From 10cab278e653f00bd8ec0ee0e82d30e5c7798042 Mon Sep 17 00:00:00 2001
From: bmeeks8 <bmeeks8@bellsouth.net>
Date: Wed, 19 Feb 2014 14:08:14 -0500
Subject: BETA version of Suricata 1.4.6 IDS package v0.1 for pfSense.

---
 config/suricata/suricata_uninstall.php | 133 +++++++++++++++++++++++++++++++++
 1 file changed, 133 insertions(+)
 create mode 100644 config/suricata/suricata_uninstall.php

(limited to 'config/suricata/suricata_uninstall.php')

diff --git a/config/suricata/suricata_uninstall.php b/config/suricata/suricata_uninstall.php
new file mode 100644
index 00000000..808aefec
--- /dev/null
+++ b/config/suricata/suricata_uninstall.php
@@ -0,0 +1,133 @@
+<?php
+/*
+	suricata_uninstall.php
+
+	Copyright (C) 2014 Bill Meeks
+	All rights reserved.
+
+	Redistribution and use in source and binary forms, with or without
+	modification, are permitted provided that the following conditions are met:
+
+	1. Redistributions of source code must retain the above copyright notice,
+	this list of conditions and the following disclaimer.
+
+	2. Redistributions in binary form must reproduce the above copyright
+	notice, this list of conditions and the following disclaimer in the
+	documentation and/or other materials provided with the distribution.
+
+	THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
+	INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+	AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+	AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
+	OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+	SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+	INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+	CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+	ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+	POSSIBILITY OF SUCH DAMAGE.
+*/
+
+require_once("/usr/local/pkg/suricata/suricata.inc");
+
+global $config, $g;
+
+$suricatadir = SURICATADIR;
+$suricatalogdir = SURICATALOGDIR;
+$rcdir = RCFILEPREFIX;
+$suricata_rules_upd_log = RULES_UPD_LOGFILE;
+
+log_error(gettext("[Suricata] Suricata package uninstall in progress..."));
+
+/* Make sure all active Suricata processes are terminated */
+/* Log a message only if a running process is detected */
+if (is_service_running("suricata"))
+	log_error(gettext("[Suricata] Suricata STOP for all interfaces..."));
+
+mwexec('/usr/bin/killall -z suricata', true);
+sleep(2);
+mwexec('/usr/bin/killall -9 suricata', true);
+sleep(2);
+
+// Delete any leftover suricata PID files in /var/run
+array_map('@unlink', glob("/var/run/suricata_*.pid"));
+
+/* Make sure all active Barnyard2 processes are terminated */
+/* Log a message only if a running process is detected     */
+if (is_service_running("barnyard2"))
+	log_error(gettext("[Suricata] Barnyard2 STOP for all interfaces..."));
+
+mwexec('/usr/bin/killall -z barnyard2', true);
+sleep(2);
+mwexec('/usr/bin/killall -9 barnyard2', true);
+sleep(2);
+
+// Delete any leftover barnyard2 PID files in /var/run
+array_map('@unlink', glob("/var/run/barnyard2_*.pid"));
+
+/* Remove the suricata user and group */
+mwexec('/usr/sbin/pw userdel suricata; /usr/sbin/pw groupdel suricata', true);
+
+/* Remove suricata cron entries Ugly code needs smoothness */
+if (!function_exists('suricata_deinstall_cron')) {
+	function suricata_deinstall_cron($crontask) {
+		global $config, $g;
+
+		if(!is_array($config['cron']['item']))
+			return;
+
+		$x=0;
+		$is_installed = false;
+		foreach($config['cron']['item'] as $item) {
+			if (strstr($item['command'], $crontask)) {
+				$is_installed = true;
+				break;
+			}
+			$x++;
+		}
+		if ($is_installed == true)
+			unset($config['cron']['item'][$x]);
+	}
+}
+
+/* Remove all the Suricata cron jobs. */
+suricata_deinstall_cron("suricata_check_for_rule_updates.php");
+suricata_deinstall_cron("suricata_check_cron_misc.inc");
+configure_cron();
+
+/**********************************************************/
+/* Test for existence of library backup tarballs in /tmp. */
+/* If these are present, then a package "delete"          */
+/* operation is in progress and we need to wipe out the   */
+/* configuration files.  Otherwise we leave the binary-   */
+/* side configuration intact since only a GUI files       */
+/* deinstall and reinstall operation is in progress.      */
+/*							  */
+/* XXX: hopefully a better method presents itself in      */
+/*      future versions of pfSense.                       */
+/**********************************************************/
+if (file_exists("/tmp/pkg_libs.tgz") || file_exists("/tmp/pkg_bins.tgz")) {
+	log_error(gettext("[Suricata] Package deletion requested... removing all package files..."));
+	mwexec("/bin/rm -f {$rcdir}/suricata.sh");
+	mwexec("/bin/rm -rf /usr/local/etc/suricata");
+	mwexec("/bin/rm -rf /usr/local/pkg/suricata");
+	mwexec("/bin/rm -rf /usr/local/www/suricata");
+}
+
+if ($config['installedpackages']['suricata']['config'][0]['clearlogs'] == 'on') {
+	log_error(gettext("[Suricata] Clearing all Suricata-related log files..."));
+	@unlink("{$suricata_rules_upd_log}");
+	mwexec("/bin/rm -rf {$suricatalogdir}");
+}
+
+/* Keep this as a last step */
+if ($config['installedpackages']['suricata']['config'][0]['forcekeepsettings'] != 'on') {
+	log_error(gettext("Not saving settings... all Suricata configuration info and logs deleted..."));
+	unset($config['installedpackages']['suricata']);
+	unset($config['installedpackages']['suricatasync']);
+	@unlink("{$suricata_rules_upd_log}");
+	mwexec("/bin/rm -rf {$suricatalogdir}");
+	@unlink(SURICATALOGDIR);
+	log_error(gettext("[Suricata] The package has been removed from this system..."));
+}
+
+?>
-- 
cgit v1.2.3


From b33b9a9d050bd5bc8247fc4c95ff7bde39d612f2 Mon Sep 17 00:00:00 2001
From: bmeeks8 <bmeeks8@bellsouth.net>
Date: Wed, 19 Feb 2014 22:34:27 -0500
Subject: Incorporate Ermal's comments into Suricata BETA pkg code.

