Show Posts
1
Intrusion Detection and Prevention / Re: Deleting rulesets
« on: August 29, 2019, 06:23:57 pm »
Just in case I'm missing something this is where I am:
I enabled the 'ET open/botcc' ruleset and then downloaded the rules in the Services > Intrusion Detection > Administration > Download tab. They installed and I can see them in the 'Rules' tab and here: /usr/local/etc/suricata/opnsense.rules/botcc.rules here: /usr/local/etc/suricata/rules/botcc.rules and listed here: /usr/local/etc/suricata/installed_rules.yaml. These remain in the installed_rules.yaml and present in the 'Rules' tab and above directories even after I disable the ruleset in the 'Download' tab. I have not at any point enabled any of the rules. I can't seem to find any location in the GUI where I can delete rules or rulesets, just enable/disable in the 'Download' tab. I just updated to OPNsense 19.7.3 today, no change. I have tried Chrome, Firefox, and Safari.
My intent has been just to poke around before actually doing any live testing (this is my test firewall, not live) and would like to be able to try some things out, do some performance testing, wipe it clean (including rules I am not using), try something else, etc. but the 'wipe clean' option I can't seem to find. I can attach logs or screenshots upon request.
I enabled the 'ET open/botcc' ruleset and then downloaded the rules in the Services > Intrusion Detection > Administration > Download tab. They installed and I can see them in the 'Rules' tab and here: /usr/local/etc/suricata/opnsense.rules/botcc.rules here: /usr/local/etc/suricata/rules/botcc.rules and listed here: /usr/local/etc/suricata/installed_rules.yaml. These remain in the installed_rules.yaml and present in the 'Rules' tab and above directories even after I disable the ruleset in the 'Download' tab. I have not at any point enabled any of the rules. I can't seem to find any location in the GUI where I can delete rules or rulesets, just enable/disable in the 'Download' tab. I just updated to OPNsense 19.7.3 today, no change. I have tried Chrome, Firefox, and Safari.
My intent has been just to poke around before actually doing any live testing (this is my test firewall, not live) and would like to be able to try some things out, do some performance testing, wipe it clean (including rules I am not using), try something else, etc. but the 'wipe clean' option I can't seem to find. I can attach logs or screenshots upon request.