Bug #1730
closedPostinst suricata package script hangs on hosts without direct internet connectivity - can not download rules
Description
Problem exist for packages from ubuntu stable ppa: https://launchpad.net/~oisf/+archive/ubuntu/suricata-stable
Now postinst script contains this:
/usr/bin/wget -qO - https://rules.emergingthreats.net/open/suricata/emerging.rules.tar.gz | tar -x -z -C "/etc/suricata/" -f -
If you try to install suricata on some host without direct connectivity to internet, installation hangs for a long time. This is normal case: this host can get updates via some proxy, or with some external downloader. For example, PCI DSS requires IDS for hosts in DB environment, and prohibits direct internet access for that hosts.
I suggest to change this lines to
# Quick check availability and then try to download rules /usr/bin/wget --timeout=10 -qO - https://rules.emergingthreats.net/open/suricata/ > /dev/null && \ /usr/bin/wget -qO - https://rules.emergingthreats.net/open/suricata/emerging.rules.tar.gz | tar -x -z -C "/etc/suricata/" -f -
Now I have to fix this by adding to /etc/hosts line
0.0.0.0 rules.emergingthreats.net
on this hosts.
Updated by Victor Julien about 8 years ago
- Status changed from New to Assigned
- Assignee set to Peter Manev
- Target version set to Packaging/PPA
Updated by Peter Manev about 8 years ago
Pavel - do you mind testing the package from here - https://launchpad.net/~oisf/+archive/ubuntu/suricata-ids-ips and see if it does fix that. It is the same as 3.0.1 stable however it includes the suggestion.
Updated by Peter Manev almost 8 years ago
- Status changed from Assigned to Closed
Resolved and included in the packaging builds.
Thanks!