FATAL: Error 429 when fetching community-rules.tar.gz

NethServer Version: 7 Final
Module: suricata

Post title says it all.

Cheers.

Kinda answering this myself.

HTTP 429: Too many requests

What’s the limit for this. I wasn’t able to find anything via Google, other than a couple of good sandwich recipes. :grinning:

I’m currently running 3 copies of NS. One real server and 2VMs for testing. However, only one of the instances has IPS active. So why are the rules being downloaded every day for the 2 systems that aren’t running an IPS.

Cheers.

The limit is decided by pulled pork team.

If you have nethserver-pulledpork installed, the server will fetch new rules every day.

Two comments.

The user doesn’t have the granularity down to the individual packages that are loaded for a Nethserver “component”, so I really have no control over which individual packages are, or are not, installed. Only “components”.

If (and I’m making an assumption here that) pulledpork is only required for IPS, then it should only be activated when IPS is activated. Not when the IPS component is installed, but currently disabled.

Cheers.

Yes, pulledpork is installed as part the IPS component (which is a yum group).

We could improve it, but actually don’t install the IPS if you don’t use it :stuck_out_tongue:
You can workaround the issue by deleting (or commenting) this file: /etc/cron.d/pulledpork

I’d prefer to uninstall the IPS if I don’t use it.
We can always file a new issue titled “Do not run pulledpork if IPS is disabled”.

.[quote=“giacomo, post:5, topic:6110”]
but actually don’t install the IPS if you don’t use it
[/quote]

At the time I wanted to test it, but decided not to go ahead.

Which is the situation I’m now in. It’s uninstalled, but all that does is uninstall the yum group, not all the individual parts of the group. And the same also for other NS components that I wanted to test/check out, but then decided to remove.

Cheers.

You can uninstall the extra rpms:

yum remove pulledpork suricata