aboutsummaryrefslogtreecommitdiffstats
path: root/config/suricata/suricata_geoipupdate.php
diff options
context:
space:
mode:
Diffstat (limited to 'config/suricata/suricata_geoipupdate.php')
-rw-r--r--config/suricata/suricata_geoipupdate.php61
1 files changed, 52 insertions, 9 deletions
diff --git a/config/suricata/suricata_geoipupdate.php b/config/suricata/suricata_geoipupdate.php
index 4e86b833..46e1177e 100644
--- a/config/suricata/suricata_geoipupdate.php
+++ b/config/suricata/suricata_geoipupdate.php
@@ -46,6 +46,51 @@ require_once("config.inc");
require_once("functions.inc");
require("/usr/local/pkg/suricata/suricata_defs.inc");
+/*************************************************************************
+ * Hack for backwards compatibility with older 2.1.x pfSense versions *
+ * that did not contain the new "download_file()" utility function *
+ * present in 2.2 and higher. *
+ *************************************************************************/
+if(!function_exists("download_file")) {
+ function download_file($url, $destination, $verify_ssl = false, $connect_timeout = 60, $timeout = 0) {
+ global $config, $g;
+
+ $fp = fopen($destination, "wb");
+
+ if (!$fp)
+ return false;
+
+ $ch = curl_init();
+ curl_setopt($ch, CURLOPT_URL, $url);
+ curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, $verify_ssl);
+ curl_setopt($ch, CURLOPT_FILE, $fp);
+ curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, $connect_timeout);
+ curl_setopt($ch, CURLOPT_TIMEOUT, $timeout);
+ curl_setopt($ch, CURLOPT_HEADER, false);
+ curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true);
+ curl_setopt($ch, CURLOPT_USERAGENT, $g['product_name'] . '/' . rtrim(file_get_contents("/etc/version")));
+
+ if (!empty($config['system']['proxyurl'])) {
+ curl_setopt($ch, CURLOPT_PROXY, $config['system']['proxyurl']);
+ if (!empty($config['system']['proxyport']))
+ curl_setopt($ch, CURLOPT_PROXYPORT, $config['system']['proxyport']);
+ if (!empty($config['system']['proxyuser']) && !empty($config['system']['proxypass'])) {
+ @curl_setopt($ch, CURLOPT_PROXYAUTH, CURLAUTH_ANY | CURLAUTH_ANYSAFE);
+ curl_setopt($ch, CURLOPT_PROXYUSERPWD, "{$config['system']['proxyuser']}:{$config['system']['proxypass']}");
+ }
+ }
+
+ @curl_exec($ch);
+ $http_code = curl_getinfo($ch, CURLINFO_HTTP_CODE);
+ fclose($fp);
+ curl_close($ch);
+ return ($http_code == 200) ? true : $http_code;
+ }
+}
+
+/**********************************************************************
+ * Start of main code *
+ **********************************************************************/
global $g, $config;
$suricata_geoip_dbdir = SURICATA_PBI_BASEDIR . 'share/GeoIP/';
$geoip_tmppath = "{$g['tmp_path']}/geoipup/";
@@ -60,28 +105,26 @@ else
// Download the free GeoIP Legacy country name databases for IPv4 and IPv6
// to a temporary location.
safe_mkdir("$geoip_tmppath");
-download_file("http://geolite.maxmind.com/download/geoip/database/GeoLiteCountry/GeoIP.dat.gz", "{$geoip_tmppath}GeoIP.dat.gz");
-download_file("http://geolite.maxmind.com/download/geoip/database/GeoIPv6.dat.gz", "{$geoip_tmppath}GeoIPv6.dat.gz");
+if (download_file("http://geolite.maxmind.com/download/geoip/database/GeoLiteCountry/GeoIP.dat.gz", "{$geoip_tmppath}GeoIP.dat.gz") != true)
+ log_error(gettext("[Suricata] An error occurred downloading the 'GeoIP.dat.gz' update file for GeoIP."));
+if (download_file("http://geolite.maxmind.com/download/geoip/database/GeoIPv6.dat.gz", "{$geoip_tmppath}GeoIPv6.dat.gz") != true)
+ log_error(gettext("[Suricata] An error occurred downloading the 'GeoIPv6.dat.gz' update file for GeoIP."));
// Mount filesystem read-write since we need to write
-// the databases to PBI_BASE/share/GeoIP.
+// the extracted databases to PBI_BASE/share/GeoIP.
conf_mount_rw();
// If the files downloaded successfully, unpack them and store
// the DB files in the PBI_BASE/share/GeoIP directory.
if (file_exists("{$geoip_tmppath}GeoIP.dat.gz")) {
- exec("/usr/bin/gunzip -f {$geoip_tmppath}GeoIP.dat.gz");
+ mwexec("/usr/bin/gunzip -f {$geoip_tmppath}GeoIP.dat.gz");
@rename("{$geoip_tmppath}GeoIP.dat", "{$suricata_geoip_dbdir}GeoIP.dat");
}
-else
- log_error(gettext("[Suricata] An error occurred downloading the 'GeoIP.dat.gz' update file for GeoIP."));
if (file_exists("{$geoip_tmppath}GeoIPv6.dat.gz")) {
- exec("/usr/bin/gunzip -f {$geoip_tmppath}GeoIPv6.dat.gz");
+ mwexec("/usr/bin/gunzip -f {$geoip_tmppath}GeoIPv6.dat.gz");
@rename("{$geoip_tmppath}GeoIPv6.dat", "{$suricata_geoip_dbdir}GeoIPv6.dat");
}
-else
- log_error(gettext("[Suricata] An error occurred downloading the 'GeoIPv6.dat.gz' update file for GeoIP."));
// Finished with filesystem mods, so remount read-only
conf_mount_ro();