From c2b4378b69a890cc479e179bf5dac0e61c7f7692 Mon Sep 17 00:00:00 2001
From: bmeeks8 <bmeeks8@bellsouth.net>
Date: Fri, 10 Oct 2014 16:01:29 -0400
Subject: Wrap calls to sync_suricata_package_config() with conf_mount_rw().

---
 config/suricata/suricata_alerts.php          |  2 ++
 config/suricata/suricata_barnyard.php        |  4 ++++
 config/suricata/suricata_global.php          |  2 ++
 config/suricata/suricata_interfaces.php      | 15 ++++++---------
 config/suricata/suricata_interfaces_edit.php |  4 ++++
 config/suricata/suricata_logs_mgmt.php       |  4 ++++
 config/suricata/suricata_migrate_config.php  |  6 +-----
 config/suricata/suricata_passlist.php        |  2 ++
 config/suricata/suricata_passlist_edit.php   |  2 ++
 config/suricata/suricata_rules_flowbits.php  |  2 ++
 config/suricata/suricata_suppress.php        |  2 ++
 11 files changed, 31 insertions(+), 14 deletions(-)

diff --git a/config/suricata/suricata_alerts.php b/config/suricata/suricata_alerts.php
index 432cd02f..595d96a9 100644
--- a/config/suricata/suricata_alerts.php
+++ b/config/suricata/suricata_alerts.php
@@ -128,7 +128,9 @@ function suricata_add_supplist_entry($suppress) {
 	/* and return true; otherwise return false.                             */
 	if ($found_list) {
 		write_config();
+		conf_mount_rw();
 		sync_suricata_package_config();
+		conf_mount_ro();
 		return true;
 	}
 	else
diff --git a/config/suricata/suricata_barnyard.php b/config/suricata/suricata_barnyard.php
index 21611ba8..24aa1653 100644
--- a/config/suricata/suricata_barnyard.php
+++ b/config/suricata/suricata_barnyard.php
@@ -100,7 +100,9 @@ if ($_POST['save']) {
 
 		// No need to rebuild rules for Barnyard2 changes
 		$rebuild_rules = false;
+		conf_mount_rw();
 		sync_suricata_package_config();
+		conf_mount_ro();
 		header( 'Expires: Sat, 26 Jul 1997 05:00:00 GMT' );
 		header( 'Last-Modified: ' . gmdate( 'D, d M Y H:i:s' ) . ' GMT' );
 		header( 'Cache-Control: no-store, no-cache, must-revalidate' );
@@ -192,7 +194,9 @@ if ($_POST['save']) {
 
 		// No need to rebuild rules for Barnyard2 changes
 		$rebuild_rules = false;
+		conf_mount_rw();
 		sync_suricata_package_config();
+		conf_mount_ro();
 
 		// If disabling Barnyard2 on the interface, stop any
 		// currently running instance.  If an instance is
diff --git a/config/suricata/suricata_global.php b/config/suricata/suricata_global.php
index 5f01a660..f2a24fcf 100644
--- a/config/suricata/suricata_global.php
+++ b/config/suricata/suricata_global.php
@@ -154,7 +154,9 @@ if (!$input_errors) {
 		$retval = 0;
 
 		/* create passlist and homenet file, then sync files */
+		conf_mount_rw();
 		sync_suricata_package_config();
+		conf_mount_ro();
 
 		write_config("Suricata pkg: modified global settings.");
 
diff --git a/config/suricata/suricata_interfaces.php b/config/suricata/suricata_interfaces.php
index 0a3b7eba..3c2e1d6a 100644
--- a/config/suricata/suricata_interfaces.php
+++ b/config/suricata/suricata_interfaces.php
@@ -81,16 +81,9 @@ if ($_POST['del_x']) {
 		write_config("Suricata pkg: deleted one or more Suricata interfaces.");
 		sleep(2);
 	  
