suricata.yaml

scripts/services/wazuh/suricata/suricata_init.sh

@@ -13,7 +13,7 @@ source /opt/mistborn/scripts/subinstallers/platform.sh
 # minimal dependencies
 sudo -E apt-get -y install libpcre3 libpcre3-dbg libpcre3-dev build-essential libpcap-dev   \
                 libyaml-0-2 libyaml-dev pkg-config zlib1g zlib1g-dev \
-                make libmagic-dev libjansson-dev
+                make libmagic-dev libjansson-dev jq wget
 
 ## recommended dependencies
 #sudo -E apt-get -y install libpcre3 libpcre3-dbg libpcre3-dev build-essential libpcap-dev   \
@@ -55,6 +55,9 @@ fi
 # sudo chown root:root /etc/rsyslog.d/20-suricata.conf
 # sudo systemctl restart rsyslog
 
+sudo -E rm -f /etc/suricata/suricata.yaml
+sudo -E wget -O /etc/suricata/suricata.yaml http://www.branchnetconsulting.com/wazuh/suricata.yaml
+
 IFACE=$(ip -o -4 route show to default | awk 'NR==1{print $5}')
 sudo sed -i "s/eth0/${IFACE}/g" /etc/suricata/suricata.yaml
 sudo sed -i "s/eth0/${IFACE}/g" /etc/default/suricata
@@ -112,4 +115,5 @@ sudo -E suricata-update enable-source ptresearch/attackdetection
 
 sudo -E suricata-update
 
+sudo systemctl daemon-reload
 sudo systemctl restart suricata