Bug 11801 (SURICATA) - Move to Suricata
Summary: Move to Suricata
Status: CLOSED FIXED
Alias: SURICATA
Product: IPFire
Classification: Unclassified
Component: --- (show other bugs)
Version: 2
Hardware: all All
: Will affect most users Security
Assignee: Stefan Schantl
QA Contact: Peter Müller
URL:
Keywords: Security, Umbrella
Depends on: 10759 11263 11802 11803 11808 11822 11831 11832 11833 11834 11835 11836 11837 11838 11953 11976 11978 11979 11981 11983 11984 11985 11986 11987 11988 11989 11990 11991 11992 11993 12002 12004 12010 12011 12013 12019 12034 12037 12048 12056 12061 12062
Blocks: IDSIPSBUGS SURICATA2.0
  Show dependency treegraph
 
Reported: 2018-07-17 20:23 UTC by Peter Müller
Modified: 2019-05-20 18:48 UTC (History)
6 users (show)

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Peter Müller 2018-07-17 20:23:48 UTC 
As discussed at 16.07.2018, we are planning to move to Suricata IDS in IPFire 2.x for various reasons.
Comment 1 Peter Müller 2018-07-17 20:38:19 UTC 
Open questions (forgive me if it had slipped my mind):
- Should we drop oinkmaster and move to etupdate?
- Good default configuration for Suricata (I can do some research)
- Should we let Guardian handle the IPS function or use Suricatas' built-in (I prefer the first)?
Comment 2 Michael Tremer 2018-07-17 23:41:50 UTC 
(In reply to Peter Müller from comment #1)
> Open questions (forgive me if it had slipped my mind):
> - Should we drop oinkmaster and move to etupdate?

We will stay with oinkmaster in IPFire 2

> - Good default configuration for Suricata (I can do some research)

Please do

> - Should we let Guardian handle the IPS function or use Suricatas' built-in
> (I prefer the first)?

I guess guardian has a nice UI now and it would be a waste to throw that away. However, it might be a good idea to think about a better integration with suricata instead of parsing logfiles
Comment 3 Stefan Schantl 2019-05-20 18:44:40 UTC 
Suricata has been shipped with IPFire 2.23 - Core 131, so this bug and all related one can be closed as fixed.