aboutsummaryrefslogtreecommitdiffstats
path: root/config/snort
diff options
context:
space:
mode:
authorErmal <eri@pfsense.org>2011-09-06 08:10:46 +0000
committerErmal <eri@pfsense.org>2011-09-06 08:10:46 +0000
commit7eb660ddc26afeee20d8c69b4887437e346c8f31 (patch)
tree8c920adc0d4bd9bcf6c75792143ab65bc53b9e28 /config/snort
parent7b118197b5c12738937250f144d516c1a800edb4 (diff)
downloadpfsense-packages-7eb660ddc26afeee20d8c69b4887437e346c8f31.tar.gz
pfsense-packages-7eb660ddc26afeee20d8c69b4887437e346c8f31.tar.bz2
pfsense-packages-7eb660ddc26afeee20d8c69b4887437e346c8f31.zip
Add checks to see if the files exists before being used on the config to avoid possible errors.
Diffstat (limited to 'config/snort')
-rw-r--r--config/snort/snort.inc9
1 files changed, 7 insertions, 2 deletions
diff --git a/config/snort/snort.inc b/config/snort/snort.inc
index 839faf23..da6b8873 100644
--- a/config/snort/snort.inc
+++ b/config/snort/snort.inc
@@ -2198,6 +2198,11 @@ EOD;
else
$def_max_queued_segs_type = ' max_queued_segs ' . $snortcfg['max_queued_segs'] . ',';
+ $snort_preprocessor_decoder_rules = "";
+ if (file_exists("/usr/local/etc/snort/preproc_rules/preprocessor.rules"))
+ $snort_preprocessor_decoder_rules .= "include \$PREPROC_RULE_PATH/preprocessor.rules\n";
+ if (file_exists("/usr/local/etc/snort/preproc_rules/decoder.rules"))
+ $snort_preprocessor_decoder_rules .= "include \$PREPROC_RULE_PATH/decoder.rules\n";
/* build snort configuration file */
/* TODO; feed back from pfsense users to reduce false positives */
@@ -2408,8 +2413,8 @@ preprocessor ssl: ports { {$def_ssl_ports_ignore_type} }, trustservers, noinspec
include /usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/reference.config
include /usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/classification.config
-include \$PREPROC_RULE_PATH/preprocessor.rules
-include \$PREPROC_RULE_PATH/decoder.rules
+{$snort_preprocessor_decoder_rules}
+
$threshold_file_name
# Snort user pass through configuration