-		/* if there are no ifaces remaining do not create suricata.sh */
-		if (!empty($config['installedpackages']['suricata']['rule']))
-			suricata_create_rc();
-		else {
-			conf_mount_rw();
-			unlink_if_exists("{$rcdir}suricata.sh");
-			conf_mount_ro();
-		}
-	  
+		conf_mount_rw();
 		sync_suricata_package_config();
+		conf_mount_ro();
 	  
 		header( 'Expires: Sat, 26 Jul 1997 05:00:00 GMT' );
 		header( 'Last-Modified: ' . gmdate( 'D, d M Y H:i:s' ) . ' GMT' );
@@ -110,7 +103,9 @@ if ($_POST['bartoggle']) {
 
 	if (!suricata_is_running($suricatacfg['uuid'], $if_real, 'barnyard2')) {
 		log_error("Toggle (barnyard starting) for {$if_friendly}({$suricatacfg['descr']})...");
+		conf_mount_rw();
 		sync_suricata_package_config();
+		conf_mount_ro();
 		suricata_barnyard_start($suricatacfg, $if_real);
 	} else {
 		log_error("Toggle (barnyard stopping) for {$if_friendly}({$suricatacfg['descr']})...");
@@ -135,7 +130,9 @@ if ($_POST['toggle']) {
 		log_error("Toggle (suricata starting) for {$if_friendly}({$suricatacfg['descr']})...");
 		// set flag to rebuild interface rules before starting Snort
 		$rebuild_rules = true;
+		conf_mount_rw();
 		sync_suricata_package_config();
+		conf_mount_ro();
 		$rebuild_rules = false;
 		suricata_start($suricatacfg, $if_real);
 	}
diff --git a/config/suricata/suricata_interfaces_edit.php b/config/suricata/suricata_interfaces_edit.php
index 4737dc8d..d523a8b5 100644
--- a/config/suricata/suricata_interfaces_edit.php
+++ b/config/suricata/suricata_interfaces_edit.php
@@ -223,7 +223,9 @@ if ($_POST["save"] && !$input_errors) {
 		suricata_stop($a_rule[$id], get_real_interface($a_rule[$id]['interface']));
 		write_config("Suricata pkg: disabled Suricata on " . convert_friendly_interface_to_friendly_descr($a_rule[$id]['interface']));
 		$rebuild_rules = false;
+		conf_mount_rw();
 		sync_suricata_package_config();
+		conf_mount_ro();
 		header( 'Expires: Sat, 26 Jul 1997 05:00:00 GMT' );
 		header( 'Last-Modified: ' . gmdate( 'D, d M Y H:i:s' ) . ' GMT' );
 		header( 'Cache-Control: no-store, no-cache, must-revalidate' );
@@ -423,7 +425,9 @@ if ($_POST["save"] && !$input_errors) {
 		write_config("Suricata pkg: modified interface configuration for " . convert_friendly_interface_to_friendly_descr($natent['interface']));
 
 		// Update suricata.conf and suricata.sh files for this interface
+		conf_mount_rw();
 		sync_suricata_package_config();
+		conf_mount_ro();
 
 		header( 'Expires: Sat, 26 Jul 1997 05:00:00 GMT' );
 		header( 'Last-Modified: ' . gmdate( 'D, d M Y H:i:s' ) . ' GMT' );
diff --git a/config/suricata/suricata_logs_mgmt.php b/config/suricata/suricata_logs_mgmt.php
index fec2d149..f929675d 100644
--- a/config/suricata/suricata_logs_mgmt.php
+++ b/config/suricata/suricata_logs_mgmt.php
@@ -173,7 +173,9 @@ if ($_POST["save"] || $_POST['apply']) {
 	if ($_POST['enable_log_mgmt'] != 'on') {
 		$config['installedpackages']['suricata']['config'][0]['enable_log_mgmt'] = $_POST['enable_log_mgmt'] ? 'on' :'off';
 		write_config("Suricata pkg: saved updated configuration for LOGS MGMT.");
+		conf_mount_rw();
 		sync_suricata_package_config();
+		conf_mount_ro();
 
 		/* forces page to reload new settings */
 		header( 'Expires: Sat, 26 Jul 1997 05:00:00 GMT' );
@@ -222,7 +224,9 @@ if ($_POST["save"] || $_POST['apply']) {
 		$config['installedpackages']['suricata']['config'][0]['sid_changes_log_retention'] = $_POST['sid_changes_log_retention'];
 
 		write_config("Suricata pkg: saved updated configuration for LOGS MGMT.");
+		conf_mount_rw();
 		sync_suricata_package_config();
+		conf_mount_ro();
 
