diff options
| author | Christian Breunig <christian@breunig.cc> | 2024-05-23 21:36:04 +0200 |
|---|---|---|
| committer | Christian Breunig <christian@breunig.cc> | 2024-05-23 21:36:04 +0200 |
| commit | cd32928e1856b0a7e9781709cfc3b0db16b6abcb (patch) | |
| tree | 3eabb1338f0d0bf098c579f3acd1a4a792ba95a1 /interface-definitions | |
| parent | 549089a970e39d1ea09c10af5eaf8f696dd19d40 (diff) | |
| download | vyos-1x-cd32928e1856b0a7e9781709cfc3b0db16b6abcb.tar.gz vyos-1x-cd32928e1856b0a7e9781709cfc3b0db16b6abcb.zip | |
suricata: T751: move CLI from "service ids suricata" -> "service suricata"
Diffstat (limited to 'interface-definitions')
| -rw-r--r-- | interface-definitions/service_ids_suricata.xml.in | 250 | ||||
| -rw-r--r-- | interface-definitions/service_suricata.xml.in | 246 |
2 files changed, 246 insertions, 250 deletions
diff --git a/interface-definitions/service_ids_suricata.xml.in b/interface-definitions/service_ids_suricata.xml.in deleted file mode 100644 index 8c1973567..000000000 --- a/interface-definitions/service_ids_suricata.xml.in +++ /dev/null @@ -1,250 +0,0 @@ -<?xml version="1.0"?> -<interfaceDefinition> - <node name="service"> - <children> - <node name="ids"> - <children> - <node name="suricata" owner="${vyos_conf_scripts_dir}/service_ids_suricata.py"> - <properties> - <help>Network IDS, IPS and Network Security Monitoring</help> - <priority>740</priority> - </properties> - <children> - #include <include/generic-interface-multi.xml.i> - <tagNode name="address-group"> - <properties> - <help>Address group name</help> - <completionHelp> - <list>home-net external-net http-servers smtp-servers sql-servers dns-servers telnet-servers aim-servers dc-servers dnp3-server dnp3-client modbus-client modbus-server enip-client enip-server</list> - </completionHelp> - <constraint> - <regex>[a-z0-9-]+</regex> - </constraint> - </properties> - <children> - <leafNode name="address"> - <properties> - <help>IP address or subnet</help> - <valueHelp> - <format>ipv4</format> - <description>IPv4 address to match</description> - </valueHelp> - <valueHelp> - <format>ipv6</format> - <description>IPv6 address to match</description> - </valueHelp> - <valueHelp> - <format>ipv4net</format> - <description>IPv4 prefix to match</description> - </valueHelp> - <valueHelp> - <format>ipv6net</format> - <description>IPv6 prefix to match</description> - </valueHelp> - <valueHelp> - <format>!ipv4</format> - <description>Exclude the specified IPv4 address from matches</description> - </valueHelp> - <valueHelp> - <format>!ipv6</format> - <description>Exclude the specified IPv6 address from matches</description> - </valueHelp> - <valueHelp> - <format>!ipv4net</format> - <description>Exclude the specified IPv6 prefix from matches</description> - </valueHelp> - <valueHelp> - <format>!ipv6net</format> - <description>Exclude the specified IPv6 prefix from matches</description> - </valueHelp> - <constraint> - <validator name="ipv4-address"/> - <validator name="ipv6-address"/> - <validator name="ipv4-prefix"/> - <validator name="ipv6-prefix"/> - <validator name="ipv4-address-exclude"/> - <validator name="ipv6-address-exclude"/> - <validator name="ipv4-prefix-exclude"/> - <validator name="ipv6-prefix-exclude"/> - </constraint> - <multi/> - </properties> - </leafNode> - <leafNode name="group"> - <properties> - <help>Address group</help> - <completionHelp> - <path>service ids suricata address-group</path> - <list>home-net external-net http-servers smtp-servers sql-servers dns-servers telnet-servers aim-servers dc-servers dnp3-server dnp3-client modbus-client modbus-server enip-client enip-server</list> - </completionHelp> - <valueHelp> - <format>string</format> - <description>Address group to match</description> - </valueHelp> - <valueHelp> - <format>!string</format> - <description>Exclude the specified address group from matches</description> - </valueHelp> - <constraint> - <regex>!?