🐞🐋 SELKS 7 - Docker (Installed from ISO) - Suricata push results in "Suricata restart already asked."

[jtp2112]

Is there an existing issue for this?

• I have searched the existing issues

Current Behavior

Suricata actions via Scirius result in a failed push with the error "Suricata restart already asked." Download and build work just fine. I am currently working around this by issuing docker-compose restart suricata as root from the /opt/selksd/SELKS/docker/ directory, but that's pretty onerous during tuning.

Expected Behavior

Suricata ruleset actions perform the desired function without error and the requirement of a manual container restart.

Steps To Reproduce

1. Perform Suricata ruleset action push via the web UI (with or without the other actions selected)
2. See the resulting error "Suricata restart already asked."
3. See tuned rules still generating alarms with the SID strikethrough.

Docker version

Docker version 20.10.14, build a224086

Docker version

docker-compose version 1.29.2, build 5becea4c

OS Version

Description: Debian GNU/Linux 11 (bullseye)

Content of the environnement File

COMPOSE_PROJECT_NAME=SELKS
INTERFACES= -i ens19 -i ens20
RESTART_MODE=on-failure
ELASTIC_MEMORY=8G
SCIRIUS_SECRET_KEY=
ML_ENABLED=false

Version of SELKS

commit fb84874 (HEAD -> master, origin/master, origin/HEAD)
Author: Eric Leblond el@stamus-networks.com
Date: Wed Apr 6 11:28:47 2022 +0200

doc: misc fixes

Anything else?

No response