Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Don't enable any rulesets by default #34

Open
jasonish opened this issue Aug 9, 2023 · 2 comments
Open

Don't enable any rulesets by default #34

jasonish opened this issue Aug 9, 2023 · 2 comments

Comments

@jasonish
Copy link
Owner

jasonish commented Aug 9, 2023

By default, the et/open and oisf/trafficid rulesets are enabled by default. This was probably due to personal preference when first creating the container, but at most, et/open should be enabled, or nothing enabled by default which would have suricata-update default to et/open anyways.
@almereyda
Copy link

Can you suggest a workaround on how create a manual override for these defaults?

From what you express, do you say it is not possible to disable oisf/trafficid right now, nor et/open, if one wanted to?

@jasonish
Copy link
Owner Author

/var/lib/suricata is a volume, so providing your own will result in the default suricata-update behaviour, which is to use et/open if no other rulesets are enabled. I'll probably make this the default in the git master tag of the container and let that ripple into the next major version tag.

Also, maybe some environment variables to auto do some things for those that wish to do it that way.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@jasonish @almereyda