Project

General

Profile

Actions

Bug #1730

closed

Postinst suricata package script hangs on hosts without direct internet connectivity - can not download rules

Added by Pavel Selivanov almost 7 years ago. Updated over 6 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Target version:
Affected Versions:
Effort:
Difficulty:
Label:

Description

Problem exist for packages from ubuntu stable ppa: https://launchpad.net/~oisf/+archive/ubuntu/suricata-stable

Now postinst script contains this:

/usr/bin/wget -qO - https://rules.emergingthreats.net/open/suricata/emerging.rules.tar.gz | tar -x -z -C "/etc/suricata/" -f -

If you try to install suricata on some host without direct connectivity to internet, installation hangs for a long time. This is normal case: this host can get updates via some proxy, or with some external downloader. For example, PCI DSS requires IDS for hosts in DB environment, and prohibits direct internet access for that hosts.

I suggest to change this lines to

# Quick check availability and then try to download rules
/usr/bin/wget --timeout=10 -qO - https://rules.emergingthreats.net/open/suricata/ > /dev/null && \
/usr/bin/wget -qO - https://rules.emergingthreats.net/open/suricata/emerging.rules.tar.gz | tar -x -z -C "/etc/suricata/" -f -

Now I have to fix this by adding to /etc/hosts line

0.0.0.0 rules.emergingthreats.net

on this hosts.

Actions #1

Updated by Victor Julien almost 7 years ago

  • Status changed from New to Assigned
  • Assignee set to Peter Manev
  • Target version set to Packaging/PPA
Actions #2

Updated by Peter Manev over 6 years ago

Pavel - do you mind testing the package from here - https://launchpad.net/~oisf/+archive/ubuntu/suricata-ids-ips and see if it does fix that. It is the same as 3.0.1 stable however it includes the suggestion.

Actions #3

Updated by Pavel Selivanov over 6 years ago

Yep, it works as supposed.

Actions #4

Updated by Peter Manev over 6 years ago

  • Status changed from Assigned to Closed

Resolved and included in the packaging builds.
Thanks!

Actions

Also available in: Atom PDF