Don't enable any rulesets by default

jasonish / docker-suricata

A Suricata Docker image.

https://hub.docker.com/r/jasonish/suricata/

MIT License

250 stars 76 forks source link

Don't enable any rulesets by default #34

Open jasonish opened 1 year ago

jasonish commented 1 year ago

By default, the et/open and oisf/trafficid rulesets are enabled by default. This was probably due to personal preference when first creating the container, but at most, et/open should be enabled, or nothing enabled by default which would have suricata-update default to et/open anyways.

almereyda commented 10 months ago

Can you suggest a workaround on how create a manual override for these defaults?

From what you express, do you say it is not possible to disable oisf/trafficid right now, nor et/open, if one wanted to?

jasonish commented 10 months ago

/var/lib/suricata is a volume, so providing your own will result in the default suricata-update behaviour, which is to use et/open if no other rulesets are enabled. I'll probably make this the default in the git master tag of the container and let that ripple into the next major version tag.

Also, maybe some environment variables to auto do some things for those that wish to do it that way.