[Oisf-users] host-os-policy and $home_net

Peter Manev petermanev at gmail.com
Thu Jul 21 13:31:17 UTC 2016


On Tue, Jul 19, 2016 at 8:17 PM, Todor Petkov <petkovptodor at gmail.com> wrote:
> Hello,
>

Hi!

> I am using suricata 3.1.1 on Centos7 from the epel repo.
> I have defined the $HOME_NET variable and I am trying to use it in
> host-os-policy like this:
> linux: [ $HOME_NET]

It should work.You should add quotes like so -
linux: " [ $HOME_NET] "

Can you confirm if this fixes the issue ?

For example this works for me -
linux: "[ !$L_B,172.16.0.0/12 ]"

>
> When I restart suricata, it fails to start with message:
> Failed to add host "$HOME_NET" with policy "linux" to host info database
>
> I have tried putting quotes around the variable, but it still fails. On
> https://redmine.openinfosecfoundation.org/projects/suricata/wiki/Suricatayaml#Host-os-policy
> is said:
> You can add your IP-address behind the name of the operating system you
> make us
>
> But there is no clear mention if I can cheat with $HOME_NET, so can I or
> not?:)
>
> Thanks in advance,
>
> _______________________________________________
> Suricata IDS Users mailing list: oisf-users at openinfosecfoundation.org
> Site: http://suricata-ids.org | Support: http://suricata-ids.org/support/
> List: https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
> Suricata User Conference November 9-11 in Washington, DC: http://oisfevents.net



-- 
Regards,
Peter Manev



More information about the Oisf-users mailing list