Possible to install Suricata 8.0-dev on Fedora as package?

Help
,
1

Hello to the Suricata community,

Please include the following information with your help request:

  • Suricata version 7.0
  • Operating system and/or Linux distribution : Linux Fedora 40
  • How you installed Suricata : package (from copr @oisf/suricata-7.0)

I would need your advice please, as to if and how can Suricata 8.0-dev be installed on Fedora as package.

Since a few days, I haven’t got much alerts in Evebox after making some changes. Having looked at the Suricata logs directly, is it correct to understand that Suricata is generating information to say that, as the rules that are concerned require Suricata 8.0. some events are not raised as alerts?

E.g from Suricata logs (/var/log/suricata/suricata.log):

[192235 - Suricata-Main] 2024-09-18 18:25:44 Info: detect: Skipping signature due to missing requirements: alert ssh any any → $EXTERNAL_NET any (msg:“:paw_prints: - :rotating_light: Over 50MB uploaded via SSH / SFTP to public IP address - Possible data exfiltration :non-potable_water:”; requires: version >= 8; flow:to_server, established; threshold: type both, track by_src,count 1, seconds 60; flow.bytes_toserver:>=50000000; metadata:created_at 2024_02_18, updated_at 2024_06_04; sid:3301138; rev:4; classtype:policy-violation;) from file /var/lib/suricata/rules/suricata.rules at line 8985

[192235 - Suricata-Main] 2024-09-18 18:25:44 Info: detect-requires: Suricata did not meet the rule requirements: Suricata version less than required: version >= 8

[192235 - Suricata-Main] 2024-09-18 18:25:44 Info: detect: Skipping signature due to missing requirements: alert tls any any → $EXTERNAL_NET any (msg:“:paw_prints: - :rotating_light: Over 50MB uploaded via TLS to public IP address - Possible data exfiltration :non-potable_water:”; requires: version >= 8; flow:to_server, stateless; threshold: type both, track by_src,count 1, seconds 60; flow.bytes_toserver:>=50000000; metadata:created_at 2024_04_29, updated_at 2024_06_04; sid:3306862; rev:7; classtype:policy-violation;) from file /var/lib/suricata/rules/suricata.rules at line 8986

[192235 - Suricata-Main] 2024-09-18 18:25:44 Info: detect-requires: Suricata did not meet the rule requirements: Suricata version less than required: version >= 8

In any case, I would like to use Suricata 8.0-dev and I looked at the Suricata 8.0 documentation. Basically, for installation, it refers to the latest Suricata version (7.0). Therefore, I had a look on copr to find a repo, with the following command :

dnf copr search suricata

However, it looks like there is no 8.0-dev or testing repo yet - so what would be the recommendation please to have Suricata 8.0-dev on Fedora ? Is there a way to access packages at the moment ? Or should it be installed from source ?

Many thanks,

Alex

2

It does not appear there is a package for the development/main branch, so you would want to build suricata from source if you want the 8.x development branch. The steps for building from source are here: 3. Installation — Suricata 8.0.0-dev documentation

3

Hi @jtalley many thanks for responding so fast!

Ok, yes, I was supposing that would be the way :slight_smile: need to roll my sleeves up then.

Cheers