---
 config/suricata/suricata_uninstall.php | 67 ++++++----------------------------
 1 file changed, 12 insertions(+), 55 deletions(-)

(limited to 'config/suricata/suricata_uninstall.php')

diff --git a/config/suricata/suricata_uninstall.php b/config/suricata/suricata_uninstall.php
index 808aefec..071a89a4 100644
--- a/config/suricata/suricata_uninstall.php
+++ b/config/suricata/suricata_uninstall.php
@@ -42,11 +42,8 @@ log_error(gettext("[Suricata] Suricata package uninstall in progress..."));
 /* Log a message only if a running process is detected */
 if (is_service_running("suricata"))
 	log_error(gettext("[Suricata] Suricata STOP for all interfaces..."));
-
-mwexec('/usr/bin/killall -z suricata', true);
-sleep(2);
-mwexec('/usr/bin/killall -9 suricata', true);
-sleep(2);
+killbyname("suricata");
+sleep(1);
 
 // Delete any leftover suricata PID files in /var/run
 array_map('@unlink', glob("/var/run/suricata_*.pid"));
@@ -55,11 +52,8 @@ array_map('@unlink', glob("/var/run/suricata_*.pid"));
 /* Log a message only if a running process is detected     */
 if (is_service_running("barnyard2"))
 	log_error(gettext("[Suricata] Barnyard2 STOP for all interfaces..."));
-
-mwexec('/usr/bin/killall -z barnyard2', true);
-sleep(2);
-mwexec('/usr/bin/killall -9 barnyard2', true);
-sleep(2);
+killbyname("barnyard2");
+sleep(1);
 
 // Delete any leftover barnyard2 PID files in /var/run
 array_map('@unlink', glob("/var/run/barnyard2_*.pid"));
@@ -67,58 +61,21 @@ array_map('@unlink', glob("/var/run/barnyard2_*.pid"));
 /* Remove the suricata user and group */
 mwexec('/usr/sbin/pw userdel suricata; /usr/sbin/pw groupdel suricata', true);
 
-/* Remove suricata cron entries Ugly code needs smoothness */
-if (!function_exists('suricata_deinstall_cron')) {
-	function suricata_deinstall_cron($crontask) {
-		global $config, $g;
-
-		if(!is_array($config['cron']['item']))
-			return;
-
-		$x=0;
-		$is_installed = false;
-		foreach($config['cron']['item'] as $item) {
-			if (strstr($item['command'], $crontask)) {
-				$is_installed = true;
-				break;
-			}
-			$x++;
-		}
-		if ($is_installed == true)
-			unset($config['cron']['item'][$x]);
-	}
-}
-
-/* Remove all the Suricata cron jobs. */
-suricata_deinstall_cron("suricata_check_for_rule_updates.php");
-suricata_deinstall_cron("suricata_check_cron_misc.inc");
-configure_cron();
-
-/**********************************************************/
-/* Test for existence of library backup tarballs in /tmp. */
-/* If these are present, then a package "delete"          */
-/* operation is in progress and we need to wipe out the   */
-/* configuration files.  Otherwise we leave the binary-   */
-/* side configuration intact since only a GUI files       */
-/* deinstall and reinstall operation is in progress.      */
-/*							  */
-/* XXX: hopefully a better method presents itself in      */
-/*      future versions of pfSense.                       */
-/**********************************************************/
-if (file_exists("/tmp/pkg_libs.tgz") || file_exists("/tmp/pkg_bins.tgz")) {
-	log_error(gettext("[Suricata] Package deletion requested... removing all package files..."));
-	mwexec("/bin/rm -f {$rcdir}/suricata.sh");
-	mwexec("/bin/rm -rf /usr/local/etc/suricata");
-	mwexec("/bin/rm -rf /usr/local/pkg/suricata");
-	mwexec("/bin/rm -rf /usr/local/www/suricata");
-}
+/* Remove the Suricata cron jobs. */
+install_cron_job("/usr/bin/nice -n20 /usr/local/bin/php -f /usr/local/www/suricata/suricata_check_for_rule_updates.php", false);
+install_cron_job("/usr/bin/nice -n20 /usr/local/bin/php -f /usr/local/pkg/suricata/suricata_check_cron_misc.inc", false);
 
+/* See if we are to keep Suricata log files on uninstall */
 if ($config['installedpackages']['suricata']['config'][0]['clearlogs'] == 'on') {
 	log_error(gettext("[Suricata] Clearing all Suricata-related log files..."));
 	@unlink("{$suricata_rules_upd_log}");
 	mwexec("/bin/rm -rf {$suricatalogdir}");
 }
 
+/* Remove the Suricata GUI app directories */
+@unlink("/usr/local/pkg/suricata");
+@unlink("/usr/local/www/suricata");
+
 /* Keep this as a last step */
 if ($config['installedpackages']['suricata']['config'][0]['forcekeepsettings'] != 'on') {
 	log_error(gettext("Not saving settings... all Suricata configuration info and logs deleted..."));
-- 
cgit v1.2.3