#usr/share/suricata/rules/smtp-events.rules
#usr/share/suricata/rules/stream-events.rules
#usr/share/suricata/rules/tls-events.rules
+var/ipfire/suricata/suricata-default-rules.yaml
var/lib/suricata
var/lib/suricata/classification.config
var/lib/suricata/reference.config
--- /dev/null
+%YAML 1.1
+---
+
+# Default rules which helps
+ - /usr/share/suricata/rules/app-layer-events.rules
+ - /usr/share/suricata/rules/decoder-events.rules
+ - /usr/share/suricata/rules/dhcp-events.rules
+ - /usr/share/suricata/rules/dnp3-events.rules
+ - /usr/share/suricata/rules/dns-events.rules
+ - /usr/share/suricata/rules/files.rules
+ - /usr/share/suricata/rules/http2-events.rules
+ - /usr/share/suricata/rules/http-events.rules
+ - /usr/share/suricata/rules/ipsec-events.rules
+ - /usr/share/suricata/rules/kerberos-events.rules
+ - /usr/share/suricata/rules/modbus-events.rules
+ - /usr/share/suricata/rules/mqtt-events.rules
+ - /usr/share/suricata/rules/nfs-events.rules
+ - /usr/share/suricata/rules/ntp-events.rules
+ - /usr/share/suricata/rules/smb-events.rules
+ - /usr/share/suricata/rules/smtp-events.rules
+ - /usr/share/suricata/rules/stream-events.rules
+ - /usr/share/suricata/rules/tls-events.rules
##
default-rule-path: /var/lib/suricata
rule-files:
- # Default rules
- - /usr/share/suricata/rules/app-layer-events.rules
- - /usr/share/suricata/rules/decoder-events.rules
- - /usr/share/suricata/rules/dhcp-events.rules
- - /usr/share/suricata/rules/dnp3-events.rules
- - /usr/share/suricata/rules/dns-events.rules
- - /usr/share/suricata/rules/files.rules
- - /usr/share/suricata/rules/http2-events.rules
- - /usr/share/suricata/rules/http-events.rules
- - /usr/share/suricata/rules/ipsec-events.rules
- - /usr/share/suricata/rules/kerberos-events.rules
- - /usr/share/suricata/rules/modbus-events.rules
- - /usr/share/suricata/rules/mqtt-events.rules
- - /usr/share/suricata/rules/nfs-events.rules
- - /usr/share/suricata/rules/ntp-events.rules
- - /usr/share/suricata/rules/smb-events.rules
- - /usr/share/suricata/rules/smtp-events.rules
- - /usr/share/suricata/rules/stream-events.rules
- - /usr/share/suricata/rules/tls-events.rules
-
# Include enabled ruleset files from external file
- - !include: /var/ipfire/suricata/suricata-used-rulefiles.yaml
+ include: /var/ipfire/suricata/suricata-used-rulefiles.yaml
+
+ # Include default rules.
+ include: /var/ipfire/suricata/suricata-default-rules.yaml
classification-file: /var/lib/suricata/classification.config
reference-config-file: /var/lib/suricata/reference.config
# Install IPFire related config file.
install -m 0644 $(DIR_SRC)/config/suricata/suricata.yaml /etc/suricata
+ # Install yaml file for loading default rules.
+ install -m 0664 $(DIR_SRC)/config/suricata/suricata-default-rules.yaml /var/ipfire/suricata
+
# Create emtpy rules directory.
-mkdir -p /var/lib/suricata