From 941115cc178e90650a7d97f2ac929f2441d2f694 Mon Sep 17 00:00:00 2001 From: bmeeks8 Date: Wed, 17 Sep 2014 22:40:44 -0400 Subject: Adjust rule set downloads for new unique service entries. --- config/snort/snort.inc | 34 +++++++++++++++++++++++++++ config/snort/snort_check_for_rule_updates.php | 23 +++++++++++++++--- 2 files changed, 54 insertions(+), 3 deletions(-) (limited to 'config') diff --git a/config/snort/snort.inc b/config/snort/snort.inc index 53ae4a9d..49376aa8 100755 --- a/config/snort/snort.inc +++ b/config/snort/snort.inc @@ -634,6 +634,40 @@ function snort_start_all_interfaces($background=FALSE) { } } +function snort_stop_all_interfaces() { + + /*************************************************************/ + /* This function stops all configured Snort interfaces. */ + /*************************************************************/ + + global $g, $config; + + /* do nothing if no Snort interfaces active */ + if (!is_array($config['installedpackages']['snortglobal']['rule'])) + return; + + foreach ($config['installedpackages']['snortglobal']['rule'] as $snortcfg) { + snort_stop($snortcfg, get_real_interface($snortcfg['interface'])); + } +} + +function snort_restart_all_interfaces() { + + /*************************************************************/ + /* This function stops all configured Snort interfaces and */ + /* restarts enabled Snort interfaces. */ + /*************************************************************/ + + global $g, $config; + + /* do nothing if no Snort interfaces active */ + if (!is_array($config['installedpackages']['snortglobal']['rule'])) + return; + + snort_stop_all_interfaces(); + snort_start_all_interfaces(TRUE); +} + function snort_reload_config($snortcfg, $signal="SIGHUP") { /*************************************************************/ diff --git a/config/snort/snort_check_for_rule_updates.php b/config/snort/snort_check_for_rule_updates.php index e801f5fd..066f1741 100755 --- a/config/snort/snort_check_for_rule_updates.php +++ b/config/snort/snort_check_for_rule_updates.php @@ -776,14 +776,31 @@ if ($snortdownload == 'on' || $emergingthreats == 'on' || $snortcommunityrules = /* Clear the rebuild rules flag. */ $rebuild_rules = false; - /* Restart snort if already running and we are not rebooting to pick up the new rules. */ - if (is_process_running("snort") && !$g['booting']) { + /* Restart snort if running, and we are not in post-install */ + /* and not rebooting, so as to pick up the new rules. */ + if (!$g['snort_postinstall'] && !$g['booting'] && !file_exists("{$g['varrun_path']}/booting")) { if ($pkg_interface <> "console") { update_status(gettext('Restarting Snort to activate the new set of rules...')); update_output_window(gettext("Please wait ... restarting Snort will take some time...")); } error_log(gettext("\tRestarting Snort to activate the new set of rules...\n"), 3, $snort_rules_upd_log); - restart_service("snort"); + foreach ($config['installedpackages']['snortglobal']['rule'] as $snortcfg) { + if ($snortcfg['enable'] != "on") + continue; + $if_real = get_real_interface($snortcfg['interface']); + if (snort_is_running($snortcfg['uuid'], $if_real, 'snort')) { + touch("{$g['varrun_path']}/snort_{$snortcfg['uuid']}.disabled"); + touch("{$g['varrun_path']}/barnyard2_{$snortcfg['uuid']}.disabled"); + snort_stop($snortcfg, $if_real); + sleep(1); + if ($pkg_interface <> "console") + snort_start($snortcfg, $if_real, FALSE); + else + snort_start($snortcfg, $if_real, TRUE); + unlink_if_exists("{$g['varrun_path']}/snort_{$snortcfg['uuid']}.disabled"); + unlink_if_exists("{$g['varrun_path']}/barnyard2_{$snortcfg['uuid']}.disabled"); + } + } if ($pkg_interface <> "console") update_output_window(gettext("Snort has restarted with your new set of rules...")); log_error(gettext("[Snort] Snort has restarted with your new set of rules...")); -- cgit v1.2.3