From 187aca0fbc18a70ec3659ced4ca423d60d055d71 Mon Sep 17 00:00:00 2001
From: Franco Fichtner <franco@opnsense.org>
Date: Thu, 31 Aug 2023 10:33:05 +0200
Subject: [PATCH] intrusion detection: update model and persist values for
 transparency

---
 src/opnsense/mvc/app/models/OPNsense/IDS/IDS.xml  | 15 +++++----------
 .../service/templates/OPNsense/IDS/newsyslog.conf |  4 ++--
 .../service/templates/OPNsense/IDS/suricata.yaml  |  2 +-
 3 files changed, 8 insertions(+), 13 deletions(-)

diff --git a/src/opnsense/mvc/app/models/OPNsense/IDS/IDS.xml b/src/opnsense/mvc/app/models/OPNsense/IDS/IDS.xml
index 6ea7506f2..d272c84cb 100644
--- a/src/opnsense/mvc/app/models/OPNsense/IDS/IDS.xml
+++ b/src/opnsense/mvc/app/models/OPNsense/IDS/IDS.xml
@@ -1,9 +1,7 @@
 <model>
     <mount>//OPNsense/IDS</mount>
-    <version>1.0.8</version>
-    <description>
-        OPNsense IDS
-    </description>
+    <version>1.0.9</version>
+    <description>OPNsense IDS</description>
     <items>
         <rules>
             <rule type="ArrayField">
@@ -167,7 +165,7 @@
                 </filters>
             </interfaces>
             <homenet type="NetworkField">
-                <Required>N</Required>
+                <Required>Y</Required>
                 <FieldSeparator>,</FieldSeparator>
                 <default>192.168.0.0/16,10.0.0.0/8,172.16.0.0/12</default>
                 <asList>Y</asList>
@@ -193,9 +191,8 @@
                 <Required>N</Required>
             </UpdateCron>
             <AlertLogrotate type="OptionField">
-              <Required>N</Required>
+              <Required>Y</Required>
               <default>W0D23</default>
-              <BlankDesc>Default</BlankDesc>
               <OptionValues>
                   <W0D23>Weekly</W0D23>
                   <D0>Daily</D0>
@@ -203,7 +200,7 @@
               <ValidationMessage>Please select a valid rotation</ValidationMessage>
             </AlertLogrotate>
             <AlertSaveLogs type="IntegerField">
-                <Required>N</Required>
+                <Required>Y</Required>
                 <default>4</default>
                 <MinimumValue>1</MinimumValue>
                 <MaximumValue>1000</MaximumValue>
@@ -211,7 +208,6 @@
             </AlertSaveLogs>
             <MPMAlgo type="OptionField">
               <Required>N</Required>
-              <default>ac</default>
               <BlankDesc>Default</BlankDesc>
               <OptionValues>
                   <ac>Aho-Corasick</ac>
@@ -224,7 +220,6 @@
             <detect>
               <Profile type="OptionField">
                 <Required>N</Required>
-                <default>medium</default>
                 <BlankDesc>Default</BlankDesc>
                 <OptionValues>
                     <low>Low</low>
diff --git a/src/opnsense/service/templates/OPNsense/IDS/newsyslog.conf b/src/opnsense/service/templates/OPNsense/IDS/newsyslog.conf
index d68f6b516..ea1c011ae 100644
--- a/src/opnsense/service/templates/OPNsense/IDS/newsyslog.conf
+++ b/src/opnsense/service/templates/OPNsense/IDS/newsyslog.conf
@@ -1,7 +1,7 @@
 # logfilename			[owner:group]	mode	count	size	when	flags	[/pid_file]				[sig_num]
 {% if not helpers.empty('OPNsense.IDS.general.enabled') %}
 /var/log/suricata/stats.log	root:wheel	640	7	*	$D0	BZ	/var/run/suricata.pid	1
-/var/log/suricata/eve.json	root:wheel	640	{{ OPNsense.IDS.general.AlertSaveLogs|default("4") }}	500000	${{
-    OPNsense.IDS.general.AlertLogrotate|default("W0D23")
+/var/log/suricata/eve.json	root:wheel	640	{{ OPNsense.IDS.general.AlertSaveLogs }}	500000	${{
+    OPNsense.IDS.general.AlertLogrotate
 }}	B	/var/run/suricata.pid	1
 {% endif %}
diff --git a/src/opnsense/service/templates/OPNsense/IDS/suricata.yaml b/src/opnsense/service/templates/OPNsense/IDS/suricata.yaml
index 79d92670a..75ec7289c 100644
--- a/src/opnsense/service/templates/OPNsense/IDS/suricata.yaml
+++ b/src/opnsense/service/templates/OPNsense/IDS/suricata.yaml
@@ -14,7 +14,7 @@
 vars:
   # more specific is better for alert accuracy and performance
   address-groups:
-    HOME_NET: "[{{OPNsense.IDS.general.homenet|default('192.168.0.0/16,10.0.0.0/8,172.16.0.0/12')}}]"
+    HOME_NET: "[{{OPNsense.IDS.general.homenet}}]"
     EXTERNAL_NET: "!$HOME_NET"
     HTTP_SERVERS: "$HOME_NET"
     SMTP_SERVERS: "$HOME_NET"