From f201005f460cec3cde06623556bd067d820071c5 Mon Sep 17 00:00:00 2001 From: =?utf8?q?Peter=20M=C3=BCller?= Date: Thu, 28 Jul 2022 13:42:48 +0000 Subject: [PATCH] Core Update 170: Stop Suricata before extracting files MIME-Version: 1.0 Content-Type: text/plain; charset=utf8 Content-Transfer-Encoding: 8bit Stopping services before potentially tampering with files they use is a more sane approach than doing the latter and hope the running service can cope with it. Suricata, at least, reportedly doesn't. Signed-off-by: Peter Müller --- config/rootfiles/core/170/update.sh | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/config/rootfiles/core/170/update.sh b/config/rootfiles/core/170/update.sh index d9f13d4dec..cbac8572e9 100644 --- a/config/rootfiles/core/170/update.sh +++ b/config/rootfiles/core/170/update.sh @@ -45,6 +45,7 @@ done # Stop services /etc/init.d/rc.d/unbound stop +/etc/init.d/rc.d/suricata stop KVER="xxxKVERxxx" @@ -171,7 +172,7 @@ sed -i /etc/collectd.conf \ # Start services /etc/init.d/rc.d/unbound start -/etc/init.d/rc.d/suricata restart +/etc/init.d/rc.d/suricata start # Harden mount options of /boot sed -e -i "s@[[:space:]]*\/boot[[:space:]]*auto[[:space:]]*defaults[[:space:]]*@ \/boot auto defaults,nodev,noexec,nosuid @g" /etc/fstab -- 2.39.5