git.ipfire.org Git - ipfire-2.x.git/commit

author	Tim FitzGeorge <ipfr@tfitzgeorge.me.uk>
	Wed, 5 Jun 2019 18:56:32 +0000 (20:56 +0200)
committer	Michael Tremer <michael.tremer@ipfire.org>
	Wed, 5 Jun 2019 11:39:57 +0000 (12:39 +0100)
commit	a5ba473c15c73a2e88d3333c73c1f13a332010b6
tree	768003ff3d47d452b73f8a16bd907fae327a84eb	tree \| snapshot
parent	9734a58faf9832a708057e44092b96976401a8eb	commit \| diff

suricata: correct rule actions in IPS mode

In IPS mode rule actions need to be have the action 'drop' for the
protection to work, however this is not appropriate for all rules.
Modify the generator for oinkmaster-modify-sids.conf to leave
rules with the action 'alert' here this is appropriate. Also add
a script to be run on update to correct existing downloaded rules.

Fixes #12086

Signed-off-by: Tim FitzGeorge <ipfr@tfitzgeorge.me.uk>
Tested-by: Peter Müller <peter.mueller@ipfire.org>
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

config/cfgroot/ids-functions.pl		diff \| blob \| blame \| history
config/rootfiles/common/configroot		diff \| blob \| blame \| history
config/rootfiles/core/133/update.sh		diff \| blob \| blame \| history
config/suricata/convert-ids-modifysids-file	[new file with mode: 0644]	blob
html/cgi-bin/ids.cgi		diff \| blob \| blame \| history
lfs/configroot		diff \| blob \| blame \| history