From patchwork Wed Oct 21 18:20:10 2020
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Stefan Schantl <stefan.schantl@ipfire.org>
X-Patchwork-Id: 3602
Return-Path: <development-bounces@lists.ipfire.org>
Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature ECDSA (P-384) server-digest SHA384
	 client-signature ECDSA (P-384) client-digest SHA384)
	(Client CN "mail01.haj.ipfire.org",
 Issuer "Let's Encrypt Authority X3" (verified OK))
	by web04.haj.ipfire.org (Postfix) with ESMTPS id 4CGf1N14Msz3wgF
	for <patchwork@web04.haj.ipfire.org>; Wed, 21 Oct 2020 18:20:24 +0000 (UTC)
Received: from mail02.haj.ipfire.org (mail02.haj.ipfire.org [172.28.1.201])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature ECDSA (P-384) server-digest SHA384
	 client-signature ECDSA (P-384) client-digest SHA384)
	(Client CN "mail02.haj.ipfire.org",
 Issuer "Let's Encrypt Authority X3" (verified OK))
	by mail01.ipfire.org (Postfix) with ESMTPS id 4CGf1M01z4z11D;
	Wed, 21 Oct 2020 18:20:22 +0000 (UTC)
Received: from mail02.haj.ipfire.org (localhost [127.0.0.1])
	by mail02.haj.ipfire.org (Postfix) with ESMTP id 4CGf1L5kj7z2xbY;
	Wed, 21 Oct 2020 18:20:22 +0000 (UTC)
Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202])
 (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
 key-exchange X25519 server-signature ECDSA (P-384) server-digest SHA384
 client-signature ECDSA (P-384) client-digest SHA384)
 (Client CN "mail01.haj.ipfire.org",
 Issuer "Let's Encrypt Authority X3" (verified OK))
 by mail02.haj.ipfire.org (Postfix) with ESMTPS id 4CGf1J6L9yz2xbY
 for <development@lists.ipfire.org>; Wed, 21 Oct 2020 18:20:20 +0000 (UTC)
Received: from [127.0.0.1] (localhost [127.0.0.1])
 (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
 key-exchange X25519 server-signature ECDSA (P-384) server-digest SHA384)
 (Client did not present a certificate)
 by mail01.ipfire.org (Postfix) with ESMTPSA id 4CGf1H5lK6zwG;
 Wed, 21 Oct 2020 18:20:19 +0000 (UTC)
DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=ipfire.org;
 s=202003ed25519; t=1603304420;
 h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
 to:to:cc:cc:mime-version:mime-version:
 content-transfer-encoding:content-transfer-encoding;
 bh=54DinlTG0yuv7PxccAMVXgyK5BSRiKIpTUyLOKl2MQM=;
 b=hRM8z8FhVWZ4hcyV7FjSxrzCKMSteASZYdS/SE85DyLOHS6rxaV3FpuCPKfe5CaRg7miIi
 i6Og1Uy40ngO86Dw==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ipfire.org;
 s=202003rsa;
 t=1603304420;
 h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
 to:to:cc:cc:mime-version:mime-version:
 content-transfer-encoding:content-transfer-encoding;
 bh=54DinlTG0yuv7PxccAMVXgyK5BSRiKIpTUyLOKl2MQM=;
 b=XPWv7i+3moTjhVPuu8wWbqx+cN5k9XpHf0iNKUG9y/NJyHLwcfJP1wSWfW1eoOIP2SbYnw
 W6Ey/N57jlyQElXrKl3up3sOmRzgbLgLLDI5YwG5SU/5fLsJF/ovl9DJU7ArI7v5H4iQk7
 FQuB+rz2X3U0ogTDQpPqA2HdPQcOvZnRwElBAZFLAPaKiv6n+4jr3FeoRrP1x8z5O/G5kO
 md3oKZTpdXPOLsU7W0r3jqZcKteMua4G6DzK95H+cx1QvK2zVY8HMJ+tBnKveaIUw0sIxh
 R9GvSuGLoYigr91ey10F+fONZOCZEN5cazq1dJzZo6OgXrBh8gZB/wM15BtU1A==
From: Stefan Schantl <stefan.schantl@ipfire.org>
To: development@lists.ipfire.org
Subject: [PATCH] suricata: Update to 6.0.0.
Date: Wed, 21 Oct 2020 20:20:10 +0200
Message-Id: <20201021182010.3072-1-stefan.schantl@ipfire.org>
MIME-Version: 1.0
Authentication-Results: mail01.ipfire.org;
 auth=pass smtp.auth=stevee smtp.mailfrom=stefan.schantl@ipfire.org
X-BeenThere: development@lists.ipfire.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IPFire development talk <development.lists.ipfire.org>
List-Unsubscribe: <https://lists.ipfire.org/mailman/options/development>,
 <mailto:development-request@lists.ipfire.org?subject=unsubscribe>
List-Archive: <http://lists.ipfire.org/pipermail/development/>
List-Post: <mailto:development@lists.ipfire.org>
List-Help: <mailto:development-request@lists.ipfire.org?subject=help>
List-Subscribe: <https://lists.ipfire.org/mailman/listinfo/development>,
 <mailto:development-request@lists.ipfire.org?subject=subscribe>
Errors-To: development-bounces@lists.ipfire.org
Sender: "Development" <development-bounces@lists.ipfire.org>

