packages icon indicating copy to clipboard operation
packages copied to clipboard
verified publisher icon getsolus

suricata: Make stateless

Open EbonJaeger opened this issue 2 months ago • 1 comments

Summary

This makes the suricata package fully stateless.

Note that suricata does not work out-of-the-box; the old version of the package didn't, and I doubt it does on any distro. It requires user configuration.

Test Plan

  1. Copy the default configs to /etc/suricata
  2. Run sudo chown -R suricata:suricata /etc/suricata
  3. Edit /etc/suricata/suricata.yaml to point to the other config files in /etc/suricata
  4. Create /etc/sysconfig/suricata and put the following in it: 
    # The following parameters are the most commonly needed to configure
# suricata. A full list can be seen by running /sbin/suricata --help
# -i <network interface device>
# --user <acct name>
# --group <group name>
# Add options to be passed to the daemon
OPTIONS="-c /etc/suricata/suricata/yaml -i enp42s0 --user suricata "
  5. Run systemctl start suricata.service
  6. Run systemctl status suricata.service and see that it is running

Checklist

  • [x] Package was built and tested against unstable
  • [x] This change could gainfully be listed in the weekly sync notes once merged

EbonJaeger avatar Oct 23 '25 21:10 EbonJaeger

Thinking about it more, I'm wondering if I got things backwards, and if it would be easier to use if the sysconfdir remained /etc.

EbonJaeger avatar Oct 23 '25 23:10 EbonJaeger