yaml: move rules up in the file

author Victor Julien <victor@inliniac.net>

Mon, 30 May 2016 16:57:20 +0000 (18:57 +0200)

committer Victor Julien <victor@inliniac.net>

Tue, 31 May 2016 06:44:53 +0000 (08:44 +0200)
author Victor Julien <victor@inliniac.net>
Mon, 30 May 2016 16:57:20 +0000 (18:57 +0200)
committer Victor Julien <victor@inliniac.net>
Tue, 31 May 2016 06:44:53 +0000 (08:44 +0200)
diff --git a/suricata.yaml.in b/suricata.yaml.in

index 6d80e603d1a129b6a4966ada6b0804e9b99e306e..c750d27df073c476ef2a54737591add7e42ce5dc 100644 (file)
--- a/suricata.yaml.in
+++ b/suricata.yaml.in
@@ -42,6 +42,68 @@ vars:
      DNP3_PORTS: 20000
      MODBUS_PORTS: 502
  
+##
+## Step 2: select the rules to enable or disable
+##
+
+classification-file: @e_sysconfdir@classification.config
+reference-config-file: @e_sysconfdir@reference.config
+# threshold-file: @e_sysconfdir@threshold.config
+
+default-rule-path: @e_sysconfdir@rules
+rule-files:
+ - botcc.rules
+ - ciarmy.rules
+ - compromised.rules
+ - drop.rules
+ - dshield.rules
+# - emerging-activex.rules
+ - emerging-attack_response.rules
+ - emerging-chat.rules
+ - emerging-current_events.rules
+ - emerging-dns.rules
+ - emerging-dos.rules
+ - emerging-exploit.rules
+ - emerging-ftp.rules
+# - emerging-games.rules
+# - emerging-icmp_info.rules
+# - emerging-icmp.rules
+ - emerging-imap.rules
+# - emerging-inappropriate.rules
+ - emerging-malware.rules
+ - emerging-misc.rules
+ - emerging-mobile_malware.rules
+ - emerging-netbios.rules
+ - emerging-p2p.rules
+ - emerging-policy.rules
+ - emerging-pop3.rules
+ - emerging-rpc.rules
+ - emerging-scada.rules
+ - emerging-scan.rules
+# - emerging-shellcode.rules
+ - emerging-smtp.rules
+ - emerging-snmp.rules
+ - emerging-sql.rules
+ - emerging-telnet.rules
+ - emerging-tftp.rules
+ - emerging-trojan.rules
+ - emerging-user_agents.rules
+ - emerging-voip.rules
+ - emerging-web_client.rules
+ - emerging-web_server.rules
+# - emerging-web_specific_apps.rules
+ - emerging-worm.rules
+ - tor.rules
+# - decoder-events.rules # available in suricata sources under rules dir
+# - stream-events.rules  # available in suricata sources under rules dir
+ - http-events.rules    # available in suricata sources under rules dir
+ - smtp-events.rules    # available in suricata sources under rules dir
+ - dns-events.rules     # available in suricata sources under rules dir
+ - tls-events.rules     # available in suricata sources under rules dir
+# - modbus-events.rules  # available in suricata sources under rules dir
+# - app-layer-events.rules  # available in suricata sources under rules dir
+
+
  # Number of packets preallocated per thread. The default is 1024. A higher number 
  # will make sure each CPU will be more easily kept busy, but may negatively 
  # impact caching.
@@ -618,10 +680,6 @@ netmap:
  legacy:
    uricontent: enabled
  
-# You can specify a threshold config file by setting "threshold-file"
-# to the path of the threshold config file:
-# threshold-file: /etc/suricata/threshold.config
-
  # The detection engine builds internal groups of signatures. The engine
  # allow us to specify the profile to use for them, to manage memory on an
  # efficient way keeping a good performance. For the profile keyword you
@@ -1174,64 +1232,6 @@ ipfw:
    #
    # ipfw-reinjection-rule-number: 5500
  
-# Set the default rule path here to search for the files.
-# if not set, it will look at the current working dir
-default-rule-path: @e_sysconfdir@rules
-rule-files:
- - botcc.rules
- - ciarmy.rules
- - compromised.rules
- - drop.rules
- - dshield.rules
-# - emerging-activex.rules
- - emerging-attack_response.rules
- - emerging-chat.rules
- - emerging-current_events.rules
- - emerging-dns.rules
- - emerging-dos.rules
- - emerging-exploit.rules
- - emerging-ftp.rules
-# - emerging-games.rules
-# - emerging-icmp_info.rules
-# - emerging-icmp.rules
- - emerging-imap.rules
-# - emerging-inappropriate.rules
- - emerging-malware.rules
- - emerging-misc.rules
- - emerging-mobile_malware.rules
- - emerging-netbios.rules
- - emerging-p2p.rules
- - emerging-policy.rules
- - emerging-pop3.rules
- - emerging-rpc.rules
- - emerging-scada.rules
- - emerging-scan.rules
-# - emerging-shellcode.rules
- - emerging-smtp.rules
- - emerging-snmp.rules
- - emerging-sql.rules
- - emerging-telnet.rules
- - emerging-tftp.rules
- - emerging-trojan.rules
- - emerging-user_agents.rules
- - emerging-voip.rules
- - emerging-web_client.rules
- - emerging-web_server.rules
-# - emerging-web_specific_apps.rules
- - emerging-worm.rules
- - tor.rules
- - decoder-events.rules # available in suricata sources under rules dir
- - stream-events.rules  # available in suricata sources under rules dir
- - http-events.rules    # available in suricata sources under rules dir
- - smtp-events.rules    # available in suricata sources under rules dir
- - dns-events.rules     # available in suricata sources under rules dir
- - tls-events.rules     # available in suricata sources under rules dir
-# - modbus-events.rules  # available in suricata sources under rules dir
- - app-layer-events.rules  # available in suricata sources under rules dir
-
-classification-file: @e_sysconfdir@classification.config
-reference-config-file: @e_sysconfdir@reference.config
-
  # Set the order of alerts bassed on actions
  # The default order is pass, drop, reject, alert
  # action-order:
author	Victor Julien <victor@inliniac.net>
	Mon, 30 May 2016 16:57:20 +0000 (18:57 +0200)
committer	Victor Julien <victor@inliniac.net>
	Tue, 31 May 2016 06:44:53 +0000 (08:44 +0200)