mirror of
https://github.com/Security-Onion-Solutions/securityonion.git
synced 2026-04-23 05:03:20 +02:00
remove restriction of mmap locked on suricata ulimits
This commit is contained in:
@@ -216,10 +216,7 @@ docker:
|
|||||||
custom_bind_mounts: []
|
custom_bind_mounts: []
|
||||||
extra_hosts: []
|
extra_hosts: []
|
||||||
extra_env: []
|
extra_env: []
|
||||||
ulimits:
|
ulimits: []
|
||||||
- name: memlock
|
|
||||||
soft: 524288000
|
|
||||||
hard: 524288000
|
|
||||||
'so-zeek':
|
'so-zeek':
|
||||||
final_octet: 99
|
final_octet: 99
|
||||||
custom_bind_mounts: []
|
custom_bind_mounts: []
|
||||||
|
|||||||
@@ -25,8 +25,7 @@ so-suricata:
|
|||||||
- {{ XTRAENV }}
|
- {{ XTRAENV }}
|
||||||
{% endfor %}
|
{% endfor %}
|
||||||
{% endif %}
|
{% endif %}
|
||||||
{# we look at SURICATAMERGED.config['af-packet'][0] since we only allow one interface and therefore always the first list item #}
|
{% if DOCKERMERGED.containers['so-suricata'].ulimits %}
|
||||||
{% if SURICATAMERGED.config['af-packet'][0]['mmap-locked'] == "yes" and DOCKERMERGED.containers['so-suricata'].ulimits %}
|
|
||||||
- ulimits:
|
- ulimits:
|
||||||
{% for ULIMIT in DOCKERMERGED.containers['so-suricata'].ulimits %}
|
{% for ULIMIT in DOCKERMERGED.containers['so-suricata'].ulimits %}
|
||||||
- {{ ULIMIT.name }}={{ ULIMIT.soft }}:{{ ULIMIT.hard }}
|
- {{ ULIMIT.name }}={{ ULIMIT.soft }}:{{ ULIMIT.hard }}
|
||||||
|
|||||||
Reference in New Issue
Block a user