Quick Notes 1.0.1

Install Suricata Update¶

The current version, 1.0.1, was released on July 27, 2017. Pyculib is currently available for archival purposes and is not receiving updates. Do NOT follow this link or you will be banned from the site! 1.0.1 Patch Notes. With this update, the first of many for Star Wars™: The Old Republic™, we have addressed several high-priority bugs.We've implemented fixes for those players affected by performance issues on Taris and have corrected the problem preventing some pending mission rewards from being accepted. Oct 27, 2016 Copy unchecky -version 1.0.1.20161027 to Clipboard To uninstall Unchecky, run the following command from the command line or from PowerShell: NOTE: This applies to both open source and commercial editions of Chocolatey.

Note

If you have already installed Suricata 4.1 or newer youlikely already have Suricata-Update installed. Please checkif the suricata-update command is available to youbefore installing.

Quick Notes 1.0.1 Download

Suricata-Update is a tool written in Python and best installed withthe pip tool for installing Python packages.

Pip can install suricata-update globally making it available toall users or it can install suricata-update into your homedirectory for use by your user.

Note

At some point suricata-update should be bundled withSuricata avoid the need for a separate installation.

To install suricata-update globally:

or to install it to your own directory:

Note

When installing to your home directory thesuricata-update program will be installed to$HOME/.local/bin, so make sure this directory is in yourpath:

Quick Notes 1.0.1 App

Directories and Permissions¶

In order for suricata-update to function, the followingpermissions are required:

  • Directory /etc/suricata: read/write access
  • Directory /var/lib/suricata/rules: read/write access
  • Directory /var/lib/suricata/update: read/write access

One option is to simply run suricata-update as root or withsudo.

Note

It is recommended to create a suricata group and setupthe above directories with the correct permissions forthe suricata group then add users to the suricatagroup.

Steps to setup the above directories with the correct permissions:

First, create a group suricata:

Next, change the group of the directories and its files recursively:

Note

The paths /etc/suricata and /var/lib above are usedin the default configuration and are dependent on paths setduring compilation. By default, these paths are set to/usr/local.Please check your configuration for appropriate paths.

Setup the directories with the correct permissions for the suricatagroup:

Now, add user to the group:

Verify whether group has been changed:

Reboot your system. Run suricata-update without a sudo to checkif suricata-update functions.

Update Your Rules¶

Without doing any configuration the default operation ofsuricata-update is to use the Emerging Threats Open ruleset.

Example:

Quick

This command will:

  • Look for the suricata program on your path to determine itsversion.
  • Look for /etc/suricata/enable.conf, /etc/suricata/disable.conf,/etc/suricata/drop.conf, and /etc/suricata/modify.conf to look forfilters to apply to the downloaded rules. These files are optionaland do not need to exist.
  • Download the Emerging Threats Open ruleset for your version ofSuricata, defaulting to 4.0.0 if not found.
  • Apply enable, disable, drop and modify filters as loaded above.
  • Write out the rules to /var/lib/suricata/rules/suricata.rules.
  • Run Suricata in test mode on/var/lib/suricata/rules/suricata.rules.

Note

Quick Notes 1.0.1 Notes

Suricata-Update is also capable of triggering a rule reload,but doing so requires some extra configuration that will becovered later.

Configure Suricata to Load Suricata-Update Managed Rules¶

Note

If suricata-update was installed for you by Suricata,then your Suricata configuration should already be setup towork with Suricata-Update.

If upgrading from an older version of Suricata, or running adevelopment version that may not be bundled with Suricata-Update, youwill have to check that your suricata.yaml is configured forSuricata-Update. The main difference is the default-rule-pathwhich is /var/lib/suricata/rules when using Suricata-Update.

You will want to update your suricata.yaml to have the following:

Free Quick Notes Download

If you have local rules you would like Suricata to load, these can belisted here as well by using the full path name.

Discover Other Available Rule Sources¶

Quotes

First update the rule source index with the update-sources command,for example:

Then list the sources from the index. Example:

Now enable the ptresearch/attackdetection ruleset:

And update your rules again:

List Enabled Sources¶

Quick Notes 1.0.1

Disable a Source¶

Disabling a source keeps the source configuration but disables. Thisis useful when a source requires parameters such as a code that youdon’t want to lose, which would happen if you removed a source.

Enabling a disabled source re-enables without prompting for userinputs.

Remove a Source¶

This removes the local configuration for this source. Re-enablinget/pro will requiring re-entering your access code.