* DRAFT: Suricata services @ 2022-07-24 13:26 Stefan Schantl 2022-07-29 16:09 ` Stefan Schantl 0 siblings, 1 reply; 2+ messages in thread From: Stefan Schantl @ 2022-07-24 13:26 UTC (permalink / raw) To: development [-- Attachment #1: Type: text/plain, Size: 1057 bytes --] Hello list followers, after some reports on our community portal about a flooded IDS log in case the tor addon is installed and activated, I tried to solve this issue. (https://community.ipfire.org/t/tor-and-ips-conflict-suricata-rulset-where-does-it-come-from/) The desired solution would be to load additional suricata rules to silence the noisy rules when tor is used. This worked pretty well so I extended the code to be more general and such rules for any kind of service can be written and loaded. I collected all the changes on my personal git repository: https://git.ipfire.org/?p=people/stevee/ipfire-2.x.git;a=shortlog;h=refs/heads/suricata-services For an easy testing I created a test tarball, which can be found here: https://people.ipfire.org/~stevee/ids-services/ As usual a README file gives deeper information and guides through the installation process. Please share your opinions about this approach and in case you are testing please provide your feedback here. A big thanks in advance, -Stefan ^ permalink raw reply [flat|nested] 2+ messages in thread
* Re: DRAFT: Suricata services 2022-07-24 13:26 DRAFT: Suricata services Stefan Schantl @ 2022-07-29 16:09 ` Stefan Schantl 0 siblings, 0 replies; 2+ messages in thread From: Stefan Schantl @ 2022-07-29 16:09 UTC (permalink / raw) To: development [-- Attachment #1: Type: text/plain, Size: 1530 bytes --] Hello list followers, today I backed a second test version which fixed an issue to proper use the new feature and adjusted the rules to silence some more alerts. The new test tarball can grabbed at the same location as the previous one - Install instructions are the same. As usual please share your feedback and opinions here - a big thanks in advance. Best regards, -Stefan > Hello list followers, > > after some reports on our community portal about a flooded IDS log > in case the tor addon is installed and activated, I tried to solve > this > issue. > (https://community.ipfire.org/t/tor-and-ips-conflict-suricata-rulset-where-does-it-come-from/ > ) > > The desired solution would be to load additional suricata rules to > silence the noisy rules when tor is used. This worked pretty well so > I > extended the code to be more general and such rules for any kind of > service can be written and loaded. > > I collected all the changes on my personal git repository: > > https://git.ipfire.org/?p=people/stevee/ipfire-2.x.git;a=shortlog;h=refs/heads/suricata-services > > For an easy testing I created a test tarball, which can > be found here: > > https://people.ipfire.org/~stevee/ids-services/ > > As usual a README file gives deeper information and guides through > the installation process. > > Please share your opinions about this approach and in case you are > testing please provide your feedback here. > > A big thanks in advance, > > -Stefan > ^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2022-07-29 16:09 UTC | newest] Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed) -- links below jump to the message on this page -- 2022-07-24 13:26 DRAFT: Suricata services Stefan Schantl 2022-07-29 16:09 ` Stefan Schantl
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox