From patchwork Tue Mar 19 06:33:28 2019
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Stefan Schantl <stefan.schantl@ipfire.org>
X-Patchwork-Id: 2157
Return-Path: <development-bounces@lists.ipfire.org>
Received: from mail01.ipfire.org (mail01.i.ipfire.org [172.28.1.200])
	(using TLSv1.2 with cipher ECDHE-ECDSA-AES256-GCM-SHA384 (256/256
	bits)) (Client CN "mail01.ipfire.org",
	Issuer "Let's Encrypt Authority X3" (verified OK))
	by web07.i.ipfire.org (Postfix) with ESMTPS id 25DF084ECB6
	for <patchwork@web07.i.ipfire.org>;
	Mon, 18 Mar 2019 19:33:35 +0000 (GMT)
Received: from mail01.i.ipfire.org (localhost [IPv6:::1])
	by mail01.ipfire.org (Postfix) with ESMTP id 44NRDt2PGLz50w2Z;
	Mon, 18 Mar 2019 19:33:34 +0000 (GMT)
Received: from tuxedo.stevee (213162073003.public.t-mobile.at [213.162.73.3])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256
	bits)) (Client did not present a certificate)
	by mail01.ipfire.org (Postfix) with ESMTPSA id 44NRDq3sr1z4y738;
	Mon, 18 Mar 2019 19:33:31 +0000 (GMT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ipfire.org; s=201801;
	t=1552937611;
	h=from:from:sender:reply-to:subject:subject:date:date:
	message-id:message-id:to:to:cc:cc:mime-version:mime-version:
	content-type:content-transfer-encoding:content-transfer-encoding:
	in-reply-to:in-reply-to:references:references;
	bh=kCCTRCsY3lOomFtcviHHB8hlOxNvACFon4XFxn44WCc=;
	b=gTfdtsoBjqydJyY9LVekiNYT7djebgUs95HrX2hsQm6oO2HwBOhDsIu7bAJama9T831dQq
	1QkipCUaASPKgdl6khLeTWQNZnLvEYmvpW4k3WDFKVtZhokxQQEGOJEAJecy3pOPRNA/+J
	ujuT+pI0GURoefQaqvEPLVGzPy5k45qGe60dfIDtStvc64KSf8NRbT2a1uUvq7dVB7vDQT
	5eAK4oC7liDQ2wvvVj7rKH/OigLlFvaBtp+7uq9nUlznLiGTtNkK+4rF/vPS1TxxXUx1LQ
	IRto9nEy5YJUQni906WgP1QSVJY8JBdZAjaGgog/AqRdlS4RPQaRPBwUh3CK7Q==
From: Stefan Schantl <stefan.schantl@ipfire.org>
To: development@lists.ipfire.org
Subject: [PATCH] Core 130: Remove files after convert-snort has been launched
Date: Mon, 18 Mar 2019 20:33:28 +0100
Message-Id: <20190318193328.4815-1-stefan.schantl@ipfire.org>
X-Mailer: git-send-email 2.20.1
In-Reply-To: <0DAF84CB-ED9A-44CA-BAC4-A56F38C66B49@ipfire.org>
References: <0DAF84CB-ED9A-44CA-BAC4-A56F38C66B49@ipfire.org>
MIME-Version: 1.0
X-Spamd-Result: default: False [1.00 / 11.00]; ARC_NA(0.00)[];
	FROM_HAS_DN(0.00)[]; TO_DN_SOME(0.00)[];
	TO_MATCH_ENVRCPT_ALL(0.00)[]; R_MISSING_CHARSET(2.50)[];
	REPLY(-4.00)[]; BROKEN_CONTENT_TYPE(1.50)[];
	DKIM_SIGNED(0.00)[]; RCPT_COUNT_TWO(0.00)[2];
	MID_CONTAINS_FROM(1.00)[]; RCVD_COUNT_ZERO(0.00)[0];
	FROM_EQ_ENVFROM(0.00)[]; MIME_TRACE(0.00)[0:~];
	ASN(0.00)[asn:8412, ipnet:213.162.64.0/19, country:AT]
Authentication-Results: mail01.ipfire.org;
	auth=pass smtp.auth=stevee smtp.mailfrom=stefan.schantl@ipfire.org
X-BeenThere: development@lists.ipfire.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: IPFire development talk <development.lists.ipfire.org>
List-Unsubscribe: <https://lists.ipfire.org/mailman/options/development>,
	<mailto:development-request@lists.ipfire.org?subject=unsubscribe>
List-Archive: <https://lists.ipfire.org/pipermail/development/>
List-Post: <mailto:development@lists.ipfire.org>
List-Help: <mailto:development-request@lists.ipfire.org?subject=help>
List-Subscribe: <https://lists.ipfire.org/mailman/listinfo/development>,
	<mailto:development-request@lists.ipfire.org?subject=subscribe>
Errors-To: development-bounces@lists.ipfire.org
Sender: "Development" <development-bounces@lists.ipfire.org>

The converter requires /etc/snort/snort.conf to grab the used rule files
(categories). After all settings have been converted, we are fine to delete all
snort related files, because none of them is needed anymore.

Also the /var/ipfire/snort directory needs to be deleted. If it will be left on the
system and at any later time a backup will get restored, the converter will be
started by the backup script, because it detects that a snort settins dir exists
and would be restore the old snort settings and replaces all current IPS settings.

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
---
 config/rootfiles/core/130/update.sh | 31 +++++++++++++++--------------
 1 file changed, 16 insertions(+), 15 deletions(-)

diff --git a/config/rootfiles/core/130/update.sh b/config/rootfiles/core/130/update.sh
index d33321c32..6d32bdba2 100644
--- a/config/rootfiles/core/130/update.sh
+++ b/config/rootfiles/core/130/update.sh
@@ -37,21 +37,6 @@ if [ -e "/etc/init.d/suricata" ]; then
 	/etc/init.d/suricata stop
 fi
 
-# Remove files
-rm -rfv \
-	/etc/rc.d/rc*.d/*snort \
-	/etc/rc.d/init.d/networking/red.up/23-RS-snort \
-	/etc/snort \
-	/usr/bin/daq-modules-config \
-	/usr/bin/u2boat \
-	/usr/bin/u2spewfoo \
-	/usr/lib/daq \
-	/usr/lib/snort \
-	/usr/lib/libdaq.so* \
-	/usr/lib/libsfbpf.so* \
-	/usr/local/bin/snortctl \
-	/usr/sbin/snort
-
 # Rename snort user to suricata
 if getent group snort &>/dev/null; then
 	groupmod -n suricata snort
@@ -74,6 +59,22 @@ ldconfig
 # Migrate snort configuration to suricata
 /usr/sbin/convert-snort
 
+# Remove files
+rm -rfv \
+	/etc/rc.d/rc*.d/*snort \
+	/etc/rc.d/init.d/networking/red.up/23-RS-snort \
+	/etc/snort \
+	/usr/bin/daq-modules-config \
+	/usr/bin/u2boat \
+	/usr/bin/u2spewfoo \
+	/usr/lib/daq \
+	/usr/lib/snort \
+	/usr/lib/libdaq.so* \
+	/usr/lib/libsfbpf.so* \
+	/usr/local/bin/snortctl \
+	/usr/sbin/snort \
+	/var/ipfire/snort
+
 # Start services
 /etc/init.d/collectd restart
 /etc/init.d/firewall restart