doc/userguide: notes about Lua rules being disabled by default

diff --git a/doc/userguide/configuration/suricata-yaml.rst b/doc/userguide/configuration/suricata-yaml.rst
index c63f5c878d7fa53b154f0f0633d45c4729b9f864..63ce9a8fca60c1ae9b9f6bce8d8f419553ee9298 100644 (file)
--- a/doc/userguide/configuration/suricata-yaml.rst
+++ b/doc/userguide/configuration/suricata-yaml.rst
@@ -2735,3 +2735,17 @@ you probably want to set `run-as` configuration parameter so as to drop root pri
 Beyond suricata.yaml, other ways to harden Suricata are
 - compilation : enabling ASLR and other exploit mitigation techniques.
 - environment : running Suricata on a device that has no direct access to Internet.
+
+Lua
+~~~
+
+Suricata 7.0 disables Lua rules by default. Lua rules can be enabled
+in the ``security.lua`` section of the configuration file:
+
+::
+
+   security:
+     lua:
+       # Allow Lua rules. Disabled by default.
+       #allow-rules: false
+

diff --git a/doc/userguide/rules/lua-detection.rst b/doc/userguide/rules/lua-detection.rst
index 2e3c539a8702837bc4a9725cbf2b6664bc50909a..80c926e135d1b9886c836c65a7b2cbeb2c86e77e 100644 (file)
--- a/doc/userguide/rules/lua-detection.rst
+++ b/doc/userguide/rules/lua-detection.rst
@@ -3,6 +3,10 @@
 Lua Scripting for Detection
 ===========================
 
+.. note:: Lua is disabled by default for use in rules, it must be
+          enabled in the configuration file. See the ``security.lua``
+          section of ``suricata.yaml`` and enable ``allow-rules``.
+
 Syntax:
 
 ::