]> git.ipfire.org Git - ipfire-2.x.git/blobdiff - config/suricata/suricata.yaml
projects / ipfire-2.x.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
suricata: Enable landlock security feature
[ipfire-2.x.git] / config / suricata / suricata.yaml
diff --git a/config/suricata/suricata.yaml b/config/suricata/suricata.yaml
index 165a2442d22b060fb60ec90eab36a5bb0cc8dc4d..dd6a42e915eda042efc34186812f36602d5ebb25 100644 (file)
--- a/config/suricata/suricata.yaml
+++ b/config/suricata/suricata.yaml
@@ -768,16 +768,16 @@ security:
   limit-noproc: true
   # Use landlock security module under Linux
   landlock:
-    enabled: no
+    enabled: yes
     directories:
-      #write:
-      #  - @e_rundir@
+      write:
+        - /run
       # /usr and /etc folders are added to read list to allow
       # file magic to be used.
       read:
-        - /usr/
-        - /etc/
-        - @e_sysconfdir@
+        - /usr/share/misc/magic.mgc
+        - /var/ipfire/suricata/
+        - /var/lib/suricata/rules/
 
   lua:
     # Allow Lua rules. Disabled by default.
IPFire 2.x development tree