aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--config/suricata/suricata_check_for_rule_updates.php35
-rw-r--r--config/suricata/suricata_download_updates.php2
2 files changed, 14 insertions, 23 deletions
diff --git a/config/suricata/suricata_check_for_rule_updates.php b/config/suricata/suricata_check_for_rule_updates.php
index 4d159cdb..867a7efe 100644
--- a/config/suricata/suricata_check_for_rule_updates.php
+++ b/config/suricata/suricata_check_for_rule_updates.php
@@ -29,6 +29,7 @@
require_once("functions.inc");
require_once("service-utils.inc");
+require_once("guiconfig.inc");
require_once("/usr/local/pkg/suricata/suricata.inc");
global $g, $pkg_interface, $suricata_gui_include, $rebuild_rules;
@@ -95,6 +96,9 @@ $snort_community_rules_filename = GPLV2_DNLD_FILENAME;
$snort_community_rules_filename_md5 = GPLV2_DNLD_FILENAME . ".md5";
$snort_community_rules_url = GPLV2_DNLD_URL;
+/* Mount the Suricata conf directories R/W so we can modify files there */
+conf_mount_rw();
+
/* Set up Emerging Threats rules filenames and URL */
if ($etpro == "on") {
$emergingthreats_filename = ETPRO_DNLD_FILENAME;
@@ -137,24 +141,12 @@ function suricata_download_file_url($url, $file_out) {
/* It provides logging of returned CURL errors. */
/************************************************/
- global $g, $config, $pkg_interface, $last_curl_error, $fout, $ch, $file_size, $downloaded, $first_progress_update;
+ global $g, $config, $pkg_interface, $last_curl_error, $fout, $ch, $file_size, $downloaded, $first_progress_update, $rfc2616;
// Initialize required variables for the pfSense "read_body()" function
$file_size = 1;
$downloaded = 1;
$first_progress_update = TRUE;
-
-
- // Array of message strings for HTTP Response Codes
- $http_resp_msg = array( 200 => "OK", 202 => "Accepted", 204 => "No Content", 205 => "Reset Content",
- 206 => "Partial Content", 301 => "Moved Permanently", 302 => "Found",
- 305 => "Use Proxy", 307 => "Temporary Redirect", 400 => "Bad Request",
- 401 => "Unauthorized", 402 => "Payment Required", 403 => "Forbidden",
- 404 => "Not Found", 405 => "Method Not Allowed", 407 => "Proxy Authentication Required",
- 408 => "Request Timeout", 410 => "Gone", 500 => "Internal Server Error",
- 501 => "Not Implemented", 502 => "Bad Gateway", 503 => "Service Unavailable",
- 504 => "Gateway Timeout", 505 => "HTTP Version Not Supported" );
-
$last_curl_error = "";
$fout = fopen($file_out, "wb");
@@ -204,8 +196,8 @@ function suricata_download_file_url($url, $file_out) {
if ($rc === false)
$last_curl_error = curl_error($ch);
$http_code = curl_getinfo($ch, CURLINFO_HTTP_CODE);
- if (isset($http_resp_msg[$http_code]))
- $last_curl_error = $http_resp_msg[$http_code];
+ if (is_rfc2616_code($http_code))
+ $last_curl_error = $rfc2616[$http_code];
curl_close($ch);
fclose($fout);
@@ -358,7 +350,6 @@ function suricata_fetch_new_rules($file_url, $file_dst, $file_md5, $desc = "") {
}
/* Start of main code */
-conf_mount_rw();
/* remove old $tmpfname files if present */
if (is_dir("{$tmpfname}"))
@@ -430,10 +421,10 @@ if ($emergingthreats == 'on') {
/* Remove the old Emerging Threats rules files */
$eto_prefix = ET_OPEN_FILE_PREFIX;
$etpro_prefix = ET_PRO_FILE_PREFIX;
- array_map('unlink', glob("{$suricatadir}rules/{$eto_prefix}*.rules"));
- array_map('unlink', glob("{$suricatadir}rules/{$etpro_prefix}*.rules"));
- array_map('unlink', glob("{$suricatadir}rules/{$eto_prefix}*ips.txt"));
- array_map('unlink', glob("{$suricatadir}rules/{$etpro_prefix}*ips.txt"));
+ unlink_if_exists("{$suricatadir}rules/{$eto_prefix}*.rules");
+ unlink_if_exists("{$suricatadir}rules/{$etpro_prefix}*.rules");
+ unlink_if_exists("{$suricatadir}rules/{$eto_prefix}*ips.txt");
+ unlink_if_exists("{$suricatadir}rules/{$etpro_prefix}*ips.txt");
// The code below renames ET files with a prefix, so we
// skip renaming the Suricata default events rule files
@@ -492,7 +483,7 @@ if ($snortdownload == 'on') {
if (file_exists("{$tmpfname}/{$snort_filename}")) {
/* Remove the old Snort rules files */
$vrt_prefix = VRT_FILE_PREFIX;
- array_map('unlink', glob("{$suricatadir}rules/{$vrt_prefix}*.rules"));
+ unlink_if_exists("{$suricatadir}rules/{$vrt_prefix}*.rules");
if ($pkg_interface <> "console") {
update_status(gettext("Extracting Snort VRT rules..."));
@@ -724,7 +715,7 @@ if ($update_errors)
$config['installedpackages']['suricata']['config'][0]['last_rule_upd_status'] = gettext("failed");
else
$config['installedpackages']['suricata']['config'][0]['last_rule_upd_status'] = gettext("success");
-$config['installedpackages']['suricata']['config'][0]['last_rule_upd_time'] = gettext(date("M-d Y H:i"));
+$config['installedpackages']['suricata']['config'][0]['last_rule_upd_time'] = time();
write_config();
?>
diff --git a/config/suricata/suricata_download_updates.php b/config/suricata/suricata_download_updates.php
index a353b054..bae467e4 100644
--- a/config/suricata/suricata_download_updates.php
+++ b/config/suricata/suricata_download_updates.php
@@ -42,7 +42,7 @@ $snortcommunityrules = $config['installedpackages']['suricata']['config'][0]['sn
/* Get last update information if available */
if (!empty($config['installedpackages']['suricata']['config'][0]['last_rule_upd_time']))
- $last_rule_upd_time = htmlspecialchars($config['installedpackages']['suricata']['config'][0]['last_rule_upd_time']);
+ $last_rule_upd_time = date('M-d Y H:i', $config['installedpackages']['suricata']['config'][0]['last_rule_upd_time']);
else
$last_rule_upd_time = gettext("Unknown");
if (!empty($config['installedpackages']['suricata']['config'][0]['last_rule_upd_status']))