Merge pull request #11009 from Security-Onion-Solutions/fix/soruleupdate

ensure only 1 instance of so-rule-update runs. execute the cmd at the end of state run

salt/idstools/enabled.sls

@@ -63,19 +63,21 @@ delete_so-idstools_so-status.disabled:
 
 so-rule-update:
   cron.present:
-    - name: /usr/sbin/so-rule-update > /opt/so/log/idstools/download.log 2>&1
+    - name: /usr/sbin/so-rule-update > /opt/so/log/idstools/download_cron.log 2>&1
     - identifier: so-rule-update
     - user: root
     - minute: '1'
     - hour: '7'
 
+# order this last to give so-idstools container time to be ready
 run_so-rule-update:
   cmd.run:
-    - name: '/usr/sbin/so-rule-update > /opt/so/log/idstools/download.log 2>&1'
+    - name: '/usr/sbin/so-rule-update > /opt/so/log/idstools/download_idstools_state.log 2>&1'
     - require:
       - docker_container: so-idstools
     - onchanges:
       - file: idstoolsetcsync
+    - order: last
 
 {% else %}
 

salt/idstools/tools/sbin_jinja/so-rule-update

@@ -1,4 +1,8 @@
 #!/bin/bash
+
+# if this script isn't already running
+if [[ ! "`pidof -x $(basename $0) -o %PPID`" ]]; then
+
     . /usr/sbin/so-common
 
 {%- from 'vars/globals.map.jinja' import GLOBALS %}
@@ -34,3 +38,5 @@ for arg in "$@"; do
     done
 
     docker exec so-idstools /bin/bash -c "cd /opt/so/idstools/etc && idstools-rulecat --force ${argstr}"
+
+fi