Install Suricata 4.1 on Ubuntu (18.04 / 18.10) and Linux Mint 19 (PPA)

Suricata is a high performance Network Threat Detection, IDS, IPS and Network Security Monitoring engine. Open Source and owned by a community run non-profit foundation, the Open Information Security Foundation (OISF). Suricata is developed by OISF, its supporting vendors and the community.

About Release of Suricata 4.1 :

Main new features are inclusion of the protocols SMBv1/2/3, NFSv4, Kerberos, FTP, DHCP, IKEv2. All of them have been implemented in Rust to ensure their introduction will not be compromising to the security and the stability of the complete system.

Support for tracking and logging TLS 1.3 has been added, including JA3 support.

On performance side, one of the main improvements is the availability of capture bypass for AF_PACKET implemented on top of the new eXpress Data Path (XDP) capability of Linux kernel. Windows users will benefit from the 4.1 release with a new IPS mode based on WinDivert.

All new protocols require Rust so Suricata 4.1 is not really 4.1 if you don’t have Rust. This is why the build system is now enabling Rust by default if it is available on the build machine.

Suricata 4.1 Update Rules :

• Protocol updates
• SMBv1/2/3 parsing, logging, file extraction
• TLS 1.3 parsing and logging (Mats Klepsland)
• JA3 TLS client fingerprinting (Mats Klepsland)
• TFTP: basic logging (Pascal Delalande and Clément Galland)
• FTP: file extraction
• Kerberos parser and logger (Pierre Chifflier)
• IKEv2 parser and logger (Pierre Chifflier)
• DHCP parser and logger
• Flow tracking for ICMPv4
• Initial NFS4 support
• HTTP: handle sessions that only have a response, or start with a response
• HTTP Flash file decompression support (Giuseppe Longo)

• Output and logging
• File extraction v2: deduplication; hash-based naming; json metadata and cleanup tooling
• Eve metadata: from rules (metadata keyword) and traffic (flowbits etc)
• Eve: new more compact DNS record format (Giuseppe Longo)
• Pcap directory mode: process all pcaps in a directory (Danny Browning)
• Compressed PCAP logging (Max Fillinger)
• Expanded XFF support (Maurizio Abba)
• Community Flow Id support (common ID between Suricata and Bro/Zeek)

• Packet Capture
• AF_PACKET XDP and eBPF support for high speed packet capture
• Windows IPS: WinDivert support (Jacob Masen-Smith)
• PF_RING: usability improvements

• Misc
• Windows: MinGW is now supported
• Detect: transformation keyword support
• Bundled Suricata-Update
• Per device multi-tenancy

How to Install Suricata 4.1 (stable) on Ubuntu and Linux Mint :

To install Suricata 4.1 (stable)   on Ubuntu 18.04 Bionic Beaver, Ubuntu 18.10 Cosmic Cuttlefish, Linux Lite 4.2, Deepin 5.7, Linux Mint 19.1, Elementary OS 5 'Juno', Linux Lite 4.2 stable and other Ubuntu derivative systems, open a new Terminal window and bash (get it?) in the following commands:

sudo add-apt-repository ppa:oisf/suricata-stable

sudo apt-get update

Then you can install the latest stable Suricata with:

sudo apt-get install suricata 

or for the Suricata package with build in (enabled) debugging!

sudo apt-get install suricata-dbg

How to Update suricata ?

To update Suricata engine, open terminal and follow this command :

sudo apt-get update

sudo apt-get upgrade

or

sudo apt-get update

sudo apt-get upgrade suricata

The source is available now. Binary packages are in the process of being built, and will appear soon at their respective download locations.