API tools faq
paste
travisbgreen

suricata.yaml.patch

travisbgreen
May 20th, 2018
186
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 3.10 KB | None | 0 0
raw download clone embed print report
  1. --- suricata_default.yaml 2018-05-20 11:34:57.618505320 -0600
  2. +++ suricata_modified.yaml 2018-05-20 11:35:11.274089496 -0600
  3. @@ -52,12 +52,12 @@
  4. default-rule-path: /etc/suricata/rules
  5. rule-files:
  6. - botcc.rules
  7. - # - botcc.portgrouped.rules
  8. + - botcc.portgrouped.rules
  9. - ciarmy.rules
  10. - compromised.rules
  11. - drop.rules
  12. - dshield.rules
  13. -# - emerging-activex.rules
  14. + - emerging-activex.rules
  15. - emerging-attack_response.rules
  16. - emerging-chat.rules
  17. - emerging-current_events.rules
  18. @@ -65,12 +65,12 @@
  19. - emerging-dos.rules
  20. - emerging-exploit.rules
  21. - emerging-ftp.rules
  22. -# - emerging-games.rules
  23. -# - emerging-icmp_info.rules
  24. -# - emerging-icmp.rules
  25. + - emerging-games.rules
  26. + - emerging-icmp_info.rules
  27. + - emerging-icmp.rules
  28. - emerging-imap.rules
  29. -# - emerging-inappropriate.rules
  30. -# - emerging-info.rules
  31. + - emerging-inappropriate.rules
  32. + - emerging-info.rules
  33. - emerging-malware.rules
  34. - emerging-misc.rules
  35. - emerging-mobile_malware.rules
  36. @@ -93,15 +93,15 @@
  37. - emerging-voip.rules
  38. - emerging-web_client.rules
  39. - emerging-web_server.rules
  40. -# - emerging-web_specific_apps.rules
  41. + - emerging-web_specific_apps.rules
  42. - emerging-worm.rules
  43. - tor.rules
  44. # - decoder-events.rules # available in suricata sources under rules dir
  45. # - stream-events.rules # available in suricata sources under rules dir
  46. - - http-events.rules # available in suricata sources under rules dir
  47. - - smtp-events.rules # available in suricata sources under rules dir
  48. - - dns-events.rules # available in suricata sources under rules dir
  49. - - tls-events.rules # available in suricata sources under rules dir
  50. +# - http-events.rules # available in suricata sources under rules dir
  51. +# - smtp-events.rules # available in suricata sources under rules dir
  52. +# - dns-events.rules # available in suricata sources under rules dir
  53. +# - tls-events.rules # available in suricata sources under rules dir
  54. # - modbus-events.rules # available in suricata sources under rules dir
  55. # - app-layer-events.rules # available in suricata sources under rules dir
  56. # - dnp3-events.rules # available in suricata sources under rules dir
  57. @@ -544,7 +544,7 @@
  58.  
  59. # Linux high speed capture support
  60. af-packet:
  61. - - interface: eth0
  62. + - interface: eth1
  63. # Number of receive threads. "auto" uses the number of cores
  64. #threads: auto
  65. # Default clusterid. AF_PACKET will load balance packets based on flow.
  66. @@ -610,6 +610,7 @@
  67. # checksum off-loading is used.
  68. # Warning: 'checksum-validation' must be set to yes to have any validation
  69. #checksum-checks: kernel
  70. + checksum-checks: no
  71. # BPF filter to apply to this interface. The pcap filter syntax apply here.
  72. #bpf-filter: port 80 or udp
  73. # You can use the following variables to activate AF_PACKET tap or IPS mode.
  74. @@ -904,7 +905,7 @@
  75. # Note: parser depends on experimental Rust support
  76. # with --enable-rust-experimental passed to configure
  77. ntp:
  78. - enabled: no
  79. + enabled: yes
  80.  
  81. # Limit for the maximum number of asn1 frames to decode (default 256)
  82. asn1-max-frames: 256
Advertisement
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!