diff options
author | bmeeks8 <bmeeks8@bellsouth.net> | 2014-09-19 21:50:23 -0400 |
---|---|---|
committer | bmeeks8 <bmeeks8@bellsouth.net> | 2014-09-19 21:50:23 -0400 |
commit | 3d935979946e45393230c4adf6ee1835d7cceaba (patch) | |
tree | 5772773e5eaeea1c528aceb1a0b3d42e26f6d411 /config/snort | |
parent | df80f9bf7542fe312d2f9b4bdc95c7beb80b8ab4 (diff) | |
download | pfsense-packages-3d935979946e45393230c4adf6ee1835d7cceaba.tar.gz pfsense-packages-3d935979946e45393230c4adf6ee1835d7cceaba.tar.bz2 pfsense-packages-3d935979946e45393230c4adf6ee1835d7cceaba.zip |
Ensure we unset only desired element instead of entire array!
Diffstat (limited to 'config/snort')
-rwxr-xr-x | config/snort/snort.inc | 43 | ||||
-rw-r--r-- | config/snort/snort_barnyard.php | 1 | ||||
-rwxr-xr-x | config/snort/snort_interfaces.php | 9 | ||||
-rwxr-xr-x | config/snort/snort_interfaces_edit.php | 4 | ||||
-rw-r--r-- | config/snort/snort_post_install.php | 4 |
5 files changed, 42 insertions, 19 deletions
diff --git a/config/snort/snort.inc b/config/snort/snort.inc index bf2af306..75153efb 100755 --- a/config/snort/snort.inc +++ b/config/snort/snort.inc @@ -1039,21 +1039,23 @@ function sync_snort_package_config() { conf_mount_rw(); + $pkg_serv = &$config['installedpackages']['service']; + if (!is_array($pkg_serv)) + $pkg_serv = array(); + /* do not start config build if rules is empty or there are no Snort settings */ if (!is_array($config['installedpackages']['snortglobal']) || !is_array($config['installedpackages']['snortglobal']['rule'])) { conf_mount_ro(); // Make sure no lingering <service> entries exist for Snort interfaces $is_dirty = FALSE; - if (!is_array($config['installedpackges']['service'])) - $config['installedpackages']['service'] = array(); - foreach ($config['installedpackages']['service'] as $key => $service) { + foreach ($pkg_serv as $key => $service) { if (strpos($service['name'], "snort_") !== FALSE) { - unset($config['installedpackages']['service'][$key]); + unset($pkg_serv[$key]); $is_dirty = TRUE; } if (strpos($service['name'], "barnyard2_") !== FALSE) { - unset($config['installedpackages']['service'][$key]); + unset($pkg_serv[$key]); $is_dirty = TRUE; } } @@ -1068,16 +1070,16 @@ function sync_snort_package_config() { /* Skip configuration of any disabled interface */ /* after removing its custom service entry. */ if ($value['enable'] != 'on') { - foreach ($config['installedpackages']['service'] as $key => $service) { + foreach ($pkg_serv as $key => $service) { if (isset($service['uuid']) && $service['uuid'] == $value['uuid'] && $service['name'] == "snort_" . strtolower($value['interface'])) { - unset($config['installedpackages']['service'][$key]); + unset($pkg_serv[$key]); unlink_if_exists("{$g['varrun_path']}/snort_{$uuid}.disabled"); $is_dirty = TRUE; } if (isset($service['uuid']) && $service['uuid'] == $value['uuid'] && $service['name'] == "barnyard2_" . strtolower($value['interface'])) { - unset($config['installedpackages']['service'][$key]); + unset($pkg_serv[$key]); unlink_if_exists("{$g['varrun_path']}/barnyard2_{$uuid}.disabled"); $is_dirty = TRUE; } @@ -1097,7 +1099,7 @@ function sync_snort_package_config() { /* create a <service> entry for interface */ $snort_found = FALSE; $barnyard_found = FALSE; - foreach ($config['installedpackages']['service'] as $service) { + foreach ($pkg_serv as $key => $service) { if (isset($service['uuid']) && $service['uuid'] == $value['uuid'] && $service['name'] == "snort_" . strtolower($value['interface'])) { $snort_found = TRUE; @@ -1105,8 +1107,20 @@ function sync_snort_package_config() { if (isset($service['uuid']) && $service['uuid'] == $value['uuid'] && $service['name'] == "barnyard2_" . strtolower($value['interface'])) { $barnyard_found = TRUE; + $byid = $key; } } + + // If we found a configured Barnyard2 service for this interface, + // but Barnyard2 is disabled, remove the Barnyard2 service entry. + if ($barnyard_found && $value['barnyard_enable'] != "on") { + unset($pkg_serv[$byid]); + unlink_if_exists("{$g['varrun_path']}/barnyard2_{$uuid}.disabled"); + $is_dirty = TRUE; + } + + // If we did not find configured services for enabled Snort and + // Barnyard2 interfaces, then create them. if (!$snort_found) { $service = array(); $service['name'] = "snort_" . strtolower($value['interface']); @@ -3026,17 +3040,18 @@ function snort_deinstall() { /* Remove our custom <service> entries from config */ $is_dirty = FALSE; - if (!is_array($config['installedpackges']['service'])) - $config['installedpackages']['service'] = array(); - foreach ($config['installedpackages']['service'] as $key => $service) { + $pkg_serv = &$config['installedpackages']['service']; + if (!is_array($pkg_serv)) + $pkg_serv = array(); + foreach ($pkg_serv as $key => $service) { if (strpos($service['name'], "snort_") !== FALSE) { - unset($config['installedpackages']['service'][$key]); + unset($pkg_serv[$key]); unlink_if_exists("{$g['varrun_path']}/snort_{$service['uuid']}.disabled"); $is_dirty = TRUE; continue; } if (strpos($service['name'], "barnyard2_") !== FALSE) { - unset($config['installedpackages']['service'][$key]); + unset($pkg_serv[$key]); unlink_if_exists("{$g['varrun_path']}/barnyard2_{$service['uuid']}.disabled"); $is_dirty = TRUE; } diff --git a/config/snort/snort_barnyard.php b/config/snort/snort_barnyard.php index 4943f981..3f3d8ae5 100644 --- a/config/snort/snort_barnyard.php +++ b/config/snort/snort_barnyard.php @@ -98,6 +98,7 @@ if ($_POST['save']) { if ($_POST['barnyard_enable'] != 'on') { $a_nat[$id]['barnyard_enable'] = 'off'; write_config("Snort pkg: modified Barnyard2 settings."); + touch("{$g['varrun_path']}/barnyard2_{$uuid}.disabled"); snort_barnyard_stop($a_nat[$id], get_real_interface($a_nat[$id]['interface'])); // No need to rebuild rules for Barnyard2 changes diff --git a/config/snort/snort_interfaces.php b/config/snort/snort_interfaces.php index 51eef308..04e6dae0 100755 --- a/config/snort/snort_interfaces.php +++ b/config/snort/snort_interfaces.php @@ -52,18 +52,21 @@ if (isset($_POST['del_x'])) { /* Delete selected Snort interfaces */ if (is_array($_POST['rule'])) { conf_mount_rw(); + $pkg_serv = &$config['installedpackages']['service']; + if (!is_array($pkg_serv)) + $pkg_serv = array(); foreach ($_POST['rule'] as $rulei) { $if_real = get_real_interface($a_nat[$rulei]['interface']); $snort_uuid = $a_nat[$rulei]['uuid']; - foreach ($config['installedpackages']['service'] as $key => $service) { + foreach ($pkg_serv as $key => $service) { if (isset($service['uuid']) && $service['uuid'] == $snort_uuid && $service['name'] == "snort_" . strtolower($a_nat[$rulei]['interface'])) { - unset($config['installedpackages']['service'][$key]); + unset($pkg_serv[$key]); unlink_if_exists("{$g['varrun_path']}/snort_{$snort_uuid}.disabled"); } if (isset($service['uuid']) && $service['uuid'] == $snort_uuid && $service['name'] == "barnyard2_" . strtolower($a_nat[$rulei]['interface'])) { - unset($config['installedpackages']['service'][$key]); + unset($pkg_serv[$key]); unlink_if_exists("{$g['varrun_path']}/barnyard2_{$snort_uuid}.disabled"); } } diff --git a/config/snort/snort_interfaces_edit.php b/config/snort/snort_interfaces_edit.php index cc785725..1b412d31 100755 --- a/config/snort/snort_interfaces_edit.php +++ b/config/snort/snort_interfaces_edit.php @@ -165,6 +165,8 @@ if ($_POST["save"] && !