From 1682d08e3e80b36c8d4cae1cab27b70bee4d557f Mon Sep 17 00:00:00 2001 From: bmeeks8 Date: Thu, 9 Oct 2014 14:50:22 -0400 Subject: Wrap calls to sync_snort_package_config() with conf_mount_rw(). --- config/snort/snort_alerts.php | 2 ++ config/snort/snort_barnyard.php | 4 ++++ config/snort/snort_interfaces.php | 8 +++++--- config/snort/snort_interfaces_edit.php | 4 ++++ config/snort/snort_interfaces_global.php | 4 +++- config/snort/snort_interfaces_suppress_edit.php | 2 ++ config/snort/snort_log_mgmt.php | 4 ++++ config/snort/snort_passlist.php | 2 ++ config/snort/snort_passlist_edit.php | 2 ++ config/snort/snort_rules_flowbits.php | 2 ++ 10 files changed, 30 insertions(+), 4 deletions(-) diff --git a/config/snort/snort_alerts.php b/config/snort/snort_alerts.php index e7559660..3f3159a6 100755 --- a/config/snort/snort_alerts.php +++ b/config/snort/snort_alerts.php @@ -126,7 +126,9 @@ function snort_add_supplist_entry($suppress) { /* tell Snort to load it, and return true; otherwise return false. */ if ($found_list) { write_config("Snort pkg: modified Suppress List {$list_name}."); + conf_mount_rw(); sync_snort_package_config(); + conf_mount_ro(); snort_reload_config($a_instance[$instanceid]); return true; } diff --git a/config/snort/snort_barnyard.php b/config/snort/snort_barnyard.php index 3f3d8ae5..b3e3723e 100644 --- a/config/snort/snort_barnyard.php +++ b/config/snort/snort_barnyard.php @@ -103,7 +103,9 @@ if ($_POST['save']) { // No need to rebuild rules for Barnyard2 changes $rebuild_rules = false; + conf_mount_rw(); sync_snort_package_config(); + conf_mount_ro(); header( 'Expires: Sat, 26 Jul 1997 05:00:00 GMT' ); header( 'Last-Modified: ' . gmdate( 'D, d M Y H:i:s' ) . ' GMT' ); header( 'Cache-Control: no-store, no-cache, must-revalidate' ); @@ -196,7 +198,9 @@ if ($_POST['save']) { // No need to rebuild rules for Barnyard2 changes $rebuild_rules = false; + conf_mount_rw(); sync_snort_package_config(); + conf_mount_ro(); // If disabling Barnyard2 on the interface, stop any // currently running instance. If an instance is diff --git a/config/snort/snort_interfaces.php b/config/snort/snort_interfaces.php index c3325f4a..6a5a1aea 100755 --- a/config/snort/snort_interfaces.php +++ b/config/snort/snort_interfaces.php @@ -62,7 +62,6 @@ if (isset($_POST['del_x'])) { // Finally delete the interface's config entry entirely unset($a_nat[$rulei]); } - conf_mount_ro(); /* If all the Snort interfaces are removed, then unset the interfaces config array. */ if (empty($a_nat)) @@ -70,9 +69,8 @@ if (isset($_POST['del_x'])) { write_config("Snort pkg: deleted one or more Snort interfaces."); sleep(2); - sync_snort_package_config(); - + conf_mount_ro(); header( 'Expires: Sat, 26 Jul 1997 05:00:00 GMT' ); header( 'Last-Modified: ' . gmdate( 'D, d M Y H:i:s' ) . ' GMT' ); header( 'Cache-Control: no-store, no-cache, must-revalidate' ); @@ -92,7 +90,9 @@ if ($_POST['bartoggle'] && is_numericint($_POST['id'])) { if (!snort_is_running($snortcfg['uuid'], $if_real, 'barnyard2')) { log_error("Toggle (barnyard starting) for {$if_friendly}({$if_real})..."); + conf_mount_rw(); sync_snort_package_config(); + conf_mount_ro(); snort_barnyard_start($snortcfg, $if_real); } else { log_error("Toggle (barnyard stopping) for {$if_friendly}({$if_real})..."); @@ -115,7 +115,9 @@ if ($_POST['toggle'] && is_numericint($_POST['id'])) { /* set flag to rebuild interface rules before starting Snort */ $rebuild_rules = true; + conf_mount_rw(); sync_snort_package_config(); + conf_mount_ro(); $rebuild_rules = false; snort_start($snortcfg, $if_real); } diff --git a/config/snort/snort_interfaces_edit.php b/config/snort/snort_interfaces_edit.php index 249108f9..14b54b34 100755 --- a/config/snort/snort_interfaces_edit.php +++ b/config/snort/snort_interfaces_edit.php @@ -170,7 +170,9 @@ if ($_POST["save"] && !$input_errors) { snort_stop($a_rule[$id], get_real_interface($a_rule[$id]['interface'])); write_config("Snort pkg: modified interface configuration for {$a_rule[$id]['interface']}."); $rebuild_rules = false; + conf_mount_rw(); sync_snort_package_config(); + conf_mount_ro(); header( 'Expires: Sat, 26 Jul 1997 05:00:00 GMT' ); header( 'Last-Modified: ' . gmdate( 'D, d M Y H:i:s' ) . ' GMT' ); header( 'Cache-Control: no-store, no-cache, must-revalidate' ); @@ -377,7 +379,9 @@ if ($_POST["save"] && !