From mboxrd@z Thu Jan 1 00:00:00 1970 From: Stefan Schantl To: development@lists.ipfire.org Subject: Re: [PATCH] core 130: Remove snort settings dir after convert has run. Date: Mon, 18 Mar 2019 20:11:41 +0100 Message-ID: <4f3c88b813d64cde1a074ce3b317fbbcf5c4d1e8.camel@ipfire.org> In-Reply-To: <064B3B73-4F78-44CF-AC18-1160635FFB23@ipfire.org> MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="===============4800230589799480865==" List-Id: --===============4800230589799480865== Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable > Hi, >=20 > I do not see why the converter does not take care of the removal. > That would only be one place. Me, too - I simply implemented it in the same way all other converters will be handled by the backup.pl script.... But I found an other really important issue in the core 130 update.sh and the converter. The "/etc/snort/snort.conf" will be deleted very early. Exactly before the converter has been the chance to read the settings from this file. I'll send a patch to do the removal of the whole snort stuff and the settings in one step after the converter has done it's work, if you agree with me. >=20 > But I will merge this if you want me to. >=20 > -Michael >=20 > > On 18 Mar 2019, at 19:04, Stefan Schantl > > wrote: > >=20 > > > Almost? > >=20 > > As long as the files are present, the settings will be converted. > > May > > in special cases if a user does something really weird may the > > converter will fail, but in this case I think it even would be > > better > > start a new clean IPS configuration. > >=20 > > > How is this directory removed when a backup was restored? > > >=20 > >=20 > > By the backup.pl script. It checks if after the backup a snort > > settings > > dir (/var/ipfire/snort) exists, launches the converter and > > afterwards > > deletes the directory. > >=20 > > See: > >=20 > > https://git.ipfire.org/?p=3Dipfire-2.x.git;a=3Dcommit;h=3D8c27372438dd267= 648cba48b86d85a594f14be1c > >=20 > > > -Michael > > >=20 > > > > On 18 Mar 2019, at 18:56, Stefan Schantl < > > > > stefan.schantl(a)ipfire.org > > > > > wrote: > > > >=20 > > > > Hello Michael, > > > > > Hi, > > > > >=20 > > > > > What happens when the converter has failed? Is that a > > > > > possibility? > > > >=20 > > > > There is almost no risk, that this would be happened. > > > >=20 > > > > It contains checks if all corresponding files are present and > > > > will > > > > contain the settings from them - I do not see a case where any > > > > problems > > > > can be happen. > > > >=20 > > > > Best regards, > > > >=20 > > > > -Stefan > > > >=20 > > > > > -Michael > > > > >=20 > > > > > > On 18 Mar 2019, at 18:46, Stefan Schantl < > > > > > > stefan.schantl(a)ipfire.org > > > > > > > wrote: > > > > > >=20 > > > > > > When all settings have been converted, the files and > > > > > > directory > > > > > > are > > > > > > not > > > > > > needed anymore. > > > > > >=20 > > > > > > If they will be left and at a later time an backup will be > > > > > > restored, the > > > > > > converter will be started by the backup script again and > > > > > > would > > > > > > be > > > > > > restore those > > > > > > old snort settings and replace the current IPS settings. > > > > > >=20 > > > > > > Signed-off-by: Stefan Schantl > > > > > > --- > > > > > > config/rootfiles/core/130/update.sh | 3 +++ > > > > > > 1 file changed, 3 insertions(+) > > > > > >=20 > > > > > > diff --git a/config/rootfiles/core/130/update.sh > > > > > > b/config/rootfiles/core/130/update.sh > > > > > > index d33321c32..f3dc0d85a 100644 > > > > > > --- a/config/rootfiles/core/130/update.sh > > > > > > +++ b/config/rootfiles/core/130/update.sh > > > > > > @@ -74,6 +74,9 @@ ldconfig > > > > > > # Migrate snort configuration to suricata > > > > > > /usr/sbin/convert-snort > > > > > >=20 > > > > > > +# Remove snort settings > > > > > > +rm -rvf /var/ipfire/snort > > > > > > + > > > > > > # Start services > > > > > > /etc/init.d/collectd restart > > > > > > /etc/init.d/firewall restart > > > > > > --=20 > > > > > > 2.20.1 > > > > > >=20 --===============4800230589799480865== Content-Type: application/pgp-signature Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="signature.asc" MIME-Version: 1.0 LS0tLS1CRUdJTiBQR1AgU0lHTkFUVVJFLS0tLS0KCmlRSXpCQUFCQ2dBZEZpRUVXTzBOWHRTcnZo YXN5dERuVHRkT0ZZK1RzdDRGQWx5UDdXNEFDZ2tRVHRkT0ZZK1QKc3Q3R1FCQUFtQldMVElZZHlh T0s5QmlVS0hxd0ZBdXIrY0lHSmxhamJHWTZaOHhNa2x3L1hpQjBLb3phNHBMdQoxbER6K2t3djFX ZlNVaG5ETXd4dGh2ZEF6SFhMZXZTTm9KUFBFVFY0Y0JzWHI1ZG5CZXR3ak9aZHVzWWdkRnptCnA2 M0xuMHNIZWdYTmkzSkhxN25sR284TFhZU0pWbmRzTWJSWjJNR3grR2orWUhTYmRVcG5wSHptQ2JR YndXeW8KNjgxVk4vVVd0TjdNK0hNOVpWaGVoRm9jZG5DdUhneHFzcjdVaUFoeXExZFQ5S1dSRUdB NFErcjE0MW1UUGp6awpGeVdEd3NVZEdsMlRoeFpDcEZtZU5aalVsNEtIa3NaeHh5ZStPSDJLVk51 VjU4dWJ4bW9rWmxRWDVmeW9lZmhECjBTWXg3V1pOOU10d0ppbnNSeUxSTmJoKzVnZzNFN2NwN0Yx aUdMc2dTbW81cE90Y1BxRm96ejcvWldFUG51b1kKWmNLSlJDTnNtbFNORmRibXhCQUp2bVVwVWQ4 NXhpWkpIVVFJNXMyTWc2Q0hiWlpSRWpkNGdreDdHUkNvS1A4YQo5U2VFTkV2Z0FNcm5ubTlsd0lN bHBIN2UvSEt1dkFGNC9vdFF2OXBvM0FqVnVxTjhRWUx5WjhJNld5NmlPMDZoCmJVekFac1RxdDMr cEhvRWVDUTlLSVBKdThtbEJmY0NmbjdURmllaUkxcmVNOG1XM2wwdXkwTFBxNnRhWVpaNXgKL1dJ RkJoS2hFVFE2ZHIzckJmalVVZS8zSitOSmlSSG1ucXFDSStVTS9VTll1V2ZmTkdxaSthaWhQSEJn YURhSgpSWHdMVmtDRG90THBJUHhJLzBkcTc0YWNFYllORTUrYkpTTDVLU0NVVHZQSEdmS2ZNZGM9 Cj1OblVaCi0tLS0tRU5EIFBHUCBTSUdOQVRVUkUtLS0tLQo= --===============4800230589799480865==--