doc/userguide: notes about Lua rules being disabled by default

2 years ago · 4a97461f9a
parent f119b29701
commit 4a97461f9a
2 changed files with 18 additions and 0 deletions
--- a/doc/userguide/configuration/suricata-yaml.rst
+++ b/doc/userguide/configuration/suricata-yaml.rst
@ -2735,3 +2735,17 @@ you probably want to set `run-as` configuration parameter so as to drop root pri
 Beyond suricata.yaml, other ways to harden Suricata are
 - compilation : enabling ASLR and other exploit mitigation techniques.
 - environment : running Suricata on a device that has no direct access to Internet.
+
+Lua
+~~~
+
+Suricata 7.0 disables Lua rules by default. Lua rules can be enabled
+in the ``security.lua`` section of the configuration file:
+
+::
+
+   security:
+     lua:
+       # Allow Lua rules. Disabled by default.
+       #allow-rules: false
+
--- a/doc/userguide/rules/lua-detection.rst
+++ b/doc/userguide/rules/lua-detection.rst
@ -3,6 +3,10 @@
 Lua Scripting for Detection
 ===========================

+.. note:: Lua is disabled by default for use in rules, it must be
+          enabled in the configuration file. See the ``security.lua``
+          section of ``suricata.yaml`` and enable ``allow-rules``.
+
 Syntax:

 ::