From 7a5a57328857fa2b3c4a96ea256e4c6be75f6505 Mon Sep 17 00:00:00 2001
From: Ad Schellevis <ad@opnsense.org>
Date: Fri, 26 Jul 2019 21:36:42 +0200
Subject: [PATCH] IDS/IPS: rule-updater. When there's nothing to download,
 required (extra) files where removed on update, while here, also make sure
 that required files are also downloaded when not on disk yet.

ETPro Telemetry uses this to collect its own sids, so we only communicate communicate about alerts actually in this specific set.
---
 src/opnsense/scripts/suricata/rule-updater.py | 14 ++++++++------
 1 file changed, 8 insertions(+), 6 deletions(-)

diff --git a/src/opnsense/scripts/suricata/rule-updater.py b/src/opnsense/scripts/suricata/rule-updater.py
index 65f2d7ade..6f5157697 100755
--- a/src/opnsense/scripts/suricata/rule-updater.py
+++ b/src/opnsense/scripts/suricata/rule-updater.py
@@ -76,15 +76,17 @@ if __name__ == '__main__':
         if rule['metadata_source'] not in metadata_sources:
             metadata_sources[rule['metadata_source']] = 0
         if 'url' in rule['source']:
+            full_path = ('%s/%s' % (rule_source_directory, rule['filename'])).replace('//', '/')
             if dl.is_supported(url=rule['source']['url']):
-                if rule['required'] and metadata_sources[rule['metadata_source']] > 0:
+                if rule['required']:
                     # Required files are always sorted last in list_rules(), add required when there's at least one
-                    # file selected from the metadata package.
-                    enabled_rulefiles[rule['filename']] = {'filter': ''}
+                    # file selected from the metadata package or not on disk yet.
+                    if metadata_sources[rule['metadata_source']] > 0 or not os.path.isfile(full_path):
+                        enabled_rulefiles[rule['filename']] = {'filter': ''}
                 if rule['filename'] not in enabled_rulefiles:
-                    full_path = ('%s/%s' % (rule_source_directory, rule['filename'])).replace('//', '/')
-                    if os.path.isfile(full_path):
-                        os.remove(full_path)
+                    if not rule['required']:
+                        if os.path.isfile(full_path):
+                            os.remove(full_path)
                 else:
                     input_filter = enabled_rulefiles[rule['filename']]['filter']
                     if ('username' in rule['source'] and 'password' in rule['source']):