diff --git a/src/opnsense/scripts/suricata/installRules.py b/src/opnsense/scripts/suricata/installRules.py index 55afd1edb..92afda3c3 100755 --- a/src/opnsense/scripts/suricata/installRules.py +++ b/src/opnsense/scripts/suricata/installRules.py @@ -41,7 +41,6 @@ if __name__ == '__main__': rule_target_dir = ('%s../opnsense.rules' % rule_source_directory) rule_yaml_list = ('%s../installed_rules.yaml' % rule_source_directory) - rule_config_fn = ('%s../rules.config' % rule_source_directory) # parse OPNsense rule config rule_updates = RuleCache.list_local_changes() diff --git a/src/opnsense/scripts/suricata/lib/rulecache.py b/src/opnsense/scripts/suricata/lib/rulecache.py index 404cfbd8b..85e02739e 100755 --- a/src/opnsense/scripts/suricata/lib/rulecache.py +++ b/src/opnsense/scripts/suricata/lib/rulecache.py @@ -110,8 +110,8 @@ class RuleCache(object): cnf = ConfigParser() cnf.read(rule_config_fn) for section in cnf.sections(): - if section[0:5] == 'rule_': - sid = section[5:] + if section[0:5] == 'rule_' and cnf.has_option(section, 'sid'): + sid = cnf.get(section, 'sid') # mark rule policies as __manual__ so we can filter them easily rule_updates[sid] = {'mtime': policy_config_mtime, 'policy_id': None, 'policy': "__manual__"} for rule_item in cnf.items(section): diff --git a/src/opnsense/service/templates/OPNsense/IDS/rules.config b/src/opnsense/service/templates/OPNsense/IDS/rules.config index 5626e0992..4f640c42f 100644 --- a/src/opnsense/service/templates/OPNsense/IDS/rules.config +++ b/src/opnsense/service/templates/OPNsense/IDS/rules.config @@ -5,9 +5,10 @@ # {% if helpers.exists('OPNsense.IDS.rules.rule') %} {% for rule in helpers.toList('OPNsense.IDS.rules.rule') %} -[rule_{{rule.sid|default('0')}}] +[rule_{{rule['@uuid']|replace('-', '')}}] enabled={{ rule.enabled|default('0') }} action={{ rule.action|default('') }} +sid={{ rule.sid|default('0') }} {% endfor %} {% endif %}