From db7a6af3701beca6e4e23c7679e293f80e0441db Mon Sep 17 00:00:00 2001 From: bmeeks8 Date: Wed, 27 Nov 2013 20:17:04 -0500 Subject: Add logic to prevent writing conf settings with no interfaces defined. --- config/snort/snort_check_for_rule_updates.php | 3 ++- config/snort/snort_interfaces_global.php | 26 ++++++++++++++------------ 2 files changed, 16 insertions(+), 13 deletions(-) (limited to 'config') diff --git a/config/snort/snort_check_for_rule_updates.php b/config/snort/snort_check_for_rule_updates.php index 5f687636..28539f1f 100755 --- a/config/snort/snort_check_for_rule_updates.php +++ b/config/snort/snort_check_for_rule_updates.php @@ -695,7 +695,8 @@ if ($snortdownload == 'on' || $emergingthreats == 'on' || $snortcommunityrules = } /* Start the rules rebuild proccess for each configured interface */ - if (is_array($config['installedpackages']['snortglobal']['rule'])) { + if (is_array($config['installedpackages']['snortglobal']['rule']) && + !empty($config['installedpackages']['snortglobal']['rule'])) { /* Set the flag to force rule rebuilds since we downloaded new rules, */ /* except when in post-install mode. Post-install does its own rebuild. */ diff --git a/config/snort/snort_interfaces_global.php b/config/snort/snort_interfaces_global.php index 77cb0e7c..b22a6934 100644 --- a/config/snort/snort_interfaces_global.php +++ b/config/snort/snort_interfaces_global.php @@ -98,19 +98,21 @@ if (!$input_errors) { // Now walk all the configured interface rulesets and remove // any matching the disabled ruleset prefixes. - foreach ($config['installedpackages']['snortglobal']['rule'] as &$iface) { - // Disable Snort IPS policy if VRT rules are disabled - if ($disable_ips_policy) { - $iface['ips_policy_enable'] = 'off'; - unset($iface['ips_policy']); + if (is_array($config['installedpackages']['snortglobal']['rule'])) { + foreach ($config['installedpackages']['snortglobal']['rule'] as &$iface) { + // Disable Snort IPS policy if VRT rules are disabled + if ($disable_ips_policy) { + $iface['ips_policy_enable'] = 'off'; + unset($iface['ips_policy']); + } + $enabled_rules = explode("||", $iface['rulesets']); + foreach ($enabled_rules as $k => $v) { + foreach ($disabled_rules as $d) + if (strpos(trim($v), $d) !== false) + unset($enabled_rules[$k]); + } + $iface['rulesets'] = implode("||", $enabled_rules); } - $enabled_rules = explode("||", $iface['rulesets']); - foreach ($enabled_rules as $k => $v) { - foreach ($disabled_rules as $d) - if (strpos(trim($v), $d) !== false) - unset($enabled_rules[$k]); - } - $iface['rulesets'] = implode("||", $enabled_rules); } $config['installedpackages']['snortglobal']['oinkmastercode'] = $_POST['oinkmastercode']; -- cgit v1.2.3