docker-suricata icon indicating copy to clipboard operation
docker-suricata copied to clipboard

Published 20 hours ago verified publisher icon jasonish

Don't enable any rulesets by default

Open jasonish opened this issue 2 years ago • 2 comments

By default, the et/open and oisf/trafficid rulesets are enabled by default. This was probably due to personal preference when first creating the container, but at most, et/open should be enabled, or nothing enabled by default which would have suricata-update default to et/open anyways.

jasonish avatar Aug 09 '23 21:08 jasonish

Can you suggest a workaround on how create a manual override for these defaults?

From what you express, do you say it is not possible to disable oisf/trafficid right now, nor et/open, if one wanted to?

almereyda avatar Nov 11 '23 21:11 almereyda

/var/lib/suricata is a volume, so providing your own will result in the default suricata-update behaviour, which is to use et/open if no other rulesets are enabled. I'll probably make this the default in the git master tag of the container and let that ripple into the next major version tag.

Also, maybe some environment variables to auto do some things for those that wish to do it that way.

jasonish avatar Nov 14 '23 21:11 jasonish