /usr/share/suricata/rules/dhcp-events.rules
- - /usr/share/suricata/rules/dnp3-events.rules
  - /usr/share/suricata/rules/dns-events.rules
  - /usr/share/suricata/rules/files.rules
  - /usr/share/suricata/rules/http-events.rules
  - /usr/share/suricata/rules/ipsec-events.rules
  - /usr/share/suricata/rules/kerberos-events.rules
- - /usr/share/suricata/rules/modbus-events.rules
  - /usr/share/suricata/rules/nfs-events.rules
  - /usr/share/suricata/rules/ntp-events.rules
  - /usr/share/suricata/rules/smb-events.rules