Skip to content

Commit

Permalink
for cisagov#457, signal suricata rules to reload after update
Browse files Browse the repository at this point in the history
  • Loading branch information
@mmguero
mmguero committed Jan 21, 2025
1 parent 68962da commit 148f000
Show file tree
Hide file tree
Showing 4 changed files with 18 additions and 34 deletions.
1 change: 0 additions & 1 deletion Dockerfiles/suricata.Dockerfile
View file
Original file line number Diff line number Diff line change
Expand Up @@ -140,7 +140,6 @@ COPY --chmod=755 shared/bin/pcap_processor.py /usr/local/bin/
COPY --chmod=755 shared/bin/service_check_passthrough.sh /usr/local/bin/
COPY --chmod=755 shared/bin/suricata_config_populate.py /usr/local/bin/
COPY --chmod=755 suricata/scripts/docker_entrypoint.sh /usr/local/bin/
COPY --chmod=755 suricata/scripts/suricata-socket.sh /usr/local/bin/
COPY --chmod=755 suricata/scripts/suricata-update-rules.sh /usr/local/bin/
COPY --chmod=755 suricata/rules-default/ "$SURICATA_DEFAULT_RULES_DIR"/

Expand Down
2 changes: 0 additions & 2 deletions hedgehog-iso/interface/sensor_ctl/supervisor.d/suricata.conf
View file
Original file line number Diff line number Diff line change
@@ -1,8 +1,6 @@
[program:suricata]
command=/usr/bin/suricata
-v
--unix-socket="%(ENV_SUPERVISOR_PATH)s/suricata/suricata-command.socket"
--set unix-command.enabled=true
-c "%(ENV_SUPERVISOR_PATH)s/suricata/suricata.yaml"
-l "%(ENV_ZEEK_LOG_PATH)s/suricata"
--pidfile "%(ENV_SUPERVISOR_PATH)s/suricata/suricata.pid"
Expand Down
16 changes: 0 additions & 16 deletions suricata/scripts/suricata-socket.sh
View file

This file was deleted.

33 changes: 18 additions & 15 deletions suricata/supervisord.conf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -17,6 +17,18 @@ supervisor.rpcinterface_factory=supervisor.rpcinterface:make_main_rpcinterface
[supervisorctl]
serverurl=unix:///tmp/supervisor.sock

[program:cron]
command=/usr/local/bin/supercronic -json "%(ENV_SUPERCRONIC_CRONTAB)s"
autostart=%(ENV_SURICATA_CRON)s
autorestart=%(ENV_SURICATA_CRON)s
user=%(ENV_PUSER)s
stopasgroup=true
killasgroup=true
stdout_logfile=/dev/fd/1
stdout_logfile_maxbytes=0
redirect_stderr=true
user=%(ENV_PUSER)s

[program:pcap-suricata]
command=python3 /usr/local/bin/pcap_suricata_processor.py %(ENV_PCAP_PIPELINE_VERBOSITY)s
--start-sleep 45
Expand Down Expand Up @@ -44,7 +56,12 @@ redirect_stderr=true
user=%(ENV_PUSER)s

[program:socket-suricata]
command=/usr/local/bin/suricata-socket.sh
command=/usr/bin/suricata-offline
-v
-c "%(ENV_SURICATA_CONFIG_FILE)s"
-l "%(ENV_SURICATA_LOG_DIR)s"
--unix-socket="%(ENV_SURICATA_RUN_DIR)s/suricata-command.socket"
--set unix-command.enabled=true
directory=%(ENV_SURICATA_RUN_DIR)s
autostart=%(ENV_SURICATA_PCAP_PROCESSOR)s
autorestart=%(ENV_SURICATA_PCAP_PROCESSOR)s
Expand All @@ -58,23 +75,9 @@ stdout_logfile_maxbytes=0
redirect_stderr=true
user=%(ENV_PUSER)s

[program:cron]
command=/usr/local/bin/supercronic -json "%(ENV_SUPERCRONIC_CRONTAB)s"
autostart=%(ENV_SURICATA_CRON)s
autorestart=%(ENV_SURICATA_CRON)s
user=%(ENV_PUSER)s
stopasgroup=true
killasgroup=true
stdout_logfile=/dev/fd/1
stdout_logfile_maxbytes=0
redirect_stderr=true
user=%(ENV_PUSER)s

[program:live-suricata]
command=/usr/bin/suricata
-v
--unix-socket="%(ENV_SURICATA_RUN_DIR)s/suricata-command.socket"
--set unix-command.enabled=true
-c "%(ENV_SURICATA_CONFIG_FILE)s"
-l "%(ENV_SURICATA_LOG_DIR)s/live"
--af-packet
Expand Down

0 comments on commit 148f000

Please sign in to comment.