aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorErmal <eri@pfsense.org>2011-10-23 12:48:39 +0000
committerErmal <eri@pfsense.org>2011-10-23 12:48:39 +0000
commitc7a37fde395a9f0d08664133b321528af9aff3ae (patch)
tree72869f4f647978a84158b2c42d6647c768544fd6
parent968cc6deb25dacef3c6c68dbdf0d89299696ae46 (diff)
downloadpfsense-packages-c7a37fde395a9f0d08664133b321528af9aff3ae.tar.gz
pfsense-packages-c7a37fde395a9f0d08664133b321528af9aff3ae.tar.bz2
pfsense-packages-c7a37fde395a9f0d08664133b321528af9aff3ae.zip
Ticket #1749. Add some more validations to the code that generates oink scripts config.
-rw-r--r--config/snort/snort_check_for_rule_updates.php29
-rw-r--r--config/snort/snort_download_rules.php28
-rw-r--r--config/snort/snort_download_updates.php3
3 files changed, 33 insertions, 27 deletions
diff --git a/config/snort/snort_check_for_rule_updates.php b/config/snort/snort_check_for_rule_updates.php
index 2292dabd..c936db9d 100644
--- a/config/snort/snort_check_for_rule_updates.php
+++ b/config/snort/snort_check_for_rule_updates.php
@@ -546,31 +546,36 @@ exec("/usr/local/bin/perl /usr/local/bin/create-sidmap.pl /usr/local/etc/snort/r
//////////////////
-
/* open oinkmaster_conf for writing" function */
function oinkmaster_conf($id, $if_real, $iface_uuid)
{
- global $config, $g, $snortdir_wan, $snortdir, $snort_md5_check_ok, $emerg_md5_check_ok, $pfsense_md5_check_ok;
+ global $config, $g, $snort_md5_check_ok, $emerg_md5_check_ok, $pfsense_md5_check_ok;
+
+ @unlink("/usr/local/etc/snort/snort_{$iface_uuid}_{$if_real}/oinkmaster_{$iface_uuid}_{$if_real}.conf");
/* enable disable setting will carry over with updates */
/* TODO carry signature changes with the updates */
if ($snort_md5_check_ok != 'on' || $emerg_md5_check_ok != 'on' || $pfsense_md5_check_ok != 'on') {
+ $selected_sid_on_section = "";
+ $selected_sid_off_sections = "";
+
if (!empty($config['installedpackages']['snortglobal']['rule'][$id]['rule_sid_on'])) {
- $enabled_sid_on = $config['installedpackages']['snortglobal']['rule'][$id]['rule_sid_on'];
+ $enabled_sid_on = trim($config['installedpackages']['snortglobal']['rule'][$id]['rule_sid_on']);
$enabled_sid_on_array = split('\|\|', $enabled_sid_on);
foreach($enabled_sid_on_array as $enabled_item_on)
$selected_sid_on_sections .= "$enabled_item_on\n";
}
if (!empty($config['installedpackages']['snortglobal']['rule'][$id]['rule_sid_off'])) {
- $enabled_sid_off = $config['installedpackages']['snortglobal']['rule'][$id]['rule_sid_off'];
+ $enabled_sid_off = trim($config['installedpackages']['snortglobal']['rule'][$id]['rule_sid_off']);
$enabled_sid_off_array = split('\|\|', $enabled_sid_off);
foreach($enabled_sid_off_array as $enabled_item_off)
$selected_sid_off_sections .= "$enabled_item_off\n";
}
- $snort_sid_text = <<<EOD
+ if (!empty($selected_sid_off_sections) || !empty($selected_sid_on_section)) {
+ $snort_sid_text = <<<EOD
###########################################
# #
@@ -590,8 +595,9 @@ $selected_sid_off_sections
EOD;
- /* open snort's oinkmaster.conf for writing */
- @file_put_contents("/usr/local/etc/snort/snort_{$iface_uuid}_{$if_real}/oinkmaster_{$iface_uuid}_{$if_real}.conf", $snort_sid_text);
