webadmin/bpfire
1
0
Fork 0
mirror of https://github.com/vincentmli/bpfire.git synced 2026-04-25 02:12:58 +02:00
Code Issues Packages Projects Releases Wiki Activity

IDS: Move rulepath declaration to ids-functions.pl

Browse Source 
This will help if the path ever changed. Also remove hard coded rulepath
from oinkmaster call.

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
This commit is contained in:
Stefan Schantl
2018-07-26 15:56:47 +02:00
parent 9d18656ba7
commit 298ef5bafa
2 changed files with 9 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
config/cfgroot/ids-functions.pl
View File

@@ -32,6 +32,9 @@ our $rulestarball = "/var/tmp/snortrules.tar.gz";
# File to store any errors, which also will be read and displayed by the wui.
our $storederrorfile = "/tmp/ids_storederror";
# Location where the rulefiles are stored.
our $rulespath = "/etc/snort/rules";
#
## Function for checking if at least 300MB of free disk space are available
## on the "/var" partition.
@@ -161,7 +164,7 @@ sub oinkmaster () {
openlog('oinkmaster', 'cons,pid', 'user');
# Call oinkmaster to generate ruleset.
open(OINKMASTER, "/usr/local/bin/oinkmaster.pl -v -s -u file://$rulestarball -C /var/ipfire/snort/oinkmaster.conf -o /etc/snort/rules|");
open(OINKMASTER, "/usr/local/bin/oinkmaster.pl -v -s -u file://$rulestarball -C /var/ipfire/snort/oinkmaster.conf -o $rulespath|");
# Log output of oinkmaster to syslog.
while(<OINKMASTER>) {

11
html/cgi-bin/ids.cgi
View File

@@ -47,7 +47,6 @@ my %selected=();
# Get netsettings.
&General::readhash("${General::swroot}/ethernet/settings", \%netsettings);
my $snortrulepath = "/etc/snort/rules";
my $snortusedrulefilesfile = "${General::swroot}/snort/snort-used-rulefiles.conf";
my $errormessage;
@@ -83,21 +82,21 @@ if (-e $IDS::storederrorfile) {
## Grab all available snort rules and store them in the idsrules hash.
#
# Open snort rules directory and do a directory listing.
opendir(DIR, $snortrulepath) or die $!;
opendir(DIR, $IDS::rulespath) or die $!;
# Loop through the direcory.
while (my $file = readdir(DIR)) {
# We only want files.
next unless (-f "$snortrulepath/$file");
next unless (-f "$IDS::rulespath/$file");
# Ignore empty files.
next if (-z "$snortrulepath/$file");
next if (-z "$IDS::rulespath/$file");
# Use a regular expression to find files ending in .rules
next unless ($file =~ m/\.rules$/);
# Ignore files which are not read-able.
next unless (-R "$snortrulepath/$file");
next unless (-R "$IDS::rulespath/$file");
# Call subfunction to read-in rulefile and add rules to
# the idsrules hash.
@@ -611,7 +610,7 @@ sub readrulesfile ($) {
my $rulefile = shift;
# Open rule file and read in contents
open(RULEFILE, "$snortrulepath/$rulefile") or die "Unable to read $rulefile!";
open(RULEFILE, "$IDS::rulespath/$rulefile") or die "Unable to read $rulefile!";
# Store file content in an array.
my @lines = <RULEFILE>;