-
Notifications
You must be signed in to change notification settings - Fork 285
Config files
Peter Manev edited this page Jun 16, 2020
·
25 revisions
SELKS uses the following Suricata config files,directories and locations:
Generic build parameters: Installation prefix: /usr Configuration directory: /etc/suricata/ Log directory: /var/log/suricata/ --prefix /usr --sysconfdir /etc --localstatedir /var
Suricata IDPS running on SELKS uses three config files:
selks6-addin.yaml selks6-interfaces-config.yaml (auto generated at first time setup) suricata.yaml
The selks6-addin.yaml and selks6-interfaces-config.yaml contain SELKS specific editions that override the corresponding config options in suricata.yaml.
Suricata is compiled on SELKS with the following configure line(rust and hyperscan are available by default):
./configure --prefix=/usr/ --sysconfdir=/etc/ --localstatedir=/var/ \ --enable-nfqueue --enable-non-bundled-htp --disable-gccmarch-native \ --enable-geoip --enable-gccprotect --enable-pie \ --enable-luajit
SELKS makes use the following elasticsearch config files:
/etc/elasticsearch/elasticsearch.yml /etc/elasticsearch/logging.yml /etc/default/elasticsearch
SELKS makes use the following logstash config files:
/etc/logstash/conf.d/logstash.conf /etc/default/logstash
You can also find some reference configs under the folder /opt/selks/Scripts/Configs/
These files are part of the selks-scripts-stamus Debian package that is installed by default on SELKS.