+ /* open snort's oinkmaster.conf for writing */
+ @file_put_contents("/usr/local/etc/snort/snort_{$iface_uuid}_{$if_real}/oinkmaster_{$iface_uuid}_{$if_real}.conf", $snort_sid_text);
+ }
}
}
@@ -602,11 +608,8 @@ function oinkmaster_run($id, $if_real, $iface_uuid)
{
global $config, $g, $snortdir_wan, $snortdir, $snort_md5_check_ok, $emerg_md5_check_ok, $pfsense_md5_check_ok;
- if ($snort_md5_check_ok != 'on' || $emerg_md5_check_ok != 'on' || $pfsense_md5_check_ok != 'on')
- {
-
- if ($config['installedpackages']['snortglobal']['rule'][$id]['rule_sid_on'] == '' && $config['installedpackages']['snortglobal']['rule'][$id]['rule_sid_off'] == '')
- {
+ if ($snort_md5_check_ok != 'on' || $emerg_md5_check_ok != 'on' || $pfsense_md5_check_ok != 'on') {
+ if (empty($config['installedpackages']['snortglobal']['rule'][$id]['rule_sid_on']) && empty($config['installedpackages']['snortglobal']['rule'][$id]['rule_sid_off'])) {
update_status(gettext("Your first set of rules are being copied..."));
update_output_window(gettext("May take a while..."));
exec("/bin/cp {$snortdir}/rules/* {$snortdir_wan}/snort_{$iface_uuid}_{$if_real}/rules/");
@@ -617,7 +620,7 @@ function oinkmaster_run($id, $if_real, $iface_uuid)
exec("/bin/cp {$snortdir}/sid {$snortdir_wan}/snort_{$iface_uuid}_{$if_real}");
exec("/bin/cp {$snortdir}/sid-msg.map {$snortdir_wan}/snort_{$iface_uuid}_{$if_real}");
exec("/bin/cp {$snortdir}/unicode.map {$snortdir_wan}/snort_{$iface_uuid}_{$if_real}");
- }else{
+ } else {
update_status(gettext("Your enable and disable changes are being applied to your fresh set of rules..."));
update_output_window(gettext("May take a while..."));
exec("/bin/cp {$snortdir}/rules/* {$snortdir_wan}/snort_{$iface_uuid}_{$if_real}/rules/");
diff --git a/config/snort/snort_download_rules.php b/config/snort/snort_download_rules.php
index 36a19e79..4c6ab662 100644
--- a/config/snort/snort_download_rules.php
+++ b/config/snort/snort_download_rules.php
@@ -614,27 +614,33 @@ exec("/usr/local/bin/perl /usr/local/bin/create-sidmap.pl /usr/local/etc/snort/r
/* open oinkmaster_conf for writing" function */
function oinkmaster_conf($id, $if_real, $iface_uuid)
{
- global $config, $g, $snortdir_wan, $snortdir, $snort_md5_check_ok, $emerg_md5_check_ok, $pfsense_md5_check_ok;
+ global $config, $snort_md5_check_ok, $emerg_md5_check_ok, $pfsense_md5_check_ok;
+
+ @unlink("/usr/local/etc/snort/snort_{$iface_uuid}_{$if_real}/oinkmaster_{$iface_uuid}_{$if_real}.conf");
/* enable disable setting will carry over with updates */
/* TODO carry signature changes with the updates */
if ($snort_md5_check_ok != 'on' || $emerg_md5_check_ok != 'on' || $pfsense_md5_check_ok != 'on') {
+ $selected_sid_on_sections = "";
+ $selected_sid_off_sections = "";
+
if (!empty($config['installedpackages']['snortglobal']['rule'][$id]['rule_sid_on'])) {
- $enabled_sid_on = $config['installedpackages']['snortglobal']['rule'][$id]['rule_sid_on'];
+ $enabled_sid_on = trim($config['installedpackages']['snortglobal']['rule'][$id]['rule_sid_on']);
$enabled_sid_on_array = split('\|\|', $enabled_sid_on);
