aboutsummaryrefslogtreecommitdiffstats
path: root/config/snort
diff options
context:
space:
mode:
authorErmal <eri@pfsense.org>2013-01-21 11:35:11 +0100
committerErmal <eri@pfsense.org>2013-01-21 11:35:11 +0100
commitd3bc44b626de35494ee73682591367329516d5d6 (patch)
treeffca90daf11cf8421582fa726638aa08c8821c6c /config/snort
parent9364ae8d30859823ef560ab90eb25b6947467ecf (diff)
downloadpfsense-packages-d3bc44b626de35494ee73682591367329516d5d6.tar.gz
pfsense-packages-d3bc44b626de35494ee73682591367329516d5d6.tar.bz2
pfsense-packages-d3bc44b626de35494ee73682591367329516d5d6.zip
Unset some vars to free memory and some more small corrections
Diffstat (limited to 'config/snort')
-rwxr-xr-xconfig/snort/snort.inc12
1 files changed, 8 insertions, 4 deletions
diff --git a/config/snort/snort.inc b/config/snort/snort.inc
index ae0ac8cc..d7db399e 100755
--- a/config/snort/snort.inc
+++ b/config/snort/snort.inc
@@ -722,7 +722,7 @@ function sync_snort_package_config() {
conf_mount_ro();
}
-function build_sid_msg_map($rules_path, $sid_file) {
+function snort_build_sid_msg_map($rules_path, $sid_file) {
/*************************************************************/
/* This function reads all the rules file in the passed */
@@ -1267,8 +1267,8 @@ function snort_write_flowbit_rules_file(&$flowbit_rules, $rule_file) {
@fwrite($fp, "# of the rule to the Suppression List for the interface.\n");
foreach ($flowbit_rules as $k1 => $rule) {
foreach ($rule as $k2 => $rule2) {
- @fwrite($fp, "\n# Category: " . $rule2['category']);
- @fwrite($fp, " GID:" . $k1 . " SID:" . $k2 . "\n");
+ @fwrite($fp, "\n# Category: {$rule2['category']}");
+ @fwrite($fp, " GID:{$k1} SID:{$k2}\n");
@fwrite($fp, $rule2['rule']);
}
}
@@ -2175,11 +2175,13 @@ EOD;
snort_write_enforcing_rules_file($enabled_rules, "{$snortcfgdir}/rules/{$snort_enforcing_rules_file}");
if (file_exists("{$snortcfgdir}/rules/{$snort_enforcing_rules_file}"))
$selected_rules_sections = "include \$RULE_PATH/{$snort_enforcing_rules_file}\n";
+ unset($enabled_rules);
/* If auto-flowbit resolution is enabled, generate the dependent flowbits rules file. */
if ($snortcfg['autoflowbitrules'] == 'on') {
$enabled_files[] = "{$snortcfgdir}/rules/{$snort_enforcing_rules_file}";
snort_write_flowbit_rules_file(snort_resolve_flowbits($enabled_files), "{$snortcfgdir}/rules/{$flowbit_rules_file}");
+ unset($enabled_files);
}
/* If we have the depedent flowbits rules file, then include it. */
@@ -2195,7 +2197,7 @@ EOD;
/* Build a new sid-msg.map file from the enabled */
/* rules and copy it to the interface directory. */
- build_sid_msg_map("{$snortcfgdir}/rules/", "{$snortcfgdir}/sid-msg.map");
+ snort_build_sid_msg_map("{$snortcfgdir}/rules/", "{$snortcfgdir}/sid-msg.map");
$cksumcheck = "all";
if ($snortcfg['cksumcheck'] == 'on')
@@ -2292,6 +2294,8 @@ EOD;
}
fwrite($conf, $snort_conf_text);
fclose($conf);
+ unset($snort_conf_text, $selected_rules_sections, $suppress_file_name, $snort_misc_include_rules, $spoink_type, $snortunifiedlog_type, $alertsystemlog_type);
+ unset($home_net, $external_net, $vardef, $portvardef);
}
?>