mirror of
https://git.FreeBSD.org/ports.git
synced 2025-01-19 08:13:21 +00:00
4c32cf7707
- Do not overwrite customized config files [1] - Optionally depend on libpcap from ports (off by default) [1] - Detect and use gcc hardening options by default - Cleanup language/whitespace - Bump PORTREVISION PR: ports/164237 [1] Submitted by: Geoffroy Desvernay <dgeo@centrale-marseille.fr> [1] Feature safe: yes
32 lines
1.2 KiB
Plaintext
32 lines
1.2 KiB
Plaintext
=========================================================================
|
|
If you want to run Suricata in IDS mode, add to /etc/rc.conf:
|
|
|
|
suricata_enable="YES"
|
|
suricata_interface="<if>"
|
|
|
|
NOTE: Declaring suricata_interface is MANDATORY for Suricata in IDS Mode.
|
|
|
|
However, if you wanna run Suricata in Inline IPS Mode, add to /etc/rc.conf:
|
|
|
|
suricata_enable="YES"
|
|
suricata_divertport="8000"
|
|
|
|
NOTE:
|
|
Suricata won't start in IDS mode without an interface configured.
|
|
Therefore if you omit suricata_interface from rc.conf, FreeBSD's
|
|
rc.d/suricata will automatically try to start Suricata in IPS Mode
|
|
(on divert port 8000, by default).
|
|
|
|
RULES: Suricata IDS/IPS Engine comes without rules by default. You should
|
|
add rules by yourself and set an updating strategy. To do so, please visit:
|
|
|
|
http://www.openinfosecfoundation.org/documentation/rules.html
|
|
http://www.openinfosecfoundation.org/documentation/emerging-threats.html
|
|
|
|
You may want to try BPF in zerocopy mode to test performance improvements:
|
|
|
|
sysctl -w net.bpf.zerocopy_enable=1
|
|
|
|
Don't forget to add net.bpf.zerocopy_enable=1 to /etc/sysctl.conf
|
|
=========================================================================
|