foreach($enabled_sid_on_array as $enabled_item_on)
$selected_sid_on_sections .= "$enabled_item_on\n";
}
if (!empty($config['installedpackages']['snortglobal']['rule'][$id]['rule_sid_off'])) {
- $enabled_sid_off = $config['installedpackages']['snortglobal']['rule'][$id]['rule_sid_off'];
+ $enabled_sid_off = trim($config['installedpackages']['snortglobal']['rule'][$id]['rule_sid_off']);
$enabled_sid_off_array = split('\|\|', $enabled_sid_off);
foreach($enabled_sid_off_array as $enabled_item_off)
$selected_sid_off_sections .= "$enabled_item_off\n";
}
- $snort_sid_text = <<<EOD
+ if (!empty($selected_sid_on_sections) || !empty($selected_sid_off_sections)) {
+ $snort_sid_text = <<<EOD
###########################################
# #
@@ -654,8 +660,9 @@ $selected_sid_off_sections
EOD;
- /* open snort's oinkmaster.conf for writing */
- @file_put_contents("/usr/local/etc/snort/snort_{$iface_uuid}_{$if_real}/oinkmaster_{$iface_uuid}_{$if_real}.conf", $snort_sid_text);
+ /* open snort's oinkmaster.conf for writing */
+ @file_put_contents("/usr/local/etc/snort/snort_{$iface_uuid}_{$if_real}/oinkmaster_{$iface_uuid}_{$if_real}.conf", $snort_sid_text);
+ }
}
}
@@ -666,11 +673,8 @@ function oinkmaster_run($id, $if_real, $iface_uuid)
{
global $config, $g, $snortdir_wan, $snortdir, $snort_md5_check_ok, $emerg_md5_check_ok, $pfsense_md5_check_ok;
- if ($snort_md5_check_ok != 'on' || $emerg_md5_check_ok != 'on' || $pfsense_md5_check_ok != 'on')
- {
-
- if ($config['installedpackages']['snortglobal']['rule'][$id]['rule_sid_on'] == '' && $config['installedpackages']['snortglobal']['rule'][$id]['rule_sid_off'] == '')
- {
+ if ($snort_md5_check_ok != 'on' || $emerg_md5_check_ok != 'on' || $pfsense_md5_check_ok != 'on') {
+ if (empty($config['installedpackages']['snortglobal']['rule'][$id]['rule_sid_on']) && empty($config['installedpackages']['snortglobal']['rule'][$id]['rule_sid_off'])) {
update_status(gettext("Your first set of rules are being copied..."));
update_output_window(gettext("May take a while..."));
exec("/bin/cp {$snortdir}/rules/* {$snortdir_wan}/snort_{$iface_uuid}_{$if_real}/rules/");
@@ -681,7 +685,7 @@ function oinkmaster_run($id, $if_real, $iface_uuid)
exec("/bin/cp {$snortdir}/sid {$snortdir_wan}/snort_{$iface_uuid}_{$if_real}");
exec("/bin/cp {$snortdir}/sid-msg.map {$snortdir_wan}/snort_{$iface_uuid}_{$if_real}");
exec("/bin/cp {$snortdir}/unicode.map {$snortdir_wan}/snort_{$iface_uuid}_{$if_real}");
- }else{
+ } else {
update_status(gettext("Your enable and disable changes are being applied to your fresh set of rules..."));
update_output_window(gettext("May take a while..."));
exec("/bin/cp {$snortdir}/rules/* {$snortdir_wan}/snort_{$iface_uuid}_{$if_real}/rules/");
diff --git a/config/snort/snort_download_updates.php b/config/snort/snort_download_updates.php
index 874edb91..ebde5729 100644
--- a/config/snort/snort_download_updates.php
+++ b/config/snort/snort_download_updates.php
@@ -1,7 +1,6 @@
<?php
-/* $Id$ */
/*
- halt.php
+ snort_download_updates.php
part of pfSense
Copyright (C) 2004 Scott Ullrich
Copyright (C) 2011 Ermal Luci