* DRAFT: Suricata services
@ 2022-07-24 13:26 Stefan Schantl
2022-07-29 16:09 ` Stefan Schantl
0 siblings, 1 reply; 2+ messages in thread
From: Stefan Schantl @ 2022-07-24 13:26 UTC (permalink / raw)
To: development
[-- Attachment #1: Type: text/plain, Size: 1057 bytes --]
Hello list followers,
after some reports on our community portal about a flooded IDS log
in case the tor addon is installed and activated, I tried to solve this
issue.
(https://community.ipfire.org/t/tor-and-ips-conflict-suricata-rulset-where-does-it-come-from/)
The desired solution would be to load additional suricata rules to
silence the noisy rules when tor is used. This worked pretty well so I
extended the code to be more general and such rules for any kind of
service can be written and loaded.
I collected all the changes on my personal git repository:
https://git.ipfire.org/?p=people/stevee/ipfire-2.x.git;a=shortlog;h=refs/heads/suricata-services
For an easy testing I created a test tarball, which can
be found here:
https://people.ipfire.org/~stevee/ids-services/
As usual a README file gives deeper information and guides through
the installation process.
Please share your opinions about this approach and in case you are
testing please provide your feedback here.
A big thanks in advance,
-Stefan
^ permalink raw reply [flat|nested] 2+ messages in thread
* Re: DRAFT: Suricata services
2022-07-24 13:26 DRAFT: Suricata services Stefan Schantl
@ 2022-07-29 16:09 ` Stefan Schantl
0 siblings, 0 replies; 2+ messages in thread
From: Stefan Schantl @ 2022-07-29 16:09 UTC (permalink / raw)
To: development
[-- Attachment #1: Type: text/plain, Size: 1530 bytes --]
Hello list followers,
today I backed a second test version which fixed an issue to proper use
the new feature and adjusted the rules to silence some more alerts.
The new test tarball can grabbed at the same location as the previous
one - Install instructions are the same.
As usual please share your feedback and opinions here - a big thanks in
advance.
Best regards,
-Stefan
> Hello list followers,
>
> after some reports on our community portal about a flooded IDS log
> in case the tor addon is installed and activated, I tried to solve
> this
> issue.
> (https://community.ipfire.org/t/tor-and-ips-conflict-suricata-rulset-where-does-it-come-from/
> )
>
> The desired solution would be to load additional suricata rules to
> silence the noisy rules when tor is used. This worked pretty well so
> I
> extended the code to be more general and such rules for any kind of
> service can be written and loaded.
>
> I collected all the changes on my personal git repository:
>
> https://git.ipfire.org/?p=people/stevee/ipfire-2.x.git;a=shortlog;h=refs/heads/suricata-services
>
> For an easy testing I created a test tarball, which can
> be found here:
>
> https://people.ipfire.org/~stevee/ids-services/
>
> As usual a README file gives deeper information and guides through
> the installation process.
>
> Please share your opinions about this approach and in case you are
> testing please provide your feedback here.
>
> A big thanks in advance,
>
> -Stefan
>
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2022-07-29 16:09 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2022-07-24 13:26 DRAFT: Suricata services Stefan Schantl
2022-07-29 16:09 ` Stefan Schantl
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox