diff --git a/config/cfgroot/ids-functions.pl b/config/cfgroot/ids-functions.pl index d88a5b4ca..32002912d 100644 --- a/config/cfgroot/ids-functions.pl +++ b/config/cfgroot/ids-functions.pl @@ -32,6 +32,9 @@ our $rulestarball = "/var/tmp/snortrules.tar.gz"; # File to store any errors, which also will be read and displayed by the wui. our $storederrorfile = "/tmp/ids_storederror"; +# Location where the rulefiles are stored. +our $rulespath = "/etc/snort/rules"; + # ## Function for checking if at least 300MB of free disk space are available ## on the "/var" partition. @@ -161,7 +164,7 @@ sub oinkmaster () { openlog('oinkmaster', 'cons,pid', 'user'); # Call oinkmaster to generate ruleset. - open(OINKMASTER, "/usr/local/bin/oinkmaster.pl -v -s -u file://$rulestarball -C /var/ipfire/snort/oinkmaster.conf -o /etc/snort/rules|"); + open(OINKMASTER, "/usr/local/bin/oinkmaster.pl -v -s -u file://$rulestarball -C /var/ipfire/snort/oinkmaster.conf -o $rulespath|"); # Log output of oinkmaster to syslog. while() { diff --git a/html/cgi-bin/ids.cgi b/html/cgi-bin/ids.cgi index df2bfe5a5..7dc8793f6 100644 --- a/html/cgi-bin/ids.cgi +++ b/html/cgi-bin/ids.cgi @@ -47,7 +47,6 @@ my %selected=(); # Get netsettings. &General::readhash("${General::swroot}/ethernet/settings", \%netsettings); -my $snortrulepath = "/etc/snort/rules"; my $snortusedrulefilesfile = "${General::swroot}/snort/snort-used-rulefiles.conf"; my $errormessage; @@ -83,21 +82,21 @@ if (-e $IDS::storederrorfile) { ## Grab all available snort rules and store them in the idsrules hash. # # Open snort rules directory and do a directory listing. -opendir(DIR, $snortrulepath) or die $!; +opendir(DIR, $IDS::rulespath) or die $!; # Loop through the direcory. while (my $file = readdir(DIR)) { # We only want files. - next unless (-f "$snortrulepath/$file"); + next unless (-f "$IDS::rulespath/$file"); # Ignore empty files. - next if (-z "$snortrulepath/$file"); + next if (-z "$IDS::rulespath/$file"); # Use a regular expression to find files ending in .rules next unless ($file =~ m/\.rules$/); # Ignore files which are not read-able. - next unless (-R "$snortrulepath/$file"); + next unless (-R "$IDS::rulespath/$file"); # Call subfunction to read-in rulefile and add rules to # the idsrules hash. @@ -611,7 +610,7 @@ sub readrulesfile ($) { my $rulefile = shift; # Open rule file and read in contents - open(RULEFILE, "$snortrulepath/$rulefile") or die "Unable to read $rulefile!"; + open(RULEFILE, "$IDS::rulespath/$rulefile") or die "Unable to read $rulefile!"; # Store file content in an array. my @lines = ;