From: Jason Ish <jason.ish@oisf.net>
Date: Mon, 12 Jun 2023 17:42:59 +0000 (-0600)
Subject: doc/userguide: notes about Lua rules being disabled by default
X-Git-Tag: suricata-7.0.0-rc2~6
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=4a97461f9ab5630f93833051483a8c10cb6724d8;p=thirdparty%2Fsuricata.git

doc/userguide: notes about Lua rules being disabled by default
---

diff --git a/doc/userguide/configuration/suricata-yaml.rst b/doc/userguide/configuration/suricata-yaml.rst
index c63f5c878d..63ce9a8fca 100644
--- a/doc/userguide/configuration/suricata-yaml.rst
+++ b/doc/userguide/configuration/suricata-yaml.rst
@@ -2735,3 +2735,17 @@ you probably want to set `run-as` configuration parameter so as to drop root pri
 Beyond suricata.yaml, other ways to harden Suricata are
 - compilation : enabling ASLR and other exploit mitigation techniques.
 - environment : running Suricata on a device that has no direct access to Internet.
+
+Lua
+~~~
+
+Suricata 7.0 disables Lua rules by default. Lua rules can be enabled
+in the ``security.lua`` section of the configuration file:
+
+::
+
+   security:
+     lua:
+       # Allow Lua rules. Disabled by default.
+       #allow-rules: false
+
diff --git a/doc/userguide/rules/lua-detection.rst b/doc/userguide/rules/lua-detection.rst
index 2e3c539a87..80c926e135 100644
--- a/doc/userguide/rules/lua-detection.rst
+++ b/doc/userguide/rules/lua-detection.rst
@@ -3,6 +3,10 @@
 Lua Scripting for Detection
 ===========================
 
+.. note:: Lua is disabled by default for use in rules, it must be
+          enabled in the configuration file. See the ``security.lua``
+          section of ``suricata.yaml`` and enable ``allow-rules``.
+
 Syntax:
 
 ::