Suricata 3.1 is Released and Available PPA For Ubuntu Derivative System


How to Install and Update Suricata 3.1 on Ubuntu 12.04 Precise Pangolin, Ubuntu 14.04 Trusty Tahr, Ubuntu 15.04 Vivid Vervet, Ubuntu 15.10 Wily Werewolf, Ubuntu 16.04 Xenial Xerus via PPA

Suricata is an open source, multi-platform and totally free network intrusion prevention and detection engine developed by the Open Information Security Foundation (OISF) and its supporting vendors.

The IDS/IPS engine is multi-threaded

Suricata’s IDS/IPS engine is multi-threaded and has native IPv6 support. It's capable of loading existing Snort rules and signatures and supports the Barnyard and Barnyard2 tools.

What's new in Suricata 3.1

This release brings significant improvements on the performance side:

  • Hyperscan integration for Multi Pattern Matcher and Single Pattern Matcher. If installed, Hyperscan is now the default.
  • Rewrite of the detection engine, simplifying rule grouping. This improves performance, while reducing memory usage and start up time in many scenarios.

Packet capture got a lot of attention:

  • AF_PACKET support for tpacket-v3 (experimental)
  • NETMAP usability improvements, especially on FreeBSD

Config:

  • Reorganised default configuration layout provides for intuitive and easy set up.
  • This release also comes with libhtp 0.5.20, in which we address a number of issues Steffen Ullrich of HTTP Evader reported.
  • A new keyword ‘tls_sni’ was added, including MPM support. It allows matching on the TLS SNI field.
  • Other than that, lots of clean ups and optimizations:
  • locking has been much simplified
  • TCP and IPv6 decoder optimizations
  • unittest clean ups
  • AFL fuzz testing options were added



    To get Suricata 3.1, visit:
    http://www.openinfosecfoundation.org/download/suricata-3.1.tar.gz

    How to Install Suricata 3.1 on Ubuntu Derivative System :

    To Install/Update Suricata 3.1 via PPA on Ubuntu 16.04 Xenial Xerus, Ubuntu 15.10 wily werewolf, Ubuntu 15.04 vivid Vervet, ubuntu 14.10 Utopic Unicorn, Ubuntu 14.04 Trusty Tahr (LTS), Ubuntu 13.10/13.04/12.04, Linux Mint 17.1 Rebecca, Linux Mint 17 Qiana, Linux Mint 13 Maya, Pinguy OS 14.04, Elementary OS 0.3 Freya, Elementary OS 0.2 Luna, Peppermint Five, Deepin 2014, LXLE 14.04, Linux Lite 2.0, Linux Lite 2.2 and other Ubuntu derivative systems, open a new Terminal window and bash (get it?) in the following commands:

    To setup to install the latest stable Suricata, do:
    sudo add-apt-repository ppa:oisf/suricata-stable
    sudo apt-get update

    Then you can install the latest stable Suricata with:
    sudo apt-get install suricata 


    or for the Suricata package with build in (enabled) debugging!
    sudo apt-get install suricata-dbg

    After installation, continue with the Basic Setup.

    Upgrading, 
    Upgrading is simple:
    sudo apt-get update
    sudo apt-get upgrade

    Remove
    To remove Suricata from your system:
    sudo apt-get remove suricata

    Enjoy! I hope this article adding you more clarity.