Skip to content

Commit

Permalink
Make suricata-update rules defaults
Browse files Browse the repository at this point in the history 
- Use suricata-update-rules per defaults
- set defrag for af_packet to no
  • Loading branch information
Wolfgang Hotwagner committed Jun 13, 2024
1 parent a708444 commit e59ad60
Show file tree
Hide file tree
Showing 2 changed files with 45 additions and 41 deletions.
84 changes: 44 additions & 40 deletions defaults/main.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -52,51 +52,55 @@ suricata_port_groups:

# rule configuration
# -------------------------------------------
suricata_rule_path: /etc/suricata/rules
# suricata_rule_path: /etc/suricata/rules
suricata_rule_path: /var/lib/suricata/rules
suricata_classification_file: /etc/suricata/classification.config
suricata_reference_config_file: /etc/suricata/reference.config
# suricata_threshold_file: /etc/suricata/threshold.config

suricata_log_dir: /var/log/suricata
suricata_afpack_defrag: "no"

suricata_extra_rule_files: []
suricata_rule_files:
- botcc.rules
- ciarmy.rules
- compromised.rules
- drop.rules
- dshield.rules
- emerging-attack_response.rules
- emerging-chat.rules
- emerging-current_events.rules
- emerging-dns.rules
- emerging-dos.rules
- emerging-exploit.rules
- emerging-ftp.rules
- emerging-imap.rules
- emerging-malware.rules
- emerging-misc.rules
- emerging-mobile_malware.rules
- emerging-netbios.rules
- emerging-p2p.rules
- emerging-policy.rules
- emerging-pop3.rules
- emerging-rpc.rules
- emerging-scan.rules
- emerging-shellcode.rules
- emerging-smtp.rules
- emerging-snmp.rules
- emerging-sql.rules
- emerging-telnet.rules
- emerging-tftp.rules
- emerging-trojan.rules
- emerging-user_agents.rules
- emerging-voip.rules
- emerging-web_client.rules
- emerging-web_server.rules
- emerging-worm.rules
- tor.rules
- http-events.rules # available in suricata sources under rules dir
- smtp-events.rules # available in suricata sources under rules dir
- dns-events.rules # available in suricata sources under rules dir
- tls-events.rules # available in suricata sources under rules dir
- suricata.rules
# suricata_rule_files:
# - botcc.rules
# - ciarmy.rules
# - compromised.rules
# - drop.rules
# - dshield.rules
# - emerging-attack_response.rules
# - emerging-chat.rules
# - emerging-current_events.rules
# - emerging-dns.rules
# - emerging-dos.rules
# - emerging-exploit.rules
# - emerging-ftp.rules
# - emerging-imap.rules
# - emerging-malware.rules
# - emerging-misc.rules
# - emerging-mobile_malware.rules
# - emerging-netbios.rules
# - emerging-p2p.rules
# - emerging-policy.rules
# - emerging-pop3.rules
# - emerging-rpc.rules
# - emerging-scan.rules
# - emerging-shellcode.rules
# - emerging-smtp.rules
# - emerging-snmp.rules
# - emerging-sql.rules
# - emerging-telnet.rules
# - emerging-tftp.rules
# - emerging-trojan.rules
# - emerging-user_agents.rules
# - emerging-voip.rules
# - emerging-web_client.rules
# - emerging-web_server.rules
# - emerging-worm.rules
# - tor.rules
# - http-events.rules # available in suricata sources under rules dir
# - smtp-events.rules # available in suricata sources under rules dir
# - dns-events.rules # available in suricata sources under rules dir
# - tls-events.rules # available in suricata sources under rules dir
2 changes: 1 addition & 1 deletion templates/suricata.yaml.j2
View file
Original file line number Diff line number Diff line change
Expand Up @@ -478,7 +478,7 @@ af-packet:
cluster-type: cluster_flow
# In some fragmentation case, the hash can not be computed. If "defrag" is set
# to yes, the kernel will do the needed defragmentation before sending the packets.
defrag: yes
defrag: {{ suricata_afpack_defrag }}
# After Linux kernel 3.10 it is possible to activate the rollover option: if a socket is
# full then kernel will send the packet on the next socket with room available. This option
# can minimize packet drop and increase the treated bandwidth on single intensive flow.
Expand Down

0 comments on commit e59ad60

Please sign in to comment.