aboutsummaryrefslogtreecommitdiffstats
path: root/config/suricata/suricata_check_for_rule_updates.php
diff options
context:
space:
mode:
authorbmeeks8 <bmeeks8@bellsouth.net>2014-10-10 15:55:35 -0400
committerbmeeks8 <bmeeks8@bellsouth.net>2014-12-15 12:11:57 -0500
commit8dcd6625ce0f4eeb34f1eac94d53ef5cb2c6cbe8 (patch)
tree76ca15ab8f6af2ab39f9b138037b174ca62cef2d /config/suricata/suricata_check_for_rule_updates.php
parent9e2b8ab7986295a2a8243af06cbcf74f72e2be8f (diff)
downloadpfsense-packages-8dcd6625ce0f4eeb34f1eac94d53ef5cb2c6cbe8.tar.gz
pfsense-packages-8dcd6625ce0f4eeb34f1eac94d53ef5cb2c6cbe8.tar.bz2
pfsense-packages-8dcd6625ce0f4eeb34f1eac94d53ef5cb2c6cbe8.zip
Only call conf_mount_rw() when we need to (such as during cron task).
Diffstat (limited to 'config/suricata/suricata_check_for_rule_updates.php')
-rw-r--r--config/suricata/suricata_check_for_rule_updates.php18
1 files changed, 10 insertions, 8 deletions
diff --git a/config/suricata/suricata_check_for_rule_updates.php b/config/suricata/suricata_check_for_rule_updates.php
index 9a05b05e..0a8f1937 100644
--- a/config/suricata/suricata_check_for_rule_updates.php
+++ b/config/suricata/suricata_check_for_rule_updates.php
@@ -74,6 +74,7 @@ if (!defined("ET_PRO_FILE_PREFIX"))
$suricatadir = SURICATADIR;
$suricatalogdir = SURICATALOGDIR;
$suricata_rules_upd_log = SURICATA_RULES_UPD_LOGFILE;
+$mounted_rw = FALSE;
/* Save the state of $pkg_interface so we can restore it */
$pkg_interface_orig = $pkg_interface;
@@ -105,7 +106,10 @@ $snort_community_rules_filename_md5 = GPLV2_DNLD_FILENAME . ".md5";
$snort_community_rules_url = GPLV2_DNLD_URL;
/* Mount the Suricata conf directories R/W so we can modify files there */
-conf_mount_rw();
+if (!is_subsystem_dirty('mount')) {
+ conf_mount_rw();
+ $mounted_rw = TRUE;
+}
/* Set up Emerging Threats rules filenames and URL */
if ($etpro == "on") {
@@ -711,19 +715,18 @@ if ($snortdownload == 'on' || $emergingthreats == 'on' || $snortcommunityrules =
/* Restart Suricata if already running and we are not in post-install, so as to pick up the new rules. */
if (is_process_running("suricata") && !$g['suricata_postinstall'] &&
- !empty($config['installedpackages']['suricata']['rule'])) {
+ count($config['installedpackages']['suricata']['rule']) > 0) {
// See if "Live Reload" is configured and signal each Suricata instance
// if enabled, else just do a hard restart of all the instances.
if ($config['installedpackages']['suricata']['config'][0]['live_swap_updates'] == 'on') {
if ($pkg_interface <> "console") {
- update_status(gettext('Signalling Suricata to live-load the new set of rules...'));
+ update_status(gettext('Signaling Suricata to live-load the new set of rules...'));
update_output_window(gettext("Please wait ... the process should complete in a few seconds..."));
}
log_error(gettext("[Suricata] Live-Reload of rules from auto-update is enabled..."));
error_log(gettext("\tLive-Reload of updated rules is enabled...\n"), 3, $suricata_rules_upd_log);
foreach ($config['installedpackages']['suricata']['rule'] as $value) {
- $if_real = get_real_interface($value['interface']);
suricata_reload_config($value);
error_log(gettext("\tLive swap of updated rules requested for " . convert_friendly_interface_to_friendly_descr($value['interface']) . ".\n"), 3, $suricata_rules_upd_log);
}
@@ -765,9 +768,8 @@ if ($pkg_interface <> "console") {
log_error(gettext("[Suricata] The Rules update has finished."));
error_log(gettext("The Rules update has finished. Time: " . date("Y-m-d H:i:s"). "\n\n"), 3, $suricata_rules_upd_log);
-// Remount filesystem read-only unless we are in package post-install.
-// The post-install code will remount read-only when it completes.
-if (!$g['suricata_postinstall'])
+/* Remount filesystem read-only if we changed it in this module */
+if ($mounted_rw == TRUE)
conf_mount_ro();
// Restore the state of $pkg_interface
@@ -779,6 +781,6 @@ if ($update_errors)
else
$config['installedpackages']['suricata']['config'][0]['last_rule_upd_status'] = gettext("success");
$config['installedpackages']['suricata']['config'][0]['last_rule_upd_time'] = time();
-write_config("Suricata pkg: updated status for updated rules package(s) check.");
+write_config("Suricata pkg: updated status for updated rules package(s) check.", FALSE);
?>