avoid errors when no unified2 files are available for deletion

debian/changelog

@@ -1,3 +1,9 @@
+securityonion-nsmnow-admin-scripts (20120724-0ubuntu0securityonion163) trusty; urgency=medium
+
+  * avoid errors when no unified2 files are available for deletion 
+
+ -- Doug Burks <[email protected]>  Thu, 09 Nov 2017 14:27:21 -0500
+
 securityonion-nsmnow-admin-scripts (20120724-0ubuntu0securityonion162) trusty; urgency=medium
 
   * postinst - add conditions for updating /etc/init/securityonion.conf 

debian/patches/avoid-errors-when-no-unified2-files-are-available-for-deletion

@@ -0,0 +1,126 @@
+Description: <short summary of the patch>
+ TODO: Put a short summary on the line above and replace this paragraph
+ with a longer explanation of this change. Complete the meta-information
+ with other relevant fields (see below for details). To make it easier, the
+ information below has been extracted from the changelog. Adjust it or drop
+ it.
+ .
+ securityonion-nsmnow-admin-scripts (20120724-0ubuntu0securityonion163) trusty; urgency=medium
+ .
+   * avoid errors when no unified2 files are available for deletion
+Author: Doug Burks <[email protected]>
+
+---
+The information above should follow the Patch Tagging Guidelines, please
+checkout http://dep.debian.net/deps/dep3/ to learn about the format. Here
+are templates for supplementary fields that you might want to add:
+
+Origin: <vendor|upstream|other>, <url of original patch>
+Bug: <url in upstream bugtracker>
+Bug-Debian: http://bugs.debian.org/<bugnumber>
+Bug-Ubuntu: https://launchpad.net/bugs/<bugnumber>
+Forwarded: <no|not-needed|url proving that it has been forwarded>
+Reviewed-By: <name and email of someone who approved the patch>
+Last-Update: <YYYY-MM-DD>
+
+--- securityonion-nsmnow-admin-scripts-20120724.orig/etc/init/securityonion.conf
++++ /dev/null
+@@ -1,83 +0,0 @@
+-#
+-#/etc/init/securityonion.conf
+-#
+-description     "Security Onion"
+-start on (net-device-up
+-            and remote-filesystems
+-            and runlevel [2345])
+-stop on runlevel [016]
+-script
+-	# Some folks are having problems with link negotiation taking too long and the tunnel failing to come up.
+-	# This is a quick and dirty fix until we come up with a better solution.
+-	# If starting the securityonion services at boot-time, sleep for 60 seconds to allow link to negotiate.
+-        # If running Setup, we don't need to pause as the link should have already been negotiated.
+-        pgrep sosetup >/dev/null || sleep 60
+-
+-        # If this is a SLAVE start SSH tunnel and start ELSA if required
+-        SSH_DIR="/root/.ssh"
+-        SSH_CONF="$SSH_DIR/securityonion_ssh.conf"
+-        if [ -f $SSH_CONF ]; then
+-                # Establish persistent SSH tunnel to MASTER.
+-                KEY="$SSH_DIR/securityonion"
+-
+-                # Upstart uses sh instead of bash so we can't use "source"
+-                SSH_USERNAME=`grep SSH_USERNAME $SSH_CONF | cut -d\= -f2 | tail -1`
+-                SERVERNAME=`grep SERVERNAME $SSH_CONF | cut -d\= -f2 | tail -1`
+-                ELSA=`grep ELSA /etc/nsm/securityonion.conf | cut -d\= -f2 | tail -1`
+-                : ${ELSA:="NO"}
+-                if [ $ELSA = "YES" ]; then
+-                    # We are using ELSA so we need reverse ssh tunnel
+-                    # from localhost:3154 to master-node:50000+n where n
+-                    # is an integer.
+-                    ELSA_PORT=`grep ELSA_PORT $SSH_CONF | cut -d\= -f2 | tail -1`
+-                    : ${ELSA_PORT:="UNDEF"}
+-                    if [ $ELSA_PORT = "UNDEF" ] ; then
+-                        # The ELSA port is not set and we need to query
+-                        # the $SERVERNAME for a free port and an API key.
+-                        SSH_CMD="/usr/bin/securityonion_elsa_register.rb --register --peer-name `hostname` --force"
+-                        ELSA_REGISTER_RESPONSE=`ssh -i $KEY $SSH_USERNAME@$SERVERNAME $SSH_CMD`
+-                        ELSA_PORT=`echo $ELSA_REGISTER_RESPONSE | cut -d',' -f1`
+-                        ELSA_APIKEY=`echo $ELSA_REGISTER_RESPONSE | cut -d',' -f2`
+-
+-                        # Copy the ELSA port back into the SSH config file for future use.
+-                        echo "ELSA_PORT=$ELSA_PORT" >> $SSH_CONF
+-
+-                        # Update the local ELSA API key
+-                        /usr/bin/securityonion_elsa_register.rb --update-apikey $ELSA_APIKEY
+-                    else
+-			            REVERSE_TUNNEL="-R $ELSA_PORT:localhost:3154"
+-                    fi                 
+-                elif [ $ELSA = "NO" ]; then
+-	                # We are not using ELSA so there's no need for a reverse ssl tunnel
+-			        REVERSE_TUNNEL=""
+-                    # Also no need for mysql
+-                    [ -f /etc/init/mysql.conf ] && service mysql stop
+-                fi
+-                # If the server isn't up, we want autossh to keep retrying so we set AUTOSSH_GATETIME to 0
+-                export AUTOSSH_GATETIME=0
+-                /usr/bin/autossh -M 0 -f -q -N -o "ServerAliveInterval 60" -o "ServerAliveCountMax 3" -i "$KEY" -L 3306:127.0.0.1:3306 $REVERSE_TUNNEL $SSH_USERNAME@$SERVERNAME
+-        fi
+-
+-	# Snorby has been removed, so if any barnyard2.conf files have the snorby output enabled, we should disable it
+-	if grep "^output database: alert, mysql, user=root dbname=snorby host=127.0.0.1" /etc/nsm/*/barnyard2*.conf >/dev/null 2>&1; then
+-		sed -i 's|^output database: alert, mysql, user=root dbname=snorby host=127.0.0.1|#output database: alert, mysql, user=root dbname=snorby host=127.0.0.1|g' /etc/nsm/*/barnyard2*.conf
+-	fi
+-
+-        # Both SLAVES and MASTERS need to start NSM services
+-        service nsm start
+-
+-	# check for variables in /etc/nsm/securityonion.conf
+-	SO_CONF="/etc/nsm/securityonion.conf"
+-
+-	# default values (can override in $SO_CONF)
+-	XPLICO_ENABLED="no"
+-
+-	# add parameters to $SO_CONF if they don't already exist
+-	grep XPLICO_ENABLED $SO_CONF >/dev/null || echo "XPLICO_ENABLED=no" >> $SO_CONF
+-
+-	# load in user config
+-	XPLICO_ENABLED=`grep XPLICO_ENABLED $SO_CONF | cut -d\= -f2 | tail -1`
+-
+-	[ "$XPLICO_ENABLED" = "yes" ] && /etc/init.d/xplico start
+-
+-end script
+--- securityonion-nsmnow-admin-scripts-20120724.orig/usr/sbin/so-clear-backlog
++++ securityonion-nsmnow-admin-scripts-20120724/usr/sbin/so-clear-backlog
+@@ -31,10 +31,10 @@ fi
+ # Count and list files to be deleted
+ if [ "$ENGINE" == "snort" ]; then
+ 	COUNT=$(ls -la /nsm/sensor_data/*/snort-*/snort.unified2.* 2>/dev/null | wc -l)
+-	FILES=$(ls -la /nsm/sensor_data/*/snort-*/snort.unified2.*)
++	FILES=$(ls -la /nsm/sensor_data/*/snort-*/snort.unified2.* 2>/dev/null)
+ else
+ 	COUNT=$(ls -la /nsm/sensor_data/*/snort.unified2.* 2>/dev/null | wc -l)
+-	FILES=$(ls -la /nsm/sensor_data/*/snort.unified2.*)
++	FILES=$(ls -la /nsm/sensor_data/*/snort.unified2.* 2>/dev/null)
+ fi
+
+ # If no files are found, exit immediately

