From 119732ffe8f773538adc2fd5db74a004a4afe3f2 Mon Sep 17 00:00:00 2001 From: Ermal Date: Fri, 13 Jul 2012 05:10:12 +0000 Subject: Rather than unlinking/writing to a file opened by snort. Truncate it. --- config/snort/snort.inc | 13 +++++++------ config/snort/snort_alerts.php | 11 ++++++++--- config/snort/snort_check_for_rule_updates.php | 2 +- 3 files changed, 16 insertions(+), 10 deletions(-) (limited to 'config') diff --git a/config/snort/snort.inc b/config/snort/snort.inc index 48ddb44e..61930111 100644 --- a/config/snort/snort.inc +++ b/config/snort/snort.inc @@ -340,15 +340,16 @@ function snort_post_delete_logs($snort_uuid = 0) { if ($if_real != '') { $filelist = glob("{$snort_log_dir}/*{$snort_uuid}_{$if_real}.u2.*"); unset($filelist[count($filelist) - 1]); - foreach ($filelist as $file) - @unlink($file); - $filelist = glob("{$snort_log_dir}/*{$snort_uuid}_{$if_real}.tcpdump.*"); - unset($filelist[count($filelist) - 1]); foreach ($filelist as $file) @unlink($file); - if ($value['perform_stat'] == 'on') - @file_put_contents("{$snort_log_dir}/{$if_real}.stats", ""); + if ($value['perform_stat'] == 'on') { + $fd = fopen("{$snort_log_dir}/{$if_real}.stats", "w"); + if ($fd) { + ftruncate($fd, 0); + fclose($fd); + } + } } } } diff --git a/config/snort/snort_alerts.php b/config/snort/snort_alerts.php index ffda0342..0c6334d9 100644 --- a/config/snort/snort_alerts.php +++ b/config/snort/snort_alerts.php @@ -83,12 +83,17 @@ if ($_GET['action'] == "clear" || $_POST['delete']) { if (file_exists("/var/log/snort/snort_{$if_real}{$snort_uuid}/alert")) { conf_mount_rw(); snort_post_delete_logs($snort_uuid); - @file_put_contents("/var/log/snort/snort_{$if_real}{$snort_uuid}/alert", ""); + $fd = fopen("/var/log/snort/snort_{$if_real}{$snort_uuid}/alert", "w"); + if ($fd) { + @ftruncate($fd, 0); + fclose($fd); + } + conf_mount_ro(); /* XXX: This is needed is snort is run as snort user */ //mwexec('/usr/sbin/chown snort:snort /var/log/snort/*', true); mwexec('/bin/chmod 660 /var/log/snort/*', true); - mwexec("/bin/pkill -HUP -F {$g['varrun_path']}/snort_{$if_real}{$snort_uuid}.pid -a"); - conf_mount_ro(); + if (file_exists("{$g['varrun_path']}/snort_{$if_real}{$snort_uuid}.pid")) + mwexec("/bin/pkill -HUP -F {$g['varrun_path']}/snort_{$if_real}{$snort_uuid}.pid -a"); } header("Location: /snort/snort_alerts.php?instance={$instanceid}"); exit; diff --git a/config/snort/snort_check_for_rule_updates.php b/config/snort/snort_check_for_rule_updates.php index 3871b813..2b6d678a 100644 --- a/config/snort/snort_check_for_rule_updates.php +++ b/config/snort/snort_check_for_rule_updates.php @@ -356,7 +356,7 @@ function oinkmaster_run($if_real, $iface_uuid) global $config, $g, $snortdir; if (empty($config['installedpackages']['snortglobal']['rule'][$id]['rule_sid_on']) && empty($config['installedpackages']['snortglobal']['rule'][$id]['rule_sid_off'])) { - update_status(gettext("Your first set of rules are being copied...")); + update_status(gettext("Your set of rules are being copied...")); exec("/bin/cp {$snortdir}/rules/* {$snortdir}/snort_{$iface_uuid}_{$if_real}/rules/"); exec("/bin/cp {$snortdir}/classification.config {$snortdir}/snort_{$iface_uuid}_{$if_real}"); exec("/bin/cp {$snortdir}/gen-msg.map {$snortdir}/snort_{$iface_uuid}_{$if_real}"); -- cgit v1.2.3