diff options
Diffstat (limited to 'config/suricata/suricata.inc')
-rw-r--r-- | config/suricata/suricata.inc | 67 |
1 files changed, 67 insertions, 0 deletions
diff --git a/config/suricata/suricata.inc b/config/suricata/suricata.inc index 73208f61..1c21181b 100644 --- a/config/suricata/suricata.inc +++ b/config/suricata/suricata.inc @@ -3231,6 +3231,73 @@ function suricata_generate_yaml($suricatacfg) { unset($suricata_conf_text); } +function suricata_remove_dead_rules() { + + /*********************************************************/ + /* This function removes dead and deprecated rules */ + /* category files from the base Suricata rules directory */ + /* and from the RULESETS setting of each interface. */ + /* The file "deprecated_rules", if it exists, is used */ + /* to determine which rules files to remove. */ + /*********************************************************/ + + global $config, $g; + $rulesdir = SURICATADIR . "rules/"; + $count = 0; + $cats = array(); + + // If there is no "deprecated_rules" file, then exit + if (!file_exists("{$rulesdir}deprecated_rules")) + return; + + // Open a SplFileObject to read in deprecated rules + $file = new SplFileObject("{$rulesdir}deprecated_rules"); + $file->setFlags(SplFileObject::READ_AHEAD | SplFileObject::SKIP_EMPTY | SplFileObject::DROP_NEW_LINE); + while (!$file->eof()) { + $line = $file->fgets(); + + // Skip any lines with just spaces + if (trim($line) == "") + continue; + + // Skip any comment lines starting with '#' + if (preg_match('/^\s*\#+/', $line)) + continue; + + $cats[] = $line; + } + + // Close the SplFileObject since we are finished with it + $file = null; + + // Delete any dead rules files from the Suricata RULES directory + foreach ($cats as $file) { + if (file_exists("{$rulesdir}{$file}")) + $count++; + unlink_if_exists("{$rulesdir}{$file}"); + } + + // Log how many obsoleted files were removed + log_error(gettext("[Suricata] Removed {$count} obsoleted rules category files.")); + + // Now remove any dead rules files from the interface configurations + if (!empty($cats) && is_array($config['installedpackages']['suricata']['rule'])) { + foreach ($config['installedpackages']['suricata']['rule'] as &$iface) { + $enabled_rules = explode("||", $iface['rulesets']); + foreach ($enabled_rules as $k => $v) { + foreach ($cats as $d) { + if (strpos(trim($v), $d) !== false) + unset($enabled_rules[$k]); + } + } + $iface['rulesets'] = implode("||", $enabled_rules); + } + } + + // Clean up + unset($cats, $enabled_rules); +} + /* Uses XMLRPC to synchronize the changes to a remote node */ function suricata_sync_on_changes() { global $config, $g; |