Hi,
I do not see why the converter does not take care of the removal. That would only be one place.
But I will merge this if you want me to.
-Michael
On 18 Mar 2019, at 19:04, Stefan Schantl stefan.schantl@ipfire.org wrote:
Almost?
As long as the files are present, the settings will be converted. May in special cases if a user does something really weird may the converter will fail, but in this case I think it even would be better start a new clean IPS configuration.
How is this directory removed when a backup was restored?
By the backup.pl script. It checks if after the backup a snort settings dir (/var/ipfire/snort) exists, launches the converter and afterwards deletes the directory.
See:
https://git.ipfire.org/?p=ipfire-2.x.git;a=commit;h=8c27372438dd267648cba48b...
-Michael
On 18 Mar 2019, at 18:56, Stefan Schantl <stefan.schantl@ipfire.org
wrote:
Hello Michael,
Hi,
What happens when the converter has failed? Is that a possibility?
There is almost no risk, that this would be happened.
It contains checks if all corresponding files are present and will contain the settings from them - I do not see a case where any problems can be happen.
Best regards,
-Stefan
-Michael
On 18 Mar 2019, at 18:46, Stefan Schantl < stefan.schantl@ipfire.org
wrote:
When all settings have been converted, the files and directory are not needed anymore.
If they will be left and at a later time an backup will be restored, the converter will be started by the backup script again and would be restore those old snort settings and replace the current IPS settings.
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org
config/rootfiles/core/130/update.sh | 3 +++ 1 file changed, 3 insertions(+)
diff --git a/config/rootfiles/core/130/update.sh b/config/rootfiles/core/130/update.sh index d33321c32..f3dc0d85a 100644 --- a/config/rootfiles/core/130/update.sh +++ b/config/rootfiles/core/130/update.sh @@ -74,6 +74,9 @@ ldconfig # Migrate snort configuration to suricata /usr/sbin/convert-snort
+# Remove snort settings +rm -rvf /var/ipfire/snort
# Start services /etc/init.d/collectd restart /etc/init.d/firewall restart -- 2.20.1