diff options
author | Ermal <eri@pfsense.org> | 2011-09-06 08:10:46 +0000 |
---|---|---|
committer | Ermal <eri@pfsense.org> | 2011-09-06 08:10:46 +0000 |
commit | 7eb660ddc26afeee20d8c69b4887437e346c8f31 (patch) | |
tree | 8c920adc0d4bd9bcf6c75792143ab65bc53b9e28 /config/snort | |
parent | 7b118197b5c12738937250f144d516c1a800edb4 (diff) | |
download | pfsense-packages-7eb660ddc26afeee20d8c69b4887437e346c8f31.tar.gz pfsense-packages-7eb660ddc26afeee20d8c69b4887437e346c8f31.tar.bz2 pfsense-packages-7eb660ddc26afeee20d8c69b4887437e346c8f31.zip |
Add checks to see if the files exists before being used on the config to avoid possible errors.
Diffstat (limited to 'config/snort')
-rw-r--r-- | config/snort/snort.inc | 9 |
1 files changed, 7 insertions, 2 deletions
diff --git a/config/snort/snort.inc b/config/snort/snort.inc index 839faf23..da6b8873 100644 --- a/config/snort/snort.inc +++ b/config/snort/snort.inc @@ -2198,6 +2198,11 @@ EOD; else $def_max_queued_segs_type = ' max_queued_segs ' . $snortcfg['max_queued_segs'] . ','; + $snort_preprocessor_decoder_rules = ""; + if (file_exists("/usr/local/etc/snort/preproc_rules/preprocessor.rules")) + $snort_preprocessor_decoder_rules .= "include \$PREPROC_RULE_PATH/preprocessor.rules\n"; + if (file_exists("/usr/local/etc/snort/preproc_rules/decoder.rules")) + $snort_preprocessor_decoder_rules .= "include \$PREPROC_RULE_PATH/decoder.rules\n"; /* build snort configuration file */ /* TODO; feed back from pfsense users to reduce false positives */ @@ -2408,8 +2413,8 @@ preprocessor ssl: ports { {$def_ssl_ports_ignore_type} }, trustservers, noinspec include /usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/reference.config include /usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/classification.config -include \$PREPROC_RULE_PATH/preprocessor.rules -include \$PREPROC_RULE_PATH/decoder.rules +{$snort_preprocessor_decoder_rules} + $threshold_file_name # Snort user pass through configuration |