aboutsummaryrefslogtreecommitdiffstats
path: root/config
diff options
context:
space:
mode:
authorbmeeks8 <bmeeks8@bellsouth.net>2014-09-17 22:40:44 -0400
committerbmeeks8 <bmeeks8@bellsouth.net>2014-09-17 22:40:44 -0400
commit941115cc178e90650a7d97f2ac929f2441d2f694 (patch)
tree047dc80863d3abf29ce1c2772accb1e3fedc4abb /config
parent3321f53eb16bb7db6522ee571a1df97e2045c82d (diff)
downloadpfsense-packages-941115cc178e90650a7d97f2ac929f2441d2f694.tar.gz
pfsense-packages-941115cc178e90650a7d97f2ac929f2441d2f694.tar.bz2
pfsense-packages-941115cc178e90650a7d97f2ac929f2441d2f694.zip
Adjust rule set downloads for new unique service entries.
Diffstat (limited to 'config')
-rwxr-xr-xconfig/snort/snort.inc34
-rwxr-xr-xconfig/snort/snort_check_for_rule_updates.php23
2 files changed, 54 insertions, 3 deletions
diff --git a/config/snort/snort.inc b/config/snort/snort.inc
index 53ae4a9d..49376aa8 100755
--- a/config/snort/snort.inc
+++ b/config/snort/snort.inc
@@ -634,6 +634,40 @@ function snort_start_all_interfaces($background=FALSE) {
}
}
+function snort_stop_all_interfaces() {
+
+ /*************************************************************/
+ /* This function stops all configured Snort interfaces. */
+ /*************************************************************/
+
+ global $g, $config;
+
+ /* do nothing if no Snort interfaces active */
+ if (!is_array($config['installedpackages']['snortglobal']['rule']))
+ return;
+
+ foreach ($config['installedpackages']['snortglobal']['rule'] as $snortcfg) {
+ snort_stop($snortcfg, get_real_interface($snortcfg['interface']));
+ }
+}
+
+function snort_restart_all_interfaces() {
+
+ /*************************************************************/
+ /* This function stops all configured Snort interfaces and */
+ /* restarts enabled Snort interfaces. */
+ /*************************************************************/
+
+ global $g, $config;
+
+ /* do nothing if no Snort interfaces active */
+ if (!is_array($config['installedpackages']['snortglobal']['rule']))
+ return;
+
+ snort_stop_all_interfaces();
+ snort_start_all_interfaces(TRUE);
+}
+
function snort_reload_config($snortcfg, $signal="SIGHUP") {
/*************************************************************/
diff --git a/config/snort/snort_check_for_rule_updates.php b/config/snort/snort_check_for_rule_updates.php
index e801f5fd..066f1741 100755
--- a/config/snort/snort_check_for_rule_updates.php
+++ b/config/snort/snort_check_for_rule_updates.php
@@ -776,14 +776,31 @@ if ($snortdownload == 'on' || $emergingthreats == 'on' || $snortcommunityrules =
/* Clear the rebuild rules flag. */
$rebuild_rules = false;
- /* Restart snort if already running and we are not rebooting to pick up the new rules. */
- if (is_process_running("snort") && !$g['booting']) {
+ /* Restart snort if running, and we are not in post-install */
+ /* and not rebooting, so as to pick up the new rules. */
+ if (!$g['snort_postinstall'] && !$g['booting'] && !file_exists("{$g['varrun_path']}/booting")) {
if ($pkg_interface <> "console") {
update_status(gettext('Restarting Snort to activate the new set of rules...'));
update_output_window(gettext("Please wait ... restarting Snort will take some time..."));
}
error_log(gettext("\tRestarting Snort to activate the new set of rules...\n"), 3, $snort_rules_upd_log);
- restart_service("snort");
+ foreach ($config['installedpackages']['snortglobal']['rule'] as $snortcfg) {
+ if ($snortcfg['enable'] != "on")
+ continue;
+ $if_real = get_real_interface($snortcfg['interface']);
+ if (snort_is_running($snortcfg['uuid'], $if_real, 'snort')) {
+ touch("{$g['varrun_path']}/snort_{$snortcfg['uuid']}.disabled");
+ touch("{$g['varrun_path']}/barnyard2_{$snortcfg['uuid']}.disabled");
+ snort_stop($snortcfg, $if_real);
+ sleep(1);
+ if ($pkg_interface <> "console")
+ snort_start($snortcfg, $if_real, FALSE);
+ else
+ snort_start($snortcfg, $if_real, TRUE);
+ unlink_if_exists("{$g['varrun_path']}/snort_{$snortcfg['uuid']}.disabled");
+ unlink_if_exists("{$g['varrun_path']}/barnyard2_{$snortcfg['uuid']}.disabled");
+ }
+ }
if ($pkg_interface <> "console")
update_output_window(gettext("Snort has restarted with your new set of rules..."));
log_error(gettext("[Snort] Snort has restarted with your new set of rules..."));