diff -Nru securityonion-bro-3.0.0/debian/changelog securityonion-bro-3.0.0/debian/changelog --- securityonion-bro-3.0.0/debian/changelog 2019-10-31 14:14:25.000000000 +0000 +++ securityonion-bro-3.0.0/debian/changelog 2019-10-31 19:17:55.000000000 +0000 @@ -1,3 +1,9 @@ +securityonion-bro (3.0.0-1ubuntu1securityonion2) xenial; urgency=medium + + * change bro to zeek in inst scripts + + -- Doug Burks Thu, 31 Oct 2019 15:17:31 -0400 + securityonion-bro (3.0.0-1ubuntu1securityonion1) xenial; urgency=medium * Initial release diff -Nru securityonion-bro-3.0.0/debian/postinst securityonion-bro-3.0.0/debian/postinst --- securityonion-bro-3.0.0/debian/postinst 2019-10-31 14:17:27.000000000 +0000 +++ securityonion-bro-3.0.0/debian/postinst 2019-10-31 19:17:12.000000000 +0000 @@ -5,6 +5,10 @@ case "$1" in configure) + # Remove and re-create bro symbolic link + rm -f /opt/bro/bin/bro + ln -s zeek-wrapper /opt/bro/bin/bro + # if upgrading from previous version, copy over user's config PREV="pre-3.0.0" if [ -d /opt/bro/etc_$PREV ]; then @@ -16,28 +20,28 @@ echo "172.16.0.0/12 Private IP space" >> /opt/bro/etc/networks.cfg fi - # check broctl.cfg for proper dirs - if ! grep "nsm" /opt/bro/etc/broctl.cfg >/dev/null; then - sed -i 's|SpoolDir = /var/opt/bro/spool|SpoolDir = /nsm/bro/spool|g' /opt/bro/etc/broctl.cfg - sed -i 's|LogDir = /var/opt/bro/logs|LogDir = /nsm/bro/logs|g' /opt/bro/etc/broctl.cfg + # check zeekctl.cfg for proper dirs + if ! grep "nsm" /opt/bro/etc/zeekctl.cfg >/dev/null; then + sed -i 's|SpoolDir = /var/opt/bro/spool|SpoolDir = /nsm/bro/spool|g' /opt/bro/etc/zeekctl.cfg || echo "Error updating zeekctl.cfg!" + sed -i 's|LogDir = /var/opt/bro/logs|LogDir = /nsm/bro/logs|g' /opt/bro/etc/zeekctl.cfg || echo "Error updating zeekctl.cfg!" fi # Bro 2.5 changes SitePolicyStandalone to SitePolicyScripts - if grep "SitePolicyStandalone" /opt/bro/etc/broctl.cfg >/dev/null; then - sed -i 's|SitePolicyStandalone = local.bro|SitePolicyScripts = local.bro|g' /opt/bro/etc/broctl.cfg || echo "Error replacing SitePolicyStandalone with SitePolicyScripts in /opt/bro/etc/broctl.cfg!" + if grep "SitePolicyStandalone" /opt/bro/etc/zeekctl.cfg >/dev/null; then + sed -i 's|SitePolicyStandalone = local.bro|SitePolicyScripts = local.bro|g' /opt/bro/etc/zeekctl.cfg || echo "Error replacing SitePolicyStandalone with SitePolicyScripts in /opt/bro/etc/zeekctl.cfg!" fi # Bro 2.5 changes StatusCmdShowAll to 0 - if grep "StatusCmdShowAll = 1" /opt/bro/etc/broctl.cfg >/dev/null; then - sed -i 's|StatusCmdShowAll = 1|StatusCmdShowAll = 0|g' /opt/bro/etc/broctl.cfg || echo "Error changing StatusCmdShowAll from 1 to 0 in /opt/bro/etc/broctl.cfg!" + if grep "StatusCmdShowAll = 1" /opt/bro/etc/zeekctl.cfg >/dev/null; then + sed -i 's|StatusCmdShowAll = 1|StatusCmdShowAll = 0|g' /opt/bro/etc/zeekctl.cfg || echo "Error changing StatusCmdShowAll from 1 to 0 in /opt/bro/etc/zeekctl.cfg!" fi # Bro 2.5.1 adds CrashExpireInterval setting - if ! grep "CrashExpireInterval" /opt/bro/etc/broctl.cfg >/dev/null; then - cat << EOF >> /opt/bro/etc/broctl.cfg + if ! grep "CrashExpireInterval" /opt/bro/etc/zeekctl.cfg >/dev/null; then + cat << EOF >> /opt/bro/etc/zeekctl.cfg # Number of days that crash directories are kept. Crash directories older -# than this many days will be removed by "broctl cron". A value of 0 means +# than this many days will be removed by "zeekctl cron". A value of 0 means # that crash directories never expire. CrashExpireInterval = 30 EOF @@ -51,9 +55,9 @@ # so enable any lb_* directives that we had previously commented out # sed -i 's|#lb_|lb_|g' /opt/bro/etc/node.cfg - # fix broctl-config.sh symlink - rm /opt/bro/share/broctl/scripts/broctl-config.sh - ln -s /nsm/bro/spool/broctl-config.sh /opt/bro/share/broctl/scripts/broctl-config.sh + # fix zeekctl-config.sh symlink + rm /opt/bro/share/zeekctl/scripts/zeekctl-config.sh + ln -s /nsm/bro/spool/zeekctl-config.sh /opt/bro/share/zeekctl/scripts/zeekctl-config.sh ;;