Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

nsm_all_del_quick: check for /etc/nsm/servertab and /etc/nsm/sensortab before trying to read #649

Closed
GoogleCodeExporter opened this issue Mar 24, 2015 · 3 comments

Comments

Projects
None yet
1 participant
@GoogleCodeExporter
Copy link

commented Mar 24, 2015

nsm_all_del_quick: check for /etc/nsm/servertab and /etc/nsm/sensortab before 
trying to read

Original issue reported on code.google.com by doug.bu...@gmail.com on 17 Nov 2014 at 2:47

@GoogleCodeExporter

This comment has been minimized.

Copy link
Author

commented Mar 24, 2015

This checks for the existence of the files, alerts/exits if they are missing:

/usr/bin/nsm_all_del_quick

# Delete all sensors
if [ -f "/etc/nsm/sensortab" ];
  then for INTERFACE in `cat "/etc/nsm/sensortab" | grep -v "^#" |cut -f1`
    do
     echo y | nsm_sensor_del --sensor-name="$INTERFACE"
    done
  else echo "Sensortab appears to be missing! No sensors changed.";
fi

# Delete all servers (should only be one)
if [ -f "/etc/nsm/servertab" ];
  then for SERVER in `cat "/etc/nsm/servertab" | grep -v "^#" |cut -f1`
      do
        echo y | nsm_server_del --server-name="$SERVER"
      done
  else echo "Servertab appears to be missing! No servers changed.";
fi

Tested on:
Ubuntu 12.04.5 LTS
PPA packages

Tested against dummy files and NOT calling nsm_server/sensor_del.

Hope this helps.
Tim Whisnant - @heywiz

Original comment by timothyw...@gmail.com on 11 Dec 2014 at 5:39

  • Added labels: ****
  • Removed labels: ****
@GoogleCodeExporter

This comment has been minimized.

Copy link
Author

commented Mar 24, 2015

Thanks, Tim!  I also added a check to ensure root privileges.

Submitted for testing:
https://groups.google.com/d/topic/security-onion-testing/5C7j_gBWxbc/discussion

Original comment by doug.bu...@gmail.com on 23 Dec 2014 at 8:35

  • Added labels: ****
  • Removed labels: ****
@GoogleCodeExporter

This comment has been minimized.

Copy link
Author

commented Mar 24, 2015

Published:
http://blog.securityonion.net/2015/01/new-nsm-and-setup-packages-resolve.html

Original comment by doug.bu...@gmail.com on 6 Jan 2015 at 2:08

  • Changed state: Verified
  • Added labels: ****
  • Removed labels: ****
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.