The converter requires /etc/snort/snort.conf to grab the used rule files (categories). After all settings have been converted, we are fine to delete all snort related files, because none of them is needed anymore.
Also the /var/ipfire/snort directory needs to be deleted. If it will be left on the system and at any later time a backup will get restored, the converter will be started by the backup script, because it detects that a snort settins dir exists and would be restore the old snort settings and replaces all current IPS settings.
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org --- config/rootfiles/core/130/update.sh | 31 +++++++++++++++-------------- 1 file changed, 16 insertions(+), 15 deletions(-)
diff --git a/config/rootfiles/core/130/update.sh b/config/rootfiles/core/130/update.sh index d33321c32..6d32bdba2 100644 --- a/config/rootfiles/core/130/update.sh +++ b/config/rootfiles/core/130/update.sh @@ -37,21 +37,6 @@ if [ -e "/etc/init.d/suricata" ]; then /etc/init.d/suricata stop fi
-# Remove files -rm -rfv \ - /etc/rc.d/rc*.d/*snort \ - /etc/rc.d/init.d/networking/red.up/23-RS-snort \ - /etc/snort \ - /usr/bin/daq-modules-config \ - /usr/bin/u2boat \ - /usr/bin/u2spewfoo \ - /usr/lib/daq \ - /usr/lib/snort \ - /usr/lib/libdaq.so* \ - /usr/lib/libsfbpf.so* \ - /usr/local/bin/snortctl \ - /usr/sbin/snort - # Rename snort user to suricata if getent group snort &>/dev/null; then groupmod -n suricata snort @@ -74,6 +59,22 @@ ldconfig # Migrate snort configuration to suricata /usr/sbin/convert-snort
+# Remove files +rm -rfv \ + /etc/rc.d/rc*.d/*snort \ + /etc/rc.d/init.d/networking/red.up/23-RS-snort \ + /etc/snort \ + /usr/bin/daq-modules-config \ + /usr/bin/u2boat \ + /usr/bin/u2spewfoo \ + /usr/lib/daq \ + /usr/lib/snort \ + /usr/lib/libdaq.so* \ + /usr/lib/libsfbpf.so* \ + /usr/local/bin/snortctl \ + /usr/sbin/snort \ + /var/ipfire/snort + # Start services /etc/init.d/collectd restart /etc/init.d/firewall restart