Merge pull request #11009 from Security-Onion-Solutions/fix/soruleupdate

ensure only 1 instance of so-rule-update runs. execute the cmd at the end of state run
2025-12-06 17:22:49 +01:00 · 2023-08-10 12:04:42 -04:00
parent 732d2605a7 e43900074a
commit 1f0f74ff04
2 changed files with 24 additions and 16 deletions
--- a/salt/idstools/enabled.sls
+++ b/salt/idstools/enabled.sls
@@ -63,19 +63,21 @@ delete_so-idstools_so-status.disabled:
 so-rule-update:
  cron.present:
-    - name: /usr/sbin/so-rule-update > /opt/so/log/idstools/download.log 2>&1
+    - name: /usr/sbin/so-rule-update > /opt/so/log/idstools/download_cron.log 2>&1
    - identifier: so-rule-update
    - user: root
    - minute: '1'
    - hour: '7'
 # order this last to give so-idstools container time to be ready
 run_so-rule-update:
  cmd.run:
-    - name: '/usr/sbin/so-rule-update > /opt/so/log/idstools/download.log 2>&1'
+    - name: '/usr/sbin/so-rule-update > /opt/so/log/idstools/download_idstools_state.log 2>&1'
    - require:
      - docker_container: so-idstools
    - onchanges:
      - file: idstoolsetcsync
    - order: last
 {% else %}
--- a/salt/idstools/tools/sbin_jinja/so-rule-update
+++ b/salt/idstools/tools/sbin_jinja/so-rule-update
@@ -1,5 +1,9 @@
 #!/bin/bash
-. /usr/sbin/so-common
+
 # if this script isn't already running
 if [[ ! "`pidof -x $(basename $0) -o %PPID`" ]]; then
    . /usr/sbin/so-common
 {%- from 'vars/globals.map.jinja' import GLOBALS %}
 {%- from 'idstools/map.jinja' import IDSTOOLSMERGED %}
@@ -9,28 +13,30 @@
 # Download the rules from the internet
 {%- if proxy %}
-export http_proxy={{ proxy }} 
+    export http_proxy={{ proxy }}
-export https_proxy={{ proxy }} 
+    export https_proxy={{ proxy }}
-export no_proxy="{{ noproxy }}" 
+    export no_proxy="{{ noproxy }}"
 {%- endif %}
-mkdir -p /nsm/rules/suricata
+    mkdir -p /nsm/rules/suricata
-chown -R socore:socore /nsm/rules/suricata
+    chown -R socore:socore /nsm/rules/suricata
 # Download the rules from the internet
 {%- if GLOBALS.airgap != 'True' %}
 {%-   if IDSTOOLSMERGED.config.ruleset == 'ETOPEN' %}
-docker exec so-idstools idstools-rulecat -v --suricata-version 6.0 -o /nsm/rules/suricata/ --merged=/nsm/rules/suricata/emerging-all.rules --force
+    docker exec so-idstools idstools-rulecat -v --suricata-version 6.0 -o /nsm/rules/suricata/ --merged=/nsm/rules/suricata/emerging-all.rules --force
 {%-   elif IDSTOOLSMERGED.config.ruleset == 'ETPRO' %}
-docker exec so-idstools idstools-rulecat -v --suricata-version 6.0 -o /nsm/rules/suricata/ --merged=/nsm/rules/suricata/emerging-all.rules --force --etpro={{ IDSTOOLSMERGED.config.oinkcode }}
+    docker exec so-idstools idstools-rulecat -v --suricata-version 6.0 -o /nsm/rules/suricata/ --merged=/nsm/rules/suricata/emerging-all.rules --force --etpro={{ IDSTOOLSMERGED.config.oinkcode }}
 {%-   elif IDSTOOLSMERGED.config.ruleset == 'TALOS' %}
-docker exec so-idstools idstools-rulecat -v --suricata-version 6.0 -o /nsm/rules/suricata/ --merged=/nsm/rules/suricata/emerging-all.rules --force --url=https://www.snort.org/rules/snortrules-snapshot-2983.tar.gz?oinkcode={{ IDSTOOLSMERGED.config.oinkcode }}
+    docker exec so-idstools idstools-rulecat -v --suricata-version 6.0 -o /nsm/rules/suricata/ --merged=/nsm/rules/suricata/emerging-all.rules --force --url=https://www.snort.org/rules/snortrules-snapshot-2983.tar.gz?oinkcode={{ IDSTOOLSMERGED.config.oinkcode }}
 {%-   endif %}
 {%- endif %}
-argstr=""
+    argstr=""
-for arg in "$@"; do
+    for arg in "$@"; do
-    argstr="${argstr} \"${arg}\""
+        argstr="${argstr} \"${arg}\""
-done
+    done
-docker exec so-idstools /bin/bash -c "cd /opt/so/idstools/etc && idstools-rulecat --force ${argstr}"
+    docker exec so-idstools /bin/bash -c "cd /opt/so/idstools/etc && idstools-rulecat --force ${argstr}"
 fi