Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Already on GitHub? Sign in to your account

nsm_all_del_quick: check for /etc/nsm/servertab and /etc/nsm/sensortab before trying to read #649

Closed
GoogleCodeExporter opened this Issue Mar 24, 2015 · 3 comments

Comments

Projects
None yet
1 participant
nsm_all_del_quick: check for /etc/nsm/servertab and /etc/nsm/sensortab before 
trying to read

Original issue reported on code.google.com by doug.bu...@gmail.com on 17 Nov 2014 at 2:47

This checks for the existence of the files, alerts/exits if they are missing:

/usr/bin/nsm_all_del_quick

# Delete all sensors
if [ -f "/etc/nsm/sensortab" ];
  then for INTERFACE in `cat "/etc/nsm/sensortab" | grep -v "^#" |cut -f1`
    do
     echo y | nsm_sensor_del --sensor-name="$INTERFACE"
    done
  else echo "Sensortab appears to be missing! No sensors changed.";
fi

# Delete all servers (should only be one)
if [ -f "/etc/nsm/servertab" ];
  then for SERVER in `cat "/etc/nsm/servertab" | grep -v "^#" |cut -f1`
      do
        echo y | nsm_server_del --server-name="$SERVER"
      done
  else echo "Servertab appears to be missing! No servers changed.";
fi

Tested on:
Ubuntu 12.04.5 LTS
PPA packages

Tested against dummy files and NOT calling nsm_server/sensor_del.

Hope this helps.
Tim Whisnant - @heywiz

Original comment by timothyw...@gmail.com on 11 Dec 2014 at 5:39

  • Added labels: ****
  • Removed labels: ****
Thanks, Tim!  I also added a check to ensure root privileges.

Submitted for testing:
https://groups.google.com/d/topic/security-onion-testing/5C7j_gBWxbc/discussion

Original comment by doug.bu...@gmail.com on 23 Dec 2014 at 8:35

  • Added labels: ****
  • Removed labels: ****
Published:
http://blog.securityonion.net/2015/01/new-nsm-and-setup-packages-resolve.html

Original comment by doug.bu...@gmail.com on 6 Jan 2015 at 2:08

  • Changed state: Verified
  • Added labels: ****
  • Removed labels: ****
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment