I was curious to know the recommendations on upgrading suricata-update when it is “coupled” to an installed Suricata installation.
For example, on a device I see this:
$ suricata-update check-versions
16/7/2023 -- 18:13:50 - <Info> -- Using data-directory /var/lib/suricata.
16/7/2023 -- 18:13:50 - <Info> -- Using Suricata configuration /etc/suricata/suricata.yaml
16/7/2023 -- 18:13:50 - <Info> -- Using /etc/suricata/rules for Suricata provided rules.
16/7/2023 -- 18:13:50 - <Info> -- Found Suricata version 6.0.1 at /usr/bin/suricata.
16/7/2023 -- 18:13:50 - <Warning> -- Suricata version 6.0.1 is outdated. Please upgrade to 6.0.13.
Oddly suricata-update’s check-versions check doesn’t report the installed version of itself. This is possible from the the --version argument, or from system pip though:
$ python3 -m pip list | grep suricata
suricata 6.0.1
suricata-update 1.2.1
That’s v1.2.1, and v1.2.6 is the latest on PyPI. On this system, Suricata and suricata-update were installed from OS package repos and are limited to available versions:
$ dpkg -l | grep suricata
ii suricata 1:6.0.1-3 amd64 Next Generation Intrusion Detection and Prevention Tool
ii suricata-update 1.2.1-1 amd64 tool for updating Suricata rules
Is it recommended to use pip to upgrade suricata-update when it has been (1) coupled/sourced from a Suricata installation (as it is by default)? I notice that pip cannot uninstall suricata-update in these cases, but it can upgrade it with install -U (however, it can’t uninstall the old version as it normally would). I wanted to make sure updating suricata-update in place using pip is a safe or recommended approach.
Also should we file an issue to have suricata-update check-versions output the suricata-update version? The help says:
$ suricata-update --help
...
other commands:
...
check-versions Check version of suricata-update