aboutsummaryrefslogtreecommitdiffstats
path: root/config/snort
diff options
context:
space:
mode:
Diffstat (limited to 'config/snort')
-rw-r--r--config/snort/snort.inc124
-rw-r--r--config/snort/snort.xml2
-rw-r--r--config/snort/snort_check_for_rule_updates.php87
-rw-r--r--config/snort/snort_preprocessors.php33
-rw-r--r--config/snort/snort_rulesets.php8
5 files changed, 186 insertions, 68 deletions
diff --git a/config/snort/snort.inc b/config/snort/snort.inc
index a1d5a1de..f45134c5 100644
--- a/config/snort/snort.inc
+++ b/config/snort/snort.inc
@@ -39,7 +39,7 @@ require_once("filter.inc");
/* package version */
$snort_version = "2.9.2.3";
-$pfSense_snort_version = "2.5.0";
+$pfSense_snort_version = "2.5.1";
$snort_package_version = "Snort {$snort_version} pkg v. {$pfSense_snort_version}";
$snort_rules_file = "snortrules-snapshot-2923.tar.gz";
$emerging_threats_version = "2.9.0";
@@ -115,7 +115,7 @@ function snort_find_list($find_name, $type = 'whitelist') {
}
/* func builds custom whitelests */
-function snort_build_list($snortcfg, $listname = "") {
+function snort_build_list($snortcfg, $listname = "", $whitelist = false) {
global $config, $g;
/* Add loopback to whitelist (ftphelper) */
@@ -156,14 +156,20 @@ function snort_build_list($snortcfg, $listname = "") {
if (function_exists('get_interface_ip')) {
$subnet = get_interface_ip($int);
if (is_ipaddr($subnet)) {
- $sn = get_interface_subnet($int);
- $home_net .= "{$subnet}/{$sn} ";
+ if ($whitelist == false) {
+ $sn = get_interface_subnet($int);
+ $home_net .= "{$subnet}/{$sn} ";
+ } else
+ $home_net .= "{$subnet} ";
}
if (function_exists("get_interface_ipv6")) {
$subnet = get_interface_ipv6($int);
if (is_ipaddrv6($subnet)) {
- $sn = get_interface_subnetv6($int);
- $home_net .= "{$subnet}/{$sn} ";
+ if ($whitelist == false) {
+ $sn = get_interface_subnetv6($int);
+ $home_net .= "{$subnet}/{$sn} ";
+ } else
+ $home_net .= "{$subnet} ";
}
}
} else {
@@ -217,9 +223,14 @@ function snort_build_list($snortcfg, $listname = "") {
if($vips == 'yes') {
/* iterate all vips and add to whitelist */
if (is_array($config['virtualip']) && is_array($config['virtualip']['vip'])) {
- foreach($config['virtualip']['vip'] as $vip)
- if ($vip['subnet'] && $vip['mode'] != 'proxyarp')
- $home_net .= "{$vip['subnet']}/{$vip['subnet_bits']} ";
+ foreach($config['virtualip']['vip'] as $vip) {
+ if ($vip['subnet'] && $vip['mode'] != 'proxyarp') {
+ if ($whitelist == false)
+ $home_net .= "{$vip['subnet']}/{$vip['subnet_bits']} ";
+ else
+ $home_net .= "{$vip['subnet']} ";
+ }
+ }
}
}
@@ -1002,9 +1013,9 @@ function snort_generate_conf($snortcfg) {
"{$snortlogdir}/snort_{$if_real}{$snort_uuid}",
"{$snortlogdir}/snort_{$if_real}{$snort_uuid}/barnyard2",
"{$snortcfgdir}/preproc_rules",
- "dynamicrules" => "/usr/local/lib/snort/dynamicrules",
+ "dynamicrules" => "{$snortcfgdir}/dynamicrules",
"dynamicengine" => "/usr/local/lib/snort/dynamicengine",
- "dynamicpreprocessor" => "/usr/local/lib/snort/dynamicpreprocessor"
+ "dynamicpreprocessor" => "{$snortcfgdir}/dynamicpreprocessor"
);
foreach ($snort_dirs as $dir) {
if (!is_dir($dir))
@@ -1036,7 +1047,8 @@ function snort_generate_conf($snortcfg) {
$pfkill = "";
if ($snortcfg['blockoffenderskill'] == "on")
$pfkill = "kill";
- $spoink_wlist = snort_build_list($snortcfg, $snortcfg['whitelistname']);
