Suricata-6.0.0_11 Package Update Release Notes
-
Suricata-6.0.0_11
The Suricata package has been updated with two new features added and two reported bugs corrected.New Features:
- Added the FEODO Tracker and SSL Blacklist rules packages from Abuse.ch as selectable Rules Download options on the GLOBAL SETTINGS tab. The SSL Blacklist rules only work with Suricata as they utilize the SSL/TLS cert fingerprinting capability available within the Suricata inspection engine.
- Add new parameter to the INTERFACES EDIT tab to allow customizing the number of threads Suricata will use based on the quantity of netmap TX/RX queues reported by the NIC during bootup. This parameter is available only when using Inline IPS Mode, and defaults to "auto".
Bug Fixes:
- Added/fixed the breadcrumbs links at the top of all the GUI pages.
- Make the rules update process smarter by storing the running state of enabled Suricata interfaces when starting a rules update cycle, and then ensuring the same interfaces are running at the end of the update cycle.
How to Enable the new FEODO Tracker and SSL Blacklist Rules Packages
First, go to the GLOBAL SETTINGS tab and click the checkboxes to enable download of the new rules packages. See the screenshot below.
Next, go to the UPDATES tab and click the Update button to download the new rules packages. At the end of the update process, after the modal dialog auto-closes, you should see an MD5 signature hash and an MD5 signature date showing for each new rules package as illustrated in the screenshot below.
Finally, to enable the new rules for inspecting traffic, edit the Suricata interface where you want to use the new rules and click the CATEGORIES tab. On that tab, click the checkboxes to enable the FEODO Tracker and/or SSL Blacklist rules as desired. See the screenshot below.
Click Save to save the changes, then restart Suricata on the interface.
-
@bmeeks said in Suricata-6.0.0_11 Package Update Release Notes:
Suricata package has been updated with two new features
Hello Bill,
Let me ask you, when is the new "stuff" due?
I am one of the few people who still believe its right to exist of IPS/IDS.What you have pre-projected by, are great new things (Feodo C2, ABUSE SSL).
I'm watching the GIT changes (https://github.com/pfsense/FreeBSD-ports/commits/devel/security/pfSense-pkg-suricata), but I don't see when it will be implemented, ETA?
From this point of view, in my eyes, you are a bigger "hero" than any other FW defence system developer....
Thanks for your work
-
@daddygo said in Suricata-6.0.0_11 Package Update Release Notes:
@bmeeks said in Suricata-6.0.0_11 Package Update Release Notes:
Suricata package has been updated with two new features
Hello Bill,
Let me ask you, when is the new "stuff" due?
I am one of the few people who still believe its right to exist of IPS/IDS.What you have pre-projected by, are great new things (Feodo C2, ABUSE SSL).
I'm watching the GIT changes (https://github.com/pfsense/FreeBSD-ports/commits/devel/security/pfSense-pkg-suricata), but I don't see when it will be implemented, ETA?
From this point of view, in my eyes, you are a bigger "hero" than any other FW defence system developer....
Thanks for your work
When this update appears for 2.5.1 CE (it may not, could wait for the 2.5.2 CE release), and when it appears for the 21.x pfSense+ production releases is determined by the pfSense developer team. I suggested to them that the new releases of Suricata and Snort be included in 2.6.0 and also 2.5.2 pfSense. Almost always, when something goes into the CE RELEASE version it is also added to the pfSense+ RELEASE version. As the date nears for release of a new version, there are a lot of moving parts in the source tree. So give the Netgate team a little time.
-
@bmeeks said in Suricata-6.0.0_11 Package Update Release Notes:
So give the Netgate team a little time.
Thanks for your info Bill.
Hmmmm I've been doing this for years, but I'm staying, unlike others...
BTW:
I am one of those who listens to the voice of the other person... :)
still rings in my ears when you told us about the Greek guy's motorbike accident (do you remember?)
he was quite good on this IPS/IDS question, I learned a lot from him...
-
@daddygo said in Suricata-6.0.0_11 Package Update Release Notes:
@bmeeks said in Suricata-6.0.0_11 Package Update Release Notes:
So give the Netgate team a little time.
Thanks for your info Bill.
Hmmmm I've been doing this for years, but I'm staying, unlike others...
BTW:
I am one of those who listens to the voice of the other person... :)
still rings in my ears when you told us about the Greek guy's motorbike accident (do you remember?)
he was quite good on this IPS/IDS question, I learned a lot from him...
