mirror of
https://github.com/Security-Onion-Solutions/securityonion.git
synced 2026-07-02 07:08:14 +02:00
suricata: only reload rules once the ruleset file exists
On a fresh install the surirulesync file.recurse creates .gitkeep before SOC has generated all-rulesets.rules. That change satisfied the surirulereload onchanges requisite, so the reload ran with no ruleset present, failed to stat the file, and reported the state (and install) as failed. Add an onlyif guard so the reload only runs when all-rulesets.rules exists. A .gitkeep-only sync now leaves the state a clean success (onlyif condition false); once SOC writes the ruleset, the reload fires normally.
This commit is contained in:
@@ -65,10 +65,11 @@ so-suricata:
|
||||
- file: suriclassifications
|
||||
|
||||
surirulereload:
|
||||
cmd.run:
|
||||
cmd.run:
|
||||
- name: /usr/sbin/so-suricata-reload-rules >> /opt/so/log/suricata/reload.log 2>&1
|
||||
- onchanges:
|
||||
- onchanges:
|
||||
- file: surirulesync
|
||||
- onlyif: test -f /opt/so/rules/suricata/all-rulesets.rules
|
||||
- require:
|
||||
- docker_container: so-suricata
|
||||
|
||||
|
||||
Reference in New Issue
Block a user