+ /* No subnets to default addresses */
+ $spoink_wlist = snort_build_list($snortcfg, $snortcfg['whitelistname'], true);
/* write whitelist */
@file_put_contents("{$snortcfgdir}/{$snortcfg['whitelistname']}", implode("\n", $spoink_wlist));
$spoink_type = "output alert_pf: {$snortcfgdir}/{$snortcfg['whitelistname']},snort2c,{$snortcfg['blockoffendersip']},{$pfkill}";
@@ -1079,6 +1091,15 @@ function snort_generate_conf($snortcfg) {
"DCERPC_BRIGHTSTORE" => "6503,6504"
);
+ $portvardef = "";
+ foreach ($snort_ports as $alias => $avalue) {
+ if (!empty($snortcfg["def_{$alias}"]) && is_alias($snortcfg["def_{$alias}"]))
+ $snort_ports[$alias] = filter_expand_alias($snortcfg["def_{$alias}"]);
+ $snort_ports[$alias] = str_replace(" ", ",", trim($snort_ports[$alias]));
+ $portvardef .= "portvar " . strtoupper($alias) . " [" . $snort_ports[$alias] . "]\n";
+ }
+
+
/////////////////////////////
/* preprocessor code */
/* def perform_stat */
@@ -1170,6 +1191,24 @@ preprocessor ftp_telnet_protocol: ftp client default \
EOD;
+ $pop_ports = str_replace(",", " ", $snort_ports['pop3_ports']);
+ $pop_preproc = <<<EOD
+preprocessor pop: \
+ ports { {$pop_ports} } \
+ qp_decode_depth -1 \
+ b64_decode_depth 0 \
+ bitenc_decode_depth 100
+EOD;
+
+ $imap_ports = str_replace(",", " ", $snort_ports['imap_ports']);
+ $imap_preproc = <<<EOD
+preprocessor imap: \
+ ports { {$imap_ports} } \
+ qp_decode_depth -1 \
+ b64_decode_depth 0 \
+ bitenc_decode_depth 100
+EOD;
+
$smtp_ports = str_replace(",", " ", $snort_ports['mail_ports']);
/* def smtp_preprocessor */
$smtp_preprocessor = <<<EOD
@@ -1238,6 +1277,13 @@ preprocessor dns: \
EOD;
+ $def_ssl_ports_ignore = str_replace(",", " ", $snort_ports['ssl_ports']);
+ $ssl_preproc = <<<EOD
+# Ignore SSL and Encryption #
+preprocessor ssl: ports { {$def_ssl_ports_ignore} }, trustservers, noinspect_encrypted
+
+EOD;
+
$sensitive_data = "preprocessor sensitive_data:\n";
/* stream5 queued settings */
@@ -1268,25 +1314,36 @@ EOD;
$vardef .= "var " . strtoupper($alias) . " [{$avalue}]\n";
}
- $portvardef = "";
- foreach ($snort_ports as $alias => $avalue) {
- if (!empty($snortcfg["def_{$alias}"]) && is_alias($snortcfg["def_{$alias}"]))
- $snort_ports[$alias] = filter_expand_alias($snortcfg["def_{$alias}"]);
- $snort_ports[$alias] = str_replace(" ", ",", trim($snort_ports[$alias]));
- $portvardef .= "portvar " . strtoupper($alias) . " [" . $snort_ports[$alias] . "]\n";
- }
- $def_ssl_ports_ignore = str_replace(",", " ", $snort_ports['ssl_ports']);
-
+ $snort_preproc_libs = array(
+ "dce_rpc_2" => "dce2_preproc", "dns_preprocessor" => "dns_preproc", "ftp_preprocessor" => "ftptelnet_preproc", "imap_preproc" => "imap_preproc",
+ "pop_preproc" => "pop_preproc", "reputation_preproc" => "reputation_preproc", "sensitive_data" => "sdf_preproc",
+ "sip_preproc" => "sip_preproc", "smtp_preprocessor" => "smtp_preproc", "ssh_preproc" => "ssh_preproc",
+ "ssl_preproc" => "ssl_preproc"
+ );
$snort_preproc = array (
- "perform_stat", "http_inspect", "other_preprocs", "ftp_preprocessor", "smtp_preprocessor",
- "sf_portscan", "dce_rpc_2", "dns_preprocessor", "sensitive_data"
+ "perform_stat", "http_inspect", "other_preprocs", "ftp_preprocessor", "smtp_preprocessor", "ssl_preproc",
+ "sf_portscan", "dce_rpc_2", "dns_preprocessor", "sensitive_data", "pop_preproc", "imap_preproc"
