summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--interface-definitions/service_suricata.xml.in16
-rwxr-xr-xsrc/conf_mode/service_suricata.py47
2 files changed, 13 insertions, 50 deletions
diff --git a/interface-definitions/service_suricata.xml.in b/interface-definitions/service_suricata.xml.in
index e21320bfe..e0159e2ba 100644
--- a/interface-definitions/service_suricata.xml.in
+++ b/interface-definitions/service_suricata.xml.in
@@ -12,9 +12,6 @@
<tagNode name="address-group">
<properties>
<help>Address group name</help>
- <completionHelp>
- <list>home-net external-net http-servers smtp-servers sql-servers dns-servers telnet-servers aim-servers dc-servers dnp3-server dnp3-client modbus-client modbus-server enip-client enip-server</list>
- </completionHelp>
<constraint>
<regex>[a-z0-9-]+</regex>
</constraint>
@@ -73,14 +70,13 @@
<help>Address group</help>
<completionHelp>
<path>service ids suricata address-group</path>
- <list>home-net external-net http-servers smtp-servers sql-servers dns-servers telnet-servers aim-servers dc-servers dnp3-server dnp3-client modbus-client modbus-server enip-client enip-server</list>
</completionHelp>
<valueHelp>
- <format>string</format>
+ <format>txt</format>
<description>Address group to match</description>
</valueHelp>
<valueHelp>
- <format>!string</format>
+ <format>!txt</format>
<description>Exclude the specified address group from matches</description>
</valueHelp>
<constraint>
@@ -94,9 +90,6 @@
<tagNode name="port-group">
<properties>
<help>Port group name</help>
- <completionHelp>
- <list>http-ports shellcode-ports oracle-ports ssh-ports dnp3-ports modbus-ports file-data-ports ftp-ports geneve-ports vxlan-ports teredo-ports</list>
- </completionHelp>
<constraint>
<regex>[a-z0-9-]+</regex>
</constraint>
@@ -133,14 +126,13 @@
<help>Port group</help>
<completionHelp>
<path>service ids suricata port-group</path>
- <list>http-ports shellcode-ports oracle-ports ssh-ports dnp3-ports modbus-ports file-data-ports ftp-ports geneve-ports vxlan-ports teredo-ports</list>
</completionHelp>
<valueHelp>
- <format>string</format>
+ <format>txt</format>
<description>Port group to match</description>
</valueHelp>
<valueHelp>
- <format>!string</format>
+ <format>!txt</format>
<description>Exclude the specified port group from matches</description>
</valueHelp>
<constraint>
diff --git a/src/conf_mode/service_suricata.py b/src/conf_mode/service_suricata.py
index cce4de6e3..06d68a637 100755
--- a/src/conf_mode/service_suricata.py
+++ b/src/conf_mode/service_suricata.py
@@ -29,53 +29,18 @@ airbag.enable()
config_file = '/run/suricata/suricata.yaml'
rotate_file = '/etc/logrotate.d/suricata'
-address_group_defaults = {
- 'home-net': {'address': ['192.168.0.0/16','10.0.0.0/8','172.16.0.0/12']},
- 'external-net': {'group': ['!home-net']},
- 'http-servers': {'group': ['home-net']},
- 'smtp-servers': {'group': ['home-net']},
- 'sql-servers': {'group': ['home-net']},
- 'dns-servers': {'group': ['home-net']},
- 'telnet-servers': {'group': ['home-net']},
- 'aim-servers': {'group': ['external-net']},
- 'dc-servers': {'group': ['home-net']},
- 'dnp3-server': {'group': ['home-net']},
- 'modbus-client': {'group': ['home-net']},
- 'modbus-server': {'group': ['home-net']},
- 'enip-client': {'group': ['home-net']},
- 'enip-server': {'group': ['home-net']},
-}
-
-port_group_defaults = {
- 'http-ports': {'port': ['80']},
- 'shellcode-ports': {'port': ['!80']},
- 'oracle-ports': {'port': ['1521']},
- 'ssh-ports': {'port': ['22']},
- 'dnp3-ports': {'port': ['20000']},
- 'modbus-ports': {'port': ['502']},
- 'file-data-ports': {'port': ['110', '143'], 'group': ['http-ports']},
- 'ftp-ports': {'port': ['21']},
- 'geneve-ports': {'port': ['6081']},
- 'vxlan-ports': {'port': ['4789']},
- 'teredo-ports': {'port': ['3544']},
-}
-
def get_config(config=None):
if config:
conf = config
else:
conf = Config()
base = ['service', 'suricata']
+
if not conf.exists(base):
return None
suricata = conf.get_config_dict(base,
- get_first_key=True,
- with_recursive_defaults=True)
-
- # Ensure minimal defaults are present
- suricata['address-group'] = address_group_defaults | suricata.get('address-group', {})
- suricata['port-group'] = port_group_defaults | suricata.get('port-group', {})
+ get_first_key=True, with_recursive_defaults=True)
return suricata
@@ -114,7 +79,13 @@ def verify(suricata):
return None
if 'interface' not in suricata:
- raise ConfigError('No interfaces configured')
+ raise ConfigError('No interfaces configured!')
+
+ if 'address-group' not in suricata:
+ raise ConfigError('No address-group configured!')
+
+ if 'port-group' not in suricata:
+ raise ConfigError('No port-group configured!')
try:
topological_sort(suricata['address-group'])