From patchwork Mon Jan 13 12:24:42 2025
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Adolf Belka <adolf.belka@ipfire.org>
X-Patchwork-Id: 8404
Return-Path: <development-bounces@lists.ipfire.org>
Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature ECDSA (secp384r1) server-digest SHA384
	 client-signature RSA-PSS (4096 bits) client-digest SHA256)
	(Client CN "mail01.haj.ipfire.org", Issuer "R11" (verified OK))
	by web04.haj.ipfire.org (Postfix) with ESMTPS id 4YWs092NGmz3wx0
	for <patchwork@web04.haj.ipfire.org>; Mon, 13 Jan 2025 12:24:57 +0000 (UTC)
Received: from mail02.haj.ipfire.org (mail02.haj.ipfire.org [172.28.1.201])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest
 SHA256
	 client-signature ECDSA (secp384r1) client-digest SHA384)
	(Client CN "mail02.haj.ipfire.org", Issuer "E5" (verified OK))
	by mail01.ipfire.org (Postfix) with ESMTPS id 4YWs0517Dnz1GH;
	Mon, 13 Jan 2025 12:24:53 +0000 (UTC)
Received: from mail02.haj.ipfire.org (localhost [127.0.0.1])
	by mail02.haj.ipfire.org (Postfix) with ESMTP id 4YWs046mJjz2xRT;
	Mon, 13 Jan 2025 12:24:52 +0000 (UTC)
Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature ECDSA (secp384r1) server-digest SHA384
	 client-signature RSA-PSS (4096 bits) client-digest SHA256)
	(Client CN "mail01.haj.ipfire.org", Issuer "R11" (verified OK))
	by mail02.haj.ipfire.org (Postfix) with ESMTPS id 4YWs015P81z2xNK
	for <development@lists.ipfire.org>; Mon, 13 Jan 2025 12:24:49 +0000 (UTC)
Received: from [127.0.0.1] (localhost [127.0.0.1])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest
 SHA256)
	(No client certificate requested)
	by mail01.ipfire.org (Postfix) with ESMTPSA id 4YWs004P7vzLm;
	Mon, 13 Jan 2025 12:24:48 +0000 (UTC)
DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=ipfire.org;
	s=202003ed25519; t=1736771088;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:cc:mime-version:mime-version:
	 content-transfer-encoding:content-transfer-encoding;
	bh=Q0P4tx5oPlzcQoN0V+HBl52Nf8FmfqRv/o7Gdc5WoA0=;
	b=sKuRggvDxyFU2oHByP1xmf1zkI0VgxSkqSZgDtv4WSXc5LdzL0PiA9wa+fYhM30FtK8JZH
	P8tMQLkYYYqNjrDA==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ipfire.org;
 s=202003rsa;
	t=1736771088;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:cc:mime-version:mime-version:
	 content-transfer-encoding:content-transfer-encoding;
	bh=Q0P4tx5oPlzcQoN0V+HBl52Nf8FmfqRv/o7Gdc5WoA0=;
	b=PKx0uIZFtdw2qwNPkXIG/QfzZ4ogA/aj1gNjp7RAAA5dueco1hz2qE1ITl/c/G48irbyZH
	dFx6dJRNnVhueDT5L0MBMCP+Wy/ea8viTMoN0tMsgQRsMcIul16G/nHXMOf+fJxvD53l7+
	DiU4Y/WsPpcYQviz0lXHP4wfVSjqimXWBsFc11htOpln8j5bgvMsgkiRkiGJEUdMaYstHQ
	0mIoc27VjiIaVe6uTECBteH8TDfNIyPNHAD/XvBJVhNcBYL5M6gZzqOZGLadYw9wyuBaZh
	urhzuxq0ZkZpe+xZrbpBcaVCYeUEb1d4KITZX8It2xb3KCBVfBj5QXZZFoFCug==
From: Adolf Belka <adolf.belka@ipfire.org>
To: development@lists.ipfire.org
Subject: [PATCH] backup-exclude: Add suricata ruleset-sources to backup
 exclude file
Date: Mon, 13 Jan 2025 13:24:42 +0100
Message-ID: <20250113122442.55641-1-adolf.belka@ipfire.org>
MIME-Version: 1.0
Message-ID-Hash: F6ZIKGIJ4TQKZ76HMHQKFAV3NU2NBOBD
X-Message-ID-Hash: F6ZIKGIJ4TQKZ76HMHQKFAV3NU2NBOBD
X-MailFrom: adolf.belka@ipfire.org
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency;
 loop; banned-address; member-moderation; nonmember-moderation; administrivia;
 implicit-dest; max-recipients; max-size; news-moderation; no-subject;
 digests; suspicious-header
X-Mailman-Version: 3.3.8
Precedence: list
List-Id: IPFire development talk <development.lists.ipfire.org>
Archived-At: 
 <https://lists.ipfire.org/hyperkitty/list/development@lists.ipfire.org/message/F6ZIKGIJ4TQKZ76HMHQKFAV3NU2NBOBD/>
List-Archive: 
 <https://lists.ipfire.org/hyperkitty/list/development@lists.ipfire.org/>
List-Help: <mailto:development-request@lists.ipfire.org?subject=help>
List-Owner: <mailto:development-owner@lists.ipfire.org>
List-Post: <mailto:development@lists.ipfire.org>
List-Subscribe: <mailto:development-join@lists.ipfire.org>
List-Unsubscribe: <mailto:development-leave@lists.ipfire.org>

- This will ensure that an old version will no longer be restored back onto a users
   system.
- The suricata ruleset-sources file should also be shipped in the CU that this will be
   applied to make sure that all usders have the correct version installed, in case they
   have done a restore from an old backup after doing a fresh install.
- Tested on my vm testbed system and after making the change, the ruleset-sources file
   is no longer added to the backup set but also it is excluded from the restore if it
   is included in an old backup.

Tested-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
---
 config/backup/exclude | 1 +
 1 file changed, 1 insertion(+)

diff --git a/config/backup/exclude b/config/backup/exclude
index 0131a87fd..4dc1607a2 100644
--- a/config/backup/exclude
+++ b/config/backup/exclude
@@ -7,4 +7,5 @@ var/ipfire/ovpn/openssl/*
 var/ipfire/proxy/calamaris/bin/*
 var/ipfire/qos/bin/qos.pl
 var/ipfire/suricata/oinkmaster.conf
+var/ipfire/suricata/ruleset-sources
 var/ipfire/urlfilter/blacklists/*/*.db