suricata-update

scripts/services/Mistborn-wazuh.service

@@ -7,6 +7,7 @@ PartOf=Mistborn-base.service
 [Service]
 Restart=always
 RestartSec=15
+TimeoutStartSec=600
 User=root
 Group=docker
 PermissionsStartOnly=true

scripts/services/wazuh/suricata/suricata_init.sh

@@ -59,7 +59,7 @@ IFACE=$(ip -o -4 route show to default | awk 'NR==1{print $5}')
 sudo sed -i "s/eth0/${IFACE}/g" /etc/suricata/suricata.yaml
 sudo sed -i "s/eth0/${IFACE}/g" /etc/default/suricata
 
-systemctl restart suricata
+#systemctl restart suricata
 
 # wait for service to be listening
 while ! nc -z 10.2.3.1 55000; do
@@ -94,3 +94,22 @@ EOF
 sudo docker-compose -f extra/wazuh.yml restart wazuh
 
 popd
+
+# suricata-update
+apt install python3-pip
+pip3 install pyyaml
+pip3 install https://github.com/OISF/suricata-update/archive/master.zip
+
+pip3 install --pre --upgrade suricata-update
+
+suricata-update enable-source oisf/trafficid
+suricata-update enable-source etnetera/aggressive
+suricata-update enable-source sslbl/ssl-fp-blacklist
+suricata-update enable-source et/open
+suricata-update enable-source tgreen/hunting
+suricata-update enable-source sslbl/ja3-fingerprints
+suricata-update enable-source ptresearch/attackdetection
+
+suricata-update
+
+systemctl restart suricata