All of lore.kernel.org
 help / color / mirror / Atom feed
* [meta-security][PATCH v2 0/1] suricata: update 7.0.13 -> 8.0.4
@ 2026-04-23  3:40 Clayton Casciato
  0 siblings, 0 replies; only message in thread
From: Clayton Casciato @ 2026-04-23  3:40 UTC (permalink / raw)
  To: Scott Murray, rybczynska, yocto-patches; +Cc: Yash.Shinde

v1: https://lists.yoctoproject.org/g/yocto-patches/topic/meta_security_patch_0_1/118427566

core-image-selinux against 6.0 M3 + OE-C head for:
https://lists.openembedded.org/g/openembedded-core/message/235507

Build Configuration:
BB_VERSION           = "2.16.0"
BUILD_SYS            = "x86_64-linux"
NATIVELSBSTRING      = "universal"
TARGET_SYS           = "aarch64-poky-linux"
MACHINE              = "qemuarm64"
SDKMACHINE           = "x86_64"
DISTRO               = "poky"
DISTRO_VERSION       = "5.3.99+snapshot-9a83f0878b6bacbc7b322cfec076b4e79ad7b8fb"
TUNE_FEATURES        = "aarch64 crc cortexa57"
meta                 = "master:9a83f0878b6bacbc7b322cfec076b4e79ad7b8fb"
meta-yocto-bsp       
meta-poky            = "master:49cbb01d52521bfe557395c9ebfae6b1c162581e"
meta-cc              = "master:73bfa59fcdc619194cb01226a22167e12dd55b6e"
meta-selinux         = "master:f7306d7af4425553684a860df6f6d0ee66efba31"
meta-security        = "master:bd6927e1dfc19b2b9619da85e03fb06b6fb6dc03"
meta-python          
meta-oe              = "master:d793c367e067c49956d38caf6eb84cb112c9c9b7"

Post-build QEMU configuration:
build/tmp/deploy/images/qemuarm64$ sed -i 's/qb_mem = -m 256/qb_mem = -m 2048/' *.qemuboot.conf

Previous results (7.0.12):
https://lists.yoctoproject.org/g/yocto-patches/topic/116119035

Tooling note:
update_crates behaves much better.
I only had to add SRC_URI checksums (prompted).

