"
If anyone is still struggling with this orphaned/duplicated ET Open ruleset issue, you can fix it on the command line by removing or renaming a ruleset XML file that doesn't seem to get consistently deleted when the ET Open plugin is removed.
Now in your OPNsense web interface, refresh the Suricata rulesets page. The orphaned/duplicated ET Open ruleset should be gone now.
Alternatively, for step 4 you could just remove the orphaned et-open.xml file with:
rm et-open.xml
- Log in to your OPNsense device via SSH
- Select option 8) Shell
- cd /usr/local/opnsense/scripts/suricata/metadata/rules/
- mv et-open.xml et-open.xml.disabled
- exit
- Select option 0) Logout
Now in your OPNsense web interface, refresh the Suricata rulesets page. The orphaned/duplicated ET Open ruleset should be gone now.
Alternatively, for step 4 you could just remove the orphaned et-open.xml file with:
rm et-open.xml
