diff options
Diffstat (limited to 'config/snort/snort.inc')
-rwxr-xr-x | config/snort/snort.inc | 49 |
1 files changed, 30 insertions, 19 deletions
diff --git a/config/snort/snort.inc b/config/snort/snort.inc index bec163d7..b9a022fd 100755 --- a/config/snort/snort.inc +++ b/config/snort/snort.inc @@ -324,10 +324,11 @@ function snort_build_list($snortcfg, $listname = "", $whitelist = false, $extern if (($externallist && $localnet == 'yes') || (!$externallist && (!$whitelist || $localnet == 'yes' || empty($localnet)))) { if (is_ipaddr($snortip)) { if ($snortcfg['interface'] <> "wan") { - $sn = get_interface_subnet($snortcfg['interface']); - $ip = gen_subnet($snortip, $sn) . "/{$sn}"; - if (!in_array($ip, $home_net)) - $home_net[] = $ip; + if ($sn = get_interface_subnet($snortcfg['interface'])) { + $ip = gen_subnet($snortip, $sn) . "/{$sn}"; + if (!in_array($ip, $home_net)) + $home_net[] = $ip; + } } } } @@ -346,10 +347,11 @@ function snort_build_list($snortcfg, $listname = "", $whitelist = false, $extern if (($externallist && $localnet == 'yes') || (!$externallist && (!$whitelist || $localnet == 'yes' || empty($localnet)))) { if (is_ipaddrv6($snortip)) { if ($snortcfg['interface'] <> "wan") { - $sn = get_interface_subnetv6($snortcfg['interface']); - $ip = gen_subnetv6($snortip, $sn). "/{$sn}"; - if (!in_array($ip, $home_net)) - $home_net[] = $ip; + if ($sn = get_interface_subnetv6($snortcfg['interface'])) { + $ip = gen_subnetv6($snortip, $sn). "/{$sn}"; + if (!in_array($ip, $home_net)) + $home_net[] = $ip; + } } } } @@ -383,10 +385,11 @@ function snort_build_list($snortcfg, $listname = "", $whitelist = false, $extern continue; $subnet = get_interface_ip($int); if (is_ipaddrv4($subnet)) { - $sn = get_interface_subnet($int); - $ip = gen_subnet($subnet, $sn) . "/{$sn}"; - if (!in_array($ip, $home_net)) - $home_net[] = $ip; + if ($sn = get_interface_subnet($int)) { + $ip = gen_subnet($subnet, $sn) . "/{$sn}"; + if (!in_array($ip, $home_net)) + $home_net[] = $ip; + } } $subnet = get_interface_ipv6($int); @@ -394,10 +397,11 @@ function snort_build_list($snortcfg, $listname = "", $whitelist = false, $extern if (strpos($subnet, "%") !== FALSE) $subnet = substr($subnet, 0, strpos($subnet, "%")); if (is_ipaddrv6($subnet)) { - $sn = get_interface_subnetv6($int); - $ip = gen_subnetv6($subnet, $sn). "/{$sn}"; - if (!in_array($ip, $home_net)) - $home_net[] = $ip; + if ($sn = get_interface_subnetv6($int)) { + $ip = gen_subnetv6($subnet, $sn). "/{$sn}"; + if (!in_array($ip, $home_net)) + $home_net[] = $ip; + } } // Add link-local address @@ -814,7 +818,9 @@ function snort_snortloglimit_install_cron($should_install=TRUE) { if ($should_install && snort_cron_job_exists("/usr/local/pkg/snort/snort_check_cron_misc.inc", TRUE, "*/5")) return; - // Else install the new or updated cron job + // Else install the new or updated cron job by removing the + // existing job first, then installing the new or updated job. + install_cron_job("snort_check_cron_misc.inc", false); install_cron_job("/usr/bin/nice -n20 /usr/local/bin/php -f /usr/local/pkg/snort/snort_check_cron_misc.inc", $should_install, "*/5"); } @@ -921,7 +927,9 @@ function snort_rm_blocked_install_cron($should_install) { // Else install the new or updated cron job if ($should_install) { - install_cron_job($command, $should_install, $snort_rm_blocked_min, $snort_rm_blocked_hr, $snort_rm_blocked_mday, $snort_rm_blocked_month, $snort_rm_blocked_wday, "root"); + // Remove the existing job first, then install the new or updated job + install_cron_job("snort2c", false); + install_cron_job($command, true, $snort_rm_blocked_min, $snort_rm_blocked_hr, $snort_rm_blocked_mday, $snort_rm_blocked_month, $snort_rm_blocked_wday, "root"); } } @@ -1009,8 +1017,11 @@ function snort_rules_up_install_cron($should_install) { return; // Else install the new or updated cron job - if ($should_install) + if ($should_install) { + // Remove the existing job first, then install the new or updated job + install_cron_job("snort_check_for_rule_updates.php", false); install_cron_job($command, $should_install, $snort_rules_up_min, $snort_rules_up_hr, $snort_rules_up_mday, $snort_rules_up_month, $snort_rules_up_wday, "root"); + } } /* Only run when all ifaces needed to sync. Expects filesystem rw */ |