[a-z0-9-]+</regex> - </constraint> - <multi/> - </properties> - </leafNode> - </children> - </tagNode> - <tagNode name="port-group"> - <properties> - <help>Port group name</help> - <completionHelp> - <list>http-ports shellcode-ports oracle-ports ssh-ports dnp3-ports modbus-ports file-data-ports ftp-ports geneve-ports vxlan-ports teredo-ports</list> - </completionHelp> - <constraint> - <regex>[a-z0-9-]+</regex> - </constraint> - </properties> - <children> - <leafNode name="port"> - <properties> - <help>Port number</help> - <valueHelp> - <format>u32:1-65535</format> - <description>Numeric port to match</description> - </valueHelp> - <valueHelp> - <format>!u32:1-65535</format> - <description>Numeric port to exclude from matches</description> - </valueHelp> - <valueHelp> - <format>start-end</format> - <description>Numbered port range (e.g. 1001-1005) to match</description> - </valueHelp> - <valueHelp> - <format>!start-end</format> - <description>Numbered port range (e.g. !1001-1005) to exclude from matches</description> - </valueHelp> - <constraint> - <validator name="port-range"/> - <validator name="port-range-exclude"/> - </constraint> - <multi/> - </properties> - </leafNode> - <leafNode name="group"> - <properties> - <help>Port group</help> - <completionHelp> - <path>service ids suricata port-group</path> - <list>http-ports shellcode-ports oracle-ports ssh-ports dnp3-ports modbus-ports file-data-ports ftp-ports geneve-ports vxlan-ports teredo-ports</list> - </completionHelp> - <valueHelp> - <format>string</format> - <description>Port group to match</description> - </valueHelp> - <valueHelp> - <format>!string</format> - <description>Exclude the specified port group from matches</description> - </valueHelp> - <constraint> - <regex>!?[a-z0-9-]+</regex> - </constraint> - <multi/> - </properties> - </leafNode> - </children> - </tagNode> - <node name="log"> - <properties> - <help>Suricata log outputs</help> - </properties> - <children> - <node name="eve"> - <properties> - <help>Extensible Event Format (EVE)</help> - </properties> - <children> - <leafNode name="filetype"> - <properties> - <help>EVE logging destination</help> - <completionHelp> - <list>regular syslog</list> - </completionHelp> - <valueHelp> - <format>regular</format> - <description>Log to filename</description> - </valueHelp> - <valueHelp> - <format>syslog</format> - <description>Log to syslog</description> - </valueHelp> - <constraint> - <regex>(regular|syslog)</regex> - </constraint> - </properties> - <defaultValue>regular</defaultValue> - </leafNode> - <leafNode name="filename"> - <properties> - <help>Log file</help> - <valueHelp> - <format>filename</format> - <description>File name in default Suricata log directory</description> - </valueHelp> - <valueHelp> - <format>/path</format> - <description>Absolute file path</description> - </valueHelp> - </properties> - <defaultValue>eve.json</defaultValue> - </leafNode> - <leafNode name="type"> - <properties> - <help>Log types</help> - <completionHelp> - <list>alert anomaly drop files http dns tls smtp dnp3 ftp rdp nfs smb tftp ikev2 dcerpc krb5 snmp rfb sip dhcp ssh mqtt http2 flow netflow</list> - </completionHelp> - <valueHelp> - <format>alert</format> - <description>Record events for rule matches</description> - </valueHelp> - <valueHelp> - <format>anomaly</format> - <description>Record unexpected conditions such as truncated packets, packets with invalid IP/UDP/TCP length values, and other events that render the packet invalid for further processing or describe unexpected behavior on an established stream</description> - </valueHelp> - <valueHelp> - <format>drop</format> - <description>Record events for dropped packets</description> - </valueHelp> - <valueHelp> - <format>file</format> - <description>Record file details (e.g., MD5) for files extracted from application protocols (e.g., HTTP)</description> - </valueHelp> - <valueHelp> - <format>application (http, dns, tls, ...)