Bug 11808 - Suricata: Enhance configuration file
Summary: Suricata: Enhance configuration file
Status: CLOSED FIXED
Alias: None
Product: IPFire
Classification: Unclassified
Component: suricata (show other bugs)
Version: 2
Hardware: unspecified Unspecified
: - Unknown - - Unknown -
Assignee: Peter Müller
QA Contact: Michael Tremer
URL:
Keywords:
Depends on:
Blocks: SURICATA
  Show dependency treegraph
 
Reported: 2018-08-02 09:33 UTC by Stefan Schantl
Modified: 2019-04-08 20:01 UTC (History)
1 user (show)

See Also:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Stefan Schantl 2018-08-02 09:33:25 UTC
I've commited a very basic configuration file for suricata (suricata.yaml) which almost depends on the shipped config file from the suricata project.

We need to adjust this file for usage in IPFire.
Comment 2 Michael Tremer 2018-08-02 11:52:42 UTC
I did a brief review of the configuration file and one of the first
things that caught my eye was that HOME_NET is the entire RFC1918
range. We don't want that, but it is good enough for testing at least.

In the final version, HOME_NET should be the GREEN, BLUE and ORANGE
networks only (if they exist) and VPNs should not be part of it.

I guess we could also remove some sections like the one for redis which
we will never use. I like the commenting on the rest of the file and
that makes it very clear what each option is supposed to be doing.
Comment 3 Peter Müller 2018-08-05 18:16:29 UTC
The configuration file is huge indeed. I will take care of this.
Comment 4 Stefan Schantl 2018-08-24 17:57:55 UTC
I've done some initial changes on the configuration file and removed some configurations settings which are not used by IPFire, not supported because not compiled in or because of a different platform (bsd firewall stuff).

This were just some really quick changes and of course there is a lot of more work to do until we have a final distribute specific configuration file.

https://git.ipfire.org/?p=people/stevee/ipfire-2.x.git;a=commit;h=335114b207971fa88bc768c7dea49747b15b4fae
Comment 5 Michael Tremer 2018-08-28 14:10:40 UTC
There is still loads of stuff in there that we don't need like cuda, etc.
Comment 6 Peter Müller 2019-02-06 21:05:46 UTC
TODO list:

- l. 31: HTTP_PORTS: also add some other ports?
- l. 143: add ports 465, 993, 995
- l. 185: why not using "yes" here?
- l. 187: dto.
- l. 211: add DNS over TLS ports, too
- l. 215: dto.
- l. 350: why not at least "detection-only"
- l. 501ff: Is a default policy of two OSs (Windows + Linux) suitable?
Comment 7 Peter Müller 2019-03-15 16:47:04 UTC
As far as I am concerned, this is on MODIFIED by now.