mirror of
https://github.com/vincentmli/bpfire.git
synced 2026-05-04 02:51:28 +02:00
b60fd7a3e2
The converter requires /etc/snort/snort.conf to grab the used rule files (categories). After all settings have been converted, we are fine to delete all snort related files, because none of them is needed anymore. Also the /var/ipfire/snort directory needs to be deleted. If it will be left on the system and at any later time a backup will get restored, the converter will be started by the backup script, because it detects that a snort settins dir exists and would be restore the old snort settings and replaces all current IPS settings. Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
100 lines
3.1 KiB
Bash
100 lines
3.1 KiB
Bash
#!/bin/bash
|
|
############################################################################
|
|
# #
|
|
# This file is part of the IPFire Firewall. #
|
|
# #
|
|
# IPFire is free software; you can redistribute it and/or modify #
|
|
# it under the terms of the GNU General Public License as published by #
|
|
# the Free Software Foundation; either version 3 of the License, or #
|
|
# (at your option) any later version. #
|
|
# #
|
|
# IPFire is distributed in the hope that it will be useful, #
|
|
# but WITHOUT ANY WARRANTY; without even the implied warranty of #
|
|
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the #
|
|
# GNU General Public License for more details. #
|
|
# #
|
|
# You should have received a copy of the GNU General Public License #
|
|
# along with IPFire; if not, write to the Free Software #
|
|
# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA #
|
|
# #
|
|
# Copyright (C) 2019 IPFire-Team <info@ipfire.org>. #
|
|
# #
|
|
############################################################################
|
|
#
|
|
. /opt/pakfire/lib/functions.sh
|
|
/usr/local/bin/backupctrl exclude >/dev/null 2>&1
|
|
|
|
core=130
|
|
|
|
# Remove old core updates from pakfire cache to save space...
|
|
for (( i=1; i<=$core; i++ )); do
|
|
rm -f /var/cache/pakfire/core-upgrade-*-$i.ipfire
|
|
done
|
|
|
|
# Stop services
|
|
/etc/init.d/snort stop
|
|
if [ -e "/etc/init.d/suricata" ]; then
|
|
/etc/init.d/suricata stop
|
|
fi
|
|
|
|
# Rename snort user to suricata
|
|
if getent group snort &>/dev/null; then
|
|
groupmod -n suricata snort
|
|
fi
|
|
|
|
if getent passwd snort &>/dev/null; then
|
|
usermod -l suricata -c "Suricata" \
|
|
-d /var/log/suricata snort
|
|
fi
|
|
|
|
# Extract files
|
|
extract_files
|
|
|
|
# update linker config
|
|
ldconfig
|
|
|
|
# Update Language cache
|
|
/usr/local/bin/update-lang-cache
|
|
|
|
# Migrate snort configuration to suricata
|
|
/usr/sbin/convert-snort
|
|
|
|
# Remove files
|
|
rm -rfv \
|
|
/etc/rc.d/rc*.d/*snort \
|
|
/etc/rc.d/init.d/networking/red.up/23-RS-snort \
|
|
/etc/snort \
|
|
/usr/bin/daq-modules-config \
|
|
/usr/bin/u2boat \
|
|
/usr/bin/u2spewfoo \
|
|
/usr/lib/daq \
|
|
/usr/lib/snort \
|
|
/usr/lib/libdaq.so* \
|
|
/usr/lib/libsfbpf.so* \
|
|
/usr/local/bin/snortctl \
|
|
/usr/sbin/snort \
|
|
/var/ipfire/snort
|
|
|
|
# Start services
|
|
/etc/init.d/collectd restart
|
|
/etc/init.d/firewall restart
|
|
/etc/init.d/unbound restart
|
|
/etc/init.d/suricata start
|
|
|
|
# This update needs a reboot...
|
|
touch /var/run/need_reboot
|
|
|
|
# Finish
|
|
/etc/init.d/fireinfo start
|
|
sendprofile
|
|
|
|
# Update grub config to display new core version
|
|
if [ -e /boot/grub/grub.cfg ]; then
|
|
grub-mkconfig -o /boot/grub/grub.cfg
|
|
fi
|
|
|
|
sync
|
|
|
|
# Don't report the exitcode last command
|
|
exit 0
|