</format> - <description>Record application-level transactions</description> - </valueHelp> - <valueHelp> - <format>flow</format> - <description>Record bi-directional flows</description> - </valueHelp> - <valueHelp> - <format>netflow</format> - <description>Record uni-directional flows</description> - </valueHelp> - <constraint> - <regex>(alert|anomaly|http|dns|tls|files|drop|smtp|dnp3|ftp|rdp|nfs|smb|tftp|ikev2|dcerpc|krb5|snmp|rfb|sip|dhcp|ssh|mqtt|http2|flow|netflow)</regex> - </constraint> - <multi/> - </properties> - </leafNode> - </children> - </node> - </children> - </node> - </children> - </node> - </children> - </node> - </children> - </node> -</interfaceDefinition> diff --git a/interface-definitions/service_suricata.xml.in b/interface-definitions/service_suricata.xml.in new file mode 100644 index 000000000..e21320bfe --- /dev/null +++ b/interface-definitions/service_suricata.xml.in @@ -0,0 +1,246 @@ +<?xml version="1.0"?> +<interfaceDefinition> + <node name="service"> + <children> + <node name="suricata" owner="${vyos_conf_scripts_dir}/service_suricata.py"> + <properties> + <help>Network IDS, IPS and Security Monitoring</help> + <priority>740</priority> + </properties> + <children> + #include <include/generic-interface-multi.xml.i> + <tagNode name="address-group"> + <properties> + <help>Address group name</help> + <completionHelp> + <list>home-net external-net http-servers smtp-servers sql-servers dns-servers telnet-servers aim-servers dc-servers dnp3-server dnp3-client modbus-client modbus-server enip-client enip-server</list> + </completionHelp> + <constraint> + <regex>[a-z0-9-]+</regex> + </constraint> + </properties> + <children> + <leafNode name="address"> + <properties> + <help>IP address or subnet</help> + <valueHelp> + <format>ipv4</format> + <description>IPv4 address to match</description> + </valueHelp> + <valueHelp> + <format>ipv6</format> + <description>IPv6 address to match</description> + </valueHelp> + <valueHelp> + <format>ipv4net</format> + <description>IPv4 prefix to match</description> + </valueHelp> + <valueHelp> + <format>ipv6net</format> + <description>IPv6 prefix to match</description> + </valueHelp> + <valueHelp> + <format>!ipv4</format> + <description>Exclude the specified IPv4 address from matches</description> + </valueHelp> + <valueHelp> + <format>!ipv6</format> + <description>Exclude the specified IPv6 address from matches</description> + </valueHelp> + <valueHelp> + <format>!ipv4net</format> + <description>Exclude the specified IPv6 prefix from matches</description> + </valueHelp> + <valueHelp> + <format>!ipv6net</format> + <description>Exclude the specified IPv6 prefix from matches</description> + </valueHelp> + <constraint> + <validator name="ipv4-address"/> + <validator name="ipv6-address"/> + <validator name="ipv4-prefix"/> + <validator name="ipv6-prefix"/> + <validator name="ipv4-address-exclude"/> + <validator name="ipv6-address-exclude"/> + <validator name="ipv4-prefix-exclude"/> + <validator name="ipv6-prefix-exclude"/> + </constraint> + <multi/> + </properties> + </leafNode> + <leafNode name="group"> + <properties> + <help>Address group</help> + <completionHelp> + <path>service ids suricata address-group</path> + <list>home-net external-net http-servers smtp-servers sql-servers dns-servers telnet-servers aim-servers dc-servers dnp3-server dnp3-client modbus-client modbus-server enip-client enip-server</list> + </completionHelp> + <valueHelp> + <format>string</format> + <description>Address group to match</description> + </valueHelp> + <valueHelp> + <format>!string</format> + <description>Exclude the specified address group from matches</description> + </valueHelp> + <constraint> + <regex>!?