diff options
Diffstat (limited to 'config')
-rw-r--r-- | config/suricata/suricata_geoipupdate.php | 61 |
1 files changed, 52 insertions, 9 deletions
diff --git a/config/suricata/suricata_geoipupdate.php b/config/suricata/suricata_geoipupdate.php index 4e86b833..46e1177e 100644 --- a/config/suricata/suricata_geoipupdate.php +++ b/config/suricata/suricata_geoipupdate.php @@ -46,6 +46,51 @@ require_once("config.inc"); require_once("functions.inc"); require("/usr/local/pkg/suricata/suricata_defs.inc"); +/************************************************************************* + * Hack for backwards compatibility with older 2.1.x pfSense versions * + * that did not contain the new "download_file()" utility function * + * present in 2.2 and higher. * + *************************************************************************/ +if(!function_exists("download_file")) { + function download_file($url, $destination, $verify_ssl = false, $connect_timeout = 60, $timeout = 0) { + global $config, $g; + + $fp = fopen($destination, "wb"); + + if (!$fp) + return false; + + $ch = curl_init(); + curl_setopt($ch, CURLOPT_URL, $url); + curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, $verify_ssl); + curl_setopt($ch, CURLOPT_FILE, $fp); + curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, $connect_timeout); + curl_setopt($ch, CURLOPT_TIMEOUT, $timeout); + curl_setopt($ch, CURLOPT_HEADER, false); + curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true); + curl_setopt($ch, CURLOPT_USERAGENT, $g['product_name'] . '/' . rtrim(file_get_contents("/etc/version"))); + + if (!empty($config['system']['proxyurl'])) { + curl_setopt($ch, CURLOPT_PROXY, $config['system']['proxyurl']); + if (!empty($config['system']['proxyport'])) + curl_setopt($ch, CURLOPT_PROXYPORT, $config['system']['proxyport']); + if (!empty($config['system']['proxyuser']) && !empty($config['system']['proxypass'])) { + @curl_setopt($ch, CURLOPT_PROXYAUTH, CURLAUTH_ANY | CURLAUTH_ANYSAFE); + curl_setopt($ch, CURLOPT_PROXYUSERPWD, "{$config['system']['proxyuser']}:{$config['system']['proxypass']}"); + } + } + + @curl_exec($ch); + $http_code = curl_getinfo($ch, CURLINFO_HTTP_CODE); + fclose($fp); + curl_close($ch); + return ($http_code == 200) ? true : $http_code; + } +} + +/********************************************************************** + * Start of main code * + **********************************************************************/ global $g, $config; $suricata_geoip_dbdir = SURICATA_PBI_BASEDIR . 'share/GeoIP/'; $geoip_tmppath = "{$g['tmp_path']}/geoipup/"; @@ -60,28 +105,26 @@ else // Download the free GeoIP Legacy country name databases for IPv4 and IPv6 // to a temporary location. safe_mkdir("$geoip_tmppath"); -download_file("http://geolite.maxmind.com/download/geoip/database/GeoLiteCountry/GeoIP.dat.gz", "{$geoip_tmppath}GeoIP.dat.gz"); -download_file("http://geolite.maxmind.com/download/geoip/database/GeoIPv6.dat.gz", "{$geoip_tmppath}GeoIPv6.dat.gz"); +if (download_file("http://geolite.maxmind.com/download/geoip/database/GeoLiteCountry/GeoIP.dat.gz", "{$geoip_tmppath}GeoIP.dat.gz") != true) + log_error(gettext("[Suricata] An error occurred downloading the 'GeoIP.dat.gz' update file for GeoIP.")); +if (download_file("http://geolite.maxmind.com/download/geoip/database/GeoIPv6.dat.gz", "{$geoip_tmppath}GeoIPv6.dat.gz") != true) + log_error(gettext("[Suricata] An error occurred downloading the 'GeoIPv6.dat.gz' update file for GeoIP.")); // Mount filesystem read-write since we need to write -// the databases to PBI_BASE/share/GeoIP. +// the extracted databases to PBI_BASE/share/GeoIP. conf_mount_rw(); // If the files downloaded successfully, unpack them and store // the DB files in the PBI_BASE/share/GeoIP directory. if (file_exists("{$geoip_tmppath}GeoIP.dat.gz")) { - exec("/usr/bin/gunzip -f {$geoip_tmppath}GeoIP.dat.gz"); + mwexec("/usr/bin/gunzip -f {$geoip_tmppath}GeoIP.dat.gz"); @rename("{$geoip_tmppath}GeoIP.dat", "{$suricata_geoip_dbdir}GeoIP.dat"); } -else - log_error(gettext("[Suricata] An error occurred downloading the 'GeoIP.dat.gz' update file for GeoIP.")); if (file_exists("{$geoip_tmppath}GeoIPv6.dat.gz")) { - exec("/usr/bin/gunzip -f {$geoip_tmppath}GeoIPv6.dat.gz"); + mwexec("/usr/bin/gunzip -f {$geoip_tmppath}GeoIPv6.dat.gz"); @rename("{$geoip_tmppath}GeoIPv6.dat", "{$suricata_geoip_dbdir}GeoIPv6.dat"); } -else - log_error(gettext("[Suricata] An error occurred downloading the 'GeoIPv6.dat.gz' update file for GeoIP.")); // Finished with filesystem mods, so remount read-only conf_mount_ro(); |