$input_errors) { // save the change, and exit. if ($_POST['enable'] != 'on') { $a_rule[$id]['enable'] = $_POST['enable'] ? 'on' : 'off'; + touch("{$g['varrun_path']}/snort_{$a_rule[$id]['uuid']}.disabled"); + touch("{$g['varrun_path']}/barnyard2_{$a_rule[$id]['uuid']}.disabled"); snort_stop($a_rule[$id], get_real_interface($a_rule[$id]['interface'])); write_config("Snort pkg: modified interface configuration for {$a_rule[$id]['interface']}."); $rebuild_rules = false; @@ -225,6 +227,7 @@ if ($_POST["save"] && !$input_errors) { $oif_real = get_real_interface($a_rule[$id]['interface']); if (snort_is_running($a_rule[$id]['uuid'], $oif_real)) { touch("{$g['varrun_path']}/snort_{$a_rule[$id]['uuid']}.disabled"); + touch("{$g['varrun_path']}/barnyard2_{$a_rule[$id]['uuid']}.disabled"); snort_stop($a_rule[$id], $oif_real); $snort_start = true; } @@ -401,6 +404,7 @@ if ($_POST["save"] && !$input_errors) { if ($snort_start == true) { snort_start($natent, $if_real); unlink_if_exists("{$g['varrun_path']}/snort_{$natent['uuid']}.disabled"); + unlink_if_exists("{$g['varrun_path']}/barnyard2_{$natent['uuid']}.disabled"); } /*******************************************************/ diff --git a/config/snort/snort_post_install.php b/config/snort/snort_post_install.php index bbdbe476..36a54298 100644 --- a/config/snort/snort_post_install.php +++ b/config/snort/snort_post_install.php @@ -194,7 +194,7 @@ if ($config['installedpackages']['snortglobal']['forcekeepsettings'] == 'on') { $if_real = get_real_interface($snortcfg['interface']); $snort_uuid = $snortcfg['uuid']; $snortcfgdir = "{$snortdir}/snort_{$snort_uuid}_{$if_real}"; - update_output_window(gettext("Generating configuration for " . convert_friendly_interface_to_friendly_descr($snortcfg['interface']))); + update_output_window(gettext("Generating configuration for " . convert_friendly_interface_to_friendly_descr($snortcfg['interface']) . "...")); // Pull in the PHP code that generates the snort.conf file // variables that will be substituted further down below. @@ -295,7 +295,7 @@ if ($config['installedpackages']['snortglobal']['forcekeepsettings'] == 'on') { continue; $if_real = get_real_interface($snortcfg['interface']); $snort_uuid = $snortcfg['uuid']; - update_output_window(gettext("Snort starting on " . convert_friendly_interface_to_friendly_descr($snortcfg['interface']))); + update_output_window(gettext("Snort starting on " . convert_friendly_interface_to_friendly_descr($snortcfg['interface']) . "...")); log_error("[Snort] Snort START for " . convert_friendly_interface_to_friendly_descr($snortcfg['interface']) . "({$if_real})..."); mwexec_bg("/usr/local/bin/snort -R {$snort_uuid} -D -q -l {$snortlogdir}/snort_{$if_real}{$snort_uuid} --pid-path {$g['varrun_path']} --nolock-pidfile -G {$snort_uuid} -c {$snortdir}/snort_{$snort_uuid}_{$if_real}/snort.conf -i {$if_real}"); if ($snortcfg['barnyard_enable'] == 'on') |