Project

General

Profile

Actions

Bug #299

closed

default suricata.yaml settings

Added by Victor Julien over 13 years ago. Updated almost 13 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Target version:
Affected Versions:
Effort:
Difficulty:
Label:

Description

Need to consider adding more sane defaults to our default suricata.yaml. Might break QA, so need to do this with care.

Addresses would need to be something like this:

  1. Holds variables that would be used by the engine.
    vars:
    1. Holds the address group vars that would be passed in a Signature.
    2. These would be retrieved during the Signature address parsing stage.
      address-groups:

      HOME_NET: "[192.168.0.0/16,10.0.0.0/8,172.16.0.0/12]"

      EXTERNAL_NET: "!$HOME_NET"

      HTTP_SERVERS: "$HOME_NET"

      SMTP_SERVERS: "$HOME_NET"

      SQL_SERVERS: "$HOME_NET"

      DNS_SERVERS: "$HOME_NET"

      TELNET_SERVERS: "$HOME_NET"

      AIM_SERVERS: "$EXTERNAL_NET"

Actions

Also available in: Atom PDF