$input_errors) { write_config("Snort pkg: modified interface configuration for {$natent['interface']}."); /* Update snort.conf and snort.sh files for this interface */ + conf_mount_rw(); sync_snort_package_config(); + conf_mount_ro(); /* See if we need to restart Snort after an interface re-assignment */ if ($snort_start == true) { diff --git a/config/snort/snort_interfaces_global.php b/config/snort/snort_interfaces_global.php index b49854bd..26b08fc1 100644 --- a/config/snort/snort_interfaces_global.php +++ b/config/snort/snort_interfaces_global.php @@ -134,8 +134,10 @@ if (!$input_errors) { $retval = 0; - /* create whitelist and homenet file then sync files */ + /* create whitelist and homenet file, then sync files */ + conf_mount_rw(); sync_snort_package_config(); + conf_mount_ro(); write_config("Snort pkg: modified global settings."); diff --git a/config/snort/snort_interfaces_suppress_edit.php b/config/snort/snort_interfaces_suppress_edit.php index 4b63d8d2..a861fb7e 100644 --- a/config/snort/snort_interfaces_suppress_edit.php +++ b/config/snort/snort_interfaces_suppress_edit.php @@ -130,7 +130,9 @@ if ($_POST['save']) { $a_suppress[] = $s_list; write_config("Snort pkg: modified Suppress List {$s_list['name']}."); + conf_mount_rw(); sync_snort_package_config(); + conf_mount_ro(); header("Location: /snort/snort_interfaces_suppress.php"); exit; diff --git a/config/snort/snort_log_mgmt.php b/config/snort/snort_log_mgmt.php index 4415863b..0e38afc2 100644 --- a/config/snort/snort_log_mgmt.php +++ b/config/snort/snort_log_mgmt.php @@ -116,7 +116,9 @@ if ($_POST["save"] || $_POST['apply']) { if ($_POST['enable_log_mgmt'] != 'on') { $config['installedpackages']['snortglobal']['enable_log_mgmt'] = $_POST['enable_log_mgmt'] ? 'on' :'off'; write_config("Snort pkg: saved updated configuration for LOGS MGMT."); + conf_mount_rw(); sync_snort_package_config(); + conf_mount_ro(); /* forces page to reload new settings */ header( 'Expires: Sat, 26 Jul 1997 05:00:00 GMT' ); @@ -148,7 +150,9 @@ if ($_POST["save"] || $_POST['apply']) { $config['installedpackages']['snortglobal']['event_pkts_log_retention'] = $_POST['event_pkts_log_retention']; write_config("Snort pkg: saved updated configuration for LOGS MGMT."); + conf_mount_rw(); sync_snort_package_config(); + conf_mount_ro(); /* forces page to reload new settings */ header( 'Expires: Sat, 26 Jul 1997 05:00:00 GMT' ); diff --git a/config/snort/snort_passlist.php b/config/snort/snort_passlist.php index 7ace46ba..965f22d7 100644 --- a/config/snort/snort_passlist.php +++ b/config/snort/snort_passlist.php @@ -86,7 +86,9 @@ if ($_POST['del'] && is_numericint($_POST['list_id'])) { if (!$input_errors) { unset($a_passlist[$_POST['list_id']]); write_config("Snort pkg: deleted PASS LIST."); + conf_mount_rw(); sync_snort_package_config(); + conf_mount_ro(); header("Location: /snort/snort_passlist.php"); exit; } diff --git a/config/snort/snort_passlist_edit.php b/config/snort/snort_passlist_edit.php index 12d47b5b..9f95adb4 100644 --- a/config/snort/snort_passlist_edit.php +++ b/config/snort/snort_passlist_edit.php @@ -181,7 +181,9 @@ if ($_POST['save']) { write_config("Snort pkg: modified PASS LIST {$p_list['name']}."); /* create pass list and homenet file, then sync files */ + conf_mount_rw(); sync_snort_package_config(); + conf_mount_ro(); header("Location: /snort/snort_passlist.php"); exit; diff --git a/config/snort/snort_rules_flowbits.php b/config/snort/snort_rules_flowbits.php index cbb7b631..fff7a13c 100644 --- a/config/snort/snort_rules_flowbits.php +++ b/config/snort/snort_rules_flowbits.php @@ -127,7 +127,9 @@ if ($_POST['addsuppress'] && is_numeric($_POST['sid']) && is_numeric($_POST['gid if ($found_list) { write_config("Snort pkg: modified Suppress List for {$a_nat[$id]['interface']}."); $rebuild_rules = false; + conf_mount_rw(); sync_snort_package_config(); + conf_mount_ro(); snort_reload_config($a_nat[$id]); $savemsg = gettext("An entry to suppress the Alert for 'gen_id {$_POST['gid']}, sig_id {$_POST['sid']}' has been added to Suppress List '{$a_nat[$id]['suppresslistname']}'."); } -- cgit v1.2.3