> Hi, > > I do not see why the converter does not take care of the removal. > That would only be one place. Me, too - I simply implemented it in the same way all other converters will be handled by the backup.pl script.... But I found an other really important issue in the core 130 update.sh and the converter. The "/etc/snort/snort.conf" will be deleted very early. Exactly before the converter has been the chance to read the settings from this file. I'll send a patch to do the removal of the whole snort stuff and the settings in one step after the converter has done it's work, if you agree with me. > > But I will merge this if you want me to. > > -Michael > > > On 18 Mar 2019, at 19:04, Stefan Schantl > > wrote: > > > > > Almost? > > > > As long as the files are present, the settings will be converted. > > May > > in special cases if a user does something really weird may the > > converter will fail, but in this case I think it even would be > > better > > start a new clean IPS configuration. > > > > > How is this directory removed when a backup was restored? > > > > > > > By the backup.pl script. It checks if after the backup a snort > > settings > > dir (/var/ipfire/snort) exists, launches the converter and > > afterwards > > deletes the directory. > > > > See: > > > > https://git.ipfire.org/?p=ipfire-2.x.git;a=commit;h=8c27372438dd267648cba48b86d85a594f14be1c > > > > > -Michael > > > > > > > On 18 Mar 2019, at 18:56, Stefan Schantl < > > > > stefan.schantl(a)ipfire.org > > > > > wrote: > > > > > > > > Hello Michael, > > > > > Hi, > > > > > > > > > > What happens when the converter has failed? Is that a > > > > > possibility? > > > > > > > > There is almost no risk, that this would be happened. > > > > > > > > It contains checks if all corresponding files are present and > > > > will > > > > contain the settings from them - I do not see a case where any > > > > problems > > > > can be happen. > > > > > > > > Best regards, > > > > > > > > -Stefan > > > > > > > > > -Michael > > > > > > > > > > > On 18 Mar 2019, at 18:46, Stefan Schantl < > > > > > > stefan.schantl(a)ipfire.org > > > > > > > wrote: > > > > > > > > > > > > When all settings have been converted, the files and > > > > > > directory > > > > > > are > > > > > > not > > > > > > needed anymore. > > > > > > > > > > > > If they will be left and at a later time an backup will be > > > > > > restored, the > > > > > > converter will be started by the backup script again and > > > > > > would > > > > > > be > > > > > > restore those > > > > > > old snort settings and replace the current IPS settings. > > > > > > > > > > > > Signed-off-by: Stefan Schantl > > > > > > --- > > > > > > config/rootfiles/core/130/update.sh | 3 +++ > > > > > > 1 file changed, 3 insertions(+) > > > > > > > > > > > > diff --git a/config/rootfiles/core/130/update.sh > > > > > > b/config/rootfiles/core/130/update.sh > > > > > > index d33321c32..f3dc0d85a 100644 > > > > > > --- a/config/rootfiles/core/130/update.sh > > > > > > +++ b/config/rootfiles/core/130/update.sh > > > > > > @@ -74,6 +74,9 @@ ldconfig > > > > > > # Migrate snort configuration to suricata > > > > > > /usr/sbin/convert-snort > > > > > > > > > > > > +# Remove snort settings > > > > > > +rm -rvf /var/ipfire/snort > > > > > > + > > > > > > # Start services > > > > > > /etc/init.d/collectd restart > > > > > > /etc/init.d/firewall restart > > > > > > -- > > > > > > 2.20.1 > > > > > >