From 119732ffe8f773538adc2fd5db74a004a4afe3f2 Mon Sep 17 00:00:00 2001
From: Ermal <eri@pfsense.org>
Date: Fri, 13 Jul 2012 05:10:12 +0000
Subject: Rather than unlinking/writing to a file opened by snort. Truncate it.

---
 config/snort/snort.inc                        | 13 +++++++------
 config/snort/snort_alerts.php                 | 11 ++++++++---
 config/snort/snort_check_for_rule_updates.php |  2 +-
 3 files changed, 16 insertions(+), 10 deletions(-)

(limited to 'config')

diff --git a/config/snort/snort.inc b/config/snort/snort.inc
index 48ddb44e..61930111 100644
--- a/config/snort/snort.inc
+++ b/config/snort/snort.inc
@@ -340,15 +340,16 @@ function snort_post_delete_logs($snort_uuid = 0) {
 		if ($if_real != '') {
 			$filelist = glob("{$snort_log_dir}/*{$snort_uuid}_{$if_real}.u2.*");
 			unset($filelist[count($filelist) - 1]);
-			foreach ($filelist as $file)
-				@unlink($file);
-			$filelist = glob("{$snort_log_dir}/*{$snort_uuid}_{$if_real}.tcpdump.*");
-			unset($filelist[count($filelist) - 1]);
 			foreach ($filelist as $file)
 				@unlink($file);
 
-			if ($value['perform_stat'] == 'on')
-				@file_put_contents("{$snort_log_dir}/{$if_real}.stats", "");
+			if ($value['perform_stat'] == 'on') {
+				$fd = fopen("{$snort_log_dir}/{$if_real}.stats", "w");
+				if ($fd) {
+					ftruncate($fd, 0);
+					fclose($fd);
+				}
+			}
 		}
 	}
 }
diff --git a/config/snort/snort_alerts.php b/config/snort/snort_alerts.php
index ffda0342..0c6334d9 100644
--- a/config/snort/snort_alerts.php
+++ b/config/snort/snort_alerts.php
@@ -83,12 +83,17 @@ if ($_GET['action'] == "clear" || $_POST['delete']) {
 	if (file_exists("/var/log/snort/snort_{$if_real}{$snort_uuid}/alert")) {
 		conf_mount_rw();
 		snort_post_delete_logs($snort_uuid);
-		@file_put_contents("/var/log/snort/snort_{$if_real}{$snort_uuid}/alert", "");
+		$fd = fopen("/var/log/snort/snort_{$if_real}{$snort_uuid}/alert", "w");
+		if ($fd) {
+			@ftruncate($fd, 0);
+			fclose($fd);
+		}
+		conf_mount_ro();
 		/* XXX: This is needed is snort is run as snort user */
 		//mwexec('/usr/sbin/chown snort:snort /var/log/snort/*', true);
 		mwexec('/bin/chmod 660 /var/log/snort/*', true);
-		mwexec("/bin/pkill -HUP -F {$g['varrun_path']}/snort_{$if_real}{$snort_uuid}.pid -a");
-		conf_mount_ro();
+		if (file_exists("{$g['varrun_path']}/snort_{$if_real}{$snort_uuid}.pid"))
+			mwexec("/bin/pkill -HUP -F {$g['varrun_path']}/snort_{$if_real}{$snort_uuid}.pid -a");
 	}
 	header("Location: /snort/snort_alerts.php?instance={$instanceid}");
 	exit;
diff --git a/config/snort/snort_check_for_rule_updates.php b/config/snort/snort_check_for_rule_updates.php
index 3871b813..2b6d678a 100644
--- a/config/snort/snort_check_for_rule_updates.php
+++ b/config/snort/snort_check_for_rule_updates.php
@@ -356,7 +356,7 @@ function oinkmaster_run($if_real, $iface_uuid)
 	global $config, $g, $snortdir;
 
 	if (empty($config['installedpackages']['snortglobal']['rule'][$id]['rule_sid_on']) && empty($config['installedpackages']['snortglobal']['rule'][$id]['rule_sid_off'])) { 
-		update_status(gettext("Your first set of rules are being copied..."));
+		update_status(gettext("Your set of rules are being copied..."));
 		exec("/bin/cp {$snortdir}/rules/* {$snortdir}/snort_{$iface_uuid}_{$if_real}/rules/");
 		exec("/bin/cp {$snortdir}/classification.config {$snortdir}/snort_{$iface_uuid}_{$if_real}");
 		exec("/bin/cp {$snortdir}/gen-msg.map {$snortdir}/snort_{$iface_uuid}_{$if_real}");
-- 
cgit v1.2.3