diff options
| author | bmeeks8 <bmeeks8@bellsouth.net> | 2015-07-03 22:25:20 -0400 |
|---|---|---|
| committer | bmeeks8 <bmeeks8@bellsouth.net> | 2015-07-03 22:25:20 -0400 |
| commit | 168d9e3a981e7bbf9d54aa2dd8c1aed4d904238c (patch) | |
| tree | 1b7d9834f2b226ec95c1e4fe901294066b9974ce /config/snort/snort.inc | |
| parent | 129844406855b3406d9d220df776a3e12ffc55da (diff) | |
| download | pfsense-packages-168d9e3a981e7bbf9d54aa2dd8c1aed4d904238c.tar.gz pfsense-packages-168d9e3a981e7bbf9d54aa2dd8c1aed4d904238c.tar.bz2 pfsense-packages-168d9e3a981e7bbf9d54aa2dd8c1aed4d904238c.zip | |
Add new feature to hide deprecated rules categories in GUI.
Diffstat (limited to 'config/snort/snort.inc')
| -rwxr-xr-x | config/snort/snort.inc | 67 |
1 files changed, 67 insertions, 0 deletions
diff --git a/config/snort/snort.inc b/config/snort/snort.inc index e6de14d6..027207b1 100755 --- a/config/snort/snort.inc +++ b/config/snort/snort.inc @@ -3668,6 +3668,73 @@ function snort_generate_conf($snortcfg) { unset($home_net, $external_net, $ipvardef, $portvardef); } +function snort_remove_dead_rules() { + + /********************************************************/ + /* This function removes dead and deprecated rules */ + /* category files from the base Snort rules directory */ + /* and from the RULESETS setting of each interface. */ + /* The file "deprecated_rules", if it exists, is used */ + /* to determine which rules files to remove. */ + /********************************************************/ + + global $config, $g; + $rulesdir = SNORTDIR . "/rules/"; + $count = 0; + $cats = array(); + + // If there is no "deprecated_rules" file, then exit + if (!file_exists("{$rulesdir}deprecated_rules")) + return; + + // Open a SplFileObject to read in deprecated rules + $file = new SplFileObject("{$rulesdir}/deprecated_rules"); + $file->setFlags(SplFileObject::READ_AHEAD | SplFileObject::SKIP_EMPTY | SplFileObject::DROP_NEW_LINE); + while (!$file->eof()) { + $line = $file->fgets(); + + // Skip any lines with just spaces + if (trim($line) == "") + continue; + + // Skip any comment lines starting with '#' + if (preg_match('/^\s*\#+/', $line)) + continue; + + $cats[] = $line; + } + + // Close the SplFileObject since we are finished with it + $file = null; + + // Delete any dead rules files from the Snort RULES directory + foreach ($cats as $file) { + if (file_exists("{$rulesdir}{$file}")) + $count++; + unlink_if_exists("{$rulesdir}{$file}"); + } + + // Log how many obsoleted files were removed + log_error(gettext("[Snort] Removed {$count} obsoleted rules category files.")); + + // Now remove any dead rules files from the interface configurations + if (!empty($cats) && is_array($config['installedpackages']['snortglobal']['rule'])) { + foreach ($config['installedpackages']['snortglobal']['rule'] as &$iface) { + $enabled_rules = explode("||", $iface['rulesets']); + foreach ($enabled_rules as $k => $v) { + foreach ($cats as $d) { + if (strpos(trim($v), $d) !== false) + unset($enabled_rules[$k]); + } + } + $iface['rulesets'] = implode("||", $enabled_rules); + } + } + + // Clean up + unset($cats, $enabled_rules); +} + /* Uses XMLRPC to synchronize the changes to a remote node */ function snort_sync_on_changes() { global $config, $g; |