[Oisf-users] Rust enabled Suricata 4.1 rc1 packages are available as well on our Ubuntu PPA

Peter Manev petermanev at gmail.com
Mon Jul 23 13:33:23 UTC 2018


Hi,

RUST enabled Suricata 4.1 rc1 packages are available as well now for Ubuntu
on Ubuntu PPA (Launchpad) - for testing and feedback.

Enabling you to try out additional cool features from the 4.1 rc1 release
as :
- SMBv1/2/3 parsing, logging, file extraction
- TFTP: basic logging
- Kerberos parser and logger
- IKEv2 parser and logger
- DHCP parser and logger

If you would like to enable and try the new features here is a quick how to
from our experimental repo:

add-apt-repository ppa:oisf/suricata-rust-experimental
apt-get update && apt-get install suricata

That repo includes experimental Rust enabled Suricata packages

   - 14.04 Trusty
   - 16.04 Xenial
   - 18.04 Bionic
   - 18.10 Cosmic

 32 and 64 bit packages available with the following architectures -

   - amd64
   - i386

Some of the new additions in 4.1 rc1 include (available in the package) the
tools:

   - suricata-update
   <http://suricata.readthedocs.io/en/latest/rule-management/suricata-update.html#rule-management-with-suricata-update>
   - suricatactl (for use with filestore v2
   <https://github.com/OISF/suricata/blob/master/suricata.yaml.in#L456>)

You can also get some help of how to use the tools by doing
"suricata-update -h" or "suricatactl -h"
The packages are build-in with:


   - *IPS (nfqueue)*
   -
*All JSON output
   <http://suricata.readthedocs.io/en/suricata-4.1.0-rc1/output/eve/eve-json-output.html>
   *
   - *GeoIP*
   <https://redmine.openinfosecfoundation.org/projects/suricata/wiki/GeoIP>
   - *Unix-Socket*
   <http://suricata.readthedocs.io/en/suricata-4.1.0-rc1/unix-socket.html?highlight=unix%20socket>
   - *Lua scripting*
   <http://suricata.readthedocs.io/en/suricata-4.1.0-rc1/rules/rule-lua-scripting.html?highlight=lua%20scripting>
   - *NSS(MD5)  enabled*
   <http://suricata.readthedocs.io/en/suricata-4.1.0-rc1/file-extraction/md5.html?highlight=MD5>
   - *PIE - Position Independent Executable *
   -
*Redis enabled support *

The Ubuntu

   - 18.04 Bionic
   - 18.10 Cosmic

distribution packages are with Hyperscan enabled by default for extra
performance.
(Your CPU needs to have the SSSE3 flag. You can check with - cat
/proc/cpuinfo)
By community request there is also available "suricata-dbg" (Suricata with
enabled debug features) package ready to use out of the box install:
"sudo apt-get install suricata-dbg".

Suricata 4.1 rc1 is available from our  *suricata-rust-experimental*   PPA
repository

More about Suricata 4.1 rc1 features and bug fixes:
https://suricata-ids.org/2018/07/20/call-for-testing-
suricata-4-1rc1-released/

How to:
https://redmine.openinfosecfoundation.org/projects/suricata/
wiki/Ubuntu_Installation_-_Personal_Package_Archives_%28PPA%29
Feedback is welcome!


-- 
Regards,
Peter Manev
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20180723/8d2102a9/attachment.html>


More information about the Oisf-users mailing list