Yes, he was quite skilled in the use of IDS/IPS. As best I remember, he recovered from his accident, but it was very serious and he might have some lingering issues as a result. Have not seen him post anything in a few years.
I visited Greece and portions of Italy in 2018 as part of a cruise ship vacation. All I can say, regarding the traffic and streets over there, is that I'm glad I was always riding inside a large tour bus motorcoach ...
. The way and places people parked their vehicles, and the manner in which smaller vehicles (especially motorcycles) zipped in and out between the larger cars, trucks and buses was frightening! -
@bmeeks said in Suricata-6.0.0_11 Package Update Release Notes:
I visited Greece and portions of Italy in 2018 as part of a cruise ship vacation. All I can say, regarding the traffic and streets over there, is that I'm glad I was always riding inside a large tour bus coach ... .
It's not good for anyone today - COVID, ... happy old times.....hmmmm
By the way about "jflsakfja", me neither, although I had direct contact with him because of the forum, but nothing since....
I hope he is well in his Greek home and also you are safe with your family.
+++edit:
I used to go to Greece a lot, almost every year when I was young, because I was still living in Hungary, I know what you are talking about
-
@daddygo said in Suricata-6.0.0_11 Package Update Release Notes:
@bmeeks said in Suricata-6.0.0_11 Package Update Release Notes:
I visited Greece and portions of Italy in 2018 as part of a cruise ship vacation. All I can say, regarding the traffic and streets over there, is that I'm glad I was always riding inside a large tour bus coach ... .
It's not good for anyone today - COVID, ... happy old times.....hmmmm
By the way about "jflsakfja", me neither, although I had direct contact with him because of the forum, but nothing since....
I hope he is well in his Greek home and also you are safe with your family.
+++edit:
I used to go to Greece a lot, almost every year when I was young, because I was still living in Hungary, I know what you are talking aboutBeautiful country, especially the islands (Santorini, in particular), but the driving was definitely different from what I am accustomed to in the U.S. Especially when compared to the small rural area of the deep South where I live.
-
@bmeeks said in Suricata-6.0.0_11 Package Update Release Notes:
especially the islands (Santorini, in particular),
Yes, exactly....
Santorini is the best, I was there when my son was 10 years old...
The steak meats quality rivaled with the quality of the americans quality,.... - and the Greek people (island) well with "happy flash", I can say...
just a "neutral" image, for good memories...
+++edit:
@bmeeks "but the driving was definitely different"
Don't even tell me, driving in Santorini, -and many times in Europe, - including here in Portugal something is horrible, the only worse only in India...
-
@bmeeks said in Suricata-6.0.0_11 Package Update Release Notes:
Suricata-6.0.0_11
The Suricata package has been updated with two new features added and two reported bugs corrected.Hi,
While running 2.5.1, I thought it was due on 2.5.2. After upgrading, I don't see any update available from 6.0.0_10. Is it only for Plus ?
-
@huskerdu said in Suricata-6.0.0_11 Package Update Release Notes:
@bmeeks said in Suricata-6.0.0_11 Package Update Release Notes:
Suricata-6.0.0_11
The Suricata package has been updated with two new features added and two reported bugs corrected.Hi,
While running 2.5.1, I thought it was due on 2.5.2. After upgrading, I don't see any update available from 6.0.0_10. Is it only for Plus ?
It will show up in the near future. The team was busy putting out the new OS release. Porting over the packages will come a bit later.
-
Thanks @bmeeks for the feedback.
-
@bmeeks said in Suricata-6.0.0_11 Package Update Release Notes:
@huskerdu said in Suricata-6.0.0_11 Package Update Release Notes:
@bmeeks said in Suricata-6.0.0_11 Package Update Release Notes:
Suricata-6.0.0_11
The Suricata package has been updated with two new features added and two reported bugs corrected.Hi,
While running 2.5.1, I thought it was due on 2.5.2. After upgrading, I don't see any update available from 6.0.0_10. Is it only for Plus ?
It will show up in the near future. The team was busy putting out the new OS release. Porting over the packages will come a bit later.
It has arrived, thank you for your work Bill.
-
@bmeeks said in Suricata-6.0.0_11 Package Update Release Notes:
It will show up in the near future.
This has been done, once again, we got your usual work... :-)
(quality above all else)
Thank you Bill, if something is missing we will shout
