vyos-build icon indicating copy to clipboard operation
vyos-build copied to clipboard

Published 20 hours ago verified publisher icon vyos

suricata: T751: Disable suricata.service by default

Open 0xThiebaut opened this issue 10 months ago • 2 comments

Change Summary

Added initial support for Suricata (IDS):

  • Ensure Suricata is disabled by default.

Types of changes

  • [ ] Bug fix (non-breaking change which fixes an issue)
  • [X] New feature (non-breaking change which adds functionality)
  • [ ] Code style update (formatting, renaming)
  • [ ] Refactoring (no functional changes)
  • [ ] Migration from an old Vyatta component to vyos-1x, please link to related PR inside obsoleted component
  • [ ] Other (please describe):

Related Task(s)

  • https://vyos.dev/T751

Component(s) name

  • ids
  • suricata

Proposed changes

Disable the suricata service to ensure it does not run without passing through configuration validation.

How to test

On the build image, run systemctl status suricata.

○ suricata.service - Suricata IDS/IDP daemon
     Loaded: loaded (/lib/systemd/system/suricata.service; disabled; preset: enabled)
     Active: inactive (dead)
       Docs: man:suricata(8)
             man:suricatasc(8)
             https://suricata-ids.org/docs/

Checklist:

  • [x] I have read the CONTRIBUTING document
  • [x] I have linked this PR to one or more Phabricator Task(s)
  • [x] My commit headlines contain a valid Task id
  • [ ] My change requires a change to the documentation
  • [ ] I have updated the documentation accordingly

0xThiebaut avatar May 02 '24 11:05 0xThiebaut

@0xThiebaut We do not have this service

vyos@r4# sudo systemctl status suricata
Unit suricata.service could not be found.
[edit]
vyos@r4#

Are there any related PRs?

sever-sever avatar May 02 '24 11:05 sever-sever

On its way :) https://github.com/vyos/vyos-1x/pull/3399

0xThiebaut avatar May 02 '24 11:05 0xThiebaut