blob: 358e869ddefc5dfc23549bdb638bb777f6b5fb5c (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
|
# Configuration with disable filters.
# - Overrided by --disable-conf
# - Default: /etc/suricata/disable.conf
disable-conf: /etc/suricata/disable.conf
# Configuration with enable filters.
# - Overrided by --enable-conf
# - Default: /etc/suricata/enable.conf
enable-conf: /etc/suricata/enable.conf
# Configuration with drop filters.
# - Overrided by --drop-conf
# - Default: /etc/suricata/drop.conf
drop-conf: /etc/suricata/drop.conf
# Configuration with modify filters.
# - Overrided by --modify-conf
# - Default: /etc/suricata/modify.conf
modify-conf: /etc/suricata/modify.conf
# List of files to ignore. Overrided by the --ignore command line option.
ignore:
- "*deleted.rules"
# Override the user-agent string.
#user-agent: "Suricata-Update"
# Provide an alternate command to the default test command.
#
# The following environment variables can be used.
# SURICATA_PATH - The path to the discovered suricata program.
# OUTPUT_DIR - The directory the rules are written to.
# OUTPUT_FILENAME - The name of the rule file. Will be empty if the rules
# were not merged.
#test-command: ${SURICATA_PATH} -T -S ${OUTPUT_FILENAME} -l /tmp
# Provide a command to reload the Suricata rules.
# May be overrided by the --reload-command command line option.
# See the documentation of --reload-command for the different options
# to reload Suricata rules.
#reload-command: sudo systemctl reload suricata
# Remote rule sources. Simply a list of URLs.
sources:
# Emerging Threats Open with the Suricata version dynamically replaced.
- https://rules.emergingthreats.net/open/suricata-%(__version__)s/emerging.rules.tar.gz
# The SSL blacklist, which is just a standalone rule file.
- https://sslbl.abuse.ch/blacklist/sslblacklist.rules
# A list of local rule sources. Each entry can be a rule file, a
# directory or a wild card specification.
local:
# A directory of rules.
- /etc/suricata/rules
# A single rule file.
- /etc/suricata/rules/app-layer-events.rules
# A wildcard.
- /etc/suricata/rules/*.rules
|
