Home
Help
Search
Login
Register
OPNsense Forum
»
Archive
»
18.7 Legacy Series
»
18.7.10 Suricata remove rules
« previous
next »
Print
Pages: [
1
]
Author
Topic: 18.7.10 Suricata remove rules (Read 5837 times)
rabievdm
Newbie
Posts: 30
Karma: 2
18.7.10 Suricata remove rules
«
on:
January 14, 2019, 09:59:53 am »
I'm on 18.7.10 and took PT Research for a spin a while back on a non-commercial box (home
)
Recently I stated having issues with one of my internal server that runs certbot (LetsEncrypt) and all my certificate renewal are being detected as MALWARE.
As I change a rule another one pops up.
I have tried first going to the Download tab, selecting PT Research and changing it from Drop to Alert seems to not have made any changes (when checking the Rules tab and the Alerts tab it is still set to and gets dropped). Going to the Rules tab and list the all and selecting them and then clicking on the little unselect button on the bottom left seem to make no change.
Then removing the PT Research via the System>Firmware>plugins and I remove the PT Research it uninstalls, but the rules are still in the rulebase.
So the primary question is how to remove the rules (not just disable them? But then why does the options to bulk update not work either.
Logged
MakesSense
Newbie
Posts: 17
Karma: 2
Re: 18.7.10 Suricata remove rules
«
Reply #1 on:
January 14, 2019, 10:08:08 am »
Hi,
I found that to remove the rules you have to delete them manually in:
/usr/local/etc/suricata/opnsense.rules/
When I remove them through the web GUI it only removes the copy of rules inside /usr/local/etc/suricata/rules/.
Then restart suricata and the deleted rules should be gone from the list in the web GUI .
Logged
guest19757
Guest
Re: 18.7.10 Suricata remove rules
«
Reply #2 on:
January 14, 2019, 03:45:28 pm »
Hello there,
Out of curiosity, while I haven't tested this, did you click 'Apply' on the settings page? I know, this doesn't seem intuitive but I find changes aren't applied until you click 'Apply' so appropriate files could be regenerated?
Regards
Logged
rabievdm
Newbie
Posts: 30
Karma: 2
Re: 18.7.10 Suricata remove rules
«
Reply #3 on:
January 14, 2019, 08:42:44 pm »
Hi,
Yes I did try reply, but in the end I did exactly that I deleted the rules file from:
/usr/local/etc/suricata/opnsense.rules/
/usr/local/etc/suricata/rules/
AND for good measure I also saw that it was referenced in:
/usr/local/etc/suricata/installed_rules.yaml
So edited the entry, restart suricata and they where gone!
Thanks for the feedback!
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
Archive
»
18.7 Legacy Series
»
18.7.10 Suricata remove rules