From mboxrd@z Thu Jan 1 00:00:00 1970 From: Stefan Schantl To: development@lists.ipfire.org Subject: Re: [PATCH] core 130: Remove snort settings dir after convert has run. Date: Mon, 18 Mar 2019 20:15:00 +0100 Message-ID: <4cb758d60f918d342c9ec0ea989a4494a1ecf760.camel@ipfire.org> In-Reply-To: <0DAF84CB-ED9A-44CA-BAC4-A56F38C66B49@ipfire.org> MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="===============6310309059448652089==" List-Id: --===============6310309059448652089== Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable > Why would the converter read snort.conf? Because the enabled rule files (categories) are stored in this file. >=20 > I agree. Thanks, so please ignore the current patch. I'll send a new one to take care of all of this. >=20 > > On 18 Mar 2019, at 19:11, Stefan Schantl > > wrote: > >=20 > > > Hi, > > >=20 > > > I do not see why the converter does not take care of the removal. > > > That would only be one place. > >=20 > > Me, too - I simply implemented it in the same way all other > > converters > > will be handled by the backup.pl script.... > >=20 > > But I found an other really important issue in the core 130 > > update.sh > > and the converter. > >=20 > > The "/etc/snort/snort.conf" will be deleted very early. Exactly > > before > > the converter has been the chance to read the settings from this > > file. > >=20 > > I'll send a patch to do the removal of the whole snort stuff and > > the > > settings in one step after the converter has done it's work, if you > > agree with me. > >=20 > > > But I will merge this if you want me to. > > >=20 > > > -Michael > > >=20 > > > > On 18 Mar 2019, at 19:04, Stefan Schantl < > > > > stefan.schantl(a)ipfire.org > > > > > wrote: > > > > > Almost? > > > >=20 > > > > As long as the files are present, the settings will be > > > > converted. > > > > May > > > > in special cases if a user does something really weird may the > > > > converter will fail, but in this case I think it even would be > > > > better > > > > start a new clean IPS configuration. > > > >=20 > > > > > How is this directory removed when a backup was restored? > > > > >=20 > > > >=20 > > > > By the backup.pl script. It checks if after the backup a snort > > > > settings > > > > dir (/var/ipfire/snort) exists, launches the converter and > > > > afterwards > > > > deletes the directory. > > > >=20 > > > > See: > > > >=20 > > > > https://git.ipfire.org/?p=3Dipfire-2.x.git;a=3Dcommit;h=3D8c27372438d= d267648cba48b86d85a594f14be1c > > > >=20 > > > > > -Michael > > > > >=20 > > > > > > On 18 Mar 2019, at 18:56, Stefan Schantl < > > > > > > stefan.schantl(a)ipfire.org > > > > > > > wrote: > > > > > >=20 > > > > > > Hello Michael, > > > > > > > Hi, > > > > > > >=20 > > > > > > > What happens when the converter has failed? Is that a > > > > > > > possibility? > > > > > >=20 > > > > > > There is almost no risk, that this would be happened. > > > > > >=20 > > > > > > It contains checks if all corresponding files are present > > > > > > and > > > > > > will > > > > > > contain the settings from them - I do not see a case where > > > > > > any > > > > > > problems > > > > > > can be