debian/patches/series

@@ -156,3 +156,4 @@ Issue-1162:-NSM:-Add-new-script-to-clear-sensor-backlog
 remove-so-common-since-it-already-exists-in-securityonion-elastic-package
 remove-old-files
 postinst---add-conditions-for-updating-etcinitsecurityonion.conf
+avoid-errors-when-no-unified2-files-are-available-for-deletion

usr/sbin/so-clear-backlog

@@ -31,10 +31,10 @@ fi
 # Count and list files to be deleted
 if [ "$ENGINE" == "snort" ]; then
 	COUNT=$(ls -la /nsm/sensor_data/*/snort-*/snort.unified2.* 2>/dev/null | wc -l)
-	FILES=$(ls -la /nsm/sensor_data/*/snort-*/snort.unified2.*)
+	FILES=$(ls -la /nsm/sensor_data/*/snort-*/snort.unified2.* 2>/dev/null)
 else
 	COUNT=$(ls -la /nsm/sensor_data/*/snort.unified2.* 2>/dev/null | wc -l)
-	FILES=$(ls -la /nsm/sensor_data/*/snort.unified2.*)
+	FILES=$(ls -la /nsm/sensor_data/*/snort.unified2.* 2>/dev/null)
 fi
 
 # If no files are found, exit immediately