-
Notifications
You must be signed in to change notification settings - Fork 10
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Async yara rule downloads #86
Async yara rule downloads #86
Conversation
Although, now that I think about it, last couple of yara rules might still be downloading the first time this in run when the next task starts copying them. Add async_status task or a simple pause. |
Got back to this and realized that the next task doesn't move around the downloaded yara rules, but copies these: ╭─aj@archibald ~/github/harden.yml/ ‹feature/async-yara-download›
╰─➤ ls -ltr files/yara
total 20
-rw-r--r--. 1 aj aj 497 Apr 16 21:18 GoldenHelper.yar
-rw-r--r--. 1 aj aj 1312 Apr 16 21:18 README.md
-rw-r--r--. 1 aj aj 626 Apr 16 21:18 GoldenSpy.yar
-rw-r--r--. 1 aj aj 906 Apr 16 21:18 Goldenspy_Uninstaller.yar
-rw-r--r--. 1 aj aj 1198 Apr 16 21:18 Goldenspy_Uninstaller_v2.yar i.e., there shouldn't be any reason the enforce completion of all async tasks before this. |
Hi! Sorry I have totally missed any notification about this PR. I'll look into it soon. Although I need to tell that I'm having second thoughts about this whole "download a million YARA rules" :D Here are some thoughts/reasons:
|
Sure, I don't have big opinions nor expertise on the actual content of the YARA rules. I'm not personally running these hardenings on any of my systems as is. I was just digging into these mostly for educational purposes and picking the applicable parts to use on my systems as one does. As such, there's no pressure to get these changes merged either. Just noticed a low hanging fruit for making the playbook execution faster. |
Allow reusing established ssh connections. This makes everything except the bottle-necking yara rule downloads slightly faster as it removes authentication overhead from each individual task.
This allows parallelizing download of multiple small files from github. Cuts previous ~20 minute play time to ~5 minutes on a 8 core vagrant box with `--forks 8` flag. Downside is that ansible doesn't know if the rule has changed since last download and we lose idempotency, i.e., every rule is listed as changed.
0c97bc4
to
029d5a6
Compare
Merged. Thanks! |
Hey, please consider the following two patches.
Cheers, Juho