doc/userguide: notes about Lua rules being disabled by default

e-cite · Jun 14, 2023 · 4a97461 · 4a97461
1 parent f119b29
commit 4a97461
Show file tree

Hide file tree

Showing 2 changed files with 18 additions and 0 deletions.
diff --git a/doc/userguide/configuration/suricata-yaml.rst b/doc/userguide/configuration/suricata-yaml.rst
@@ -2735,3 +2735,17 @@ you probably want to set `run-as` configuration parameter so as to drop root pri
 Beyond suricata.yaml, other ways to harden Suricata are
 - compilation : enabling ASLR and other exploit mitigation techniques.
 - environment : running Suricata on a device that has no direct access to Internet.
+
+Lua
+~~~
+
+Suricata 7.0 disables Lua rules by default. Lua rules can be enabled
+in the ``security.lua`` section of the configuration file:
+
+::
+
+   security:
+     lua:
+       # Allow Lua rules. Disabled by default.
+       #allow-rules: false
+
diff --git a/doc/userguide/rules/lua-detection.rst b/doc/userguide/rules/lua-detection.rst
@@ -3,6 +3,10 @@
 Lua Scripting for Detection
 ===========================
 
+.. note:: Lua is disabled by default for use in rules, it must be
+          enabled in the configuration file. See the ``security.lua``
+          section of ``suricata.yaml`` and enable ``allow-rules``.
+
 Syntax:
 
 ::