SELKS | scirius | threshold – suppress – pass

Hi folks! SELKS is great stuff. Read the manual. ;) You can suppress alerts via web interface (and maybe desktop), but there are some limitations: 1. A suppress rule allows filterin either by source address OR by target address. 2. You can not import a bulk of suppress rules into a fresh installation. The […]

SELKS | suricata | Scirius | Elasticsearch | Hints

1. Manual update SELKS performs a daily suricata update (via /etc/crontab). To execute it manually call as www-data (!!!) NEVER RUN AS ROOT!!! # /bin/sh -c /bin/bash ‘cd /usr/share/python/scirius/ && . bin/activate && python bin/ updatesuricata && deactivate’ www-data 2. fast.log rotation You MUST restart suricata to create a functional fast.log after logrotate. SIGHUP and/or […]

SELKS 5.0RC1 | first steps

HINTS: Login as selks-user with password selks-user. $ sudo su – # passwd selks-user # passwd root If you are using version 5.0 RC1 open /etc/scirius/ and change KIBANA_DASHBOARDS_PATH = “/opt/selks/kibana6-dashboards/” to KIBANA6_DASHBOARDS_PATH = “/opt/selks/kibana6-dashboards/”. then run (as root) cd /usr/share/python/scirius/ && . bin/activate && python bin/ kibana_reset && deactivate You will not find […]