diff options
-rw-r--r-- | config/suricata/suricata.inc | 19 | ||||
-rw-r--r-- | config/suricata/suricata_post_install.php | 23 |
2 files changed, 34 insertions, 8 deletions
diff --git a/config/suricata/suricata.inc b/config/suricata/suricata.inc index 3de6a1d6..73208f61 100644 --- a/config/suricata/suricata.inc +++ b/config/suricata/suricata.inc @@ -646,9 +646,10 @@ function suricata_rules_up_install_cron($should_install=true) { if (suricata_cron_job_exists($command, TRUE, $suricata_rules_up_min, $suricata_rules_up_hr, $suricata_rules_up_mday, $suricata_rules_up_month, $suricata_rules_up_wday, "root")) return; - // Else install the new or updated cron job - if ($should_install) - install_cron_job($command, $should_install, $suricata_rules_up_min, $suricata_rules_up_hr, $suricata_rules_up_mday, $suricata_rules_up_month, $suricata_rules_up_wday, "root"); + // Else install the new or updated cron job by removing the + // existing job first, then installing the new or updated job. + install_cron_job("suricata_check_for_rule_updates.php", false); + install_cron_job($command, $should_install, $suricata_rules_up_min, $suricata_rules_up_hr, $suricata_rules_up_mday, $suricata_rules_up_month, $suricata_rules_up_wday, "root"); } function suricata_loglimit_install_cron($should_install=true) { @@ -664,7 +665,9 @@ function suricata_loglimit_install_cron($should_install=true) { if ($should_install && suricata_cron_job_exists("/usr/local/pkg/suricata/suricata_check_cron_misc.inc", TRUE, "*/5")) return; - // Else install the new or updated cron job + // Else install the new or updated cron job by removing the + // existing job first, then installing the new or updated job. + install_cron_job("suricata_check_cron_misc.inc", false); install_cron_job("/usr/bin/nice -n20 /usr/local/bin/php -f /usr/local/pkg/suricata/suricata_check_cron_misc.inc", $should_install, "*/5"); } @@ -769,10 +772,10 @@ function suricata_rm_blocked_install_cron($should_install) { if (suricata_cron_job_exists($command, TRUE, $suricata_rm_blocked_min, $suricata_rm_blocked_hr, $suricata_rm_blocked_mday, $suricata_rm_blocked_month, $suricata_rm_blocked_wday, "root")) return; - // Else install the new or updated cron job - if ($should_install) { - install_cron_job($command, $should_install, $suricata_rm_blocked_min, $suricata_rm_blocked_hr, $suricata_rm_blocked_mday, $suricata_rm_blocked_month, $suricata_rm_blocked_wday, "root"); - } + // Else install the new or updated cron job by removing the + // existing job first, then installing the new or updated job. + install_cron_job("{$suri_pf_table}", false); + install_cron_job($command, $should_install, $suricata_rm_blocked_min, $suricata_rm_blocked_hr, $suricata_rm_blocked_mday, $suricata_rm_blocked_month, $suricata_rm_blocked_wday, "root"); } function sync_suricata_package_config() { diff --git a/config/suricata/suricata_post_install.php b/config/suricata/suricata_post_install.php index 070cf095..b2e7c674 100644 --- a/config/suricata/suricata_post_install.php +++ b/config/suricata/suricata_post_install.php @@ -130,6 +130,29 @@ if ($config['installedpackages']['suricata']['config'][0]['et_iqrisk_enable'] == install_cron_job("/usr/bin/nice -n20 /usr/local/bin/php -f /usr/local/pkg/suricata/suricata_etiqrisk_update.php", TRUE, 0, "*/6", "*", "*", "*", "root"); } +/*********************************************************/ +/* START OF BUG FIX CODE */ +/* */ +/* Remove any Suricata cron tasks that may have been */ +/* left from a previous uninstall due to a bug that */ +/* saved edited cron tasks as new ones while still */ +/* leaving the original task. Correct cron task */ +/* entries will be recreated below if saved settings */ +/* are detected. */ +/*********************************************************/ +$cron_count = 0; +$suri_pf_table = SURICATA_PF_TABLE; +while (suricata_cron_job_exists($suri_pf_table, FALSE)) { + install_cron_job($suri_pf_table, false); + $cron_count++; +} +if ($cron_count > 0) + log_error(gettext("[Suricata] Removed {$cron_count} duplicate 'remove_blocked_hosts' cron task(s).")); + +/*********************************************************/ +/* END OF BUG FIX CODE */ +/*********************************************************/ + // remake saved settings if previously flagged if ($config['installedpackages']['suricata']['config'][0]['forcekeepsettings'] == 'on') { log_error(gettext("[Suricata] Saved settings detected... rebuilding installation with saved settings...")); |