... and, for the records, it fixes bug #12739, which is currently show-stopping Core Update 162. :-) > Hello Stefan, > > thank you for submitting this. > > There is one very minor comment, please see below. Apart from it, this patch looks good to me. > > Reviewed-by: Peter Müller > > Thanks, and best regards, > Peter Müller > > >> Signed-off-by: Stefan Schantl >> --- >> config/rootfiles/common/suricata | 1 + >> config/suricata/suricata-default-rules.yaml | 22 ++++++++++++++++++ >> config/suricata/suricata.yaml | 25 ++++----------------- >> lfs/suricata | 3 +++ >> 4 files changed, 30 insertions(+), 21 deletions(-) >> create mode 100644 config/suricata/suricata-default-rules.yaml >> >> diff --git a/config/rootfiles/common/suricata b/config/rootfiles/common/suricata >> index ff31ec7d2..41193f4ea 100644 >> --- a/config/rootfiles/common/suricata >> +++ b/config/rootfiles/common/suricata >> @@ -37,6 +37,7 @@ usr/share/suricata >> #usr/share/suricata/rules/smtp-events.rules >> #usr/share/suricata/rules/stream-events.rules >> #usr/share/suricata/rules/tls-events.rules >> +var/ipfire/suricata/suricata-default-rules.yaml >> var/lib/suricata >> var/lib/suricata/classification.config >> var/lib/suricata/reference.config >> diff --git a/config/suricata/suricata-default-rules.yaml b/config/suricata/suricata-default-rules.yaml >> new file mode 100644 >> index 000000000..d13aa622a >> --- /dev/null >> +++ b/config/suricata/suricata-default-rules.yaml >> @@ -0,0 +1,22 @@ >> +%YAML 1.1 >> +--- >> + >> +# Default rules which helps > > ... to keep things nice and tidy? Looks like the second half of the comment is missing. :-) > >> + - /usr/share/suricata/rules/app-layer-events.rules >> + - /usr/share/suricata/rules/decoder-events.rules >> + - /usr/share/suricata/rules/dhcp-events.rules >> + - /usr/share/suricata/rules/dnp3-events.rules >> + - /usr/share/suricata/rules/dns-events.rules >> + - /usr/share/suricata/rules/files.rules >> + - /usr/share/suricata/rules/http2-events.rules >> + - /usr/share/suricata/rules/http-events.rules >> + - /usr/share/suricata/rules/ipsec-events.rules >> + - /usr/share/suricata/rules/kerberos-events.rules >> + - /usr/share/suricata/rules/modbus-events.rules >> + - /usr/share/suricata/rules/mqtt-events.rules >> + - /usr/share/suricata/rules/nfs-events.rules >> + - /usr/share/suricata/rules/ntp-events.rules >> + - /usr/share/suricata/rules/smb-events.rules >> + - /usr/share/suricata/rules/smtp-events.rules >> + - /usr/share/suricata/rules/stream-events.rules >> + - /usr/share/suricata/rules/tls-events.rules >> diff --git a/config/suricata/suricata.yaml b/config/suricata/suricata.yaml >> index 49921db86..7b2557fce 100644 >> --- a/config/suricata/suricata.yaml >> +++ b/config/suricata/suricata.yaml >> @@ -46,28 +46,11 @@ vars: >> ## >> default-rule-path: /var/lib/suricata >> rule-files: >> - # Default rules >> - - /usr/share/suricata/rules/app-layer-events.rules >> - - /usr/share/suricata/rules/decoder-events.rules >> - - /usr/share/suricata/rules/dhcp-events.rules >> - - /usr/share/suricata/rules/dnp3-events.rules >> - - /usr/share/suricata/rules/dns-events.rules >> - - /usr/share/suricata/rules/files.rules >> - - /usr/share/suricata/rules/http2-events.rules >> - - /usr/share/suricata/rules/http-events.rules >> - - /usr/share/suricata/rules/ipsec-events.rules >> - - /usr/share/suricata/rules/kerberos-events.rules >> - - /usr/share/suricata/rules/modbus-events.rules >> - - /usr/share/suricata/rules/mqtt-events.rules >> - - /usr/share/suricata/rules/nfs-events.rules >> - - /usr/share/suricata/rules/ntp-events.rules >> - - /usr/share/suricata/rules/smb-events.rules >> - - /usr/share/suricata/rules/smtp-events.rules >> - - /usr/share/suricata/rules/stream-events.rules >> - - /usr/share/suricata/rules/tls-events.rules >> - >> # Include enabled ruleset files from external file >> - - !include: /var/ipfire/suricata/suricata-used-rulefiles.yaml >> + include: /var/ipfire/suricata/suricata-used-rulefiles.yaml >> + >> + # Include default rules. >> + include: /var/ipfire/suricata/suricata-default-rules.yaml >> >> classification-file: /var/lib/suricata/classification.config >> reference-config-file: /var/lib/suricata/reference.config >> diff --git a/lfs/suricata b/lfs/suricata >> index f5b68da8f..96c2b33fe 100644 >> --- a/lfs/suricata >> +++ b/lfs/suricata >> @@ -96,6 +96,9 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) >> # Install IPFire related config file. >> install -m 0644 $(DIR_SRC)/config/suricata/suricata.yaml /etc/suricata >> >> + # Install yaml file for loading default rules. >> + install -m 0664 $(DIR_SRC)/config/suricata/suricata-default-rules.yaml /var/ipfire/suricata >> + >> # Create emtpy rules directory. >> -mkdir -p /var/lib/suricata >> >>