suricata: Include all default rules

These rules do not drop anything, but only alert when internal parts of
the engine trigger an event. This will allow us more insight on what is
happening.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

config/rootfiles/common/suricata

@@ -19,6 +19,28 @@ usr/bin/suricata
 #usr/share/man/man1/suricatactl-filestore.1
 #usr/share/man/man1/suricatactl.1
 #usr/share/man/man1/suricatasc.1
+usr/share/suricata/
+#usr/share/suricata/classification.config
+#usr/share/suricata/reference.config
+#usr/share/suricata/rules
+#usr/share/suricata/rules/app-layer-events.rules
+#usr/share/suricata/rules/decoder-events.rules
+#usr/share/suricata/rules/dhcp-events.rules
+#usr/share/suricata/rules/dnp3-events.rules
+#usr/share/suricata/rules/dns-events.rules
+#usr/share/suricata/rules/files.rules
+#usr/share/suricata/rules/http2-events.rules
+#usr/share/suricata/rules/http-events.rules
+#usr/share/suricata/rules/ipsec-events.rules
+#usr/share/suricata/rules/kerberos-events.rules
+#usr/share/suricata/rules/modbus-events.rules
+#usr/share/suricata/rules/mqtt-events.rules
+#usr/share/suricata/rules/nfs-events.rules
+#usr/share/suricata/rules/ntp-events.rules
+#usr/share/suricata/rules/smb-events.rules
+#usr/share/suricata/rules/smtp-events.rules
+#usr/share/suricata/rules/stream-events.rules
+#usr/share/suricata/rules/tls-events.rules
 var/lib/suricata
 var/lib/suricata/classification.config
 var/lib/suricata/reference.config

config/suricata/suricata.yaml

@@ -46,8 +46,28 @@ vars:
 ##
 default-rule-path: /var/lib/suricata
 rule-files:
-    # Include enabled ruleset files from external file.
-    include: /var/ipfire/suricata/suricata-used-rulefiles.yaml
+    # Default rules
+    - /usr/share/suricata/rules/app-layer-events.rules
+    - /usr/share/suricata/rules/decoder-events.rules
+    - /usr/share/suricata/rules/dhcp-events.rules
+    - /usr/share/suricata/rules/dnp3-events.rules
+    - /usr/share/suricata/rules/dns-events.rules
+    - /usr/share/suricata/rules/files.rules
+    - /usr/share/suricata/rules/http2-events.rules
+    - /usr/share/suricata/rules/http-events.rules
+    - /usr/share/suricata/rules/ipsec-events.rules
+    - /usr/share/suricata/rules/kerberos-events.rules
+    - /usr/share/suricata/rules/modbus-events.rules
+    - /usr/share/suricata/rules/mqtt-events.rules
+    - /usr/share/suricata/rules/nfs-events.rules
+    - /usr/share/suricata/rules/ntp-events.rules
+    - /usr/share/suricata/rules/smb-events.rules
+    - /usr/share/suricata/rules/smtp-events.rules
+    - /usr/share/suricata/rules/stream-events.rules
+    - /usr/share/suricata/rules/tls-events.rules
+
+    # Include enabled ruleset files from external file
+    - !include: /var/ipfire/suricata/suricata-used-rulefiles.yaml
 
 classification-file: /var/lib/suricata/classification.config
 reference-config-file: /var/lib/suricata/reference.config

lfs/suricata

@@ -96,9 +96,6 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
 	# Install IPFire related config file.
 	install -m 0644 $(DIR_SRC)/config/suricata/suricata.yaml /etc/suricata
 
-	# Remove shipped rules.
-	rm -rvf /usr/share/suricata
-
 	# Create emtpy rules directory.
 	-mkdir -p /var/lib/suricata