Update of /cvsroot/netpass/NetPass-Snort/lib/NetPass
In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv12386/NetPass-Snort/lib/NetPass
Modified Files:
Snort.pm
Log Message:
added a test cmd to check the validity of generated rules.
if the test fails, the backup rules file will be restored.
Index: Snort.pm
===================================================================
RCS file: /cvsroot/netpass/NetPass-Snort/lib/NetPass/Snort.pm,v
retrieving revision 1.2
retrieving revision 1.3
diff -u -d -r1.2 -r1.3
--- Snort.pm 10 Aug 2005 20:25:31 -0000 1.2
+++ Snort.pm 4 Jan 2006 16:02:09 -0000 1.3
@@ -34,6 +34,7 @@
my $DEFAULTSNORTBPF = "/opt/snort/etc/pcaprules.txt";
my $DEFAULTSNORTPID = "/var/run/snort_dag0.pid";
my $DEFAULTSNORTCMD = "/etc/init.d/snortd";
+my $DEFAULTSNORTTESTSCRIPT = "/opt/snort/bin/snort -q -c/opt/snort/etc/snort.conf -T";
# make sure this matches DEFAULTPORT in npsnortd.pl
my $DEFAULTPORT = 20008;
@@ -68,7 +69,8 @@
my $rulesfile = (exists $opts{'b'}) ? $opts{'b'} : $DEFAULTSNORTBPF;
# create a backup copy of the rules file
- move($rulesfile, $rulesfile.'.bkp') if (-e $rulesfile);
+ my $backupfile = $rulesfile.'.bkp';
+ move($rulesfile, $backupfile) if (-e $rulesfile);
$fh->open("> $rulesfile");
print $fh $pcaprules."\n";
@@ -152,7 +154,8 @@
my $rulesfile = (exists $opts{'r'}) ? $opts{'r'} : $DEFAULTSNORTRULES;
# create a backup copy of the rules file
- move($rulesfile, $rulesfile.'.bkp') if (-e $rulesfile);
+ my $backupfile = $rulesfile.'.bkp';
+ move($rulesfile, $backupfile) if (-e $rulesfile);
$fh->open("> $rulesfile");
foreach my $l (@$aref) {
@@ -162,6 +165,16 @@
}
$fh->close;
+ # test the rules file
+ my $testcmd = (exists $opts{'T'}) ? $opts{'T'} : $DEFAULTSNORTTESTSCRIPT;
+ my $testoutput = qx($testcmd 2>&1);
+ if( $testoutput =~ /Fatal Error/gm) {
+ # we came across a Fatal Error!
+ # restore the backup copy of the rules file
+ move($backupfile, $rulesfile) if (-e $backupfile);
+ return undef;
+ }
+
$self->$update_pcap_rules_file($md5, $soap);
my $cmd = (exists $opts{'f'}) ? $opts{'f'} : $DEFAULTSNORTCMD;
@@ -231,7 +244,8 @@
my $rulesfile = (exists $opts{'r'}) ? $opts{'r'} : $DEFAULTSNORTRULES;
# create a backup copy of the rules file
- move($rulesfile, $rulesfile.'.bkp') if (-e $rulesfile);
+ my $backupfile = $rulesfile.'.bkp';
+ move($rulesfile, $backupfile) if (-e $rulesfile);
$fh->open("> $rulesfile");
foreach my $l (@$aref) {
@@ -241,6 +255,16 @@
}
$fh->close;
+ # test the rules file
+ my $testcmd = (exists $opts{'T'}) ? $opts{'T'} : $DEFAULTSNORTTESTSCRIPT;
+ my $testoutput = qx($testcmd 2>&1);
+ if( $testoutput =~ /Fatal Error/gm) {
+ # we came across a Fatal Error!
+ # restore the backup copy of the rules file
+ move($backupfile, $rulesfile) if (-e $backupfile);
+ return undef;
+ }
+
$self->$update_pcap_rules_file($md5, $soap);
return 1 if (kill('HUP', $pid) > 0);
|
