Home
Help
Search
Login
Register
OPNsense Forum
»
English Forums
»
Tutorials and FAQs
»
HOWTO - Advanced Settings Suricata
« previous
next »
Print
Pages: [
1
]
Author
Topic: HOWTO - Advanced Settings Suricata (Read 3713 times)
yeraycito
Sr. Member
Posts: 288
Karma: 17
HOWTO - Advanced Settings Suricata
«
on:
July 10, 2019, 05:07:11 pm »
First Stop Suricata at Opnsense
Access by ssh (WinSCP for Windows:
https://winscp.net/eng/download.php
)
Open WinSCP:
Enter IP acces opnsense
Enter login/password opnsense
Search routes:
routes:
usr/local/etc/suricata/suricata.yaml
and
usr/local/opnsense/service/templates/opnsense/ids/suricata.yaml
Tuning Suricata ( IPS MODE ACTIVE ):
Edit the same parameters in the 2 files suricata.yaml
Search in suricata.yaml:
#max-pending-packets: 5000
detect-engine:
- profile: custom
- custom-values:
toclient-groups: 200
toserver-groups: 200
- sgh-mpm-context: auto
- inspection-recursion-limit: 3000
# Defrag settings:
defrag:
memcap: 128mb
flow:
memcap: 1gb
hash-size: 1048576
prealloc: 1048576
emergency-recovery: 30
# stream:
# memcap: 2gb
# prealloc-sessions: 30000
# reassembly:
# memcap: 4gb
# depth: 4mb
# chunk-prealloc: 5000
# segments:
# - size: 4
# prealloc: 1024
(repeat settings below with some changes):
stream:
memcap: 2gb
reassembly:
memcap: 4gb
depth: 4mb
#chunk-prealloc: 5000
#segments:
# - size: 4
# prealloc: 1024
# - size: 16
# prealloc: 2048
# - size: 112
# prealloc: 2048
# - size: 248
# prealloc: 2048
# - size: 512
# prealloc: 2048
# - size: 768
# prealloc: 4096
# - size: 1448
# prealloc: 4096
# - size: 65535
# prealloc: 512
Save changes
Start Suricata
Restart Opnsense
Adjustments tested in mini-pc:
Suricata active IPS Mode in LAN,WAN
Pattern matcher: Hyperscan
Promiscuous mode: disabled
Intel(R) Celeron(R) CPU J3160 @ 1.60GHz (4 cores)
Memory: 8 GB
Memory consumption opnsense with modified settings suricata: 20%
Internet connection: 50 MB
Optional: Advanced security options
In Suricata.yaml:
# Enable defrag per host settings
# host-config:
#
# - dmz:
# timeout: 30
# address: [192.168.1.0/24, 127.0.0.0/8, 1.1.1.0/24, 2.2.2.0/24, "1.1.1.1", "2.2.2.2", "::1"]
#
# - lan:
# timeout: 45
# address:
# - 192.168.0.0/24
# - 192.168.10.0/24
# - 172.16.14.0/24
# - Put here the range of local ip addresses of your system (Example: 192.168.50.1/24)
host-os-policy:
# Make the default policy windows.
windows: [0.0.0.0/0]
bsd: []
bsd-right: []
old-linux: []
linux: [10.0.0.0/8, 192.168.1.100, "8762:2352:6241:7245:E000:0000:0000:0000"]
old-solaris: []
solaris: ["::1"]
hpux10: []
hpux11: []
irix: []
macos: []
vista: []
windows2k3: []
Put here your local ips depending on the operating system. Examples:
Windows computer: windows: [0.0.0.0/0,192.168.50.16]
Nas ( Linux ): linux: [10.0.0.0/8, 192.168.50.18, 192.168.1.100, "8762:2352:6241:7245:E000:0000:0000:0000"]
«
Last Edit: July 10, 2019, 07:28:09 pm by yeraycito
»
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
English Forums
»
Tutorials and FAQs
»
HOWTO - Advanced Settings Suricata