From ad7e3dca2b915b9f27ba01bade962305a0dd34bb Mon Sep 17 00:00:00 2001 From: bmeeks8 Date: Fri, 5 Sep 2014 18:05:00 -0400 Subject: Some changes no longer needed since dns-events.rules file is now in PBI. --- config/suricata/dns-events.rules | 15 --------------- config/suricata/suricata.xml | 5 ----- config/suricata/suricata_post_install.php | 5 ----- 3 files changed, 25 deletions(-) delete mode 100644 config/suricata/dns-events.rules (limited to 'config') diff --git a/config/suricata/dns-events.rules b/config/suricata/dns-events.rules deleted file mode 100644 index 693f2f1b..00000000 --- a/config/suricata/dns-events.rules +++ /dev/null @@ -1,15 +0,0 @@ -# Response (answer) we didn't see a Request for. Could be packet loss. -alert dns any any -> any any (msg:"SURICATA DNS Unsollicited response"; flow:to_client; app-layer-event:dns.unsollicited_response; sid:2240001; rev:1;) -# Malformed data in request. Malformed means length fields are wrong, etc. -alert dns any any -> any any (msg:"SURICATA DNS malformed request data"; flow:to_client; app-layer-event:dns.malformed_data; sid:2240002; rev:1;) -alert dns any any -> any any (msg:"SURICATA DNS malformed response data"; flow:to_server; app-layer-event:dns.malformed_data; sid:2240003; rev:1;) -# Response flag set on to_server packet -alert dns any any -> any any (msg:"SURICATA DNS Not a request"; flow:to_server; app-layer-event:dns.not_a_request; sid:2240004; rev:1;) -# Response flag not set on to_client packet -alert dns any any -> any any (msg:"SURICATA DNS Not a response"; flow:to_client; app-layer-event:dns.not_a_response; sid:2240005; rev:1;) -# Z flag (reserved) not 0 -alert dns any any -> any any (msg:"SURICATA DNS Z flag set"; app-layer-event:dns.z_flag_set; sid:2240006; rev:1;) -# Request Flood Detected -alert dns any any -> any any (msg:"SURICATA DNS request flood detected"; flow:to_server; app-layer-event:dns.flooded; sid:2240007; rev:1;) -# Per-flow (state) memcap reached. Relates to the app-layer.protocols.dns.state-memcap setting. -alert dns any any -> any any (msg:"SURICATA DNS flow memcap reached"; flow:to_server; app-layer-event:dns.state_memcap_reached; sid:2240008; rev:2;) diff --git a/config/suricata/suricata.xml b/config/suricata/suricata.xml index f9bbd379..d5ea59ad 100644 --- a/config/suricata/suricata.xml +++ b/config/suricata/suricata.xml @@ -107,11 +107,6 @@ /usr/local/pkg/suricata/ 0755 - - https://packages.pfsense.org/packages/config/suricata/dns-events.rules - /usr/local/pkg/suricata/ - 0755 - https://packages.pfsense.org/packages/config/suricata/suricata_download_updates.php /usr/local/www/suricata/ diff --git a/config/suricata/suricata_post_install.php b/config/suricata/suricata_post_install.php index 4ee50946..7c8d03a5 100644 --- a/config/suricata/suricata_post_install.php +++ b/config/suricata/suricata_post_install.php @@ -112,11 +112,6 @@ safe_mkdir(SURICATALOGDIR); safe_mkdir(SID_MODS_PATH); safe_mkdir(IPREP_PATH); -// Copy the new dns-events.rules file to the -// Suricata directory if not already present. -if (!file_exists(SURICATADIR . "rules/dns-events.rules")) - @copy("/usr/local/pkg/suricata/dns-events.rules", SURICATADIR . "rules/dns-events.rules"); - // remake saved settings if previously flagged if ($config['installedpackages']['suricata']['config'][0]['forcekeepsettings'] == 'on') { log_error(gettext("[Suricata] Saved settings detected... rebuilding installation with saved settings...")); -- cgit v1.2.3