diff options
author | Ermal <eri@pfsense.org> | 2012-07-22 18:45:30 +0000 |
---|---|---|
committer | Ermal <eri@pfsense.org> | 2012-07-22 18:46:08 +0000 |
commit | 1fba01c6b7ed109729a8bffa629c8900d6fdd78a (patch) | |
tree | 2c02cbe785f4e5a0e4d6d6207a4ea1fa2e535fd8 /config/snort | |
parent | 4b4248be5bfacf56e10c168311c7d82d490ee951 (diff) | |
download | pfsense-packages-1fba01c6b7ed109729a8bffa629c8900d6fdd78a.tar.gz pfsense-packages-1fba01c6b7ed109729a8bffa629c8900d6fdd78a.tar.bz2 pfsense-packages-1fba01c6b7ed109729a8bffa629c8900d6fdd78a.zip |
Remove files that are not selected under categories
Diffstat (limited to 'config/snort')
-rw-r--r-- | config/snort/snort_rulesets.php | 34 |
1 files changed, 28 insertions, 6 deletions
diff --git a/config/snort/snort_rulesets.php b/config/snort/snort_rulesets.php index 3d6de228..9af5354d 100644 --- a/config/snort/snort_rulesets.php +++ b/config/snort/snort_rulesets.php @@ -49,6 +49,22 @@ if (is_null($id)) { exit; } +function snort_remove_rules($files, $snortdir, $snort_uuid, $if_real) { + + if (empty($files)) + return; + + conf_mount_rw(); + foreach ($tormv as $file) { + @unlink("{$snortdir}/snort_{$snort_uuid}_{$if_real}/rules/{$file}"); + if (substr($file, -9) == ".so.rules") { + $slib = substr($enabled_item, 6, -6); + @unlink("{$snortdir}/snort_{$snort_uuid}_{$if_real}/dynamicrules/{$slib}"); + } + } + conf_mount_ro(); +} + function snort_copy_rules($files, $snortdir, $snort_uuid, $if_real) { if (empty($files)) @@ -58,6 +74,11 @@ function snort_copy_rules($files, $snortdir, $snort_uuid, $if_real) { foreach ($files as $file) { if (!file_exists("{$snortdir}/snort_{$snort_uuid}_{$if_real}/rules/{$file}")) @copy("{$snortdir}/rules/{$file}", "{$snortdir}/snort_{$snort_uuid}_{$if_real}/rules/{$file}"); + if (substr($file, -9) == ".so.rules") { + $slib = substr($enabled_item, 6, -6); + if (!file_exists("{$snortdir}/snort_{$snort_uuid}_{$if_real}/dynamicrules/{$slib}")) + @copy("/usr/local/lib/snort/dynamicrules/{$file}", "{$snortdir}/snort_{$snort_uuid}_{$if_real}/dynamicrules/{$slib}"); + } } conf_mount_ro(); } @@ -80,6 +101,11 @@ if ($_POST["Submit"]) { $enabled_items = implode("||", $_POST['toenable']); else $enabled_items = $_POST['toenable']; + + $oenabled = explode("||", $a_nat[$id]['rulesets']); + $nenabled = explode("||", $enabled_items); + $tormv = arrad_diff($oenabled, $nenabled); + snort_remove_rules($tormv, $snortdir, $snort_uuid, $if_real); $a_nat[$id]['rulesets'] = $enabled_items; snort_copy_rules(explode("||", $enabled_items), $snortdir, $snort_uuid, $if_real); @@ -91,12 +117,8 @@ if ($_POST["Submit"]) { } if ($_POST['unselectall']) { - if (!empty($pconfig['rulesets'])) { - conf_mount_rw(); - foreach (explode("||", $pconfig['rulesets']) as $file) - @unlink("{$snortdir}/snort_{$snort_uuid}_{$if_real}/rules/{$file}"); - conf_mount_ro(); - } + if (!empty($pconfig['rulesets'])) + snort_remove_rules(explode("||", $pconfig['rulesets']), $snortdir, $snort_uuid, $if_real); $a_nat[$id]['rulesets'] = ""; |