From patchwork Tue Nov 5 10:24:00 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Stefan Schantl X-Patchwork-Id: 2579 Return-Path: Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) server-digest SHA384 client-signature ECDSA (P-384) client-digest SHA384) (Client CN "mail01.haj.ipfire.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by web04.haj.ipfire.org (Postfix) with ESMTPS id 476m3t0JrYz43TZ for ; Tue, 5 Nov 2019 10:24:10 +0000 (UTC) Received: from mail02.haj.ipfire.org (mail02.haj.ipfire.org [172.28.1.201]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) server-digest SHA384 client-signature ECDSA (P-384) client-digest SHA384) (Client CN "mail02.haj.ipfire.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mail01.ipfire.org (Postfix) with ESMTPS id 476m3s4dMDz6BN; Tue, 5 Nov 2019 10:24:09 +0000 (UTC) Received: from mail02.haj.ipfire.org (localhost [127.0.0.1]) by mail02.haj.ipfire.org (Postfix) with ESMTP id 476m3s3l5Bz2yjV; Tue, 5 Nov 2019 10:24:09 +0000 (UTC) Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) client-signature ECDSA (P-384)) (Client CN "mail01.haj.ipfire.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mail02.haj.ipfire.org (Postfix) with ESMTPS id 476m3r0PzRz2ybb for ; Tue, 5 Nov 2019 10:24:08 +0000 (UTC) Received: from [127.0.0.1] (localhost [127.0.0.1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) server-digest SHA384) (Client did not present a certificate) by mail01.ipfire.org (Postfix) with ESMTPSA id 476m3q46Y5z4XP; Tue, 5 Nov 2019 10:24:07 +0000 (UTC) DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=ipfire.org; s=201909ed25519; t=1572949447; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding; bh=60NyKGZKrppJCQTjq3cNfj0tZNbJI2aj/YfiPvAFfoA=; b=mMGz+0UcPNqMVo4JxJ34hSRj2Cn8UZu9YlE42EN2QSuAnAv/LQ+n/VQmgoGAEck12fBA3t z11kulcSE72O6XDw== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ipfire.org; s=201909rsa; t=1572949447; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding; bh=60NyKGZKrppJCQTjq3cNfj0tZNbJI2aj/YfiPvAFfoA=; b=W332O7Ock9H8qMCXpIxlzkANVnT0Q4XEM5Wx7jkSEQOyCsa/jm99KN0LT+kVSwKtwOvmzk T+dLXirpoN+1cyMyy/K9ZSNEpvDduGPHcx9rrKHB7oOzUkFHlPRB4t1mvtxT+PZ5a5wfHM WuKWKXpcgGPOld8ME8uUJe7g3Qly6bLBuYfisa9Qy6UrD/sFun3iRUzLAjo5OAEPf4aeXt q8BeJIVbqjiF+xr1uUaFHXtAam3gTgfGovR+TqBHz8WXu3tw7+828pNOJsK5FQZJOWuTLk a6d39HV0dEKqW78bvZXw0nFTbBod4dWPjblprMwbE6XTt3VsnUa/+Iy1BqaNCQ== From: Stefan Schantl To: development@lists.ipfire.org Subject: [PATCH] convert-snort: Check and convert snort user and group. Date: Tue, 5 Nov 2019 11:24:00 +0100 Message-Id: <20191105102400.5686-1-stefan.schantl@ipfire.org> MIME-Version: 1.0 Authentication-Results: mail01.ipfire.org; auth=pass smtp.auth=stevee smtp.mailfrom=stefan.schantl@ipfire.org X-BeenThere: development@lists.ipfire.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: IPFire development talk List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: development-bounces@lists.ipfire.org Sender: "Development" Fixes #12102. Signed-off-by: Stefan Schantl --- config/suricata/convert-snort | 57 ++++++++++++++++++++++++++++------- 1 file changed, 46 insertions(+), 11 deletions(-) diff --git a/config/suricata/convert-snort b/config/suricata/convert-snort index 5ed36954f..df79f71bb 100644 --- a/config/suricata/convert-snort +++ b/config/suricata/convert-snort @@ -34,7 +34,42 @@ my $snort_config_file = "/etc/snort/snort.conf"; my $snort_rules_tarball = "/var/tmp/snortrules.tar.gz"; # -## Step 1: Setup directory and file layout, if not present and set correct +## Step 1: Convert snort user and group to suricata if exist. +# + +# Check if the snort user exists. +if (getpwnam("snort")) { + # Change username. + my @command = ( + '/usr/sbin/usermod', + '-l', 'suricata', 'snort' + ); + + system(@command) == 0 or die "Could not change username: @command failed: $?