nsm_all_del_quick: check for /etc/nsm/servertab and /etc/nsm/sensortab before trying to read

[GoogleCodeExporter]

nsm_all_del_quick: check for /etc/nsm/servertab and /etc/nsm/sensortab before 
trying to read

Original issue reported on code.google.com by doug.bu...@gmail.com on 17 Nov 2014 at 2:47

[GoogleCodeExporter]

This checks for the existence of the files, alerts/exits if they are missing:

/usr/bin/nsm_all_del_quick

# Delete all sensors
if [ -f "/etc/nsm/sensortab" ];
  then for INTERFACE in `cat "/etc/nsm/sensortab" | grep -v "^#" |cut -f1`
    do
     echo y | nsm_sensor_del --sensor-name="$INTERFACE"
    done
  else echo "Sensortab appears to be missing! No sensors changed.";
fi

# Delete all servers (should only be one)
if [ -f "/etc/nsm/servertab" ];
  then for SERVER in `cat "/etc/nsm/servertab" | grep -v "^#" |cut -f1`
      do
        echo y | nsm_server_del --server-name="$SERVER"
      done
  else echo "Servertab appears to be missing! No servers changed.";
fi

Tested on:
Ubuntu 12.04.5 LTS
PPA packages

Tested against dummy files and NOT calling nsm_server/sensor_del.

Hope this helps.
Tim Whisnant - @heywiz

Original comment by timothyw...@gmail.com on 11 Dec 2014 at 5:39

• Added labels: ****
• Removed labels: ****

[GoogleCodeExporter]

Thanks, Tim!  I also added a check to ensure root privileges.

Submitted for testing:
https://groups.google.com/d/topic/security-onion-testing/5C7j_gBWxbc/discussion

Original comment by doug.bu...@gmail.com on 23 Dec 2014 at 8:35

• Added labels: ****
• Removed labels: ****

[GoogleCodeExporter]

Published:
http://blog.securityonion.net/2015/01/new-nsm-and-setup-packages-resolve.html

Original comment by doug.bu...@gmail.com on 6 Jan 2015 at 2:08

• Changed state: Verified
• Added labels: ****
• Removed labels: ****