OPNsense Forum

Archive => 17.1 Legacy Series => Topic started by: Taomyn on May 30, 2017, 09:48:20 pm

Title: How do I reset Intrusion Detection to "factory" defaults?
Post by: Taomyn on May 30, 2017, 09:48:20 pm

As I seem to have gotten IDS/IPS to spark into life, I'd really like to reset it back to defaults as it would be on a fresh OPNsense installation. How can I do this?

My current tests with both pattern options drops my Internet speed to 10% i.e. 20Mbit from 200Mbit, which as you can imagine is not what I want. I want to eliminate any rules/settings I may have set in the past and start from scratch to see if that helps.

Title: Re: How do I reset Intrusion Detection to "factory" defaults?
Post by: Scalaechelon on May 31, 2017, 02:20:36 am

hi,

at the CLI console choose option 4 (reset to factory defaults)
unforfunately all configurations will be erased.

you must perform configuration backup found in System>Configuration>Backups
prior to reset and choose what features to restore after the reset.

Hope this helps.

OPNSENSE ROCKS!!!!!

Title: Re: How do I reset Intrusion Detection to "factory" defaults?
Post by: Taomyn on May 31, 2017, 11:16:01 am

Hi, thanks for the response, but I'm not at a point where I want to fully reset my box just for this one module - I'm not really convinced any kind of backup will fully restore everything except the one part I don't want, e.g. what about all my Let's Encrypt certificates/settings are they captured and stored for restoration?

Surely there has to be a away to reset just Suricata? Can it be uninstalled and it's config files deleted afterwards? If my experience with a small Fedora server running ownCloud is anything to go by, uninstalling it then simply re-installing it doesn't lose my config, so to really start from scratch I'd have to manually delete the remaining files.

Quote from: Scalaechelon on May 31, 2017, 02:20:36 am

hi,

at the CLI console choose option 4 (reset to factory defaults)
unforfunately all configurations will be erased.

you must perform configuration backup found in System>Configuration>Backups
prior to reset and choose what features to restore after the reset.

Hope this helps.

OPNSENSE ROCKS!!!!!

Title: Re: How do I reset Intrusion Detection to "factory" defaults?
Post by: franco on May 31, 2017, 11:58:25 am

Hi Taomyn,

There isn't much to reset. You can reinstall the package, but most firmware updates do this (17.1.8 will for example). The config files are regenerated, so it's doing a reset all the time.

Maybe you want to consider deleting the IDS Section in the config.xml manually to erase GUI settings for IDS?

The question is: what are you really worried about that could linger in the IDS?


Cheers,
Franco