Suricata Package v6.0.0_12 Update -- Release Notes

bmeeks

Suricata Package v6.0.0_12

This update corrects 6 user-reported bugs and adds 1 new configuration parameter to the package.

New Features:

1. Add control for parameter 'autofp_scheduler' to the INTERFACE SETTINGS tab. This parameter is only applicabe when runmode 'autofp' is selected. The default value is "hash", and is suggested for most setups.

Bug Fixes:

1. Fix a cosmetic GUI controls state inconsistency issue on the INTERFACE SETTTINGS tab whereby some controls remained in an enabled state even when the interface itself was disabled.

2. Change default value for JA3 Fingerprints on the APP PARSERS tab from "off" to "auto". When set to "auto", JA3 Fingerprints are disabled unless required by loaded rules.

3. Fix new Feodotracker and SSL Blacklist rules, and the Suricata built-in rules, not working with SID MGMT. The rules could not be managed via SID MGMT.

4. Remove the suricata.sh shell script from /usr/local/etc/rc.d/ when no enabled Suricata interfaces remain. This addresses Redmine Issue #12001.

5. Initialize config interface array in rules update code. Fixes Redmine Issue #12137.

6. Insert a sleep interval between consecutive calls to suricata_stop() and suricata_start() to allow time for the Suricata daemon to get stopped and clean up. This corrects a problem where the PID file was deleted as a result of a race condition in the automated rules update code.