[a-z0-9-]+</regex> + </constraint> + <multi/> + </properties> + </leafNode> + </children> + </tagNode> + <tagNode name="port-group"> + <properties> + <help>Port group name</help> + <completionHelp> + <list>http-ports shellcode-ports oracle-ports ssh-ports dnp3-ports modbus-ports file-data-ports ftp-ports geneve-ports vxlan-ports teredo-ports</list> + </completionHelp> + <constraint> + <regex>[a-z0-9-]+</regex> + </constraint> + </properties> + <children> + <leafNode name="port"> + <properties> + <help>Port number</help> + <valueHelp> + <format>u32:1-65535</format> + <description>Numeric port to match</description> + </valueHelp> + <valueHelp> + <format>!u32:1-65535</format> + <description>Numeric port to exclude from matches</description> + </valueHelp> + <valueHelp> + <format>start-end</format> + <description>Numbered port range (e.g. 1001-1005) to match</description> + </valueHelp> + <valueHelp> + <format>!start-end</format> + <description>Numbered port range (e.g. !1001-1005) to exclude from matches</description> + </valueHelp> + <constraint> + <validator name="port-range"/> + <validator name="port-range-exclude"/> + </constraint> + <multi/> + </properties> + </leafNode> + <leafNode name="group"> + <properties> + <help>Port group</help> + <completionHelp> + <path>service ids suricata port-group</path> + <list>http-ports shellcode-ports oracle-ports ssh-ports dnp3-ports modbus-ports file-data-ports ftp-ports geneve-ports vxlan-ports teredo-ports</list> + </completionHelp> + <valueHelp> + <format>string</format> + <description>Port group to match</description> + </valueHelp> + <valueHelp> + <format>!string</format> + <description>Exclude the specified port group from matches</description> + </valueHelp> + <constraint> + <regex>!?[a-z0-9-]+</regex> + </constraint> + <multi/> + </properties> + </leafNode> + </children> + </tagNode> + <node name="log"> + <properties> + <help>Suricata log outputs</help> + </properties> + <children> + <node name="eve"> + <properties> + <help>Extensible Event Format (EVE)</help> + </properties> + <children> + <leafNode name="filetype"> + <properties> + <help>EVE logging destination</help> + <completionHelp> + <list>regular syslog</list> + </completionHelp> + <valueHelp> + <format>regular</format> + <description>Log to filename</description> + </valueHelp> + <valueHelp> + <format>syslog</format> + <description>Log to syslog</description> + </valueHelp> + <constraint> + <regex>(regular|syslog)</regex> + </constraint> + </properties> + <defaultValue>regular</defaultValue> + </leafNode> + <leafNode name="filename"> + <properties> + <help>Log file</help> + <valueHelp> + <format>filename</format> + <description>File name in default Suricata log directory</description> + </valueHelp> + <valueHelp> + <format>/path</format> + <description>Absolute file path</description> + </valueHelp> + </properties> + <defaultValue>eve.json</defaultValue> + </leafNode> + <leafNode name="type"> + <properties> + <help>Log types</help> + <completionHelp> + <list>alert anomaly drop files http dns tls smtp dnp3 ftp rdp nfs smb tftp ikev2 dcerpc krb5 snmp rfb sip dhcp ssh mqtt http2 flow netflow</list> + </completionHelp> + <valueHelp> + <format>alert</format> + <description>Record events for rule matches</description> + </valueHelp> + <valueHelp> + <format>anomaly</format> + <description>Record unexpected conditions such as truncated packets, packets with invalid IP/UDP/TCP length values, and other events that render the packet invalid for further processing or describe unexpected behavior on an established stream</description> + </valueHelp> + <valueHelp> + <format>drop</format> + <description>Record events for dropped packets</description> + </valueHelp> + <valueHelp> + <format>file</format> + <description>Record file details (e.g., MD5) for files extracted from application protocols (e.g., HTTP)</description> + </valueHelp> + <valueHelp> + <format>application (http, dns, tls, ...)</format> + <description>Record application-level transactions</description> + </valueHelp> + <valueHelp> + <format>flow</format> + <description>Record bi-directional flows</description> + </valueHelp> + <valueHelp> + <format>netflow</format> + <description>Record uni-directional flows</description> + </valueHelp> + <constraint> + <regex>(alert|anomaly|http|dns|tls|files|drop|smtp|dnp3|ftp|rdp|nfs|smb|tftp|ikev2|dcerpc|krb5|snmp|rfb|sip|dhcp|ssh|mqtt|http2|flow|netflow)</regex> + </constraint> + <multi/> + </properties> + </leafNode> + </children> + </node> + </children> + </node> + </children> + </node> + </children> + </node> +</interfaceDefinition> |