From 336b9883d551ea0f8e646838ad3bae2f9bd43e66 Mon Sep 17 00:00:00 2001 From: bmeeks8 Date: Thu, 14 May 2015 00:02:18 -0400 Subject: Add TLS Certs Store directory size mgmt settings feature. --- config/suricata/suricata_check_cron_misc.inc | 20 ++++++++++++++++++++ 1 file changed, 20 insertions(+) (limited to 'config/suricata/suricata_check_cron_misc.inc') diff --git a/config/suricata/suricata_check_cron_misc.inc b/config/suricata/suricata_check_cron_misc.inc index eb1ba2d0..ab2f864f 100644 --- a/config/suricata/suricata_check_cron_misc.inc +++ b/config/suricata/suricata_check_cron_misc.inc @@ -104,6 +104,9 @@ function suricata_check_dir_size_limit($suricataloglimitsize) { // Check for any captured stored files and clean them up unlink_if_exists("{$suricata_log_dir}/files/*"); + // Check for any captured stored TLS certs and clean them up + unlink_if_exists("{$suricata_log_dir}/certs/*"); + // This is needed if suricata is run as suricata user mwexec('/bin/chmod 660 /var/log/suricata/*', true); } @@ -237,6 +240,23 @@ if ($config['installedpackages']['suricata']['config'][0]['enable_log_mgmt'] == unset($files); } + // Prune aged-out TLS Certs Store files if any exist + if (is_dir("{$suricata_log_dir}/certs") && + $config['installedpackages']['suricata']['config'][0]['tls_certs_store_retention'] > 0) { + $now = time(); + $files = glob("{$suricata_log_dir}/certs/*.*"); + $prune_count = 0; + foreach ($files as $f) { + if (($now - filemtime($f)) > ($config['installedpackages']['suricata']['config'][0]['tls_certs_store_retention'] * 3600)) { + $prune_count++; + unlink_if_exists($f); + } + } + if ($prune_count > 0) + log_error(gettext("[Suricata] TLS Certs Store cleanup job removed {$prune_count} file(s) from {$suricata_log_dir}/certs/...")); + unset($files); + } + // Prune any pcap log files over configured limit $files = glob("{$suricata_log_dir}/log.pcap.*"); if (count($files) > $value['max_pcap_log_files']) { -- cgit v1.2.3