Disable download emerging.rules by default [Suricata 6.0.8]

rodport · October 27, 2022, 2:36pm

Hi, everyone

I would like to know whether it is possible to disable download emerging.rules by default.

I have installed Suricata 6.0.8 vía PPA in Ubuntu 20.04. After having launched suricata-update, I have found that Suricata downloads emerging threads rules by default. I would like to enable and disable rules on my own.

27/10/2022 -- 16:23:12 - <Info> -- No sources configured, will use Emerging Threats Open
27/10/2022 -- 16:23:12 - <Info> -- Checking https://rules.emergingthreats.net/open/suricata-6.0.8/emerging.rules.tar.gz.md5.

Thanks in advance

ish · October 27, 2022, 2:49pm

Hmm, this does appear to be a missing feature, to disable default behaviour?

Are there any of the remote sources in the index you would like to enable? Enable one of them, and you won’t get the default et/open.

If not, you could create an empty source… Something like:

touch /etc/suricata/empty.rules
suricata-update add-source empty file:///etc/suricata/empty.rules

I’ll have to give this some though, as its not as easy as it should be to disable the default behaviour.

rodport · October 27, 2022, 3:01pm

Hi,

That solution works, however, in my opinion, it would better to find another practical way.

Thank you very much

Topic		Replies	Views
Disabling all sources for suricata-update Help	1	361	August 29, 2023
Suricata-Update - Use Only Local Rules Rules	2	1400	July 8, 2020
Installing default Suricata 6.0.2 rules onto machine without internet access Help rules	2	1589	April 13, 2021
Couple of questions about suricata-update suricata-update	1	70	April 9, 2024
Several questions on external rules Help	2	883	December 2, 2020

Disable download emerging.rules by default [Suricata 6.0.8]

Related Topics