How do I reset Intrusion Detection to "factory" defaults?

Started by Taomyn, May 30, 2017, 09:48:20 PM

Previous topic - Next topic
As I seem to have gotten IDS/IPS to spark into life, I'd really like to reset it back to defaults as it would be on a fresh OPNsense installation. How can I do this?

My current tests with both pattern options drops my Internet speed to 10% i.e. 20Mbit from 200Mbit, which as you can imagine is not what I want. I want to eliminate any rules/settings I may have set in the past and start from scratch to see if that helps.

hi,

at the CLI console choose option 4 (reset to factory defaults)
unforfunately all configurations will be erased.

you must perform configuration backup found in System>Configuration>Backups
prior to reset and choose what features to restore after the reset.

Hope this helps.

OPNSENSE ROCKS!!!!!

Hi, thanks for the response, but I'm not at a point where I want to fully reset my box just for this one module - I'm not really convinced any kind of backup will fully restore everything except the one part I don't want, e.g. what about all my Let's Encrypt certificates/settings are they captured and stored for restoration?

Surely there has to be a away to reset just Suricata? Can it be uninstalled and it's config files deleted afterwards? If my experience with a small Fedora server running ownCloud is anything to go by, uninstalling it then simply re-installing it doesn't lose my config, so to really start from scratch I'd have to manually delete the remaining files.

Quote from: Scalaechelon on May 31, 2017, 02:20:36 AM
hi,

at the CLI console choose option 4 (reset to factory defaults)
unforfunately all configurations will be erased.

you must perform configuration backup found in System>Configuration>Backups
prior to reset and choose what features to restore after the reset.

Hope this helps.

OPNSENSE ROCKS!!!!!

Hi Taomyn,

There isn't much to reset. You can reinstall the package, but most firmware updates do this (17.1.8 will for example). The config files are regenerated, so it's doing a reset all the time.

Maybe you want to consider deleting the IDS Section in the config.xml manually to erase GUI settings for IDS?

The question is: what are you really worried about that could linger in the IDS?


Cheers,
Franco