Manualy import rulesets

Started by dyonis0s, March 13, 2019, 02:02:51 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
March 13, 2019, 02:02:51 PM
Hello,

I'm using OPNSense in an architecture that is not connected to Internet.
I would like to use the IDS/IPS and especially import rulesets.

Is there a way to do that without Internet ?

Thank you :)
March 14, 2019, 11:59:05 AM #1
Hi dyonis0s,

You can drop them directly into a rule dir on the file system, but I don't exactly remember which one.

It should have been noted in the forum previously.


Cheers,
Franco
"AI has absolutely reduced the cost of creating technical debt." -- ChatGPT
March 15, 2019, 01:03:59 PM #2
I'm using OpnSense 18.7.10 (haven't upgraded yet due to the kernel panic issue).

There the Suricata rules are stored in these two folders:

/usr/local/etc/suricata/rules/
/usr/local/etc/suricata/opnsense.rules/

Not sure if  both are needed...

I also add my custom rules files names to /usr/local/etc/suricata/installed_files.yaml
March 15, 2019, 02:49:16 PM #3
Thank you for your help ;).

I'll give a try !
Print
Go Up Pages1
User actions