From 522255c67089aa66dc32435a20fc83c0de9d176b Mon Sep 17 00:00:00 2001 From: Michael Tremer Date: Wed, 6 Aug 2025 17:56:34 +0100 Subject: [PATCH] suricata-reporter: Create a example configuration file Signed-off-by: Michael Tremer --- config/rootfiles/common/suricata | 1 + config/suricata/reporter.conf | 34 ++++++++++++++++++++++++++++++++ lfs/suricata | 3 +++ src/initscripts/system/suricata | 3 ++- 4 files changed, 40 insertions(+), 1 deletion(-) create mode 100644 config/suricata/reporter.conf diff --git a/config/rootfiles/common/suricata b/config/rootfiles/common/suricata index 93e0405b1..1237ecfb8 100644 --- a/config/rootfiles/common/suricata +++ b/config/rootfiles/common/suricata @@ -54,6 +54,7 @@ usr/share/suricata #usr/share/suricata/threshold.config var/cache/suricata var/cache/suricata/sgh +var/ipfire/suricata/reporter.conf var/lib/suricata #var/lib/suricata/cache #var/lib/suricata/cache/sgh diff --git a/config/suricata/reporter.conf b/config/suricata/reporter.conf new file mode 100644 index 000000000..071e4cae0 --- /dev/null +++ b/config/suricata/reporter.conf @@ -0,0 +1,34 @@ +; +; Example configuration file for the Suricata Reporter +; +; This application receives events from Suricata to generate reports, +; alert emails and store a history of alerts. +; +[DEFAULT] +; The number of worker processes to spawn. +; Default is to launch one worker per CPU core. +;workers = 4 + +; The socket where to receive events from +;socket = /var/run/suricata/reporter.socket + +; The ownership of the socket +;user = suricata +;group = suricata + +; The path to the database +;database = /var/log/suricata/reporter.db + +[syslog] +; Enable sending any alerts to syslog in the human-reable fast.log format +;enabled = true + +[email] +; Enable sending an alert email for each alert +;enabled = true + +; The sender email address +;sender = no-reply@ipfire.org + +; The recipient email addresses. Use comma separation for more reciepients. +;recipients = john.doe@example.com, jane.doe@example.com diff --git a/lfs/suricata b/lfs/suricata index 12783c14e..62759ecea 100644 --- a/lfs/suricata +++ b/lfs/suricata @@ -138,6 +138,9 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) # Install the reporter install -v -m 755 $(DIR_SRC)/config/suricata/suricata-reporter /usr/bin/suricata-reporter + install -v -m 644 $(DIR_SRC)/config/suricata/reporter.conf \ + /var/ipfire/suricata/reporter.conf + chown -v nobody:nobody /var/ipfire/suricata/reporter.conf # Install the watcher install -v -m 755 $(DIR_SRC)/config/suricata/suricata-watcher /usr/bin/suricata-watcher diff --git a/src/initscripts/system/suricata b/src/initscripts/system/suricata index f199931b8..d885150db 100644 --- a/src/initscripts/system/suricata +++ b/src/initscripts/system/suricata @@ -189,7 +189,8 @@ case "$1" in if [ "$ENABLE_IDS" == "on" ]; then # Start the reporter boot_mesg "Starting Intrusion Prevention Reporter..." - loadproc -f -p /var/run/suricata/reporter.pid -b /usr/bin/suricata-reporter + loadproc -f -p /var/run/suricata/reporter.pid -b /usr/bin/suricata-reporter \ + --config="/var/ipfire/suricata/reporter.conf" # Start suricata boot_mesg "Starting Intrusion Prevention System..." -- 2.47.3