Target testing:
```
root@qemuarm64:~# systemctl status suricata
* suricata.service - Suricata IDS/IDP daemon
     Loaded: loaded (/usr/lib/systemd/system/suricata.service; enabled; preset: enabled)
     Active: active (running) since Wed 2026-04-22 22:48:43 UTC; 23s ago
 Invocation: 94ff4988fa924eaab4b5b6f0be2e1783
       Docs: man:suricata(8)
             man:suricatasc(8)
             https://redmine.openinfosecfoundation.org/projects/suricata/wiki
   Main PID: 463 (Suricata-Main)
      Tasks: 10 (limit: 2406)
     Memory: 74.1M (peak: 74.5M)
        CPU: 1.671s
     CGroup: /system.slice/suricata.service
             `-463 /usr/bin/suricata -c /etc/suricata/suricata.yaml -i eth0

Apr 22 22:48:43 qemuarm64 systemd[1]: Started Suricata IDS/IDP daemon.
Apr 22 22:48:43 qemuarm64 suricata[463]: i: suricata: This is Suricata version 8.0.4 RELEASE running in SYSTEM mode
Apr 22 22:48:44 qemuarm64 suricata[463]: W: detect: No rule files match the pattern /var/lib/suricata/rules/suricata.rules
Apr 22 22:48:44 qemuarm64 suricata[463]: W: detect: 1 rule files specified, but no rules were loaded!
Apr 22 22:48:44 qemuarm64 suricata[463]: i: threads: Threads created -> W: 4 FM: 1 FR: 1   Engine started.

root@qemuarm64:~# suricata-update
22/4/2026 -- 22:49:30 - <Info> -- Using data-directory /var/lib/suricata.
22/4/2026 -- 22:49:30 - <Info> -- Using Suricata configuration /etc/suricata/suricata.yaml
22/4/2026 -- 22:49:30 - <Info> -- Using /usr/share/suricata/rules for Suricata provided rules.
22/4/2026 -- 22:49:30 - <Info> -- Found Suricata version 8.0.4 at /bin/suricata.
22/4/2026 -- 22:49:30 - <Info> -- Loading /etc/suricata/suricata.yaml
22/4/2026 -- 22:49:30 - <Info> -- Disabling rules for protocol pgsql
22/4/2026 -- 22:49:30 - <Info> -- Disabling rules for protocol modbus
22/4/2026 -- 22:49:30 - <Info> -- Disabling rules for protocol dnp3
22/4/2026 -- 22:49:30 - <Info> -- Disabling rules for protocol enip
22/4/2026 -- 22:49:30 - <Info> -- No sources configured, will use Emerging Threats Open
22/4/2026 -- 22:49:30 - <Info> -- Fetching https://rules.emergingthreats.net/open/suricata-8.0.4/emerging.rules.tar.gz.
 100% - 5439551/5439551
22/4/2026 -- 22:49:31 - <Info> -- Done.
22/4/2026 -- 22:49:31 - <Info> -- Loading distribution rule file /usr/share/suricata/rules/app-layer-events.rules
22/4/2026 -- 22:49:31 - <Info> -- Loading distribution rule file /usr/share/suricata/rules/decoder-events.rules
22/4/2026 -- 22:49:31 - <Info> -- Loading distribution rule file /usr/share/suricata/rules/dhcp-events.rules
22/4/2026 -- 22:49:31 - <Info> -- Loading distribution rule file /usr/share/suricata/rules/dnp3-events.rules
22/4/2026 -- 22:49:31 - <Info> -- Loading distribution rule file /usr/share/suricata/rules/dns-events.rules
22/4/2026 -- 22:49:31 - <Info> -- Loading distribution rule file /usr/share/suricata/rules/files.rules
22/4/2026 -- 22:49:31 - <Info> -- Loading distribution rule file /usr/share/suricata/rules/http2-events.rules
22/4/2026 -- 22:49:31 - <Info> -- Loading distribution rule file /usr/share/suricata/rules/http-events.rules
22/4/2026 -- 22:49:31 - <Info> -- Loading distribution rule file /usr/share/suricata/rules/ipsec-events.rules
22/4/2026 -- 22:49:31 - <Info> -- Loading distribution rule file /usr/share/suricata/rules/kerberos-events.rules
22/4/2026 -- 22:49:31 - <Info> -- Loading distribution rule file /usr/share/suricata/rules/modbus-events.rules
22/4/2026 -- 22:49:31 - <Info> -- Loading distribution rule file /usr/share/suricata/rules/mqtt-events.rules
22/4/2026 -- 22:49:31 - <Info> -- Loading distribution rule file /usr/share/suricata/rules/nfs-events.rules
22/4/2026 -- 22:49:31 - <Info> -- Loading distribution rule file /usr/share/suricata/rules/ntp-events.rules
22/4/2026 -- 22:49:31 - <Info> -- Loading distribution rule file /usr/share/suricata/rules/quic-events.rules
22/4/2026 -- 22:49:31 - <Info> -- Loading distribution rule file /usr/share/suricata/rules/rfb-events.rules
22/4/2026 -- 22:49:31 - <Info> -- Loading distribution rule file /usr/share/suricata/rules/smb-events.rules
22/4/2026 -- 22:49:31 - <Info> -- Loading distribution rule file /usr/share/suricata/rules/smtp-events.rules
