Bug #3843
closedno way to re-enable a disabled source previously added with add-source
Description
When you add a source with suricata-update add-source and then disable that source, there is no way to re-enable it without getting an error.
$ sudo suricata-update add-source abuse.ch-URLhaus-IDS https://urlhaus.abuse.ch/downloads/urlhaus_suricata.tar.gz $ ls -la ./sources/ -rw-r--r-- 1 root root 108 Jul 24 18:03 abuse.ch-URLhaus-IDS.yaml $ sudo suricata-update disable-source abuse.ch-URLhaus-IDS <Info> -- Source abuse.ch-URLhaus-IDS has been disabled $ ls -la ./sources/ -rw-r--r-- 1 root root 108 Jul 24 18:03 abuse.ch-URLhaus-IDS.yaml.disabled $ sudo suricata-update add-source abuse.ch-URLhaus-IDS https://urlhaus.abuse.ch/downloads/urlhaus_suricata.tar.gz <Error> -- A source with name abuse.ch-URLhaus-IDS already exists. $ sudo suricata-update enable-source abuse.ch-URLhaus-IDS <Info> -- Re-enabling previously disabled source for abuse.ch-URLhaus-IDS. <Error> -- Unknown source: abuse.ch-URLhaus-IDS
Updated by James Lagermann over 4 years ago
Some additional details:
If the fix will be to use 'enable-source' to re-enable a disabled custom source, it will also require a command to list currently disabled sources. I will have to add a task to check for disabled sources before I try the add-source command or it will still fail.
If the fix will allow 'add-source' to re-enable a disabled custom source, it will not require any changes to the task list below.
I'm using an Ansible Playbook to manage Suricata-update. In the variable file, I have three different lists, one for sources that do not have secret codes {{enable_suricata_remote_sources}}, one for sources that do have secret codes {{enable_suricata_secret_code_sources}}, and one for sources not in the index {{enable_suricata_custom_url_sources}}.
- The tasks first update sources,
- list currently enabled sources.
- go through each group and enable or add the source if it is not already enabled.
- go through the original list of enabled sources and disable it if it is not in one of the three enable lists
- run suricata-update
enable_suricata_remote_sources: - name: (list name) enable_suricata_secret_code_sources: - name: (list name) secret_code: (secret code) enable_suricata_custom_url_sources: - name: (list name) url: (list url) ------------------------------------------------------- - name: Update Suricata-update Sources command: suricata-update update-sources changed_when: false - name: Collect list of enabled sources command: suricata-update list-enabled-sources register: enabled_sources changed_when: false - name: Enable remote sources with secret-codes command: suricata-update enable-source "{{ item.name }}" secret-code="{{ item.secret_code }}" with_items: "{{ enable_suricata_secret_code_sources|default([]) }}" when: 'item.name not in enabled_sources.stdout' no_log: true - name: Enable remote sources without secret-codes command: suricata-update enable-source "{{ item }}" with_items: "{{ enable_suricata_remote_sources|default([]) }}" when: 'item not in enabled_sources.stdout' - name: Add remote sources not in the index command: suricata-update add-source "{{ item.name }}" "{{ item.url }}" with_items: "{{ enable_suricata_custom_url_sources|default([]) }}" when: 'item.name not in enabled_sources.stdout' - name: Disable Suricata-update remote sources tasks command: suricata-update disable-source "{{ item }}" with_items "{{ enabled_sources.stdout_lines | select('match', '^ - [a-z]') | list | regex_replace(' - ') }}" when: - 'item not in (enable_suricata_remote_sources|default([])|string)' - 'item not in (enable_suricata_secret_code_sources|default([])|string)' - 'item not in (enable_suricata_custom_url_sources|default([])|string)' - name: Run Suricata-update command: suricata-update --no-reload
Updated by Shivani Bhardwaj over 4 years ago
- Status changed from New to Assigned
- Priority changed from Normal to High
- Target version set to 1.2.0
Updated by James Lagermann over 4 years ago
Is this fix on track for version 1.2.0? I don't see anything related to it in 1.2.0rc1.
Updated by Shivani Bhardwaj about 4 years ago
James Lagermann wrote in #note-3:
Is this fix on track for version 1.2.0? I don't see anything related to it in 1.2.0rc1.
Hi James!
That's correct. You can always check the target version in the issue.
I have a question about a concern that you have raised about a certain fix.
If the fix will be to use 'enable-source' to re-enable a disabled custom source, it will also require a command to list currently disabled sources. I will have to add a task to check for disabled sources before I try the add-source command or it will still fail.
Is it possible that before enabling/adding any source at all, we write the task for disabling the sources that are not already present in the three lists?
And then, right before the task for adding the remote sources, we add a task to remove all the sources mentioned in the `enable_suricata_remote_sources` list irrespective of whether it exists or not. It will not error out in case a source does not already exist and is being asked to be removed, it'll give a warning in that case. But, I see even if that were the case, there is a field to ignore errors for a task with ansible?
Please let me know if I am missing any steps and this would not make sense.
Updated by Shivani Bhardwaj about 4 years ago
- Status changed from Assigned to In Review
Updated by Jason Ish about 4 years ago
- Target version changed from 1.2.0 to 1.2.0rc2
Updated by Shivani Bhardwaj about 4 years ago
- Status changed from In Review to Closed
Merged through https://github.com/OISF/suricata-update/pull/252