aboutsummaryrefslogtreecommitdiff
path: root/net/snort3/files
Commit message (Collapse)AuthorAge
* snort3: minor tweaks to local.luaJohn Audia2022-12-22
| | | | | | | | | * Use Boolean true for enable inline mode which is more intuitive that older '' * Add skeleton section for openappid since it has been merged[1] 1. https://github.com/openwrt/packages/commit/2d4e7d5fd343652d0852337184d56522ef5af83d Signed-off-by: John Audia <therealgraysky@proton.me>
* snort3: unified configs: local.lua and homenet.luaJohn Audia2022-12-08
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This commit adds /etc/snort/local.lua and /etc/snort/homenet.lua for user defined config options which is more simplistic than modifying upstream files directly. That can be tedious and decisive to maintain in sync with upstream changes. The init script has been adjusted accordingly. Acknowledgment to amish who maintains the Arch Linux snort-nfqueue package[1] for these ideas and initial code. Another modification is dropping the following args in the call to /usr/bin/snort by the init system as these options are provided in /etc/snort/local.lua: * --daq-dir /usr/lib/daq/ * -A "$alert_module" Instructions to configure snort3: 1. Edit /etc/snort/homenet.lua and redefine HOME_NET and EXTERNAL_NET, for example: HOME_NET = [[ 10.9.8.0/24 192.168.1.0/24 ]] EXTERNAL_NET = "!$HOME_NET" 2. Edit /etc/snort/local.lua to setup options unique to your use case of snort. The default ones I included should be sane for the role of IDS (alert only), but users may easily uncomment some options therein to use IPS (drop) mode. 3. Install or symlink rules to /etc/snort/rules/snort.rules and optionally edit /etc/snort/local.lua to define extra rules files if not using a unified 'snort.rules' References: 1. https://aur.archlinux.org/packages/snort-nfqueue Signed-off-by: John Audia <therealgraysky@proton.me>
* net/snort3: Include default configs and snort2luaMichal Hrusecky2021-07-22
| | | | | | | | Include default configuration files to have something to start from. Also include snort2lua to help convert snort2 rules to snort3 to also help with bootstrapping the configuration. Signed-off-by: Michal Hrusecky <michal.hrusecky@turris.com>
* snort3: new packageW. Michael Petullo2019-03-30
Signed-off-by: W. Michael Petullo <mike@flyn.org>
Powered by cgit, Themed by Ted Yin.