aboutsummaryrefslogtreecommitdiffstats
path: root/config/suricata
diff options
context:
space:
mode:
Diffstat (limited to 'config/suricata')
-rw-r--r--config/suricata/dns-events.rules15
-rw-r--r--config/suricata/suricata.xml5
-rw-r--r--config/suricata/suricata_post_install.php5
3 files changed, 0 insertions, 25 deletions
diff --git a/config/suricata/dns-events.rules b/config/suricata/dns-events.rules
deleted file mode 100644
index 693f2f1b..00000000
--- a/config/suricata/dns-events.rules
+++ /dev/null
@@ -1,15 +0,0 @@
-# Response (answer) we didn't see a Request for. Could be packet loss.
-alert dns any any -> any any (msg:"SURICATA DNS Unsollicited response"; flow:to_client; app-layer-event:dns.unsollicited_response; sid:2240001; rev:1;)
-# Malformed data in request. Malformed means length fields are wrong, etc.
-alert dns any any -> any any (msg:"SURICATA DNS malformed request data"; flow:to_client; app-layer-event:dns.malformed_data; sid:2240002; rev:1;)
-alert dns any any -> any any (msg:"SURICATA DNS malformed response data"; flow:to_server; app-layer-event:dns.malformed_data; sid:2240003; rev:1;)
-# Response flag set on to_server packet
-alert dns any any -> any any (msg:"SURICATA DNS Not a request"; flow:to_server; app-layer-event:dns.not_a_request; sid:2240004; rev:1;)
-# Response flag not set on to_client packet
-alert dns any any -> any any (msg:"SURICATA DNS Not a response"; flow:to_client; app-layer-event:dns.not_a_response; sid:2240005; rev:1;)
-# Z flag (reserved) not 0
-alert dns any any -> any any (msg:"SURICATA DNS Z flag set"; app-layer-event:dns.z_flag_set; sid:2240006; rev:1;)
-# Request Flood Detected
-alert dns any any -> any any (msg:"SURICATA DNS request flood detected"; flow:to_server; app-layer-event:dns.flooded; sid:2240007; rev:1;)
-# Per-flow (state) memcap reached. Relates to the app-layer.protocols.dns.state-memcap setting.
-alert dns any any -> any any (msg:"SURICATA DNS flow memcap reached"; flow:to_server; app-layer-event:dns.state_memcap_reached; sid:2240008; rev:2;)
diff --git a/config/suricata/suricata.xml b/config/suricata/suricata.xml
index f9bbd379..d5ea59ad 100644
--- a/config/suricata/suricata.xml
+++ b/config/suricata/suricata.xml
@@ -108,11 +108,6 @@
<chmod>0755</chmod>
</additional_files_needed>
<additional_files_needed>
- <item>https://packages.pfsense.org/packages/config/suricata/dns-events.rules</item>
- <prefix>/usr/local/pkg/suricata/</prefix>
- <chmod>0755</chmod>
- </additional_files_needed>
- <additional_files_needed>
<item>https://packages.pfsense.org/packages/config/suricata/suricata_download_updates.php</item>
<prefix>/usr/local/www/suricata/</prefix>
<chmod>0755</chmod>
diff --git a/config/suricata/suricata_post_install.php b/config/suricata/suricata_post_install.php
index 4ee50946..7c8d03a5 100644
--- a/config/suricata/suricata_post_install.php
+++ b/config/suricata/suricata_post_install.php
@@ -112,11 +112,6 @@ safe_mkdir(SURICATALOGDIR);
safe_mkdir(SID_MODS_PATH);
safe_mkdir(IPREP_PATH);
-// Copy the new dns-events.rules file to the
-// Suricata directory if not already present.
-if (!file_exists(SURICATADIR . "rules/dns-events.rules"))
- @copy("/usr/local/pkg/suricata/dns-events.rules", SURICATADIR . "rules/dns-events.rules");
-
// remake saved settings if previously flagged
if ($config['installedpackages']['suricata']['config'][0]['forcekeepsettings'] == 'on') {
log_error(gettext("[Suricata] Saved settings detected... rebuilding installation with saved settings..."));