From mboxrd@z Thu Jan  1 00:00:00 1970
From: Stefan Schantl <stefan.schantl@ipfire.org>
To: development@lists.ipfire.org
Subject: [PATCH] Core 130: Remove files after convert-snort has been launched
Date: Mon, 18 Mar 2019 20:33:28 +0100
Message-ID: <20190318193328.4815-1-stefan.schantl@ipfire.org>
In-Reply-To: <0DAF84CB-ED9A-44CA-BAC4-A56F38C66B49@ipfire.org>
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="===============8223782919553470681=="
List-Id: <development.lists.ipfire.org>

--===============8223782919553470681==
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable

The converter requires /etc/snort/snort.conf to grab the used rule files
(categories). After all settings have been converted, we are fine to delete a=
ll
snort related files, because none of them is needed anymore.

Also the /var/ipfire/snort directory needs to be deleted. If it will be left =
on the
system and at any later time a backup will get restored, the converter will be
started by the backup script, because it detects that a snort settins dir exi=
sts
and would be restore the old snort settings and replaces all current IPS sett=
ings.

Signed-off-by: Stefan Schantl <stefan.schantl(a)ipfire.org>
---
 config/rootfiles/core/130/update.sh | 31 +++++++++++++++--------------
 1 file changed, 16 insertions(+), 15 deletions(-)

diff --git a/config/rootfiles/core/130/update.sh b/config/rootfiles/core/130/=
update.sh
index d33321c32..6d32bdba2 100644
--- a/config/rootfiles/core/130/update.sh
+++ b/config/rootfiles/core/130/update.sh
@@ -37,21 +37,6 @@ if [ -e "/etc/init.d/suricata" ]; then
 	/etc/init.d/suricata stop
 fi
=20
-# Remove files
-rm -rfv \
-	/etc/rc.d/rc*.d/*snort \
-	/etc/rc.d/init.d/networking/red.up/23-RS-snort \
-	/etc/snort \
-	/usr/bin/daq-modules-config \
-	/usr/bin/u2boat \
-	/usr/bin/u2spewfoo \
-	/usr/lib/daq \
-	/usr/lib/snort \
-	/usr/lib/libdaq.so* \
-	/usr/lib/libsfbpf.so* \
-	/usr/local/bin/snortctl \
-	/usr/sbin/snort
-
 # Rename snort user to suricata
 if getent group snort &>/dev/null; then
 	groupmod -n suricata snort
@@ -74,6 +59,22 @@ ldconfig
 # Migrate snort configuration to suricata
 /usr/sbin/convert-snort
=20
+# Remove files
+rm -rfv \
+	/etc/rc.d/rc*.d/*snort \
+	/etc/rc.d/init.d/networking/red.up/23-RS-snort \
+	/etc/snort \
+	/usr/bin/daq-modules-config \
+	/usr/bin/u2boat \
+	/usr/bin/u2spewfoo \
+	/usr/lib/daq \
+	/usr/lib/snort \
+	/usr/lib/libdaq.so* \
+	/usr/lib/libsfbpf.so* \
+	/usr/local/bin/snortctl \
+	/usr/sbin/snort \
+	/var/ipfire/snort
+
 # Start services
 /etc/init.d/collectd restart
 /etc/init.d/firewall restart
--=20
2.20.1


--===============8223782919553470681==--