intrusion detection: update model and persist values for transparency

2026-03-13 00:07:26 +00:00 · 2023-08-31 10:33:05 +02:00 · 2023-08-31 10:33:05 +02:00 · 187aca0fbc
commit 187aca0fbc
parent 1103923200
3 changed files with 8 additions and 13 deletions
--- a/src/opnsense/mvc/app/models/OPNsense/IDS/IDS.xml
+++ b/src/opnsense/mvc/app/models/OPNsense/IDS/IDS.xml
@ -1,9 +1,7 @@
 <model>
    <mount>//OPNsense/IDS</mount>
-    <version>1.0.8</version>
-    <description>
-        OPNsense IDS
-    </description>
+    <version>1.0.9</version>
+    <description>OPNsense IDS</description>
    <items>
        <rules>
            <rule type="ArrayField">
@ -167,7 +165,7 @@
                </filters>
            </interfaces>
            <homenet type="NetworkField">
-                <Required>N</Required>
+                <Required>Y</Required>
                <FieldSeparator>,</FieldSeparator>
                <default>192.168.0.0/16,10.0.0.0/8,172.16.0.0/12</default>
                <asList>Y</asList>
@ -193,9 +191,8 @@
                <Required>N</Required>
            </UpdateCron>
            <AlertLogrotate type="OptionField">
-              <Required>N</Required>
+              <Required>Y</Required>
              <default>W0D23</default>
-              <BlankDesc>Default</BlankDesc>
              <OptionValues>
                  <W0D23>Weekly</W0D23>
                  <D0>Daily</D0>
@ -203,7 +200,7 @@
              <ValidationMessage>Please select a valid rotation</ValidationMessage>
            </AlertLogrotate>
            <AlertSaveLogs type="IntegerField">
-                <Required>N</Required>
+                <Required>Y</Required>
                <default>4</default>
                <MinimumValue>1</MinimumValue>
                <MaximumValue>1000</MaximumValue>
@ -211,7 +208,6 @@
            </AlertSaveLogs>
            <MPMAlgo type="OptionField">
              <Required>N</Required>
-              <default>ac</default>
              <BlankDesc>Default</BlankDesc>
              <OptionValues>
                  <ac>Aho-Corasick</ac>
@ -224,7 +220,6 @@
            <detect>
              <Profile type="OptionField">
                <Required>N</Required>
-                <default>medium</default>
                <BlankDesc>Default</BlankDesc>
                <OptionValues>
                    <low>Low</low>
--- a/src/opnsense/service/templates/OPNsense/IDS/newsyslog.conf
+++ b/src/opnsense/service/templates/OPNsense/IDS/newsyslog.conf
@ -1,7 +1,7 @@
 # logfilename			[owner:group]	mode	count	size	when	flags	[/pid_file]				[sig_num]
 {% if not helpers.empty('OPNsense.IDS.general.enabled') %}
 /var/log/suricata/stats.log	root:wheel	640	7	*	$D0	BZ	/var/run/suricata.pid	1
-/var/log/suricata/eve.json	root:wheel	640	{{ OPNsense.IDS.general.AlertSaveLogs|default("4") }}	500000	${{
-    OPNsense.IDS.general.AlertLogrotate|default("W0D23")
+/var/log/suricata/eve.json	root:wheel	640	{{ OPNsense.IDS.general.AlertSaveLogs }}	500000	${{
+    OPNsense.IDS.general.AlertLogrotate
 }}	B	/var/run/suricata.pid	1
 {% endif %}
--- a/src/opnsense/service/templates/OPNsense/IDS/suricata.yaml
+++ b/src/opnsense/service/templates/OPNsense/IDS/suricata.yaml
@ -14,7 +14,7 @@
 vars:
  # more specific is better for alert accuracy and performance
  address-groups:
-    HOME_NET: "[{{OPNsense.IDS.general.homenet|default('192.168.0.0/16,10.0.0.0/8,172.16.0.0/12')}}]"
+    HOME_NET: "[{{OPNsense.IDS.general.homenet}}]"
    EXTERNAL_NET: "!$HOME_NET"
    HTTP_SERVERS: "$HOME_NET"
    SMTP_SERVERS: "$HOME_NET"