);
$snort_preprocessors = "";
foreach ($snort_preproc as $preproc) {
if ($snortcfg[$preproc] == 'on') {
/* NOTE: The $$ is not a bug. Its a advanced feature of php */
- $snort_preprocessors .= $$preproc;
- $snort_preprocessors .= "\n";
+ if (!empty($snort_preproc_libs[$preproc])) {
+ $preproclib = "libsf_" . $snort_preproc_libs[$preproc];
+ if (!file_exists($snort_dirs['dynamicpreprocessor'] . "{$preproclib}.so")) {
+ if (file_exists("/usr/local/lib/snort/dynamicpreprocessor/{$preproclib}.so")) {
+ @copy("/usr/local/lib/snort/dynamicpreprocessor/{$preproclib}.so", "{$snort_dirs['dynamicpreprocessor']}/{$preproclib}.so");
+ $snort_preprocessors .= $$preproc;
+ $snort_preprocessors .= "\n";
+ }
+ } else {
+ $snort_preprocessors .= $$preproc;
+ $snort_preprocessors .= "\n";
+ }
+ } else {
+ $snort_preprocessors .= $$preproc;
+ $snort_preprocessors .= "\n";
+ }
}
}
@@ -1297,16 +1354,16 @@ EOD;
$snort_misc_include_rules .= "include {$snortcfgdir}/classification.config\n";
if (is_dir("{$snortcfgdir}/preproc_rules")) {
if ($snortcfg['sensitive_data'] == 'on') {
- $sedcmd = "s/^# alert\(.*\)classtype:sdf;\(.*\)/alert\1classtype:sdf\2/g";
+ $sedcmd = '/^#alert.*classtype:sdf/s/^#//';
if (file_exists("{$snortcfgdir}/preproc_rules/sensitive-data.rules"))
$snort_misc_include_rules .= "include \$PREPROC_RULE_PATH/sensitive-data.rules\n";
} else
- $sedcmd = "s/^alert\(.*\)classtype:sdf;\(.*\)/# alert\1classtype:sdf\2/g";
+ $sedcmd = '/^alert.*classtype:sdf/s/^/#/';
if (file_exists("{$snortcfgdir}/preproc_rules/decoder.rules") &&
file_exists("{$snortcfgdir}/preproc_rules/preprocessor.rules")) {
@file_put_contents("{$g['tmp_path']}/sedcmd", $sedcmd);
- mwexec("/usr/bin/sed -I '' -e -f {$g['tmp_path']}/sedcmd {$snortcfgdir}/preproc_rules/preprocessor.rules");
- mwexec("/usr/bin/sed -I '' -e -f {$g['tmp_path']}/sedcmd {$snortcfgdir}/preproc_rules/decoder.rules");
+ mwexec("/usr/bin/sed -I '' -f {$g['tmp_path']}/sedcmd {$snortcfgdir}/preproc_rules/preprocessor.rules");
+ mwexec("/usr/bin/sed -I '' -f {$g['tmp_path']}/sedcmd {$snortcfgdir}/preproc_rules/decoder.rules");
@unlink("{$g['tmp_path']}/sedcmd");
$snort_misc_include_rules .= "include \$PREPROC_RULE_PATH/decoder.rules\n";
@@ -1326,10 +1383,12 @@ EOD;
if (!empty($snortcfg['rulesets'])) {
$enabled_rulesets_array = explode("||", $snortcfg['rulesets']);
foreach($enabled_rulesets_array as $enabled_item) {
- if (file_exists("{$snortdir}}/rules/{$enabled_item}") && !file_exists("{$snortcfgdir}}/rules/{$enabled_item}"))
- @copy("{$snortdir}/rules/{$file}", "{$rule_dir}/rules/{$file}");
+ if (file_exists("{$snortdir}/rules/{$enabled_item}") && !file_exists("{$snortcfgdir}/rules/{$enabled_item}"))
+ @copy("{$snortdir}/rules/{$enabled_item}", "{$snortcfgdir}/rules/{$enabled_item}");
if (substr($enabled_item, 0, 5) == "snort" && substr($enabled_item, -9) == ".so.rules") {
$slib = substr($enabled_item, 6, -6);
+ if (!file_exists("{$snort_dirs['dynamicrules']}/{$slib}"))
+ @copy("/usr/local/lib/snort/dynamicrules/{$slib}", "{$snort_dirs['dynamicrules']}/{$slib}");
if (file_exists("{$snort_dirs['dynamicrules']}/{$slib}") &&
file_exists("{$snortcfgdir}/rules/{$enabled_item}"))
$selected_rules_sections .= "include \$RULE_PATH/{$enabled_item}\n";
@@ -1398,9 +1457,6 @@ preprocessor stream5_icmp:
{$snort_preprocessors}
