aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rwxr-xr-xconfig/snort/snort.inc34
-rwxr-xr-xconfig/snort/snort_check_for_rule_updates.php23
2 files changed, 54 insertions, 3 deletions
diff --git a/config/snort/snort.inc b/config/snort/snort.inc
index 53ae4a9d..49376aa8 100755
--- a/config/snort/snort.inc
+++ b/config/snort/snort.inc
@@ -634,6 +634,40 @@ function snort_start_all_interfaces($background=FALSE) {
}
}
+function snort_stop_all_interfaces() {
+
+ /*************************************************************/
+ /* This function stops all configured Snort interfaces. */
+ /*************************************************************/
+
+ global $g, $config;
+
+ /* do nothing if no Snort interfaces active */
+ if (!is_array($config['installedpackages']['snortglobal']['rule']))
+ return;
+
+ foreach ($config['installedpackages']['snortglobal']['rule'] as $snortcfg) {
+ snort_stop($snortcfg, get_real_interface($snortcfg['interface']));
+ }
+}
+
+function snort_restart_all_interfaces() {
+
+ /*************************************************************/
+ /* This function stops all configured Snort interfaces and */
+ /* restarts enabled Snort interfaces. */
+ /*************************************************************/
+
+ global $g, $config;
+
+ /* do nothing if no Snort interfaces active */
+ if (!is_array($config['installedpackages']['snortglobal']['rule']))
+ return;
+
+ snort_stop_all_interfaces();
+ snort_start_all_interfaces(TRUE);
+}
+
function snort_reload_config($snortcfg, $signal="SIGHUP") {
/*************************************************************/
diff --git a/config/snort/snort_check_for_rule_updates.php b/config/snort/snort_check_for_rule_updates.php
index e801f5fd..066f1741 100755
--- a/config/snort/snort_check_for_rule_updates.php
+++ b/config/snort/snort_check_for_rule_updates.php
@@ -776,14 +776,31 @@ if ($snortdownload == 'on' || $emergingthreats == 'on' || $snortcommunityrules =
/* Clear the rebuild rules flag. */
$rebuild_rules = false;
- /* Restart snort if already running and we are not rebooting to pick up the new rules. */
- if (is_process_running("snort") && !$g['booting']) {
+ /* Restart snort if running, and we are not in post-install */
+ /* and not rebooting, so as to pick up the new rules. */
+ if (!$g['snort_postinstall'] && !$g['booting'] && !file_exists("{$g['varrun_path']}/booting")) {
if ($pkg_interface <> "console") {
update_status(gettext('Restarting Snort to activate the new set of rules...'));
update_output_window(gettext("Please wait ... restarting Snort will take some time..."));
}
error_log(gettext("\tRestarting Snort to activate the new set of rules...\n"), 3, $snort_rules_upd_log);
- restart_service("snort");
+ foreach ($config['installedpackages']['snortglobal']['rule'] as $snortcfg) {
+ if ($snortcfg['enable'] != "on")
+ continue;
+ $if_real = get_real_interface($snortcfg['interface']);
+ if (snort_is_running($snortcfg['uuid'], $if_real, 'snort')) {
+ touch("{$g['varrun_path']}/snort_{$snortcfg['uuid']}.disabled");
+ touch("{$g['varrun_path']}/barnyard2_{$snortcfg['uuid']}.disabled");
+ snort_stop($snortcfg, $if_real);
+ sleep(1);
+ if ($pkg_interface <> "console")
+ snort_start($snortcfg, $if_real, FALSE);
+ else
+ snort_start($snortcfg, $if_real, TRUE);
+ unlink_if_exists("{$g['varrun_path']}/snort_{$snortcfg['uuid']}.disabled");
+ unlink_if_exists("{$g['varrun_path']}/barnyard2_{$snortcfg['uuid']}.disabled");
+ }
+ }
if ($pkg_interface <> "console")
update_output_window(gettext("Snort has restarted with your new set of rules..."));
log_error(gettext("[Snort] Snort has restarted with your new set of rules..."));