Fix it so all ET-Open rules files get correct prefix.

1 files changed, 15 insertions, 5 deletions

diff --git a/config/suricata/suricata_check_for_rule_updates.php b/config/suricata/suricata_check_for_rule_updates.php
index 9aa14f6e..280add7a 100644
--- a/config/suricata/suricata_check_for_rule_updates.php
+++ b/config/suricata/suricata_check_for_rule_updates.php
@@ -431,17 +431,27 @@ if ($emergingthreats == 'on') {
 		array_map('unlink', glob("{$suricatadir}rules/{$eto_prefix}*ips.txt"));
 		array_map('unlink', glob("{$suricatadir}rules/{$etpro_prefix}*ips.txt"));
 
-		// The code below renames ET-Pro files with a prefix, so we
+		// The code below renames ET files with a prefix, so we
 		// skip renaming the Suricata default events rule files
-		// that are also bundled in the ET-Pro rules.
+		// that are also bundled in the ET rules.
 		$default_rules = array( "decoder-events.rules", "files.rules", "http-events.rules", "smtp-events.rules", "stream-events.rules" );
 		$files = glob("{$tmpfname}/emerging/rules/*.rules");
+		// Determine the correct prefix to use based on which
+		// Emerging Threats rules package is enabled.
+		if ($etpro == "on")
+			$prefix = ET_PRO_FILE_PREFIX;
+		else
+			$prefix = ET_OPEN_FILE_PREFIX;
 		foreach ($files as $file) {
 			$newfile = basename($file);
-			if ($etpro == "on" && !in_array($newfile, $default_rules))
-				@copy($file, "{$suricatadir}rules/" . ET_PRO_FILE_PREFIX . "{$newfile}");
-			else
+			if (in_array($newfile, $default_rules))
 				@copy($file, "{$suricatadir}rules/{$newfile}");
+			else {
+				if (strpos($newfile, $prefix) === FALSE)
+					@copy($file, "{$suricatadir}rules/{$prefix}{$newfile}");
+				else
+					@copy($file, "{$suricatadir}rules/{$newfile}");
+			}
 		}
 		/* IP lists for Emerging Threats rules */
 		$files = glob("{$tmpfname}/emerging/rules/*ips.txt");