happen. > > > > > >=20 > > > > > > Best regards, > > > > > >=20 > > > > > > -Stefan > > > > > >=20 > > > > > > > -Michael > > > > > > >=20 > > > > > > > > On 18 Mar 2019, at 18:46, Stefan Schantl < > > > > > > > > stefan.schantl(a)ipfire.org > > > > > > > > > wrote: > > > > > > > >=20 > > > > > > > > When all settings have been converted, the files and > > > > > > > > directory > > > > > > > > are > > > > > > > > not > > > > > > > > needed anymore. > > > > > > > >=20 > > > > > > > > If they will be left and at a later time an backup will > > > > > > > > be > > > > > > > > restored, the > > > > > > > > converter will be started by the backup script again > > > > > > > > and > > > > > > > > would > > > > > > > > be > > > > > > > > restore those > > > > > > > > old snort settings and replace the current IPS > > > > > > > > settings. > > > > > > > >=20 > > > > > > > > Signed-off-by: Stefan Schantl < > > > > > > > > stefan.schantl(a)ipfire.org> > > > > > > > > --- > > > > > > > > config/rootfiles/core/130/update.sh | 3 +++ > > > > > > > > 1 file changed, 3 insertions(+) > > > > > > > >=20 > > > > > > > > diff --git a/config/rootfiles/core/130/update.sh > > > > > > > > b/config/rootfiles/core/130/update.sh > > > > > > > > index d33321c32..f3dc0d85a 100644 > > > > > > > > --- a/config/rootfiles/core/130/update.sh > > > > > > > > +++ b/config/rootfiles/core/130/update.sh > > > > > > > > @@ -74,6 +74,9 @@ ldconfig > > > > > > > > # Migrate snort configuration to suricata > > > > > > > > /usr/sbin/convert-snort > > > > > > > >=20 > > > > > > > > +# Remove snort settings > > > > > > > > +rm -rvf /var/ipfire/snort > > > > > > > > + > > > > > > > > # Start services > > > > > > > > /etc/init.d/collectd restart > > > > > > > > /etc/init.d/firewall restart > > > > > > > > --=20 > > > > > > > > 2.20.1 > > > > > > > >=20 --===============6310309059448652089== Content-Type: application/pgp-signature Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="signature.asc" MIME-Version: 1.0 LS0tLS1CRUdJTiBQR1AgU0lHTkFUVVJFLS0tLS0KCmlRSXpCQUFCQ2dBZEZpRUVXTzBOWHRTcnZo YXN5dERuVHRkT0ZZK1RzdDRGQWx5UDdqUUFDZ2tRVHRkT0ZZK1QKc3Q1OHJ3LytLUGxwTTFGaXcv UGp1aGdGVjAwZDFSVWUweVJMUTRETS9GYit2bXFRQWhKS21BT1owR20vdEFIaQpJeDBwWHBDeWNT bzVIWk50MjN1YUZPRUg3elBtR29kR214bzBSaGhpYzlYY3kxYkFGcE5reHNaVlZZcll4dGx2ClFP akZ4YTZTbnc3ajFCb1EvNm1JRFdwQnFwd0t6RmdUNVYzVCtjZkppWUlPU3krTUgwakhsN2l6ak5p aVI1dzEKWnQvMmY0VEZoNHV3UHkyUzhGM2hHR3JTY1pNdW9EWjk0cDUwV2ZsM1RncmhlSXErNXFk MjZQTmlaTlFyZ01aMgpXSDI0TWU2TU1ibENQdGNqT2xNa2xkMHlQY2JVeXYra05GTXZxelpLdlhq SjJXMWVTMGVDVFBVWTRzN1I5Y2Y0CnE0WXI0RjVtMmkvS2JpS1pHTzlCeUVSSWtPeXRFTlNhWXYx Yy9NKzgxSlR1TnhGb1Y0WmVnbUVXeThsN0QzMy8KeDZTM0RBdFZHM3U4S2lPTytFZjB1SURjSmJo bnJpaDg3VjVtYVZBUmZabkR4a1doNklWQzR5bktidloweldXcApRb1paRFdYSjlObngrR29xZXQy ZnI1dlBVOW1WMkxzTWd3M09PKzdLbWJoWXpSdHVxL25YWEJaSFcxUXArVTRFCnpoNGFjZDIrYkJy dURNMnZmcnNaWVRBSlZmMTEvTE5EZ1dkSTZuU2ZQUVZzT0t3TkdwWjhQRHVmck9leEQ5VzgKYXZ5 cDRXc1hWVFhidC9RYjRGS2VMZU9VTysyNUN1TGVQdWhia3hOR2NHd0lCOTNJUjRCSXZyRGIvUEFt UXJ3egpROGhNRGMySnV4ZTc0SldSZC9PcnZ4VnlRY3llYWFBRzdPUVRCSzJ2eEhEOXNpREUreDQ9 Cj1Jb3F5Ci0tLS0tRU5EIFBHUCBTSUdOQVRVUkUtLS0tLQo= --===============6310309059448652089==--