Improve generation of snort configuration file

inverse-inc · Oct 9, 2013 · 02160ba · 02160ba
1 parent 21fd18d
commit 02160ba
Showing 1 changed file with 8 additions and 4 deletions.
diff --git a/lib/pf/services/snort.pm b/lib/pf/services/snort.pm
@@ -56,10 +56,14 @@ sub generate_snort_conf {
 
     if (exists $Violation_Config{'defaults'}{'snort_rules'}) {
         foreach my $rule ( split( /\s*,\s*/, $Violation_Config{'defaults'}{'snort_rules'} ) ) {
-
-            #append install_dir if the path doesn't start with /
-            $rule = "\$RULE_PATH/$rule" if ( $rule !~ /^\// );
-            push @rules, "include $rule";
+            if ( $rule !~ /^\// && -e "$install_dir/conf/snort/$rule" || -e $rule ) {
+                # Append configuration directory if the path doesn't start with /
+                $rule = "\$RULE_PATH/$rule" if ( $rule !~ /^\// );
+                push @rules, "include $rule";
+            }
+            else {
+                $logger->warn("Snort rules definition file $rule was not found.");
+            }
         }
     }
     $tags{'snort_rules'} = join( "\n", @rules );