\n"; + + # Adjust home directory. + @command = ( + '/usr/sbin/usermod', + '-d', "/var/log/suricata", + 'suricata' + ); + + system(@command) == 0 or die "Failed to adjust home directory: @command failed: $?\n"; +} + +# Check if the snort group exists. +if (getgrnam("snort")) { + # Change groupname + my @command = ( + '/usr/sbin/groupmod', + '-n', 'suricata', 'snort' + ); + + system(@command) == 0 or die "Could not rename groupname: @command failed: $?\n"; +} + +# +## Step 2: Setup directory and file layout, if not present and set correct ## ownership. The converter runs as a privileged user, but the files ## needs to be full access-able by the WUI user and group (nobody:nobody). # @@ -71,7 +106,7 @@ if (-z "$snort_settings_file") { } # -## Step 2: Import snort settings and convert to the required format for the new IDS +## Step 3: Import snort settings and convert to the required format for the new IDS ## (suricata). # @@ -135,7 +170,7 @@ if($snortsettings{"OINKCODE"}) { } # -## Step 3: Import guardian settings and whitelist if the addon is installed. +## Step 4: Import guardian settings and whitelist if the addon is installed. # # Pakfire meta file for owncloud. @@ -183,7 +218,7 @@ if (-f $guardian_meta) { } # -## Step 4: Save IDS and rules settings. +## Step 5: Save IDS and rules settings. # # Write IDS settings. @@ -193,7 +228,7 @@ if (-f $guardian_meta) { &General::writehash("$IDS::rules_settings_file", \%rulessettings); # -## Step 5: Generate and write the file to modify the ruleset. +## Step 6: Generate and write the file to modify the ruleset. # # Call subfunction and pass the desired IDS action. @@ -203,7 +238,7 @@ if (-f $guardian_meta) { &IDS::set_ownership("$IDS::modify_sids_file"); # -## Step 6: Move rulestarball to its new location. +## Step 7: Move rulestarball to its new location. # # Check if a rulestarball has been downloaded yet. @@ -230,7 +265,7 @@ if (-f $snort_rules_tarball) { } # -## Step 7: Call oinkmaster to extract and setup the rules structures. +## Step 8: Call oinkmaster to extract and setup the rules structures. # # Check if a rulestarball is present. @@ -243,7 +278,7 @@ if (-f $IDS::rulestarball) { } # -## Step 8: Generate file for the HOME Net. +## Step 9: Generate file for the HOME Net. # # Call subfunction to generate the file. @@ -253,7 +288,7 @@ if (-f $IDS::rulestarball) { &IDS::set_ownership("$IDS::homenet_file"); # -## Step 9: Setup automatic ruleset updates. +## Step 10: Setup automatic ruleset updates. # # Check if a ruleset is configured. @@ -263,7 +298,7 @@ if($rulessettings{"RULES"}) { } # -## Step 10: Grab used ruleset files from snort config file and convert +## Step 11: Grab used ruleset files from snort config file and convert ## them into the new format. # @@ -309,7 +344,7 @@ close(SNORTCONF); &IDS::write_used_rulefiles_file(@enabled_rule_files); # -## Step 11: Start the IDS if enabled. +## Step 12: Start the IDS if enabled. # # Check if the IDS should be started.