From: Stefan Schantl <stefan.schantl@ipfire.org>
To: development@lists.ipfire.org
Subject: [PATCH] Core 130: Remove files after convert-snort has been launched
Date: Mon, 18 Mar 2019 20:33:28 +0100 [thread overview]
Message-ID: <20190318193328.4815-1-stefan.schantl@ipfire.org> (raw)
In-Reply-To: <0DAF84CB-ED9A-44CA-BAC4-A56F38C66B49@ipfire.org>
[-- Attachment #1: Type: text/plain, Size: 2065 bytes --]
The converter requires /etc/snort/snort.conf to grab the used rule files
(categories). After all settings have been converted, we are fine to delete all
snort related files, because none of them is needed anymore.
Also the /var/ipfire/snort directory needs to be deleted. If it will be left on the
system and at any later time a backup will get restored, the converter will be
started by the backup script, because it detects that a snort settins dir exists
and would be restore the old snort settings and replaces all current IPS settings.
Signed-off-by: Stefan Schantl <stefan.schantl(a)ipfire.org>
---
config/rootfiles/core/130/update.sh | 31 +++++++++++++++--------------
1 file changed, 16 insertions(+), 15 deletions(-)
diff --git a/config/rootfiles/core/130/update.sh b/config/rootfiles/core/130/update.sh
index d33321c32..6d32bdba2 100644
--- a/config/rootfiles/core/130/update.sh
+++ b/config/rootfiles/core/130/update.sh
@@ -37,21 +37,6 @@ if [ -e "/etc/init.d/suricata" ]; then
/etc/init.d/suricata stop
fi
-# Remove files
-rm -rfv \
- /etc/rc.d/rc*.d/*snort \
- /etc/rc.d/init.d/networking/red.up/23-RS-snort \
- /etc/snort \
- /usr/bin/daq-modules-config \
- /usr/bin/u2boat \
- /usr/bin/u2spewfoo \
- /usr/lib/daq \
- /usr/lib/snort \
- /usr/lib/libdaq.so* \
- /usr/lib/libsfbpf.so* \
- /usr/local/bin/snortctl \
- /usr/sbin/snort
-
# Rename snort user to suricata
if getent group snort &>/dev/null; then
groupmod -n suricata snort
@@ -74,6 +59,22 @@ ldconfig
# Migrate snort configuration to suricata
/usr/sbin/convert-snort
+# Remove files
+rm -rfv \
+ /etc/rc.d/rc*.d/*snort \
+ /etc/rc.d/init.d/networking/red.up/23-RS-snort \
+ /etc/snort \
+ /usr/bin/daq-modules-config \
+ /usr/bin/u2boat \
+ /usr/bin/u2spewfoo \
+ /usr/lib/daq \
+ /usr/lib/snort \
+ /usr/lib/libdaq.so* \
+ /usr/lib/libsfbpf.so* \
+ /usr/local/bin/snortctl \
+ /usr/sbin/snort \
+ /var/ipfire/snort
+
# Start services
/etc/init.d/collectd restart
/etc/init.d/firewall restart
--
2.20.1
prev parent reply other threads:[~2019-03-18 19:33 UTC|newest]
Thread overview: 14+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-03-18 18:46 [PATCH] core 130: Remove snort settings dir after convert has run Stefan Schantl
2019-03-18 18:47 ` Michael Tremer
2019-03-18 18:56 ` Stefan Schantl
2019-03-18 18:57 ` Michael Tremer
2019-03-18 19:04 ` Stefan Schantl
2019-03-18 19:05 ` Michael Tremer
2019-03-18 19:11 ` Stefan Schantl
2019-03-18 19:12 ` Michael Tremer
2019-03-18 19:15 ` Stefan Schantl
2019-03-18 19:15 ` Michael Tremer
2019-03-18 19:20 ` Horace Michael
2019-03-18 19:22 ` Michael Tremer
2019-03-18 19:31 ` Stefan Schantl
2019-03-18 19:33 ` Stefan Schantl [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20190318193328.4815-1-stefan.schantl@ipfire.org \
--to=stefan.schantl@ipfire.org \
--cc=development@lists.ipfire.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox