From acf2e3bf2482058590861c9bff0b96ca2777a9f1 Mon Sep 17 00:00:00 2001 From: ArmandMeppa Date: Tue, 17 Dec 2024 10:11:53 +0100 Subject: [PATCH 1/7] feat: add uninstall script --- scripts/uninstall.sh | 156 +++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 156 insertions(+) create mode 100644 scripts/uninstall.sh diff --git a/scripts/uninstall.sh b/scripts/uninstall.sh new file mode 100644 index 0000000..ececbd6 --- /dev/null +++ b/scripts/uninstall.sh @@ -0,0 +1,156 @@ +#!/bin/bash + +# Check if we're running in bash; if not, adjust behavior +if [ -n "$BASH_VERSION" ]; then + set -euo pipefail +else + set -eu +fi + +# Determine OS-specific paths +OS_NAME=$(uname) +if [[ $OS_NAME == "Linux" ]]; then + OSSEC_CONF_PATH="/var/ossec/etc/ossec.conf" +elif [[ $OS_NAME == "Darwin" ]]; then + OSSEC_CONF_PATH="/Library/Ossec/etc/ossec.conf" +else + error_message "Unsupported operating system." + exit 1 +fi + +# Define text formatting +RED='\033[0;31m' +GREEN='\033[0;32m' +YELLOW='\033[1;33m' +BLUE='\033[1;34m' +BOLD='\033[1m' +NORMAL='\033[0m' + +# Function for logging with timestamp +log() { + local LEVEL="$1" + shift + local MESSAGE="$*" + local TIMESTAMP + TIMESTAMP=$(date +"%Y-%m-%d %H:%M:%S") + echo -e "${TIMESTAMP} ${LEVEL} ${MESSAGE}" +} + +# Logging helpers +info_message() { + log "${BLUE}${BOLD}[INFO]${NORMAL}" "$*" +} + +warn_message() { + log "${YELLOW}${BOLD}[WARNING]${NORMAL}" "$*" +} + +error_message() { + log "${RED}${BOLD}[ERROR]${NORMAL}" "$*" +} + +success_message() { + log "${GREEN}${BOLD}[SUCCESS]${NORMAL}" "$*" +} + +# Function to ensure the script runs with appropriate privileges +maybe_sudo() { + if [ "$EUID" -ne 0 ]; then + if command -v sudo &>/dev/null; then + sudo "$@" + else + error_message "Please run the script as root or install sudo." + exit 1 + fi + else + "$@" + fi +} + +# Function to remove directories and files +remove_snort_dirs_files() { + local dirs=("$@") + for dir in "${dirs[@]}"; do + if [ -d "$dir" ]; then + maybe_sudo rm -rf "$dir" + info_message "Removed directory $dir" + fi + done +} + +remove_snort_files() { + local files=("$@") + for file in "${files[@]}"; do + if [ -f "$file" ]; then + maybe_sudo rm -f "$file" + info_message "Removed file $file" + fi + done +} + +# Function to revert changes in ossec.conf +revert_ossec_conf() { + local ossec_conf="$1" + local snort_tag="" + + if maybe_sudo grep -q "$snort_tag" "$ossec_conf"; then + maybe_sudo sed -i "/$snort_tag/,/<\/localfile>/d" "$ossec_conf" + success_message "Reverted changes in $ossec_conf" + else + info_message "No Snort-related changes found in $ossec_conf" + fi +} + +# Function to uninstall Snort on macOS +uninstall_snort_macos() { + info_message "Uninstalling Snort on macOS" + brew uninstall snort || warn_message "Snort was not installed via Homebrew." + + remove_snort_dirs_files \ + "/usr/local/etc/rules" \ + "/usr/local/etc/so_rules" \ + "/usr/local/etc/lists" \ + "/var/log/snort" + + remove_snort_files \ + "/usr/local/etc/rules/local.rules" \ + "/usr/local/etc/lists/default.blocklist" + + revert_ossec_conf "$OSSEC_CONF_PATH" + success_message "Snort uninstalled on macOS" +} + +# Function to uninstall Snort on Linux +uninstall_snort_linux() { + info_message "Uninstalling Snort on Linux" + if command -v apt >/dev/null 2>&1; then + sudo apt-get purge -y snort && sudo apt-get autoremove -y + else + warn_message "This script supports only Debian-based systems for uninstallation." + fi + + remove_snort_dirs_files \ + "/etc/snort/rules" \ + "/var/log/snort" + + remove_snort_files \ + "/etc/snort/snort.conf" \ + "/etc/snort/rules/local.rules" + + revert_ossec_conf "$OSSEC_CONF_PATH" + success_message "Snort uninstalled on Linux" +} + +# Main logic: uninstall Snort based on the operating system +case "$OS_NAME" in + Linux) + uninstall_snort_linux + ;; + Darwin) + uninstall_snort_macos + ;; + *) + error_message "Unsupported OS: $OS_NAME" + exit 1 + ;; +esac From 6f114c851d645ce859d3904b22e35b1d5a239c9b Mon Sep 17 00:00:00 2001 From: ArmandMeppa Date: Tue, 17 Dec 2024 13:24:25 +0100 Subject: [PATCH 2/7] fix: completey remove snort folders when uninstalling --- scripts/uninstall.sh | 8 ++------ 1 file changed, 2 insertions(+), 6 deletions(-) diff --git a/scripts/uninstall.sh b/scripts/uninstall.sh index ececbd6..8ef1db5 100644 --- a/scripts/uninstall.sh +++ b/scripts/uninstall.sh @@ -95,7 +95,7 @@ revert_ossec_conf() { if maybe_sudo grep -q "$snort_tag" "$ossec_conf"; then maybe_sudo sed -i "/$snort_tag/,/<\/localfile>/d" "$ossec_conf" - success_message "Reverted changes in $ossec_conf" + info_message "Reverted changes in $ossec_conf" else info_message "No Snort-related changes found in $ossec_conf" fi @@ -130,13 +130,9 @@ uninstall_snort_linux() { fi remove_snort_dirs_files \ - "/etc/snort/rules" \ + "/etc/snort/" \ "/var/log/snort" - remove_snort_files \ - "/etc/snort/snort.conf" \ - "/etc/snort/rules/local.rules" - revert_ossec_conf "$OSSEC_CONF_PATH" success_message "Snort uninstalled on Linux" } From 50cc6823d4325e2bdee6c2b275cf856c06c54ac1 Mon Sep 17 00:00:00 2001 From: ArmandMeppa Date: Wed, 18 Dec 2024 15:26:29 +0100 Subject: [PATCH 3/7] feat(chore): add installation validation steps --- scripts/install.sh | 45 +++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 45 insertions(+) diff --git a/scripts/install.sh b/scripts/install.sh index 7d701ce..f9c5909 100755 --- a/scripts/install.sh +++ b/scripts/install.sh @@ -276,6 +276,51 @@ maybe_sudo() { fi } +# Function to validate the installation and configuration +validate_installation() { + info_message "Validating the installation..." + + # Check if Snort is installed (Linux) + if [[ $OS_NAME == "Linux" ]]; then + if ! command -v snort &>/dev/null; then + error_message "Snort is not installed on this system. Please install it and rerun the script." + exit 1 + else + success_message "Snort is installed on Linux." + fi + fi + + # Check if Snort is installed (macOS) + if [[ $OS_NAME == "Darwin" ]]; then + if ! command -v snort &>/dev/null; then + error_message "Snort is not installed on this system. Please install it and rerun the script." + exit 1 + else + success_message "Snort is installed on macOS." + fi + fi + + # Validate Snort rules and directories + if [[ ! -d "/usr/local/etc/rules" ]] || [[ ! -f "/usr/local/etc/rules/local.rules" ]]; then + warn_message "Snort rules or directories are missing. Please check the configuration." + else + success_message "Snort rules and directories are properly configured." + fi + + # Validate logging configuration for Snort + if [[ $OS_NAME == "Darwin" && ! -f "$SNORT_CONF_PATH" ]]; then + error_message "Snort configuration file not found at $SNORT_CONF_PATH. Please ensure Snort is installed properly." + exit 1 + elif [[ $OS_NAME == "Linux" && ! -f "/etc/snort/snort.conf" ]]; then + error_message "Snort configuration file not found at /etc/snort/snort.conf. Please ensure Snort is installed properly." + exit 1 + else + success_message "Snort configuration file is present." + fi + + success_message "Validation completed successfully." +} + # Main logic: install Snort based on the operating system case "$OS_NAME" in Linux) From 915d0b9b015df4f1fe562b78fcae41cb913010c5 Mon Sep 17 00:00:00 2001 From: ArmandMeppa Date: Wed, 18 Dec 2024 15:27:12 +0100 Subject: [PATCH 4/7] fix(chore): add missing sed_alternative command --- scripts/uninstall.sh | 21 +++++++++++++++++---- 1 file changed, 17 insertions(+), 4 deletions(-) diff --git a/scripts/uninstall.sh b/scripts/uninstall.sh index 8ef1db5..3d2c418 100644 --- a/scripts/uninstall.sh +++ b/scripts/uninstall.sh @@ -53,13 +53,18 @@ success_message() { log "${GREEN}${BOLD}[SUCCESS]${NORMAL}" "$*" } -# Function to ensure the script runs with appropriate privileges +# Check if a command exists +command_exists() { + command -v "$1" >/dev/null 2>&1 +} + +# Ensure root privileges, either directly or through sudo maybe_sudo() { - if [ "$EUID" -ne 0 ]; then - if command -v sudo &>/dev/null; then + if [ "$(id -u)" -ne 0 ]; then + if command_exists sudo; then sudo "$@" else - error_message "Please run the script as root or install sudo." + error_message "This script requires root privileges. Please run with sudo or as root." exit 1 fi else @@ -67,6 +72,14 @@ maybe_sudo() { fi } +sed_alternative() { + if command_exists gsed; then + gsed "$@" + else + sed "$@" + fi +} + # Function to remove directories and files remove_snort_dirs_files() { local dirs=("$@") From 69acefbd2a9a61da950f2e5fcfce99faeb4bda39 Mon Sep 17 00:00:00 2001 From: ArmandMeppa Date: Wed, 18 Dec 2024 15:44:30 +0100 Subject: [PATCH 5/7] fix(chore): add missing sed_alternative command --- scripts/uninstall.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/uninstall.sh b/scripts/uninstall.sh index 3d2c418..09aae27 100644 --- a/scripts/uninstall.sh +++ b/scripts/uninstall.sh @@ -107,7 +107,7 @@ revert_ossec_conf() { local snort_tag="" if maybe_sudo grep -q "$snort_tag" "$ossec_conf"; then - maybe_sudo sed -i "/$snort_tag/,/<\/localfile>/d" "$ossec_conf" + maybe_sudo sed_alternative -i "/$snort_tag/,/<\/localfile>/d" "$ossec_conf" info_message "Reverted changes in $ossec_conf" else info_message "No Snort-related changes found in $ossec_conf" From bac5604b745d5f075c308a97973dfb2ce9c711d5 Mon Sep 17 00:00:00 2001 From: ArmandMeppa Date: Wed, 18 Dec 2024 15:56:17 +0100 Subject: [PATCH 6/7] fix(chore): add missing sed_alternative command --- scripts/uninstall.sh | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/scripts/uninstall.sh b/scripts/uninstall.sh index 09aae27..b8ed390 100644 --- a/scripts/uninstall.sh +++ b/scripts/uninstall.sh @@ -74,9 +74,9 @@ maybe_sudo() { sed_alternative() { if command_exists gsed; then - gsed "$@" + maybe_sudo gsed "$@" else - sed "$@" + maybe_sudo sed "$@" fi } @@ -107,7 +107,7 @@ revert_ossec_conf() { local snort_tag="" if maybe_sudo grep -q "$snort_tag" "$ossec_conf"; then - maybe_sudo sed_alternative -i "/$snort_tag/,/<\/localfile>/d" "$ossec_conf" + sed_alternative -i "/$snort_tag/,/<\/localfile>/d" "$ossec_conf" info_message "Reverted changes in $ossec_conf" else info_message "No Snort-related changes found in $ossec_conf" From 03be3169e6fdd3668c3131ae9130097ff646470c Mon Sep 17 00:00:00 2001 From: ArmandMeppa Date: Thu, 19 Dec 2024 08:31:56 +0100 Subject: [PATCH 7/7] fix(chore): improve funnction to revert snort config in ossec.conf --- scripts/uninstall.sh | 16 ++++++++++------ 1 file changed, 10 insertions(+), 6 deletions(-) diff --git a/scripts/uninstall.sh b/scripts/uninstall.sh index b8ed390..2e53b61 100644 --- a/scripts/uninstall.sh +++ b/scripts/uninstall.sh @@ -105,13 +105,17 @@ remove_snort_files() { revert_ossec_conf() { local ossec_conf="$1" local snort_tag="" - - if maybe_sudo grep -q "$snort_tag" "$ossec_conf"; then - sed_alternative -i "/$snort_tag/,/<\/localfile>/d" "$ossec_conf" - info_message "Reverted changes in $ossec_conf" + + if maybe_sudo [ -f "$ossec_conf" ]; then + if maybe_sudo grep -q "$snort_tag" "$ossec_conf"; then + sed_alternative -i "/$snort_tag/,/<\/localfile>/d" "$ossec_conf" + info_message "Reverted changes in $ossec_conf" + else + info_message "No Snort-related changes found in $ossec_conf. Skipping" + fi else - info_message "No Snort-related changes found in $ossec_conf" - fi + warn_message "The file $ossec_conf no longer exists. Skipping" + fi } # Function to uninstall Snort on macOS