From 223a4194ea0f616e4de7c9f0895f3b8c97af016c Mon Sep 17 00:00:00 2001 From: Victor Julien Date: Wed, 10 Jul 2024 20:06:54 +0200 Subject: [PATCH] config: switch default config to IEEE 1541 notation --- suricata.yaml.in | 88 ++++++++++++++++++++++++------------------------ 1 file changed, 44 insertions(+), 44 deletions(-) diff --git a/suricata.yaml.in b/suricata.yaml.in index 976e63295e2a..d0e4bcd3c9ac 100644 --- a/suricata.yaml.in +++ b/suricata.yaml.in @@ -162,7 +162,7 @@ outputs: types: - alert: # payload: yes # enable dumping payload in Base64 - # payload-buffer-size: 4kb # max size of payload buffer to output in eve-log + # payload-buffer-size: 4 KiB # max size of payload buffer to output in eve-log # payload-printable: yes # enable dumping payload in printable (lossy) format # payload-length: yes # enable dumping payload length, including the gaps # packet: yes # enable dumping of packet (without stream segments) @@ -183,7 +183,7 @@ outputs: - frame: # disabled by default as this is very verbose. enabled: no - # payload-buffer-size: 4kb # max size of frame payload buffer to output in eve-log + # payload-buffer-size: 4 KiB # max size of frame payload buffer to output in eve-log - anomaly: # Anomaly log records describe unexpected conditions such # as truncated packets, packets with invalid IP/UDP/TCP @@ -311,9 +311,9 @@ outputs: - ssh - mqtt: # passwords: yes # enable output of passwords - # string-log-limit: 1kb # limit size of logged strings in bytes. - # Can be specified in kb, mb, gb. Just a number - # is parsed as bytes. Default is 1KB. + # string-log-limit: 1KiB # limit size of logged strings in bytes. + # Can be specified in KiB, MiB, GiB. Just a number + # is parsed as bytes. Default is 1 KiB. # Use a value of 0 to disable limiting. # Note that the size is also bounded by # the maximum parsed message size (see @@ -394,7 +394,7 @@ outputs: # per thread directory. # # Also note that the limit and max-files settings are enforced per thread. - # So the size limit when using 8 threads with 1000mb files and 2000 files + # So the size limit when using 8 threads with 1000 MiB files and 2000 files # is: 8*1000*2000 ~ 16TiB. # # By default all packets are logged except: @@ -407,7 +407,7 @@ outputs: # File size limit. Can be specified in kb, mb, gb. Just a number # is parsed as bytes. - limit: 1000mb + limit: 1000 MiB # If set to a value, ring buffer mode is enabled. Will keep maximum of # "max-files" of size "limit" @@ -887,7 +887,7 @@ app-layer: dp: 5900, 5901, 5902, 5903, 5904, 5905, 5906, 5907, 5908, 5909 mqtt: enabled: yes - # max-msg-length: 1mb + # max-msg-length: 1 MiB # subscribe-topic-match-limit: 100 # unsubscribe-topic-match-limit: 100 # Maximum number of live MQTT transactions per flow @@ -936,11 +936,11 @@ app-layer: # max-tx: 1024 ftp: enabled: yes - # memcap: 64mb + # memcap: 64 MiB websocket: #enabled: yes # Maximum used payload size, the rest is skipped - # max-payload-size: 65535 + # max-payload-size: 64 KiB rdp: #enabled: yes ssh: @@ -1024,11 +1024,11 @@ app-layer: # Byte Range Containers default settings # byterange: - # memcap: 100mb + # memcap: 100 MiB # timeout: 60 # memcap: Maximum memory capacity for HTTP - # Default is unlimited, values can be 64mb, e.g. + # Default is unlimited, values can be 64 MiB, e.g. # default-config: Used when no server-config matches # personality: List of personalities used by default @@ -1053,16 +1053,16 @@ app-layer: default-config: personality: IDS - # Can be specified in kb, mb, gb. Just a number indicates + # Can be specified in KiB, MiB, GiB. Just a number indicates # it's in bytes. - request-body-limit: 100kb - response-body-limit: 100kb + request-body-limit: 100 KiB + response-body-limit: 100 KiB # inspection limits - request-body-minimal-inspect-size: 32kb - request-body-inspect-window: 4kb - response-body-minimal-inspect-size: 40kb - response-body-inspect-window: 16kb + request-body-minimal-inspect-size: 32 KiB + request-body-inspect-window: 4 KiB + response-body-minimal-inspect-size: 40 KiB + response-body-inspect-window: 16 KiB # response body decompression (0 disables) response-body-decompress-layer-limit: 2 @@ -1081,8 +1081,8 @@ app-layer: swf-decompression: enabled: no type: both - compress-depth: 100kb - decompress-depth: 100kb + compress-depth: 100 KiB + decompress-depth: 100 KiB # Use a random value for inspection sizes around the specified value. # This lowers the risk of some evasion techniques but could lead @@ -1102,10 +1102,10 @@ app-layer: #lzma-enabled: false # Memory limit usage for LZMA decompression dictionary # Data is decompressed until dictionary reaches this size - #lzma-memlimit: 1mb + #lzma-memlimit: 1 MiB # Maximum decompressed size with a compression ratio # above 2048 (only LZMA can reach this ratio, deflate cannot) - #compression-bomb-limit: 1mb + #compression-bomb-limit: 1 MiB # Maximum time spent decompressing a single transaction in usec #decompression-time-limit: 100000 # Maximum number of live transactions per flow @@ -1116,7 +1116,7 @@ app-layer: #- apache: # address: [192.168.1.0/24, 127.0.0.0/8, "::1"] # personality: Apache_2 - # # Can be specified in kb, mb, gb. Just a number indicates + # # Can be specified in KiB, MiB, GiB. Just a number indicates # # it's in bytes. # request-body-limit: 4096 # response-body-limit: 4096 @@ -1128,7 +1128,7 @@ app-layer: # - 192.168.0.0/24 # - 192.168.10.0/24 # personality: IIS_7_0 - # # Can be specified in kb, mb, gb. Just a number indicates + # # Can be specified in KiB, MiB, GiB. Just a number indicates # # it's in bytes. # request-body-limit: 4096 # response-body-limit: 4096 @@ -1190,7 +1190,7 @@ datasets: # Default fallback memcap and hashsize values for datasets in case these # were not explicitly defined. defaults: - #memcap: 100mb + #memcap: 100 MiB #hashsize: 2048 rules: @@ -1403,7 +1403,7 @@ host-os-policy: # The exception policy memcap-policy value can be "drop-packet", "pass-packet", # "reject" or "ignore" (which is the default). defrag: - memcap: 32mb + memcap: 32 MiB # memcap-policy: ignore hash-size: 65536 trackers: 65535 # number of defragmented flows to follow @@ -1426,7 +1426,7 @@ defrag: # - 172.16.14.0/24 # Flow settings: -# By default, the reserved memory (memcap) for flows is 32MB. This is the limit +# By default, the reserved memory (memcap) for flows is 32 MiB. This is the limit # for flow allocation inside the engine. You can change this value to allow # more memory usage for flows. # The hash-size determines the size of the hash used to identify flows inside @@ -1442,13 +1442,13 @@ defrag: # the emergency bit and it will try again with more aggressive timeouts. # If that doesn't work, then it will try to kill the oldest flows using # last time seen flows. -# The memcap can be specified in kb, mb, gb. Just a number indicates it's +# The memcap can be specified in KiB, MiB, GiB. Just a number indicates it's # in bytes. # The exception policy memcap-policy can be "drop-packet", "pass-packet", # "reject" or "ignore" (which is the default). flow: - memcap: 128mb + memcap: 128 MiB #memcap-policy: ignore hash-size: 65536 prealloc: 10000 @@ -1526,7 +1526,7 @@ flow-timeouts: # engine is configured. # # stream: -# memcap: 64mb # Can be specified in kb, mb, gb. Just a +# memcap: 64 MiB # Can be specified in KiB, MiB, GiB. Just a # # number indicates it's in bytes. # memcap-policy: ignore # The exception policy value can be "drop-flow", # # "pass-flow", "bypass", "drop-packet", @@ -1557,19 +1557,19 @@ flow-timeouts: # # means it's slightly more permissive. Enabled by default. # # reassembly: -# memcap: 256mb # Can be specified in kb, mb, gb. Just a number +# memcap: 256 MiB # Can be specified in KiB, MiB, GiB. Just a number # # indicates it's in bytes. # memcap-policy: ignore # The exception policy value can be "drop-flow", # # "pass-flow", "bypass", "drop-packet", "pass-packet", # # "reject" or "ignore" default is "ignore" -# depth: 1mb # Can be specified in kb, mb, gb. Just a number +# depth: 1 MiB # Can be specified in KiB, MiB, GiB. Just a number # # indicates it's in bytes. # toserver-chunk-size: 2560 # inspect raw stream in chunks of at least -# # this size. Can be specified in kb, mb, -# # gb. Just a number indicates it's in bytes. +# # this size. Can be specified in KiB, MiB, GiB. +# # Just a number indicates it's in bytes. # toclient-chunk-size: 2560 # inspect raw stream in chunks of at least -# # this size. Can be specified in kb, mb, -# # gb. Just a number indicates it's in bytes. +# # this size. Can be specified in KiB, MiB, GiB. +# # Just a number indicates it's in bytes. # randomize-chunk-size: yes # Take a random value for chunk size around the specified value. # # This lowers the risk of some evasion techniques but could lead # # to detection change between runs. It is set to 'yes' by default. @@ -1594,16 +1594,16 @@ flow-timeouts: # # is used in a rule. # stream: - memcap: 64mb + memcap: 64 MiB #memcap-policy: ignore checksum-validation: yes # reject incorrect csums #midstream: false #midstream-policy: ignore inline: auto # auto will use inline mode in IPS mode, yes or no set it statically reassembly: - memcap: 256mb + memcap: 256 MiB #memcap-policy: ignore - depth: 1mb # reassemble 1mb into a stream + depth: 1 MiB # reassemble 1 MiB into a stream toserver-chunk-size: 2560 toclient-chunk-size: 2560 randomize-chunk-size: yes @@ -1619,7 +1619,7 @@ stream: host: hash-size: 4096 prealloc: 1000 - memcap: 32mb + memcap: 32 MiB # IP Pair table: # @@ -1628,7 +1628,7 @@ host: #ippair: # hash-size: 4096 # prealloc: 1000 -# memcap: 32mb +# memcap: 32 MiB # Decoder settings @@ -1707,7 +1707,7 @@ detect: # Thresholding hash table settings. thresholds: hash-size: 16384 - memcap: 16mb + memcap: 16 MiB profiling: # Log the rules that made it past the prefilter stage, per packet @@ -1801,7 +1801,7 @@ threading: # set to this value, a fatal error occurs. # # Generally, the per-thread stack-size should not exceed 8MB. - #stack-size: 8mb + #stack-size: 8 MiB # Profiling settings. Only effective if Suricata has been built with # the --enable-profiling configure flag.