--- a/suricata.yaml.in
+++ b/suricata.yaml.in
@@ -203,8 +203,9 @@
             # https://suricata.readthedocs.io/en/latest/output/eve/eve-json-output.html#dns-v1-format
 
             # As of Suricata 5.0, version 2 of the eve dns output
-            # format is the default.
-            #version: 2
+            # format is the default - but the daemon produces a warning to that effect
+            # at start-up if this isn't explicitly set.
+            version: 2
 
             # Enable/disable this logger. Default: enabled.
             #enabled: yes
@@ -978,9 +979,9 @@
 ##
 
 # Run suricata as user and group.
-#run-as:
-#  user: suri
-#  group: suri
+run-as:
+  user: suricata
+  group: suricata
 
 # Some logging module will use that name in event as identifier. The default
 # value is the hostname
@@ -1806,16 +1807,28 @@
     hashmode: hash5tuplesorted
 
 ##
-## Configure Suricata to load Suricata-Update managed rules.
-##
-## If this section is completely commented out move down to the "Advanced rule
-## file configuration".
+## Configure Suricata to load default rules it comes with.
 ##
 
 default-rule-path: @e_defaultruledir@
 
 rule-files:
-  - suricata.rules
+  - /etc/suricata/rules/app-layer-events.rules
+  - /etc/suricata/rules/decoder-events.rules
+  - /etc/suricata/rules/dhcp-events.rules
+  - /etc/suricata/rules/dnp3-events.rules
+  - /etc/suricata/rules/dns-events.rules
+  - /etc/suricata/rules/files.rules
+  - /etc/suricata/rules/http-events.rules
+  - /etc/suricata/rules/ipsec-events.rules
+  - /etc/suricata/rules/kerberos-events.rules
+  - /etc/suricata/rules/modbus-events.rules
+  - /etc/suricata/rules/nfs-events.rules
+  - /etc/suricata/rules/ntp-events.rules
+  - /etc/suricata/rules/smb-events.rules
+  - /etc/suricata/rules/smtp-events.rules
+  - /etc/suricata/rules/stream-events.rules
+  - /etc/suricata/rules/tls-events.rules
 
 ##
 ## Auxiliary configuration files.