Upgrade to suricata 1.0.4 on Smoot-Sec
Few days ago the OISF development team has announced the Suricata 1.0.4 release, a large number of (potential) issues have been fixed along with the update of LibHTP to version 0.2.6.
Fixes
- LibHTP updated to 0.2.6
- Large number of (potential) issues fixed after a source code scan with Coverity generously contributed by RedHat.
- Large number of (potential) issues fixed after source code scans with the Clang static analyzer.
In this post, I’m gonna explain how to upgradeĀ Suricata to version 1.0.4 on Smooth-Sec, you can choose to compile Suricata by your own, or to pull the precompiled debian package from my Gitorius repository.
1) Download and install Suricata (Easy way)
#/etc/init.d/suricata stop #cd /root/ Make a backup of the existing configuration. #cp -a /etc/suricata /etc/suricata-1.1beta2 #git clone git://gitorious.org/smooth-sec/suricata_104.git #cd suricata_104/ #cp suricata.yaml /etc/suricata #dpkg -i suricata_1.0.4-1_i386.deb Check the the CurrentVersion #suricata -V [8360] 26/6/2011 -- 15:04:20 - (suricata.c:429) (main) -- This is Suricata version 1.0.4 (rev ) This is Suricata version 1.0.4 (rev ) start suricata #/etc/init.d/suricata start & or better reboot the machine. #reboot
2) Compile Suricata (Complicated way).
#wget http://www.openinfosecfoundation.org/download/suricata-1.0.4.tar.gz #tar xvfz suricata-1.0.4.tar.gz #cd suricata-1.0.4/ #./configure --enable-nfqueue Suricata Configuration: NFQueue support: yes IPFW support: no PF_RING support: no Prelude support: no Unit tests enabled: no Debug output enabled: no Debug validation enabled: no CUDA enabled: no DAG enabled: no Profiling enabled: no GCC Protect enabled: no GCC march native enabled: yes GCC Profile enabled: no Unified native time: no Non-bundled htp: no #make #checkinstall #cp -a /etc/suricata /etc/suricata-1.1beta2 #cp cp suricata.yaml /etc/suricata Please edit the /etc/suricata/suricata.yaml according with your own environmet. #dpkg -i suricata_1.0.4-1_i386.deb Start suricata #/etc/init.d/suricata start & or better, reboot the machine. #rebootScridb filter
28/06/2011 at 5:15 pm Permalink
Upgrade went smooth, but 1.0.4 complains with saying, can’t run in more than one mode. I’ve reverted to 1.1beta2 for now.
29/06/2011 at 2:26 pm Permalink
Hi Keith,
If you want to keep using multiple interfaces on suricata, please continue using the beta versions, due on the stable version 1.0.4 this feature is not present at the moment.
Phillip
04/10/2011 at 3:26 pm Permalink
I am trying to update suricata to 1.0.4 and I am getting the following error:
dpkg: error processing suricata_1.0.4-1_i386.deb (–install):
trying to overwrite ‘/usr/local/include/htp/bstr.h’, which is also in package oisf 0:1.1beta2-1
dpkg-deb: subprocess paste killed by signal (Broken pipe)
Errors were encountered while processing:
suricata_1.0.4-1_i386.deb
Not sure what to do from here
08/10/2011 at 6:08 am Permalink
Hi Scott,
try to run apt-get remove oisf and then upgrade suricata.
Best,
Phillip
12/10/2011 at 7:47 pm Permalink
awesome thanks that worked perfectly!
18/10/2011 at 7:36 pm Permalink
Suricata 1.0.5 stable is out… anyone try it with smooth-sec yet???