Okay... > On 18 Mar 2019, at 19:15, Stefan Schantl wrote: > >> Why would the converter read snort.conf? > > Because the enabled rule files (categories) are stored in this file. > >> >> I agree. > > Thanks, so please ignore the current patch. > > I'll send a new one to take care of all of this. > >> >>> On 18 Mar 2019, at 19:11, Stefan Schantl >>> wrote: >>> >>>> Hi, >>>> >>>> I do not see why the converter does not take care of the removal. >>>> That would only be one place. >>> >>> Me, too - I simply implemented it in the same way all other >>> converters >>> will be handled by the backup.pl script.... >>> >>> But I found an other really important issue in the core 130 >>> update.sh >>> and the converter. >>> >>> The "/etc/snort/snort.conf" will be deleted very early. Exactly >>> before >>> the converter has been the chance to read the settings from this >>> file. >>> >>> I'll send a patch to do the removal of the whole snort stuff and >>> the >>> settings in one step after the converter has done it's work, if you >>> agree with me. >>> >>>> But I will merge this if you want me to. >>>> >>>> -Michael >>>> >>>>> On 18 Mar 2019, at 19:04, Stefan Schantl < >>>>> stefan.schantl(a)ipfire.org >>>>>> wrote: >>>>>> Almost? >>>>> >>>>> As long as the files are present, the settings will be >>>>> converted. >>>>> May >>>>> in special cases if a user does something really weird may the >>>>> converter will fail, but in this case I think it even would be >>>>> better >>>>> start a new clean IPS configuration. >>>>> >>>>>> How is this directory removed when a backup was restored? >>>>>> >>>>> >>>>> By the backup.pl script. It checks if after the backup a snort >>>>> settings >>>>> dir (/var/ipfire/snort) exists, launches the converter and >>>>> afterwards >>>>> deletes the directory. >>>>> >>>>> See: >>>>> >>>>> https://git.ipfire.org/?p=ipfire-2.x.git;a=commit;h=8c27372438dd267648cba48b86d85a594f14be1c >>>>> >>>>>> -Michael >>>>>> >>>>>>> On 18 Mar 2019, at 18:56, Stefan Schantl < >>>>>>> stefan.schantl(a)ipfire.org >>>>>>>> wrote: >>>>>>> >>>>>>> Hello Michael, >>>>>>>> Hi, >>>>>>>> >>>>>>>> What happens when the converter has failed? Is that a >>>>>>>> possibility? >>>>>>> >>>>>>> There is almost no risk, that this would be happened. >>>>>>> >>>>>>> It contains checks if all corresponding files are present >>>>>>> and >>>>>>> will >>>>>>> contain the settings from them - I do not see a case where >>>>>>> any >>>>>>> problems >>>>>>> can be happen. >>>>>>> >>>>>>> Best regards, >>>>>>> >>>>>>> -Stefan >>>>>>> >>>>>>>> -Michael >>>>>>>> >>>>>>>>> On 18 Mar 2019, at 18:46, Stefan Schantl < >>>>>>>>> stefan.schantl(a)ipfire.org >>>>>>>>>> wrote: >>>>>>>>> >>>>>>>>> When all settings have been converted, the files and >>>>>>>>> directory >>>>>>>>> are >>>>>>>>> not >>>>>>>>> needed anymore. >>>>>>>>> >>>>>>>>> If they will be left and at a later time an backup will >>>>>>>>> be >>>>>>>>> restored, the >>>>>>>>> converter will be started by the backup script again >>>>>>>>> and >>>>>>>>> would >>>>>>>>> be >>>>>>>>> restore those >>>>>>>>> old snort settings and replace the current IPS >>>>>>>>> settings. >>>>>>>>> >>>>>>>>> Signed-off-by: Stefan Schantl < >>>>>>>>> stefan.schantl(a)ipfire.org> >>>>>>>>> --- >>>>>>>>> config/rootfiles/core/130/update.sh | 3 +++ >>>>>>>>> 1 file changed, 3 insertions(+) >>>>>>>>> >>>>>>>>> diff --git a/config/rootfiles/core/130/update.sh >>>>>>>>> b/config/rootfiles/core/130/update.sh >>>>>>>>> index d33321c32..f3dc0d85a 100644 >>>>>>>>> --- a/config/rootfiles/core/130/update.sh >>>>>>>>> +++ b/config/rootfiles/core/130/update.sh >>>>>>>>> @@ -74,6 +74,9 @@ ldconfig >>>>>>>>> # Migrate snort configuration to suricata >>>>>>>>> /usr/sbin/convert-snort >>>>>>>>> >>>>>>>>> +# Remove snort settings >>>>>>>>> +rm -rvf /var/ipfire/snort >>>>>>>>> + >>>>>>>>> # Start services >>>>>>>>> /etc/init.d/collectd restart >>>>>>>>> /etc/init.d/firewall restart >>>>>>>>> -- >>>>>>>>> 2.20.1 >>>>>>>>>