 		/* forces page to reload new settings */
 		header( 'Expires: Sat, 26 Jul 1997 05:00:00 GMT' );
diff --git a/config/suricata/suricata_migrate_config.php b/config/suricata/suricata_migrate_config.php
index 3d04ffa4..d5f56a62 100644
--- a/config/suricata/suricata_migrate_config.php
+++ b/config/suricata/suricata_migrate_config.php
@@ -343,12 +343,8 @@ foreach ($rule as &$r) {
 unset($r);
 
 // Write out the new configuration to disk if we changed anything
-if ($updated_cfg) {
-	$config['installedpackages']['suricata']['config'][0]['suricata_config_ver'] = "2.0.3";
-	log_error("[Suricata] Saving configuration settings in new format...");
-	write_config("Suricata pkg: migrate existing settings to new format during package upgrade.");
+if ($updated_cfg)
 	log_error("[Suricata] Settings successfully migrated to new configuration format...");
-}
 else
 	log_error("[Suricata] Configuration version is current...");
 
diff --git a/config/suricata/suricata_passlist.php b/config/suricata/suricata_passlist.php
index 02aa4a3d..cdfd98e8 100644
--- a/config/suricata/suricata_passlist.php
+++ b/config/suricata/suricata_passlist.php
@@ -87,7 +87,9 @@ if ($_POST['del'] && is_numericint($_POST['list_id'])) {
 		if (!$input_errors) {
 			unset($a_passlist[$_POST['list_id']]);
 			write_config("Suricata pkg: deleted PASS LIST.");
+			conf_mount_rw();
 			sync_suricata_package_config();
+			conf_mount_ro();
 			header("Location: /suricata/suricata_passlist.php");
 			exit;
 		}
diff --git a/config/suricata/suricata_passlist_edit.php b/config/suricata/suricata_passlist_edit.php
index 3e1502f3..b27f69ad 100644
--- a/config/suricata/suricata_passlist_edit.php
+++ b/config/suricata/suricata_passlist_edit.php
@@ -182,7 +182,9 @@ if ($_POST['save']) {
 		write_config("Suricata pkg: modified PASS LIST {$p_list['name']}.");
 
 		/* create pass list and homenet file, then sync files */
+		conf_mount_rw();
 		sync_suricata_package_config();
+		conf_mount_ro();
 
 		header("Location: /suricata/suricata_passlist.php");
 		exit;
diff --git a/config/suricata/suricata_rules_flowbits.php b/config/suricata/suricata_rules_flowbits.php
index b16353cb..1bb945d8 100644
--- a/config/suricata/suricata_rules_flowbits.php
+++ b/config/suricata/suricata_rules_flowbits.php
@@ -139,7 +139,9 @@ if ($_POST['addsuppress'] && is_numeric($_POST['sid']) && is_numeric($_POST['gid
 	if ($found_list) {
 		write_config();
 		$rebuild_rules = false;
+		conf_mount_rw();
 		sync_suricata_package_config();
+		conf_mount_ro();
 		suricata_reload_config($a_nat[$id]);
 		$savemsg = gettext("An entry to suppress the Alert for 'gen_id {$_POST['gid']}, sig_id {$_POST['sid']}' has been added to Suppress List '{$a_nat[$id]['suppresslistname']}'.");
 	}
diff --git a/config/suricata/suricata_suppress.php b/config/suricata/suricata_suppress.php
index 80249724..b3ef6fd4 100644
--- a/config/suricata/suricata_suppress.php
+++ b/config/suricata/suricata_suppress.php
@@ -103,7 +103,9 @@ if ($_POST['del'] && is_numericint($_POST['list_id'])) {
 		else {
 			unset($a_suppress[$_POST['list_id']]);
 			write_config("Suricata pkg: deleted SUPPRESS LIST.");
+			conf_mount_rw();
 			sync_suricata_package_config();
+			conf_mount_ro();
 			header("Location: /suricata/suricata_suppress.php");
 			exit;
 		}
-- 
cgit v1.2.3