OPNsense
  • Home
  • Help
  • Search
  • Login
  • Register

  • OPNsense Forum »
  • Archive »
  • 17.1 Legacy Series »
  • How do I reset Intrusion Detection to "factory" defaults?
« previous next »
  • Print
Pages: [1]

Author Topic: How do I reset Intrusion Detection to "factory" defaults?  (Read 2141 times)

Taomyn

  • Sr. Member
  • ****
  • Posts: 322
  • Karma: 16
    • View Profile
How do I reset Intrusion Detection to "factory" defaults?
« on: May 30, 2017, 09:48:20 pm »
As I seem to have gotten IDS/IPS to spark into life, I'd really like to reset it back to defaults as it would be on a fresh OPNsense installation. How can I do this?

My current tests with both pattern options drops my Internet speed to 10% i.e. 20Mbit from 200Mbit, which as you can imagine is not what I want. I want to eliminate any rules/settings I may have set in the past and start from scratch to see if that helps.
Logged

Scalaechelon

  • Newbie
  • *
  • Posts: 4
  • Karma: 0
    • View Profile
Re: How do I reset Intrusion Detection to "factory" defaults?
« Reply #1 on: May 31, 2017, 02:20:36 am »
hi,

at the CLI console choose option 4 (reset to factory defaults)
unforfunately all configurations will be erased.

you must perform configuration backup found in System>Configuration>Backups
prior to reset and choose what features to restore after the reset.

Hope this helps.

OPNSENSE ROCKS!!!!!
Logged

Taomyn

  • Sr. Member
  • ****
  • Posts: 322
  • Karma: 16
    • View Profile
Re: How do I reset Intrusion Detection to "factory" defaults?
« Reply #2 on: May 31, 2017, 11:16:01 am »
Hi, thanks for the response, but I'm not at a point where I want to fully reset my box just for this one module - I'm not really convinced any kind of backup will fully restore everything except the one part I don't want, e.g. what about all my Let's Encrypt certificates/settings are they captured and stored for restoration?

Surely there has to be a away to reset just Suricata? Can it be uninstalled and it's config files deleted afterwards? If my experience with a small Fedora server running ownCloud is anything to go by, uninstalling it then simply re-installing it doesn't lose my config, so to really start from scratch I'd have to manually delete the remaining files.

Quote from: Scalaechelon on May 31, 2017, 02:20:36 am
hi,

at the CLI console choose option 4 (reset to factory defaults)
unforfunately all configurations will be erased.

you must perform configuration backup found in System>Configuration>Backups
prior to reset and choose what features to restore after the reset.

Hope this helps.

OPNSENSE ROCKS!!!!!
Logged

franco

  • Administrator
  • Hero Member
  • *****
  • Posts: 9903
  • Karma: 723
    • View Profile
Re: How do I reset Intrusion Detection to "factory" defaults?
« Reply #3 on: May 31, 2017, 11:58:25 am »
Hi Taomyn,

There isn't much to reset. You can reinstall the package, but most firmware updates do this (17.1.8 will for example). The config files are regenerated, so it's doing a reset all the time.

Maybe you want to consider deleting the IDS Section in the config.xml manually to erase GUI settings for IDS?

The question is: what are you really worried about that could linger in the IDS?


Cheers,
Franco
Logged
  • Print
Pages: [1]
« previous next »
  • OPNsense Forum »
  • Archive »
  • 17.1 Legacy Series »
  • How do I reset Intrusion Detection to "factory" defaults?
 

OPNsense is an OSS project © Deciso B.V. 2015 - 2020 All rights reserved
  • SMF 2.0.17 | SMF © 2019, Simple Machines
    Privacy Policy     | XHTML | RSS | WAP2