22/4/2026 -- 22:49:31 - <Info> -- Loading distribution rule file /usr/share/suricata/rules/ssh-events.rules
22/4/2026 -- 22:49:31 - <Info> -- Loading distribution rule file /usr/share/suricata/rules/stream-events.rules
22/4/2026 -- 22:49:31 - <Info> -- Loading distribution rule file /usr/share/suricata/rules/tls-events.rules
22/4/2026 -- 22:49:33 - <Info> -- Ignoring file e8e18dbaadbcd7eebb54ecdb5c78f603/rules/emerging-deleted.rules
22/4/2026 -- 22:49:56 - <Info> -- Loaded 65682 rules.
22/4/2026 -- 22:49:59 - <Info> -- Disabled 15 rules.
22/4/2026 -- 22:49:59 - <Info> -- Enabled 0 rules.
22/4/2026 -- 22:49:59 - <Info> -- Modified 0 rules.
22/4/2026 -- 22:49:59 - <Info> -- Dropped 0 rules.
22/4/2026 -- 22:50:01 - <Info> -- Enabled 136 rules for flowbit dependencies.
22/4/2026 -- 22:50:01 - <Info> -- Creating directory /var/lib/suricata/rules.
22/4/2026 -- 22:50:01 - <Info> -- Backing up current rules.
22/4/2026 -- 22:50:01 - <Info> -- Writing rules to /var/lib/suricata/rules/suricata.rules: total: 65682; enabled: 49815; added: 65682; removed 0; modified: 0
22/4/2026 -- 22:50:02 - <Info> -- Writing /var/lib/suricata/rules/classification.config
22/4/2026 -- 22:50:03 - <Info> -- Testing with suricata -T.
22/4/2026 -- 22:50:44 - <Info> -- Done.

root@qemuarm64:~# systemctl restart suricata

root@qemuarm64:~# systemctl status suricata
* suricata.service - Suricata IDS/IDP daemon
     Loaded: loaded (/usr/lib/systemd/system/suricata.service; enabled; preset: enabled)
     Active: active (running) since Wed 2026-04-22 22:51:35 UTC; 1min 8s ago
 Invocation: 6a8f6ccd61fc4872be2a3d4b61e403f5
       Docs: man:suricata(8)
             man:suricatasc(8)
             https://redmine.openinfosecfoundation.org/projects/suricata/wiki
   Main PID: 600 (Suricata-Main)
      Tasks: 10 (limit: 2406)
     Memory: 1.1G (peak: 1.2G)
        CPU: 40.058s
     CGroup: /system.slice/suricata.service
             `-600 /usr/bin/suricata -c /etc/suricata/suricata.yaml -i eth0

Apr 22 22:51:35 qemuarm64 systemd[1]: Started Suricata IDS/IDP daemon.
Apr 22 22:51:35 qemuarm64 suricata[600]: i: suricata: This is Suricata version 8.0.4 RELEASE running in SYSTEM mode
Apr 22 22:52:14 qemuarm64 suricata[600]: i: threads: Threads created -> W: 4 FM: 1 FR: 1   Engine started.

root@qemuarm64:~# wget -O /tmp/arst http://testmynids.org/uid/index.html
Connecting to testmynids.org (18.238.176.2:80)
saving to '/tmp/arst'
[...]
'/tmp/arst' saved

root@qemuarm64:~# tail /var/log/suricata/fast.log
04/22/2026-22:53:09.465216  [**] [1:2100498:7] GPL ATTACK_RESPONSE id check returned root [**] [Classification: Potentially Bad Traffic] [Priority: 2] {TCP} 18.238.176.2:80 -> 10.0.2.15:43914

root@qemuarm64:~# suricatactl -h
Usage: suricatactl [OPTIONS] <COMMAND>

Commands:
  filestore  Filestore management commands
  help       Print this message or the help of the given subcommand(s)

Options:
  -v, --verbose...
  -q, --quiet       Quiet mode, only warnings and errors will be logged
  -h, --help        Print help

root@qemuarm64:~# suricatasc -h
Usage: suricatasc [OPTIONS] [SOCKET]

Arguments:
  [SOCKET]  Optional path to Suricata unix socket

Options:
  -v, --verbose            Enable verbose output
  -c, --command <COMMAND>  Execute command and return JSON
  -h, --help               Print help

root@qemuarm64:~# journalctl -u suricata -p notice
-- No entries --
```

Clayton Casciato (1):
  suricata: update 7.0.13 -> 8.0.4
 ...kefile-from-using-its-own-rust-steps.patch |   36 +-
 recipes-ids/suricata/libhtp_0.5.52.bb         |   23 -
 recipes-ids/suricata/suricata-crates.inc      | 3282 +++++++++++++----
 .../{suricata_7.0.13.bb => suricata_8.0.4.bb} |   30 +-
 4 files changed, 2680 insertions(+), 691 deletions(-)


^ permalink raw reply	[flat|nested] only message in thread
only message in thread, other threads:[~2026-04-23  3:41 UTC | newest]

Thread overview: (only message) (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2026-04-23  3:40 [meta-security][PATCH v2 0/1] suricata: update 7.0.13 -> 8.0.4 Clayton Casciato

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.