suricata-reporter: Create a example configuration file

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

diff --git a/config/rootfiles/common/suricata b/config/rootfiles/common/suricata
index 93e0405b1d05f5b159ecc1662dedaa21bcc82ced..1237ecfb8ac3ec5a5b7eebd6e1fcd2175d1d434c 100644 (file)
--- a/config/rootfiles/common/suricata
+++ b/config/rootfiles/common/suricata
@@ -54,6 +54,7 @@ usr/share/suricata
 #usr/share/suricata/threshold.config
 var/cache/suricata
 var/cache/suricata/sgh
+var/ipfire/suricata/reporter.conf
 var/lib/suricata
 #var/lib/suricata/cache
 #var/lib/suricata/cache/sgh

diff --git a/config/suricata/reporter.conf b/config/suricata/reporter.conf
new file mode 100644 (file)
index 0000000..071e4ca
--- /dev/null
+++ b/config/suricata/reporter.conf
@@ -0,0 +1,34 @@
+;
+; Example configuration file for the Suricata Reporter
+; 
+; This application receives events from Suricata to generate reports,
+; alert emails and store a history of alerts.
+;
+[DEFAULT]
+; The number of worker processes to spawn.
+; Default is to launch one worker per CPU core.
+;workers = 4
+
+; The socket where to receive events from
+;socket = /var/run/suricata/reporter.socket
+
+; The ownership of the socket
+;user = suricata
+;group = suricata
+
+; The path to the database
+;database = /var/log/suricata/reporter.db
+
+[syslog]
+; Enable sending any alerts to syslog in the human-reable fast.log format
+;enabled = true
+
+[email]
+; Enable sending an alert email for each alert
+;enabled = true
+
+; The sender email address
+;sender = no-reply@ipfire.org
+
+; The recipient email addresses. Use comma separation for more reciepients.
+;recipients = john.doe@example.com, jane.doe@example.com

diff --git a/lfs/suricata b/lfs/suricata
index 12783c14ee8b6a673ecd0b102e4f349b03ecee75..62759ecea06ab938410667dc1e89158a9ac543d5 100644 (file)
--- a/lfs/suricata
+++ b/lfs/suricata
@@ -138,6 +138,9 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
 
        # Install the reporter
        install -v -m 755 $(DIR_SRC)/config/suricata/suricata-reporter /usr/bin/suricata-reporter
+       install -v -m 644 $(DIR_SRC)/config/suricata/reporter.conf \
+               /var/ipfire/suricata/reporter.conf
+       chown -v nobody:nobody /var/ipfire/suricata/reporter.conf
 
        # Install the watcher
        install -v -m 755 $(DIR_SRC)/config/suricata/suricata-watcher /usr/bin/suricata-watcher

diff --git a/src/initscripts/system/suricata b/src/initscripts/system/suricata
index f199931b8ff532b59ad476d11124dfd492a62b03..d885150db6ec39395bce11f19ecdb4009256afac 100644 (file)
--- a/src/initscripts/system/suricata
+++ b/src/initscripts/system/suricata
@@ -189,7 +189,8 @@ case "$1" in
                if [ "$ENABLE_IDS" == "on" ]; then
                        # Start the reporter
                        boot_mesg "Starting Intrusion Prevention Reporter..."
-                       loadproc -f -p /var/run/suricata/reporter.pid -b /usr/bin/suricata-reporter
+                       loadproc -f -p /var/run/suricata/reporter.pid -b /usr/bin/suricata-reporter \
+                               --config="/var/ipfire/suricata/reporter.conf"
 
                        # Start suricata
                        boot_mesg "Starting Intrusion Prevention System..."