The converter requires /etc/snort/snort.conf to grab the used rule files
(categories). After all settings have been converted, we are fine to delete all
snort related files, because none of them is needed anymore.
Also the /var/ipfire/snort directory needs to be deleted. If it will be left on the
system and at any later time a backup will get restored, the converter will be
started by the backup script, because it detects that a snort settins dir exists
and would be restore the old snort settings and replaces all current IPS settings.
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
/etc/init.d/suricata stop
fi
/etc/init.d/suricata stop
fi
-# Remove files
-rm -rfv \
- /etc/rc.d/rc*.d/*snort \
- /etc/rc.d/init.d/networking/red.up/23-RS-snort \
- /etc/snort \
- /usr/bin/daq-modules-config \
- /usr/bin/u2boat \
- /usr/bin/u2spewfoo \
- /usr/lib/daq \
- /usr/lib/snort \
- /usr/lib/libdaq.so* \
- /usr/lib/libsfbpf.so* \
- /usr/local/bin/snortctl \
- /usr/sbin/snort
-
# Rename snort user to suricata
if getent group snort &>/dev/null; then
groupmod -n suricata snort
# Rename snort user to suricata
if getent group snort &>/dev/null; then
groupmod -n suricata snort
# Migrate snort configuration to suricata
/usr/sbin/convert-snort
# Migrate snort configuration to suricata
/usr/sbin/convert-snort
+# Remove files
+rm -rfv \
+ /etc/rc.d/rc*.d/*snort \
+ /etc/rc.d/init.d/networking/red.up/23-RS-snort \
+ /etc/snort \
+ /usr/bin/daq-modules-config \
+ /usr/bin/u2boat \
+ /usr/bin/u2spewfoo \
+ /usr/lib/daq \
+ /usr/lib/snort \
+ /usr/lib/libdaq.so* \
+ /usr/lib/libsfbpf.so* \
+ /usr/local/bin/snortctl \
+ /usr/sbin/snort \
+ /var/ipfire/snort
+
# Start services
/etc/init.d/collectd restart
/etc/init.d/firewall restart
# Start services
/etc/init.d/collectd restart
/etc/init.d/firewall restart