From df4fe1c683cf1ba4a8be882ea9720597ae0f9bfb Mon Sep 17 00:00:00 2001
From: Ad Schellevis <ad@opnsense.org>
Date: Wed, 8 May 2019 11:47:54 +0200
Subject: [PATCH] IDS, missing cleanup after rule installation, for
 https://github.com/opnsense/core/issues/3472

---
 src/opnsense/scripts/suricata/installRules.py | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/src/opnsense/scripts/suricata/installRules.py b/src/opnsense/scripts/suricata/installRules.py
index 416076399..b3af63dbd 100755
--- a/src/opnsense/scripts/suricata/installRules.py
+++ b/src/opnsense/scripts/suricata/installRules.py
@@ -29,6 +29,8 @@
 
     Install suricata ruleset into opnsense.rules directory
 """
+import os
+import glob
 import os.path
 import lib.rulecache
 from lib import rule_source_directory
@@ -90,3 +92,8 @@ if __name__ == '__main__':
         f_out.write('rule-files:\n')
         for installed_file in all_installed_files:
             f_out.write(' - %s\n' % installed_file)
+
+    # cleanup unused files in rule_target_dir, since it's only meant for staging.
+    for filename in glob.glob("%s/*.rules" % rule_target_dir):
+        if os.path.basename(filename) not in  all_installed_files:
+            os.remove(filename)