Why would the converter read snort.conf? I agree. > On 18 Mar 2019, at 19:11, Stefan Schantl wrote: > >> Hi, >> >> I do not see why the converter does not take care of the removal. >> That would only be one place. > > Me, too - I simply implemented it in the same way all other converters > will be handled by the backup.pl script.... > > But I found an other really important issue in the core 130 update.sh > and the converter. > > The "/etc/snort/snort.conf" will be deleted very early. Exactly before > the converter has been the chance to read the settings from this file. > > I'll send a patch to do the removal of the whole snort stuff and the > settings in one step after the converter has done it's work, if you > agree with me. > >> >> But I will merge this if you want me to. >> >> -Michael >> >>> On 18 Mar 2019, at 19:04, Stefan Schantl >>> wrote: >>> >>>> Almost? >>> >>> As long as the files are present, the settings will be converted. >>> May >>> in special cases if a user does something really weird may the >>> converter will fail, but in this case I think it even would be >>> better >>> start a new clean IPS configuration. >>> >>>> How is this directory removed when a backup was restored? >>>> >>> >>> By the backup.pl script. It checks if after the backup a snort >>> settings >>> dir (/var/ipfire/snort) exists, launches the converter and >>> afterwards >>> deletes the directory. >>> >>> See: >>> >>> https://git.ipfire.org/?p=ipfire-2.x.git;a=commit;h=8c27372438dd267648cba48b86d85a594f14be1c >>> >>>> -Michael >>>> >>>>> On 18 Mar 2019, at 18:56, Stefan Schantl < >>>>> stefan.schantl(a)ipfire.org >>>>>> wrote: >>>>> >>>>> Hello Michael, >>>>>> Hi, >>>>>> >>>>>> What happens when the converter has failed? Is that a >>>>>> possibility? >>>>> >>>>> There is almost no risk, that this would be happened. >>>>> >>>>> It contains checks if all corresponding files are present and >>>>> will >>>>> contain the settings from them - I do not see a case where any >>>>> problems >>>>> can be happen. >>>>> >>>>> Best regards, >>>>> >>>>> -Stefan >>>>> >>>>>> -Michael >>>>>> >>>>>>> On 18 Mar 2019, at 18:46, Stefan Schantl < >>>>>>> stefan.schantl(a)ipfire.org >>>>>>>> wrote: >>>>>>> >>>>>>> When all settings have been converted, the files and >>>>>>> directory >>>>>>> are >>>>>>> not >>>>>>> needed anymore. >>>>>>> >>>>>>> If they will be left and at a later time an backup will be >>>>>>> restored, the >>>>>>> converter will be started by the backup script again and >>>>>>> would >>>>>>> be >>>>>>> restore those >>>>>>> old snort settings and replace the current IPS settings. >>>>>>> >>>>>>> Signed-off-by: Stefan Schantl >>>>>>> --- >>>>>>> config/rootfiles/core/130/update.sh | 3 +++ >>>>>>> 1 file changed, 3 insertions(+) >>>>>>> >>>>>>> diff --git a/config/rootfiles/core/130/update.sh >>>>>>> b/config/rootfiles/core/130/update.sh >>>>>>> index d33321c32..f3dc0d85a 100644 >>>>>>> --- a/config/rootfiles/core/130/update.sh >>>>>>> +++ b/config/rootfiles/core/130/update.sh >>>>>>> @@ -74,6 +74,9 @@ ldconfig >>>>>>> # Migrate snort configuration to suricata >>>>>>> /usr/sbin/convert-snort >>>>>>> >>>>>>> +# Remove snort settings >>>>>>> +rm -rvf /var/ipfire/snort >>>>>>> + >>>>>>> # Start services >>>>>>> /etc/init.d/collectd restart >>>>>>> /etc/init.d/firewall restart >>>>>>> -- >>>>>>> 2.20.1 >>>>>>>