Installation and setup¶
Installing Scirius CE¶
Scirius CE is an application written in Django. It requires at least Django 1.11 and has not yet support for Django 2.0.
Scirius CE also uses webpack to build CSS and JS bundles.
The easy way to install the dependencies is to use pip:
On Debian, you can run
aptitude install python-pip python-dev
You can then install django and the dependencies
pip install -r requirements.txt
To use the suri_reloader script which is handling suricata restart, you will also need pyinotify
pip install pyinotify
It has been reported that on some Debian system forcing a recent GitPython is required
pip install gitpython==0.3.1-beta2
You will also potentially needs the gitdb module
pip install gitdb
For npm and webpack, you need a stable version of npm and webpack version 3.11. On Debian you can do
sudo apt-get install npm sudo npm install -g npm@latest email@example.com npm install cd hunt npm install npm run build
Running Scirius CE¶
From inside the source directory, you can initiate Django database
python manage.py migrate
Authentication is by default in scirius so you will need to create a superuser account
python manage.py createsuperuser
Before starting the application you need to construct the bundles by running webpack and collect static files:
webpack python manage.py collectstatic
This step as to be done after each code update.
One of the easiest way to try Scirius CE is to run the Django test server
python manage.py runserver
You can then connect to
If you need the application to listen to a reachable address, you can run something like
python manage.py runserver 192.168.1.1:8000
Scirius CE is generating one single rules files with all activated rules. When editing the Suricata object, you have to setup the directory where you want this file to be generated and the associated files of the ruleset to be copied.
Scirius CE won’t touch your Suricata configuration file aka
suricata.yaml. So you have
to update it to point to the directory where data are setup by Scirius CE. If you are
only using rules generated by Scirius CE, you should have something looking like in
default-rule-path: /path/to/rules rule-files: - scirius.rules
To use the Use IP reputation instead of group feature you also need to have
reputation-categories-file: /path/to/rules/scirius-categories.txt default-reputation-path: /path/to/rules reputation-files: - scirius-iprep.list
To interact with Scirius CE, you need to detect when
are created, initiate a reload or restart of Suricata when it is the case and delete the
reload file once this is done.
One possible way to do that is to use
suri_reloader available in
directory. The syntax of
suri_reloader can be something similar to
suri_reloader -p /path/to/rules -l /var/log/suri-reload.log -D
-h option to get the complete list of options. Please note that
service command to restart or reload Suricata. This means you need a init
script to get it working.