diff options
Diffstat (limited to 'config/suricata')
-rw-r--r-- | config/suricata/suricata_migrate_config.php | 2 | ||||
-rw-r--r-- | config/suricata/suricata_post_install.php | 39 |
2 files changed, 40 insertions, 1 deletions
diff --git a/config/suricata/suricata_migrate_config.php b/config/suricata/suricata_migrate_config.php index ba13155b..3d6347ed 100644 --- a/config/suricata/suricata_migrate_config.php +++ b/config/suricata/suricata_migrate_config.php @@ -118,7 +118,7 @@ foreach ($rule as &$r) { /***********************************************************/ /* Add the new 'dns-events.rules' file to the rulesets. */ /***********************************************************/ - if (strpos("dns-events.rules", $pconfig['rulesets']) === FALSE) { + if (strpos($pconfig['rulesets'], "dns-events.rules") === FALSE) { $pconfig['rulesets'] = rtrim($pconfig['rulesets'], "||") . "||dns-events.rules"; $updated_cfg = true; } diff --git a/config/suricata/suricata_post_install.php b/config/suricata/suricata_post_install.php index 7c8d03a5..55a43f35 100644 --- a/config/suricata/suricata_post_install.php +++ b/config/suricata/suricata_post_install.php @@ -116,6 +116,45 @@ safe_mkdir(IPREP_PATH); if ($config['installedpackages']['suricata']['config'][0]['forcekeepsettings'] == 'on') { log_error(gettext("[Suricata] Saved settings detected... rebuilding installation with saved settings...")); update_status(gettext("Saved settings detected...")); + + /****************************************************************/ + /* Do test and fix for duplicate UUIDs if this install was */ + /* impacted by the DUP (clone) bug that generated a duplicate */ + /* UUID for the cloned interface. Also fix any duplicate */ + /* entries in ['rulesets'] for "dns-events.rules". */ + /****************************************************************/ + if (count($config['installedpackages']['suricata']['rule']) > 0) { + $uuids = array(); + $suriconf = &$config['installedpackages']['suricata']['rule']; + foreach ($suriconf as &$suricatacfg) { + // Remove any duplicate ruleset names from earlier bug + $rulesets = explode("||", $suricatacfg['rulesets']); + $suricatacfg['rulesets'] = implode("||", array_keys(array_flip($rulesets))); + + // Now check for and fix a duplicate UUID + $if_real = get_real_interface($suricatacfg['interface']); + if (!isset($uuids[$suricatacfg['uuid']])) { + $uuids[$suricatacfg['uuid']] = $if_real; + continue; + } + else { + // Found a duplicate UUID, so generate a + // new one for the affected interface. + $old_uuid = $suricatacfg['uuid']; + $new_uuid = suricata_generate_id(); + exec("mv -f {$suricatalogdir}suricata_{$if_real}" . $old_uuid . " {$suricatalogdir}suricata_{$if_real}" . $new_uuid); + $suricatacfg['uuid'] = $new_uuid; + write_config("Suricata pkg: updated UUID for interface " . convert_friendly_interface_to_friendly_descr($suricatacfg['interface']) . "."); + $uuids[$new_uuid] = $if_real; + log_error(gettext("[Suricata] updated UUID for interface " . convert_friendly_interface_to_friendly_descr($suricatacfg['interface']) . " from {$old_uuid} to {$new_uuid}.")); + } + } + unset($uuids, $rulesets); + } + /****************************************************************/ + /* End of duplicate UUID and "dns-events.rules" bug fix. */ + /****************************************************************/ + /* Do one-time settings migration for new version configuration */ update_output_window(gettext("Please wait... migrating settings to new configuration...")); include('/usr/local/pkg/suricata/suricata_migrate_config.php'); |