From 291c7210947a87dfdf8e347a65b38fc9e00a0955 Mon Sep 17 00:00:00 2001 From: robiscool Date: Tue, 6 Apr 2010 13:39:59 -0700 Subject: snort-old, update deinstall --- config/snort-old/snort.inc | 24 ++++++++++++++++-------- config/snort-old/snort.xml | 2 +- config/snort/snort.xml | 4 ++-- 3 files changed, 19 insertions(+), 11 deletions(-) (limited to 'config') diff --git a/config/snort-old/snort.inc b/config/snort-old/snort.inc index 00a86c35..74a863ad 100755 --- a/config/snort-old/snort.inc +++ b/config/snort-old/snort.inc @@ -152,7 +152,7 @@ function sync_package_snort() if ($snortbarnyardlog_info_chk == on) $start .= "\nsleep 4;/usr/local/bin/barnyard2 -c /usr/local/etc/barnyard2.conf -d /var/log/snort -f snort.u2 -w /usr/local/etc/snort/barnyard2.waldo -D -q\n"; } - $check_if_snort_runs = "\n\tif [ \"`ls -A /usr/local/etc/snort/rules`\" ] ; then\n\techo \"rules exist\"\n\telse\n\techo \"rules DONT exist\"\n\texit 2\n\tfi \n\n\tif [ \"`pgrep -x snort`\" = \"\" ] ; then\n\t/bin/rm /tmp/snort.sh.pid\n\tfi \n\n\tif [ \"`pgrep -x snort`\" != \"\" ] ; then\n\tlogger -p daemon.info -i -t SnortStartup \"Snort already running...\"\n\t/usr/local/bin/php -f /usr/local/pkg/pf/snort_dynamic_ip_reload.php\n\texit 1\n\tfi\n\n"; + $check_if_snort_runs = "\n\tif [ \"`ls -A /usr/local/etc/snort/rules`\" ] ; then\n\techo \"rules exist\"\n\telse\n\techo \"rules DONT exist\"\n\texit 2\n\tfi \n\n\tif [ \"`pgrep -x snort`\" = \"\" ] ; then\n\t/bin/rm /tmp/snort.sh.pid\n\tfi \n\n\tif [ \"`pgrep -x snort`\" != \"\" ] ; then\n\tlogger -p daemon.info -i -t SnortStartup \"Snort already running...\"\n\t/usr/local/bin/php -f /usr/local/pkg/pf/snort_dynamic_ip_reload.php &\n\texit 1\n\tfi\n\n"; $if_snort_pid = "\nif ls /tmp/snort.sh.pid > /dev/null\nthen\n echo \"snort.sh is running\"\n exit 0\nelse\n echo \"snort.sh is not running\"\nfi\n"; $echo_snort_sh_pid = "\necho \"snort.sh run\" > /tmp/snort.sh.pid\n"; $echo_snort_sh_startup_log = "\necho \"snort.sh run\" >> /tmp/snort.sh_startup.log\n"; @@ -290,7 +290,9 @@ function create_snort_conf() { function snort_deinstall() { global $config, $g; - + conf_mount_rw(); + + /* remove custom sysctl */ remove_text_from_file("/etc/sysctl.conf", "sysctl net.bpf.bufsize=20480"); /* decrease bpf buffers back to 4096, from 20480 */ @@ -361,12 +363,18 @@ function snort_deinstall() { snort_rm_blocked_deinstall_cron(""); snort_rules_up_deinstall_cron(""); - - /* Unset snort registers in conf.xml IMPORTANT snort will not start with out this */ - /* Keep this as a last step */ - unset($config['installedpackages']['snort']['config'][0]['autorulesupdate7']); - unset($config['installedpackages']['snort']['config'][0]['rm_blocked']); - write_config(); +/* Unset snort registers in conf.xml IMPORTANT snort will not start with out this */ +/* Keep this as a last step */ + +unset($config['installedpackages']['snort']); +unset($config['installedpackages']['snortdefservers']); +unset($config['installedpackages']['snortwhitelist']); +unset($config['installedpackages']['snortthreshold']); +unset($config['installedpackages']['snortadvanced']); + + +write_config(); +conf_mount_ro(); } diff --git a/config/snort-old/snort.xml b/config/snort-old/snort.xml index 6f067f2d..3bc40fce 100644 --- a/config/snort-old/snort.xml +++ b/config/snort-old/snort.xml @@ -47,7 +47,7 @@ Currently there are no FAQ items provided. Snort 2.8.4.1_5 - Services: Snort 2.8.4.1_5 pkg v. 1.7 + Services: Snort 2.8.4.1_5 pkg v. 1.8 /usr/local/pkg/snort.inc Snort diff --git a/config/snort/snort.xml b/config/snort/snort.xml index bf053112..0a3eb7a3 100644 --- a/config/snort/snort.xml +++ b/config/snort/snort.xml @@ -57,8 +57,8 @@ snort - - /usr/local/bin/snort + snort.sh + snort Snort is the most widely deployed IDS/IPS technology worldwide. -- cgit v1.2.3