-# Ignore SSL and Encryption #
-preprocessor ssl: ports { {$def_ssl_ports_ignore} }, trustservers, noinspect_encrypted
-
# Snort Output Logs #
output alert_csv: alert timestamp,sig_generator,sig_id,sig_rev,msg,proto,src,srcport,dst,dstport,id,classification,priority
{$alertsystemlog_type}
diff --git a/config/snort/snort.xml b/config/snort/snort.xml
index 05e349be..07603176 100644
--- a/config/snort/snort.xml
+++ b/config/snort/snort.xml
@@ -47,7 +47,7 @@
<faq>Currently there are no FAQ items provided.</faq>
<name>Snort</name>
<version>2.9.2.3</version>
- <title>Services:2.9.2.3 pkg v. 2.5.0</title>
+ <title>Services:2.9.2.3 pkg v. 2.5.1</title>
<include_file>/usr/local/pkg/snort/snort.inc</include_file>
<menu>
<name>Snort</name>
diff --git a/config/snort/snort_check_for_rule_updates.php b/config/snort/snort_check_for_rule_updates.php
index 6c6440e9..5b357cb7 100644
--- a/config/snort/snort_check_for_rule_updates.php
+++ b/config/snort/snort_check_for_rule_updates.php
@@ -164,6 +164,42 @@ $sedcmd .= "s/^\\talert/alert/g\n";
$sedcmd .= "s/^[ \\t]*alert/alert/g\n";
@file_put_contents("{$snortdir}/tmp/sedcmd", $sedcmd);
+/* Untar emergingthreats rules to tmp */
+if ($emergingthreats == 'on') {
+ safe_mkdir("{$snortdir}/tmp/emerging");
+ if (file_exists("{$tmpfname}/{$emergingthreats_filename}")) {
+ update_status(gettext("Extracting rules..."));
+ exec("/usr/bin/tar xzf {$tmpfname}/{$emergingthreats_filename} -C {$snortdir}/tmp/emerging rules/");
+
+ $files = glob("{$snortdir}/tmp/emerging/rules/*.rules");
+ foreach ($files as $file) {
+ $newfile = basename($file);
+ @copy($file, "{$snortdir}/rules/{$newfile}");
+ }
+ /* IP lists */
+ $files = glob("{$snortdir}/tmp/emerging/rules/*.txt");
+ foreach ($files as $file) {
+ $newfile = basename($file);
+ @copy($file, "{$snortdir}/rules/{$newfile}");
+ }
+ if ($snortdownload == 'off') {
+ foreach (array("classification.config", "reference.config", "sid-msg.map", "unicode.map") as $file) {
+ if (file_exists("{$snortdir}/tmp/emerging/rules/{$file}"))
+ @copy("{$snortdir}/tmp/emerging/rules/{$file}", "{$snortdir}/{$file}");
+ }
+ }
+
+ /* make shure default rules are in the right format */
+ exec("/usr/bin/sed -I '' -f {$snortdir}/tmp/sedcmd {$snortdir}/rules/emerging*.rules");
+
+ /* Copy emergingthreats md5 sig to snort dir */
+ if (file_exists("{$tmpfname}/$emergingthreats_filename_md5")) {
+ update_status(gettext("Copying md5 sig to snort directory..."));
+ @copy("{$tmpfname}/$emergingthreats_filename_md5", "{$snortdir}/$emergingthreats_filename_md5");
+ }
+ }
+}
+
/* Untar snort rules file individually to help people with low system specs */
if ($snortdownload == 'on') {
if (file_exists("{$tmpfname}/{$snort_filename}")) {
@@ -181,7 +217,13 @@ if ($snortdownload == 'on') {
$newfile = basename($file);
@copy($file, "{$snortdir}/rules/snort_{$newfile}");
}
- exec("rm -r {$snortdir}/snortrules");
+ /* IP lists */
+ $files = glob("{$snortdir}/tmp/snortrules/rules/*.txt");
+ foreach ($files as $file) {
+ $newfile = basename($file);
+ @copy($file, "{$snortdir}/rules/{$newfile}");
+ }
+ exec("rm -r {$snortdir}/tmp/snortrules");
/* extract so rules */
exec('/bin/mkdir -p /usr/local/lib/snort/dynamicrules/');
@@ -235,7 +277,7 @@ if ($snortdownload == 'on') {
exec("/usr/bin/tar xzf {$tmpfname}/{$snort_filename} -C {$snortdir} preproc_rules/");