* Enable RDP and SIP parsers.
* Enable new introduced parsers for RFB and DCERPC.

Because HTTP2 support and parser currently is experimental the suricata
developers decided to disable it at default - we keep this default
setting for now.

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
---
 config/rootfiles/common/suricata |  1 +
 config/suricata/suricata.yaml    | 24 ++++++++++++++++++++++--
 lfs/suricata                     |  4 ++--
 3 files changed, 25 insertions(+), 4 deletions(-)

diff --git a/config/rootfiles/common/suricata b/config/rootfiles/common/suricata
index 41b02525d..f891fa449 100644
--- a/config/rootfiles/common/suricata
+++ b/config/rootfiles/common/suricata
@@ -3,6 +3,7 @@ etc/suricata/suricata.yaml
 #root/.cargo
 #root/.cargo/.package-cache
 usr/bin/suricata
+#usr/include/suricata-plugin.h
 #usr/share/doc/suricata
 #usr/share/doc/suricata/AUTHORS
 #usr/share/doc/suricata/Basic_Setup.txt
diff --git a/config/suricata/suricata.yaml b/config/suricata/suricata.yaml
index 43f10c89d..743a4716c 100644
--- a/config/suricata/suricata.yaml
+++ b/config/suricata/suricata.yaml
@@ -271,14 +271,16 @@ outputs:
 
         #- dnp3
         - ftp
-        #- rdp
+        - rdp
         - nfs
         - smb
         - tftp
         - ikev2
+        - dcerpc
         - krb5
         - snmp
-        #- sip
+        - rfb
+        - sip
         - dhcp:
             enabled: yes
             # When extended mode is on, all DHCP messages are logged
@@ -287,6 +289,12 @@ outputs:
             # to an IP address is logged.
             extended: no
         - ssh
+        - mqtt:
+            # passwords: yes           # enable output of passwords
+        # HTTP2 logging. HTTP2 support is currently experimental and
+        # disabled by default. To enable, uncomment the following line
+        # and be sure to enable http2 in the app-layer section.
+        #- http2
         - stats:
             totals: yes       # stats for all threads merged together
             threads: no       # per thread stats
@@ -358,6 +366,14 @@ nfq:
 # "detection-only" enables protocol detection only (parser disabled).
 app-layer:
   protocols:
+    rfb:
+      enabled: yes
+      detection-ports:
+        dp: 5900, 5901, 5902, 5903, 5904, 5905, 5906, 5907, 5908, 5909
+    # MQTT, disabled by default.
+    mqtt:
+      # enabled: no
+      # max-msg-length: 1mb
     krb5:
       enabled: yes
     snmp:
@@ -388,6 +404,10 @@ app-layer:
       enabled: yes
     ssh:
       enabled: yes
+      #hassh: yes
+    # HTTP2: Experimental HTTP 2 support. Disabled by default.
+    http2:
+      enabled: no
     smtp:
       enabled: yes
       # Configure SMTP-MIME Decoder
diff --git a/lfs/suricata b/lfs/suricata
index f981232a2..e89bf1e63 100644
--- a/lfs/suricata
+++ b/lfs/suricata
@@ -24,7 +24,7 @@
 
 include Config
 
-VER        = 5.0.4
+VER        = 6.0.0
 
 THISAPP    = suricata-$(VER)
 DL_FILE    = $(THISAPP).tar.gz
@@ -40,7 +40,7 @@ objects = $(DL_FILE)
 
 $(DL_FILE) = $(DL_FROM)/$(DL_FILE)
 
-$(DL_FILE)_MD5 = c08809d5641a790a95a56d4dc7eba2f2
+$(DL_FILE)_MD5 = bbddcf2f209930206ef21977d40120d2
 
 install : $(TARGET)