aboutsummaryrefslogtreecommitdiffstats
path: root/config/snort
diff options
context:
space:
mode:
Diffstat (limited to 'config/snort')
-rwxr-xr-xconfig/snort/snort_check_for_rule_updates.php3
-rw-r--r--config/snort/snort_interfaces_global.php26
2 files changed, 16 insertions, 13 deletions
diff --git a/config/snort/snort_check_for_rule_updates.php b/config/snort/snort_check_for_rule_updates.php
index 5f687636..28539f1f 100755
--- a/config/snort/snort_check_for_rule_updates.php
+++ b/config/snort/snort_check_for_rule_updates.php
@@ -695,7 +695,8 @@ if ($snortdownload == 'on' || $emergingthreats == 'on' || $snortcommunityrules =
}
/* Start the rules rebuild proccess for each configured interface */
- if (is_array($config['installedpackages']['snortglobal']['rule'])) {
+ if (is_array($config['installedpackages']['snortglobal']['rule']) &&
+ !empty($config['installedpackages']['snortglobal']['rule'])) {
/* Set the flag to force rule rebuilds since we downloaded new rules, */
/* except when in post-install mode. Post-install does its own rebuild. */
diff --git a/config/snort/snort_interfaces_global.php b/config/snort/snort_interfaces_global.php
index 77cb0e7c..b22a6934 100644
--- a/config/snort/snort_interfaces_global.php
+++ b/config/snort/snort_interfaces_global.php
@@ -98,19 +98,21 @@ if (!$input_errors) {
// Now walk all the configured interface rulesets and remove
// any matching the disabled ruleset prefixes.
- foreach ($config['installedpackages']['snortglobal']['rule'] as &$iface) {
- // Disable Snort IPS policy if VRT rules are disabled
- if ($disable_ips_policy) {
- $iface['ips_policy_enable'] = 'off';
- unset($iface['ips_policy']);
+ if (is_array($config['installedpackages']['snortglobal']['rule'])) {
+ foreach ($config['installedpackages']['snortglobal']['rule'] as &$iface) {
+ // Disable Snort IPS policy if VRT rules are disabled
+ if ($disable_ips_policy) {
+ $iface['ips_policy_enable'] = 'off';
+ unset($iface['ips_policy']);
+ }
+ $enabled_rules = explode("||", $iface['rulesets']);
+ foreach ($enabled_rules as $k => $v) {
+ foreach ($disabled_rules as $d)
+ if (strpos(trim($v), $d) !== false)
+ unset($enabled_rules[$k]);
+ }
+ $iface['rulesets'] = implode("||", $enabled_rules);
}
- $enabled_rules = explode("||", $iface['rulesets']);
- foreach ($enabled_rules as $k => $v) {
- foreach ($disabled_rules as $d)
- if (strpos(trim($v), $d) !== false)
- unset($enabled_rules[$k]);
- }
- $iface['rulesets'] = implode("||", $enabled_rules);
}
$config['installedpackages']['snortglobal']['oinkmastercode'] = $_POST['oinkmastercode'];