Documentation on host-os-policy

Matt-Yorkley · August 12, 2020, 8:06pm

Hi there, I’ve read various docs in various places on the host-os-policy config option, but it’s not entirely clear what the recommended values are.

The defaults in suricata.yaml are:

host-os-policy:
  # Make the default policy windows.
  windows: [0.0.0.0/0]
  bsd: []
  bsd-right: []
  old-linux: []
  linux: []
  old-solaris: []
  solaris: []
  hpux10: []
  hpux11: []
  ...

The suggestions I’ve seen (for a linux server) include:

linux: [10.0.0.0/8, 192.168.1.100, "8762:2352:6241:7245:E000:0000:0000:0000"]
linux: [0.0.0.0/0]
the public IP address of the server, eg: linux: [<my-public-ip>]
some combination of the above, with both internal addresses and the public-facing address

So what would the recommended setting be for a linux server? And is it maybe worth updating the relevant docs with a clearer explanation/examples?

Topic		Replies	Views
A question about host-os-policy and port-groups sections Help	4	256	October 18, 2023
I have some questions about configuration Suricata-IDS Help	1	417	March 3, 2024
Host field in json output unix_stream Help	2	72	July 5, 2024
Suricata config problem IPS Help ips	3	48	November 4, 2024
Suricata on VirtualBox host Help ips , pfsense	6	2893	September 21, 2020

Documentation on host-os-policy

Related topics