core130: Ship suricata
authorMichael Tremer <michael.tremer@ipfire.org>
Thu, 14 Mar 2019 13:48:25 +0000 (13:48 +0000)
committerMichael Tremer <michael.tremer@ipfire.org>
Thu, 14 Mar 2019 13:48:25 +0000 (13:48 +0000)
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
config/rootfiles/core/130/filelists/files
config/rootfiles/core/130/filelists/ids-ruleset-sources [new symlink]
config/rootfiles/core/130/filelists/libcap-ng [new symlink]
config/rootfiles/core/130/filelists/libhtp [new symlink]
config/rootfiles/core/130/filelists/oinkmaster [new symlink]
config/rootfiles/core/130/filelists/suricata [new symlink]
config/rootfiles/core/130/filelists/yaml [new symlink]
config/rootfiles/core/130/update.sh

index 3bbc1c6..38f8b8d 100644 (file)
@@ -2,5 +2,22 @@ etc/system-release
 etc/issue
 srv/web/ipfire/cgi-bin/credits.cgi
 var/ipfire/langs
+etc/collectd/collectd.conf
+etc/logrotate.conf
 etc/rc.d/init.d/firewall
+etc/rc.d/init.d/networking/red.up/23-suricata
+etc/rc.d/init.d/suricata
+etc/syslog.conf
+srv/web/ipfire/cgi-bin/aliases.cgi
+srv/web/ipfire/cgi-bin/ids.cgi
+srv/web/ipfire/cgi-bin/logs.cgi/ids.dat
+srv/web/ipfire/cgi-bin/logs.cgi/log.dat
+usr/local/bin/suricatactl
+usr/local/bin/update-ids-rulese
+usr/sbin/convert-snort
+var/ipfire/backup/bin/backup.pl
+var/ipfire/backup/include
 var/ipfire/general-functions.pl
+var/ipfire/ids-functions.pl
+var/ipfire/menu.d/40-services.menu
+var/ipfire/menu.d/50-firewall.menub
diff --git a/config/rootfiles/core/130/filelists/ids-ruleset-sources b/config/rootfiles/core/130/filelists/ids-ruleset-sources
new file mode 120000 (symlink)
index 0000000..a226ada
--- /dev/null
@@ -0,0 +1 @@
+../../../common/ids-ruleset-sources
\ No newline at end of file
diff --git a/config/rootfiles/core/130/filelists/libcap-ng b/config/rootfiles/core/130/filelists/libcap-ng
new file mode 120000 (symlink)
index 0000000..f58b211
--- /dev/null
@@ -0,0 +1 @@
+../../../common/libcap-ng
\ No newline at end of file
diff --git a/config/rootfiles/core/130/filelists/libhtp b/config/rootfiles/core/130/filelists/libhtp
new file mode 120000 (symlink)
index 0000000..676e2c5
--- /dev/null
@@ -0,0 +1 @@
+../../../common/libhtp
\ No newline at end of file
diff --git a/config/rootfiles/core/130/filelists/oinkmaster b/config/rootfiles/core/130/filelists/oinkmaster
new file mode 120000 (symlink)
index 0000000..75029e6
--- /dev/null
@@ -0,0 +1 @@
+../../../common/oinkmaster
\ No newline at end of file
diff --git a/config/rootfiles/core/130/filelists/suricata b/config/rootfiles/core/130/filelists/suricata
new file mode 120000 (symlink)
index 0000000..f671f69
--- /dev/null
@@ -0,0 +1 @@
+../../../common/suricata
\ No newline at end of file
diff --git a/config/rootfiles/core/130/filelists/yaml b/config/rootfiles/core/130/filelists/yaml
new file mode 120000 (symlink)
index 0000000..3dc1434
--- /dev/null
@@ -0,0 +1 @@
+../../../common/yaml
\ No newline at end of file
index 93530cb..b4238e7 100644 (file)
@@ -32,8 +32,35 @@ for (( i=1; i<=$core; i++ )); do
 done
 
 # Stop services
+/etc/init.d/snort stop
+if [ -e "/etc/init.d/suricata" ]; then
+       /etc/init.d/suricata stop
+fi
 
 # Remove files
+rm -rfv \
+       /etc/rc.d/rc*.d/*snort \
+       /etc/rc.d/init.d/networking/red.up/23-RS-snort \
+       /etc/snort \
+       /usr/bin/daq-modules-config \
+       /usr/bin/u2boat \
+       /usr/bin/u2spewfoo \
+       /usr/lib/daq \
+       /usr/lib/snort \
+       /usr/lib/libdaq.so* \
+       /usr/lib/libsfbpf.so* \
+       /usr/local/bin/snortctl \
+       /usr/sbin/snort
+
+# Rename snort user to suricata
+if getent group snort &>/dev/null; then
+       groupmod -n suricata snort
+fi
+
+if getent passwd snort &>/dev/null; then
+       usermod -l suricata -c "Suricata" \
+               -d /var/log/suricata snort
+fi
 
 # Extract files
 extract_files
@@ -44,7 +71,13 @@ ldconfig
 # Update Language cache
 /usr/local/bin/update-lang-cache
 
+# Migrate snort configuration to suricata
+/usr/sbin/convert-snort
+
 # Start services
+/etc/init.d/collectd restart
+/etc/init.d/firewall restart
+/etc/init.d/suricata start
 
 # This update needs a reboot...
 touch /var/run/need_reboot