-
Notifications
You must be signed in to change notification settings - Fork 60
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Track latest Suricata release rather than what's in Debian stable APT repository #462
Comments
The debian bookworm-backports repository has the suricata version we want. Rather than increasing build times by doing it from source, we will install from backports and explicitly set the version we wish to install. |
I've also gone through the suricata_config_populate.py and compared suricata.yaml.in to get the differences between the suricata.yaml config files between the two versions, and added code to handle new environment variables supported in the 7.0.x config file. |
Currently the Malcolm builds (for both Hedgehog Linux and Malcolm Docker image) is grabbing Suricata from the Debian stable APT repositories.
We need to change the mechanism for doing this to be more like what we're doing for Zeek: determine the latest stable release (currently 7.0.x) and either grab official packages or build from source.
This involves not only changes to Malcolm but also we need to verify that the code today that we have for generating suricata.yaml, update, etc., to make sure that we handle getting from 6.x to 7.x.
The text was updated successfully, but these errors were encountered: