aboutsummaryrefslogtreecommitdiffstats
path: root/config
diff options
context:
space:
mode:
Diffstat (limited to 'config')
-rw-r--r--config/suricata/suricata_check_for_rule_updates.php20
1 files changed, 15 insertions, 5 deletions
diff --git a/config/suricata/suricata_check_for_rule_updates.php b/config/suricata/suricata_check_for_rule_updates.php
index 9aa14f6e..280add7a 100644
--- a/config/suricata/suricata_check_for_rule_updates.php
+++ b/config/suricata/suricata_check_for_rule_updates.php
@@ -431,17 +431,27 @@ if ($emergingthreats == 'on') {
array_map('unlink', glob("{$suricatadir}rules/{$eto_prefix}*ips.txt"));
array_map('unlink', glob("{$suricatadir}rules/{$etpro_prefix}*ips.txt"));
- // The code below renames ET-Pro files with a prefix, so we
+ // The code below renames ET files with a prefix, so we
// skip renaming the Suricata default events rule files
- // that are also bundled in the ET-Pro rules.
+ // that are also bundled in the ET rules.
$default_rules = array( "decoder-events.rules", "files.rules", "http-events.rules", "smtp-events.rules", "stream-events.rules" );
$files = glob("{$tmpfname}/emerging/rules/*.rules");
+ // Determine the correct prefix to use based on which
+ // Emerging Threats rules package is enabled.
+ if ($etpro == "on")
+ $prefix = ET_PRO_FILE_PREFIX;
+ else
+ $prefix = ET_OPEN_FILE_PREFIX;
foreach ($files as $file) {
$newfile = basename($file);
- if ($etpro == "on" && !in_array($newfile, $default_rules))
- @copy($file, "{$suricatadir}rules/" . ET_PRO_FILE_PREFIX . "{$newfile}");
- else
+ if (in_array($newfile, $default_rules))
@copy($file, "{$suricatadir}rules/{$newfile}");
+ else {
+ if (strpos($newfile, $prefix) === FALSE)
+ @copy($file, "{$suricatadir}rules/{$prefix}{$newfile}");
+ else
+ @copy($file, "{$suricatadir}rules/{$newfile}");
+ }
}
/* IP lists for Emerging Threats rules */
$files = glob("{$tmpfname}/emerging/rules/*ips.txt");