webadmin/bpfire
1
0
Fork 0
mirror of https://github.com/vincentmli/bpfire.git synced 2026-04-28 11:43:25 +02:00
Code Issues Packages Projects Releases Wiki Activity

suricata: Enable landlock security feature

Browse Source 
This will limit the suricata process to only read and write to a certain
files/directories.

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
This commit is contained in:
Stefan Schantl
2024-04-05 21:26:39 +02:00
committed by Michael Tremer
parent 4d24d99461
commit 64e057aaa5
1 changed files with 6 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
config/suricata/suricata.yaml
View File

@@ -768,16 +768,16 @@ security:
limit-noproc: true limit-noproc: true
# Use landlock security module under Linux # Use landlock security module under Linux
landlock: landlock:
enabled: no enabled: yes
directories: directories:
#write: write:
# - @e_rundir@ - /run
# /usr and /etc folders are added to read list to allow # /usr and /etc folders are added to read list to allow
# file magic to be used. # file magic to be used.
read: read:
- /usr/ - /usr/share/misc/magic.mgc
- /etc/ - /var/ipfire/suricata/
- @e_sysconfdir@ - /var/lib/suricata/rules/
lua: lua:
# Allow Lua rules. Disabled by default. # Allow Lua rules. Disabled by default.