#!/bin/sh -e

# Preinst for snort-common-rules, currently only handles
# migration from old /etc/snort to new /etc/snort setup
#


check_md5() {
# if the MD5sum matches the user has not modified it, remove it
# if it does not match then just move it to the new location
    [ ! -f "$1" ] && return 1
    [ -z "$2" ] && return 1
    if md5sum $1 2>/dev/null |grep -q $2; then
    	    echo "Removing $1 since it has not been changed"
            rm -f $1
    else
    # Optionally move to a directory
    	    if [ -n "$3" ] && [ -d "$3" ] ; then
	    	    echo "Moving $1 to $3"
    		    mv $1 $3
	    fi
    fi
}


if [ ! -d /etc/snort/rules ]
then
	mkdir -p /etc/snort/rules
	chown root:root /etc/snort/rules
	chmod 755 /etc/snort/rules
fi

case "$1" in
    install|upgrade)
        if [ "x$2" != "x" ] ; then
            if dpkg --compare-versions $2 lt 1.9.0beta4-1 ; then
		if [ ! -z "`ls /etc/snort/*.rules 2>/dev/null | head -1`" ]
		then
			echo "Checking if old rulefiles have been changed"
			echo "
3bc265bef3ff5fc675f9f1acf8ea6390  attack-responses.rules
3bc265bef3ff5fc675f9f1acf8ea6390  attack-responses.rules
c20eb0f3f140b7659ebd37f2e3553f2d  backdoor.rules
08b710276367c03fcd26d1b3512a870d  bad-traffic.rules
48683f29e6452e4e43f1af004f537485  ddos.rules
f605e07289ace0adc279aa46225834a5  dns.rules
b231ab5af973df5f06201f16be8a37ff  dos.rules
31788f18caaed776f021e5029bdd6757  exploit.rules
3f0c90491298edd0dfc37a6afc9ffac6  finger.rules
a2f2068460b622a85624b664d9108b36  ftp.rules
c580f094d32435915f893c2661fb73dc  icmp-info.rules
3abbb384dd222225560ec87b324b63ce  icmp.rules
9159fed0eda9c16245f4c6edb94c0d7c  info.rules
8005f28d5e2400c474a7b765029eefb5  local.rules
8204b5ce028496bca3f95a06dfca10b9  misc.rules
f63f7c3c9a9f627521b0dcce1e134f1f  netbios.rules
fe402fc3c9e795ea22af59be84683be5  policy.rules
00b1e66fe86b46bf94460320ca71d972  porn.rules
c23be32425937a87219ccd0ee4f85813  rpc.rules
82a173d9144a11ea1e686fcec730549a  rservices.rules
c9dd621a43c896dde6dd2da09575897f  scan.rules
55a0e660ea08c314cf4d5c19f7973f83  shellcode.rules
b304d4b570e94112d6b025d6a55007c1  smtp.rules
ccff2e48615eb7d27466b26a9dd66b66  sql.rules
f68e3bee2ab97ce729f20a0f4751ca04  telnet.rules
a263d7e4526e8012aafd9daf62690519  tftp.rules
2abd1c03364a8a1c01650764cf2af2f1  virus.rules
fe239ae24a682d3d47251c28689fc9ec  web-attacks.rules
2e99d333c4ab20bfd3f5694915b6d591  web-cgi.rules
3051d9dda0ed859487580733b2a318d2  web-coldfusion.rules
b7fc9e8371d04b5ec203651c15135657  web-frontpage.rules
e7100df55b15a262f45d0a2940594d1f  web-iis.rules
028a217dbdc67fea026a1f7c3dd6560b  web-misc.rules
6e85b6a55b84bffc29fd58b8e6747b65  x11.rules
c20eb0f3f140b7659ebd37f2e3553f2d  backdoor.rules
08b710276367c03fcd26d1b3512a870d  bad-traffic.rules
48683f29e6452e4e43f1af004f537485  ddos.rules
f605e07289ace0adc279aa46225834a5  dns.rules
b231ab5af973df5f06201f16be8a37ff  dos.rules
31788f18caaed776f021e5029bdd6757  exploit.rules
3f0c90491298edd0dfc37a6afc9ffac6  finger.rules
a2f2068460b622a85624b664d9108b36  ftp.rules
c580f094d32435915f893c2661fb73dc  icmp-info.rules
3abbb384dd222225560ec87b324b63ce  icmp.rules
9159fed0eda9c16245f4c6edb94c0d7c  info.rules
8005f28d5e2400c474a7b765029eefb5  local.rules
8204b5ce028496bca3f95a06dfca10b9  misc.rules
f63f7c3c9a9f627521b0dcce1e134f1f  netbios.rules
fe402fc3c9e795ea22af59be84683be5  policy.rules
00b1e66fe86b46bf94460320ca71d972  porn.rules
c23be32425937a87219ccd0ee4f85813  rpc.rules
82a173d9144a11ea1e686fcec730549a  rservices.rules
c9dd621a43c896dde6dd2da09575897f  scan.rules
55a0e660ea08c314cf4d5c19f7973f83  shellcode.rules
b304d4b570e94112d6b025d6a55007c1  smtp.rules
ccff2e48615eb7d27466b26a9dd66b66  sql.rules
f68e3bee2ab97ce729f20a0f4751ca04  telnet.rules
a263d7e4526e8012aafd9daf62690519  tftp.rules
2abd1c03364a8a1c01650764cf2af2f1  virus.rules
fe239ae24a682d3d47251c28689fc9ec  web-attacks.rules
2e99d333c4ab20bfd3f5694915b6d591  web-cgi.rules
3051d9dda0ed859487580733b2a318d2  web-coldfusion.rules
b7fc9e8371d04b5ec203651c15135657  web-frontpage.rules
e7100df55b15a262f45d0a2940594d1f  web-iis.rules
028a217dbdc67fea026a1f7c3dd6560b  web-misc.rules
6e85b6a55b84bffc29fd58b8e6747b65  x11.rules 
" |
			while read md5sum file ; do
				check_md5 /etc/snort/$file $md5sum /etc/snort/rules/
			done
			echo "Finished check of old rulefiles"
			# Classification config modified?
			check_md5 /etc/snort/classification.config 183a351fc8c3a60ed9fbbb8194e4eda1
		fi
            fi
        fi
    ;;
    abort-upgrade)
    ;;
    *)
        echo "preinst called with unknown argument \`$1'" >&2
        exit 1
    ;;
esac