From 298ef5bafa8242fedf8b95ba8d8ad23e0c4c05b1 Mon Sep 17 00:00:00 2001 From: Stefan Schantl Date: Thu, 26 Jul 2018 15:56:47 +0200 Subject: [PATCH] IDS: Move rulepath declaration to ids-functions.pl This will help if the path ever changed. Also remove hard coded rulepath from oinkmaster call. Signed-off-by: Stefan Schantl --- config/cfgroot/ids-functions.pl | 5 ++++- html/cgi-bin/ids.cgi | 11 +++++------ 2 files changed, 9 insertions(+), 7 deletions(-) diff --git a/config/cfgroot/ids-functions.pl b/config/cfgroot/ids-functions.pl index d88a5b4ca6..32002912d2 100644 --- a/config/cfgroot/ids-functions.pl +++ b/config/cfgroot/ids-functions.pl @@ -32,6 +32,9 @@ our $rulestarball = "/var/tmp/snortrules.tar.gz"; # File to store any errors, which also will be read and displayed by the wui. our $storederrorfile = "/tmp/ids_storederror"; +# Location where the rulefiles are stored. +our $rulespath = "/etc/snort/rules"; + # ## Function for checking if at least 300MB of free disk space are available ## on the "/var" partition. @@ -161,7 +164,7 @@ sub oinkmaster () { openlog('oinkmaster', 'cons,pid', 'user'); # Call oinkmaster to generate ruleset. - open(OINKMASTER, "/usr/local/bin/oinkmaster.pl -v -s -u file://$rulestarball -C /var/ipfire/snort/oinkmaster.conf -o /etc/snort/rules|"); + open(OINKMASTER, "/usr/local/bin/oinkmaster.pl -v -s -u file://$rulestarball -C /var/ipfire/snort/oinkmaster.conf -o $rulespath|"); # Log output of oinkmaster to syslog. while() { diff --git a/html/cgi-bin/ids.cgi b/html/cgi-bin/ids.cgi index df2bfe5a58..7dc8793f6e 100644 --- a/html/cgi-bin/ids.cgi +++ b/html/cgi-bin/ids.cgi @@ -47,7 +47,6 @@ my %selected=(); # Get netsettings. &General::readhash("${General::swroot}/ethernet/settings", \%netsettings); -my $snortrulepath = "/etc/snort/rules"; my $snortusedrulefilesfile = "${General::swroot}/snort/snort-used-rulefiles.conf"; my $errormessage; @@ -83,21 +82,21 @@ if (-e $IDS::storederrorfile) { ## Grab all available snort rules and store them in the idsrules hash. # # Open snort rules directory and do a directory listing. -opendir(DIR, $snortrulepath) or die $!; +opendir(DIR, $IDS::rulespath) or die $!; # Loop through the direcory. while (my $file = readdir(DIR)) { # We only want files. - next unless (-f "$snortrulepath/$file"); + next unless (-f "$IDS::rulespath/$file"); # Ignore empty files. - next if (-z "$snortrulepath/$file"); + next if (-z "$IDS::rulespath/$file"); # Use a regular expression to find files ending in .rules next unless ($file =~ m/\.rules$/); # Ignore files which are not read-able. - next unless (-R "$snortrulepath/$file"); + next unless (-R "$IDS::rulespath/$file"); # Call subfunction to read-in rulefile and add rules to # the idsrules hash. @@ -611,7 +610,7 @@ sub readrulesfile ($) { my $rulefile = shift; # Open rule file and read in contents - open(RULEFILE, "$snortrulepath/$rulefile") or die "Unable to read $rulefile!"; + open(RULEFILE, "$IDS::rulespath/$rulefile") or die "Unable to read $rulefile!"; # Store file content in an array. my @lines = ; -- 2.39.5