/* make shure default rules are in the right format */
- exec("/usr/bin/sed -I '' -f {$snortdir}/tmp/sedcmd {$snortdir}/rules/*.rules");
+ exec("/usr/bin/sed -I '' -f {$snortdir}/tmp/sedcmd {$snortdir}/rules/snort_*.rules");
if (file_exists("{$tmpfname}/{$snort_filename_md5}")) {
update_status(gettext("Copying md5 sig to snort directory..."));
@@ -245,34 +287,10 @@ if ($snortdownload == 'on') {
}
}
-/* Untar emergingthreats rules to tmp */
-if ($emergingthreats == 'on') {
- if (file_exists("{$tmpfname}/{$emergingthreats_filename}")) {
- update_status(gettext("Extracting rules..."));
- exec("/usr/bin/tar xzf {$tmpfname}/{$emergingthreats_filename} -C {$snortdir} rules/");
- }
-
- /* make shure default rules are in the right format */
- exec("/usr/bin/sed -I '' -f {$snortdir}/tmp/sedcmd {$snortdir}/rules/emerging*.rules");
-
- /* Copy emergingthreats md5 sig to snort dir */
- if (file_exists("{$tmpfname}/$emergingthreats_filename_md5")) {
- update_status(gettext("Copying md5 sig to snort directory..."));
- @copy("{$tmpfname}/$emergingthreats_filename_md5", "{$snortdir}/$emergingthreats_filename_md5");
- }
-
- if ($snortdownload == 'off') {
- foreach (array("classification.config", "reference.config", "sid-msg.map", "unicode.map") as $file) {
- if (file_exists("{$snortdir}/rules/{$file}"))
- @copy("{$snortdir}/rules/{$file}", "{$snortdir}/{$file}");
- }
- }
-}
-
/* remove old $tmpfname files */
-if (is_dir($tmpfname)) {
+if (is_dir("{$snortdir}/tmp")) {
update_status(gettext("Cleaning up..."));
- exec("/bin/rm -r {$tmpfname}");
+ exec("/bin/rm -r {$snortdir}/tmp");
}
function snort_apply_customizations($snortcfg, $if_real) {
@@ -283,9 +301,16 @@ function snort_apply_customizations($snortcfg, $if_real) {
else {
update_status(gettext("Your set of configured rules are being copied..."));
log_error(gettext("Your set of configured rules are being copied..."));
- $files = explode("||", $snortcfg['rulesets']);
- foreach ($files as $file)
- @copy("{$snortdir}/rules/{$file}", "{$snortdir}/snort_{$snortcfg['uuid']}_{$if_real}/rules/{$file}");
+ $enabled_rulesets_array = explode("||", $snortcfg['rulesets']);
+ foreach($enabled_rulesets_array as $enabled_item) {
+ @copy("{$snortdir}/rules/{$enabled_item}", "{$snortdir}/snort_{$snortcfg['uuid']}_{$if_real}/rules/{$enabled_item}");
+ if (substr($enabled_item, 0, 5) == "snort" && substr($enabled_item, -9) == ".so.rules") {
+ $slib = substr($enabled_item, 6, -6);
+ if (file_exists("/usr/local/lib/snort/dynamicrules/{$slib}"))
+ @copy("/usr/local/lib/snort/dynamicrules/{$slib}", "{$snortdir}/snort_{$snortcfg['uuid']}_{$if_real}/dynamicrules/{$slib}");
+
+ }
+ }
@copy("{$snortdir}/classification.config", "{$snortdir}/snort_{$snortcfg['uuid']}_{$if_real}/classification.config");
@copy("{$snortdir}/gen-msg.map", "{$snortdir}/snort_{$snortcfg['uuid']}_{$if_real}/gen-msg.map");
diff --git a/config/snort/snort_preprocessors.php b/config/snort/snort_preprocessors.php
index e38418e5..84313577 100644
--- a/config/snort/snort_preprocessors.php
+++ b/config/snort/snort_preprocessors.php
@@ -66,6 +66,9 @@ if (isset($id) && $a_nat[$id]) {
$pconfig['dce_rpc_2'] = $a_nat[$id]['dce_rpc_2'];
$pconfig['dns_preprocessor'] = $a_nat[$id]['dns_preprocessor'];
$pconfig['sensitive_data'] = $a_nat[$id]['sensitive_data'];
