Installation and setup

Installing Scirius CE

Scirius CE is an application written in Django. It requires at least Django 1.11 and has not yet support for Django 2.0.

Scirius CE also uses webpack to build CSS and JS bundles.


The easy way to install the dependencies is to use pip:

On Debian, you can run

aptitude install python-pip python-dev

You can then install django and the dependencies

pip install -r requirements.txt

To use the suri_reloader script which is handling suricata restart, you will also need pyinotify

pip install pyinotify

It has been reported that on some Debian system forcing a recent GitPython is required

pip install gitpython==0.3.1-beta2

You will also potentially needs the gitdb module

pip install gitdb

For npm and webpack, you need a stable version of npm and webpack version 3.11. On Debian you can do

sudo apt-get install npm
sudo npm install -g npm@latest webpack@3.11
npm install
cd hunt
npm install
npm run build

Running Scirius CE

From inside the source directory, you can initiate Django database

python migrate

Authentication is by default in scirius so you will need to create a superuser account

python createsuperuser

Before starting the application you need to construct the bundles by running webpack and collect static files:

python collectstatic

This step as to be done after each code update.

One of the easiest way to try Scirius CE is to run the Django test server

python runserver

You can then connect to localhost:8000.

If you need the application to listen to a reachable address, you can run something like

python runserver

Suricata setup

Scirius CE is generating one single rules files with all activated rules. When editing the Suricata object, you have to setup the directory where you want this file to be generated and the associated files of the ruleset to be copied.

Scirius CE won’t touch your Suricata configuration file aka suricata.yaml. So you have to update it to point to the directory where data are setup by Scirius CE. If you are only using rules generated by Scirius CE, you should have something looking like in your suricata.yaml file

default-rule-path: /path/to/rules
 - scirius.rules

To use the Use IP reputation instead of group feature you also need to have

reputation-categories-file: /path/to/rules/scirius-categories.txt
default-reputation-path: /path/to/rules
 - scirius-iprep.list

To interact with Scirius CE, you need to detect when /path/to/rules/scirius.reload file are created, initiate a reload or restart of Suricata when it is the case and delete the reload file once this is done.

One possible way to do that is to use suri_reloader available in suricata/scripts directory. The syntax of suri_reloader can be something similar to

suri_reloader -p /path/to/rules  -l /var/log/suri-reload.log  -D

Use -h option to get the complete list of options. Please note that suri_reloaded uses the service command to restart or reload Suricata. This means you need a init script to get it working.