From mboxrd@z Thu Jan 1 00:00:00 1970 From: Michael Tremer To: development@lists.ipfire.org Subject: Re: [PATCH] core 130: Remove snort settings dir after convert has run. Date: Mon, 18 Mar 2019 19:12:35 +0000 Message-ID: <0DAF84CB-ED9A-44CA-BAC4-A56F38C66B49@ipfire.org> In-Reply-To: <4f3c88b813d64cde1a074ce3b317fbbcf5c4d1e8.camel@ipfire.org> MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="===============4332344659866154809==" List-Id: --===============4332344659866154809== Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Why would the converter read snort.conf? I agree. > On 18 Mar 2019, at 19:11, Stefan Schantl wrot= e: >=20 >> Hi, >>=20 >> I do not see why the converter does not take care of the removal. >> That would only be one place. >=20 > Me, too - I simply implemented it in the same way all other converters > will be handled by the backup.pl script.... >=20 > But I found an other really important issue in the core 130 update.sh > and the converter. >=20 > The "/etc/snort/snort.conf" will be deleted very early. Exactly before > the converter has been the chance to read the settings from this file. >=20 > I'll send a patch to do the removal of the whole snort stuff and the > settings in one step after the converter has done it's work, if you > agree with me. >=20 >>=20 >> But I will merge this if you want me to. >>=20 >> -Michael >>=20 >>> On 18 Mar 2019, at 19:04, Stefan Schantl >>> wrote: >>>=20 >>>> Almost? >>>=20 >>> As long as the files are present, the settings will be converted. >>> May >>> in special cases if a user does something really weird may the >>> converter will fail, but in this case I think it even would be >>> better >>> start a new clean IPS configuration. >>>=20 >>>> How is this directory removed when a backup was restored? >>>>=20 >>>=20 >>> By the backup.pl script. It checks if after the backup a snort >>> settings >>> dir (/var/ipfire/snort) exists, launches the converter and >>> afterwards >>> deletes the directory. >>>=20 >>> See: >>>=20 >>> https://git.ipfire.org/?p=3Dipfire-2.x.git;a=3Dcommit;h=3D8c27372438dd267= 648cba48b86d85a594f14be1c >>>=20 >>>> -Michael >>>>=20 >>>>> On 18 Mar 2019, at 18:56, Stefan Schantl < >>>>> stefan.schantl(a)ipfire.org >>>>>> wrote: >>>>>=20 >>>>> Hello Michael, >>>>>> Hi, >>>>>>=20 >>>>>> What happens when the converter has failed? Is that a >>>>>> possibility? >>>>>=20 >>>>> There is almost no risk, that this would be happened. >>>>>=20 >>>>> It contains checks if all corresponding files are present and >>>>> will >>>>> contain the settings from them - I do not see a case where any >>>>> problems >>>>> can be happen. >>>>>=20 >>>>> Best regards, >>>>>=20 >>>>> -Stefan >>>>>=20 >>>>>> -Michael >>>>>>=20 >>>>>>> On 18 Mar 2019, at 18:46, Stefan Schantl < >>>>>>> stefan.schantl(a)ipfire.org >>>>>>>> wrote: >>>>>>>=20 >>>>>>> When all settings have been converted, the files and >>>>>>> directory >>>>>>> are >>>>>>> not >>>>>>> needed anymore. >>>>>>>=20 >>>>>>> If they will be left and at a later time an backup will be >>>>>>> restored, the >>>>>>> converter will be started by the backup script again and >>>>>>> would >>>>>>> be >>>>>>> restore those >>>>>>> old snort settings and replace the current IPS settings. >>>>>>>=20 >>>>>>> Signed-off-by: Stefan Schantl >>>>>>> --- >>>>>>> config/rootfiles/core/130/update.sh | 3 +++ >>>>>>> 1 file changed, 3 insertions(+) >>>>>>>=20 >>>>>>> diff --git a/config/rootfiles/core/130/update.sh >>>>>>> b/config/rootfiles/core/130/update.sh >>>>>>> index d33321c32..f3dc0d85a 100644 >>>>>>> --- a/config/rootfiles/core/130/update.sh >>>>>>> +++ b/config/rootfiles/core/130/update.sh >>>>>>> @@ -74,6 +74,9 @@ ldconfig >>>>>>> # Migrate snort configuration to suricata >>>>>>> /usr/sbin/convert-snort >>>>>>>=20 >>>>>>> +# Remove snort settings >>>>>>> +rm -rvf /var/ipfire/snort >>>>>>> + >>>>>>> # Start services >>>>>>> /etc/init.d/collectd restart >>>>>>> /etc/init.d/firewall restart >>>>>>> --=20 >>>>>>> 2.20.1 >>>>>>>=20 --===============4332344659866154809==--