+ $pconfig['ssl_preproc'] = $a_nat[$id]['ssl_preproc'];
+ $pconfig['pop_preproc'] = $a_nat[$id]['pop_preproc'];
+ $pconfig['imap_preproc'] = $a_nat[$id]['imap_preproc'];
}
if ($_POST) {
@@ -88,6 +91,9 @@ if ($_POST) {
$natent['dce_rpc_2'] = $_POST['dce_rpc_2'] ? 'on' : 'off';
$natent['dns_preprocessor'] = $_POST['dns_preprocessor'] ? 'on' : 'off';
$natent['sensitive_data'] = $_POST['sensitive_data'] ? 'on' : 'off';
+ $natent['ssl_preproc'] = $_POST['ssl_preproc'] ? 'on' : 'off';
+ $natent['pop_preproc'] = $_POST['pop_preproc'] ? 'on' : 'off';
+ $natent['imap_preproc'] = $_POST['imap_preproc'] ? 'on' : 'off';
if (isset($id) && $a_nat[$id])
$a_nat[$id] = $natent;
@@ -265,6 +271,24 @@ include_once("head.inc");
<tr>
<td width="22%" valign="top" class="vncell">Enable <br>
SMTP Normalizer</td>
+ <td width="78%" class="vtable"><input name="pop_preproc"
+ type="checkbox" value="on"
+ <?php if ($pconfig['pop_preproc']=="on") echo "checked"; ?>
+ onClick="enable_change(false)"><br>
+ Normalize/Decode POP protocol for enforcement and buffer overflows.</td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncell">Enable <br>
+ SMTP Normalizer</td>
+ <td width="78%" class="vtable"><input name="imap_preproc"
+ type="checkbox" value="on"
+ <?php if ($pconfig['imap_preproc']=="on") echo "checked"; ?>
+ onClick="enable_change(false)"><br>
+ Normalize/Decode IMAP protocol for enforcement and buffer overflows.</td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncell">Enable <br>
+ SMTP Normalizer</td>
<td width="78%" class="vtable"><input name="smtp_preprocessor"
type="checkbox" value="on"
<?php if ($pconfig['smtp_preprocessor']=="on") echo "checked"; ?>
@@ -301,6 +325,15 @@ include_once("head.inc");
vulnerabilities.</td>
</tr>
<tr>
+ <td width="22%" valign="top" class="vncell">Enable <br> SSL Data</td>
+ <td width="78%" class="vtable">
+ <input name="ssl_preproc" type="checkbox" value="on"
+ <?php if ($pconfig['ssl_preproc']=="on") echo "checked"; ?>
+ onClick="enable_change(false)"><br>
+ SSL data searches for irregularities during SSL protocol exchange
+ </td>
+ </tr>
+ <tr>
<td width="22%" valign="top" class="vncell">Enable <br> Sensitive Data</td>
<td width="78%" class="vtable">
<input name="sensitive_data" type="checkbox" value="on"
diff --git a/config/snort/snort_rulesets.php b/config/snort/snort_rulesets.php
index a3d41762..3d6de228 100644
--- a/config/snort/snort_rulesets.php
+++ b/config/snort/snort_rulesets.php
@@ -177,7 +177,8 @@ if ($savemsg) {
<table id="maintable" class="tabcont" width="100%" border="0" cellpadding="0" cellspacing="0">
<?php
$isrulesfolderempty = glob("{$snortdir}/rules/*.rules");
- if (empty($isrulesfolderempty)):
+ $iscfgdirempty = glob("{$snortdir}/snort_{$snort_uuid}_{$if_real}/rules/*.rules");
+ if (empty($isrulesfolderempty) && empty($iscfgdirempty)):
?>
<tr>
<td>
@@ -226,7 +227,10 @@ if ($savemsg) {
$emergingrules = array();
$snortsorules = array();
$snortrules = array();
- $dh = opendir("{$snortdir}/rules/");
+ if (empty($isrulesfolderempty))
+ $dh = opendir("{$snortdir}/snort_{$snort_uuid}_{$if_real}/rules/");
+ else
+ $dh = opendir("{$snortdir}/rules/");
while (false !== ($filename = readdir($dh))) {
$filename = basename($filename);
if (substr($filename, -5) != "rules")
generated by cgit v1.2.3 (git 2.25.1) at 2025-01-20 16:55:03 +0000