3.2.3. RPM Installation

Using the Fedora COPR system, the OISF provides Suricata packages for Fedora, Red Hat Enterprise Linux, and Enterprise Linux rebuilds.

The benefit of using the OISF maintained COPR package repositories is that the OISF maintains packages for all non-EOL Suricata versions for each distribution version. For example, the OISF maintains Suricata 7 and Suricata 8 packages for RHEL 9 and 10.

3.2.3.1. Installing From Package Repositories

Note

Instructions in the following sections require sudo to be installed.

3.2.3.1.1. Enterprise Linux and Rebuilds

sudo dnf install epel-release dnf-plugins-core
sudo dnf copr enable @oisf/suricata-8.0
sudo dnf install suricata

3.2.3.1.2. Fedora

sudo dnf install dnf-plugins-core
sudo dnf copr enable @oisf/suricata-8.0
sudo dnf install suricata

3.2.3.2. Additional Notes for RPM Installations

Suricata is pre-configured to run as the suricata user.
Command line parameters such as providing the interface names can be configured in /etc/sysconfig/suricata.
Users can run suricata-update without being root provided they are added to the suricata group.
Directories:
- /etc/suricata: Configuration directory
- /var/log/suricata: Log directory
- /var/lib/suricata: State directory rules, datasets.

3.2.3.2.1. Starting Suricata On-Boot

The Suricata RPMs are configured to run from Systemd.

Note

The following instructions require sudo to be installed.

To start Suricata:

sudo systemctl start suricata

To stop Suricata:

sudo systemctl stop suricata

To have Suricata start on-boot:

sudo systemctl enable suricata

To reload rules:

sudo systemctl reload suricata

3.2.3.3. After Installation

After installing you can proceed to the Basic setup.