From f5e3369fea74c031349921eb1ff5e25366724244 Mon Sep 17 00:00:00 2001 From: bmeeks8 Date: Wed, 3 Jun 2015 17:46:09 -0400 Subject: Fix corrupt snort.conf created when IP REP is enabled with no IP lists. --- config/snort/snort_generate_conf.php | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) (limited to 'config') diff --git a/config/snort/snort_generate_conf.php b/config/snort/snort_generate_conf.php index 297e833b..646697bf 100644 --- a/config/snort/snort_generate_conf.php +++ b/config/snort/snort_generate_conf.php @@ -876,9 +876,9 @@ if (is_array($snortcfg['wlist_files']['item'])) { } } if (!empty($blist_files)) - $ip_lists = $blist_files; + $ip_lists = ", \\ \n\t" . $blist_files; if (!empty($wlist_files)) - $ip_lists .= ", \\ \n" . $wlist_files; + $ip_lists .= ", \\ \n\t" . $wlist_files; if ($snortcfg['iprep_scan_local'] == 'on') $ip_lists .= ", \\ \n\tscan_local"; @@ -888,8 +888,7 @@ preprocessor reputation: \ memcap {$snortcfg['iprep_memcap']}, \ priority {$snortcfg['iprep_priority']}, \ nested_ip {$snortcfg['iprep_nested_ip']}, \ - white {$snortcfg['iprep_white']}, \ - {$ip_lists} + white {$snortcfg['iprep_white']}{$ip_lists} EOD; -- cgit v1.2.3 From c0d4d133895ce0d25d9b8ea0bbdbbd63b284ab18 Mon Sep 17 00:00:00 2001 From: bmeeks8 Date: Wed, 3 Jun 2015 18:08:25 -0400 Subject: Increase PHP memory to 384MB to handle large rules arrays. --- config/snort/snort.inc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'config') diff --git a/config/snort/snort.inc b/config/snort/snort.inc index 64ab6ea5..bb5ff792 100755 --- a/config/snort/snort.inc +++ b/config/snort/snort.inc @@ -40,7 +40,7 @@ require_once("filter.inc"); require("/usr/local/pkg/snort/snort_defs.inc"); // Snort GUI needs some extra PHP memory space to manipulate large rules arrays -ini_set("memory_limit", "256M"); +ini_set("memory_limit", "384M"); // Explicitly declare this as global so it works through function call includes global $g, $config, $rebuild_rules, $pfSense_snort_version; -- cgit v1.2.3 From 85c3766ea245828b175e68cd2c037e43406221ce Mon Sep 17 00:00:00 2001 From: bmeeks8 Date: Wed, 3 Jun 2015 18:12:35 -0400 Subject: Bump Snort package version to 3.2.5 --- config/snort/snort.xml | 4 ++-- config/snort/snort_defs.inc | 4 ++-- config/snort/snort_migrate_config.php | 2 +- config/snort/snort_post_install.php | 4 ++-- 4 files changed, 7 insertions(+), 7 deletions(-) (limited to 'config') diff --git a/config/snort/snort.xml b/config/snort/snort.xml index 1f1a7d24..c9401f05 100755 --- a/config/snort/snort.xml +++ b/config/snort/snort.xml @@ -46,8 +46,8 @@ None Currently there are no FAQ items provided. Snort - 2.9.7.2 - Services:2.9.7.2 pkg v3.2.4 + 2.9.7.3 + Services:2.9.7.3 pkg v3.2.5 /usr/local/pkg/snort/snort.inc Snort diff --git a/config/snort/snort_defs.inc b/config/snort/snort_defs.inc index 912fa3d3..3f5c82e5 100644 --- a/config/snort/snort_defs.inc +++ b/config/snort/snort_defs.inc @@ -5,7 +5,7 @@ * Copyright (C) 2006 Scott Ullrich * Copyright (C) 2009-2010 Robert Zelaya * Copyright (C) 2011-2012 Ermal Luci - * Copyright (C) 2013,2014 Bill Meeks + * Copyright (C) 2013-2015 Bill Meeks * part of pfSense * All rights reserved. * @@ -55,7 +55,7 @@ if (!defined("SNORT_BIN_VERSION")) { if (!empty($snortver[0])) define("SNORT_BIN_VERSION", $snortver[0]); else - define("SNORT_BIN_VERSION", "2.9.7.2"); + define("SNORT_BIN_VERSION", "2.9.7.3"); } if (!defined("SNORT_SID_MODS_PATH")) define('SNORT_SID_MODS_PATH', "{$g['vardb_path']}/snort/sidmods/"); diff --git a/config/snort/snort_migrate_config.php b/config/snort/snort_migrate_config.php index 941a8151..dcc5aa76 100644 --- a/config/snort/snort_migrate_config.php +++ b/config/snort/snort_migrate_config.php @@ -533,7 +533,7 @@ unset($r); // Log a message if we changed anything if ($updated_cfg) { - $config['installedpackages']['snortglobal']['snort_config_ver'] = "3.2.4"; + $config['installedpackages']['snortglobal']['snort_config_ver'] = "3.2.5"; log_error("[Snort] Settings successfully migrated to new configuration format..."); } else diff --git a/config/snort/snort_post_install.php b/config/snort/snort_post_install.php index f93f1c87..7b931246 100644 --- a/config/snort/snort_post_install.php +++ b/config/snort/snort_post_install.php @@ -263,8 +263,8 @@ if (stristr($config['widgets']['sequence'], "snort_alerts-container") === FALSE) $config['widgets']['sequence'] .= ",{$snort_widget_container}"; /* Update Snort package version in configuration */ -$config['installedpackages']['snortglobal']['snort_config_ver'] = "3.2.4"; -write_config("Snort pkg v3.2.4: post-install configuration saved."); +$config['installedpackages']['snortglobal']['snort_config_ver'] = "3.2.5"; +write_config("Snort pkg v3.2.5: post-install configuration saved."); /* Done with post-install, so clear flag */ unset($g['snort_postinstall']); -- cgit v1.2.3