Feature #2357
closed
Feature request. Initial Downloading ruleset
Added by Aleksander Aksenov over 6 years ago.
Updated about 6 years ago.
Description
Hello,
Just faced with problem related to downloading latest 'Emerging Threats ruleset ' immediately after update suricata.deb package.
Problem connected to PCI DSS standard and direct access prohibition to repository with rulesets.
We have up and running local repository. It work fine.
But for update/installation process it doesn't work.
It looks like below:
$ sudo dpkg --configure -a
Setting up suricata (4.0.3-1ubuntu2) ...
Download and install the latest Emerging Threats Open ruleset
My Request is to amend debian post installation script and remove following part of postinstall script:
echo "Download and install the latest Emerging Threats Open ruleset \n"
echo "Downloading..."
/bin/mkdir -p /etc/suricata/rules
/usr/bin/wget --timeout=10 -qO - https://rules.emergingthreats.net/open/suricata/ > /dev/null && \
/usr/bin/wget -qO - https://rules.emergingthreats.net/open/suricata/emerging.rules.tar.gz | tar -x -z -C "/etc/suricata/" -f -
if [ $? -eq 0 ]; then
echo "Latest ET Open rule set deployed in /etc/suricata/rules !"
else
echo "Please check your connection - could not download ruleset from: "
echo "https://rules.emergingthreats.net/open/suricata/emerging.rules.tar.gz"
echo "Skipping download"
fi
Files
The postinst script should not stop the installation itself. It should simply skip that step if it times out.
It was actually coming from this feature request (very similar to what you are mentioning) - https://redmine.openinfosecfoundation.org/issues/1730
In your case does it not update at all?
Hi,
Yes, it is the same issue.
Time out to long. It takes about 20 minutes before completed with no result.
It affects management through ansible playbooks. Due to suricata package installation or update process not return 0 code in time that allowed for ansible playbooks.
Hello,
Just checked with
0.0.0.0 rules.emergingthreats.net
It works fine. Downloading skipping as it have to be.
Thanks. Incident can be closed.
Just only one wish - please add information about it into documentation in Installation part.
- Assignee set to Peter Manev
We can amend the docs for sure.
I will also test out a smaller timeout (the reported 20 min seems too big)
This could also be handled differently in the near future with https://github.com/OISF/suricata-update comming into stable.
- Target version set to Documentation
What exactly would you want to have covered in the documentation?
Hello,
I have tested it with different wget timeouts. It looks like it multiplies at 3. And as a result instead 5 seconds it hangs on up to 15-17 seconds(general timeout + dns resolution timeout + connect timeout + read timeout).
What about documentation, I'w rather to see notice regarding how to disable downloading of rulesets at installation stage.
Aleksander Aksenov wrote:
Hello,
I have tested it with different wget timeouts. It looks like it multiplies at 4. And as a result instead 5 seconds it hangs on up to 15-17 seconds(general timeout + dns resolution timeout + >connect timeout + read timeout). Also it looks like wget counts minutes instead of seconds.
Example in the attachement.
What about documentation, I'w rather to see notice regarding how to disable downloading of rulesets at installation stage.
Aleksander,
Can you try/test out adding "--tries=1" to the command -
/usr/bin/wget --timeout=10s --tries=1 -qO - https://rules.emergingthreats.net/open/suricata/
Would it make any difference timewise?
Hi Peter,
Now it much more convenient(approx 20s).
Please see attached screen shot.
Ok,
Thank you for confirming.
I can amend the script for the next release as a workaround.
- Status changed from New to Closed
- Target version changed from Documentation to 4.0.4
That should be fixed in the current PPA.
Also available in: Atom
PDF
