Suricata will print a warning on startup if the collection of stats
is enabled but no stats logger, which will print them out is enabled.
Acctually we do not use any stats so this safely can be disabled.
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
This will prevent suricata from displaying a warning on startup and
anyway would be the log level which suricata switches in such a case.
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
All of them are disabled by default, but may be needed in some
environments and so easily can be enabled there.
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
When adding a host to the whitelist set the bypass flag to
immediate take the load from the IDS.
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
The "/var/ipfire/suricata/suricata-default-rules.yaml" file, now
dynamicall will be generated, based on the enabled application layer
protocols.
Only existing rulefiles for enabled app layer protocols will be loaded.
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
This function call suricata to obtain a list of enabled application
layer protocols (application/protocol parsers).
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
directory.
If there are one, they safly can be removed because the *.config files
now live in a different folder.
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
exists before returning the filename.
This will prevent from using and processing non existing files.
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
determined.
If no timestamp could be grabbed for rulestarball of a given provider,
return N/A.
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
This converter does all the magic to convert any suricata
based IPFire version to work with the new multiple providers
IDS.
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Not all config files are shipped by the rulesets. For example the
"threshold.conf" and the "referneces.conf" are not include in each
ruleset.
Therefore it is not a common way to delete all config files. It is
much safer to simple keep them and overwrite existing ones by the
generated ones.
This reverts commit a71c3c9dcc60541aa4504d0f1fb0a78c0d58ed5e.
extractruleset() function.
Now everithing which is extracting or moving stored ruleset files is
easily accessing via one function which takes care about.
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
This function can be used to directly modify the desired file.
It takes two arguments:
* An action which could be "add" or "remove"
* A provider handle, which should be added or removed.
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
function.
This function simply returns the gernerated path and filename for the
provider specific modified sids file.
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
The enabled or disabled sids now will be written to an own
provider exclusive configuration file which dynamically will
be included by oinkmaster if needed.
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
This function is used to get the creation date of the stored rules files
of a given provider.
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
The selected rulesfiles of a provider now will be written to an own
provider exclusive yaml file, which will be included dynamically when
the provider is enabled or not.
This allows very easy handling to enable or disable a provider, in this
case the file which keeps the enabled providers rulesets only needs to
be included in the main file or even not.
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
