diff options
author | bmeeks8 <bmeeks8@bellsouth.net> | 2013-10-08 16:31:18 -0400 |
---|---|---|
committer | bmeeks8 <bmeeks8@bellsouth.net> | 2013-10-08 16:31:18 -0400 |
commit | 38568b846709678742d736aee55483b32e9ab677 (patch) | |
tree | 5fd59a1590b17b07700919eb773fd814c43662e4 | |
parent | 8ea4a9aaf0c8ae4df6679113a5c67b9af51719df (diff) | |
download | pfsense-packages-38568b846709678742d736aee55483b32e9ab677.tar.gz pfsense-packages-38568b846709678742d736aee55483b32e9ab677.tar.bz2 pfsense-packages-38568b846709678742d736aee55483b32e9ab677.zip |
Add support for Emerging Threats Pro ruleset
-rwxr-xr-x | config/snort/snort.inc | 5 | ||||
-rwxr-xr-x | config/snort/snort_check_for_rule_updates.php | 135 | ||||
-rwxr-xr-x | config/snort/snort_download_updates.php | 26 | ||||
-rw-r--r-- | config/snort/snort_interfaces_global.php | 98 | ||||
-rwxr-xr-x | config/snort/snort_rulesets.php | 25 |
5 files changed, 200 insertions, 89 deletions
diff --git a/config/snort/snort.inc b/config/snort/snort.inc index bce9c2a3..e6039510 100755 --- a/config/snort/snort.inc +++ b/config/snort/snort.inc @@ -67,12 +67,9 @@ else { /* Define some useful constants for Snort */ define("SNORTLOGDIR", "/var/log/snort"); -define("VRT_DNLD_FILENAME", "snortrules-snapshot-2946.tar.gz"); -define("VRT_DNLD_URL", "https://www.snort.org/reg-rules/"); -define("ET_VERSION", "2.9.0"); define("ET_DNLD_FILENAME", "emerging.rules.tar.gz"); +define("ETPRO_DNLD_FILENAME", "etpro.rules.tar.gz"); define("GPLV2_DNLD_FILENAME", "community-rules.tar.gz"); -define("GPLV2_DNLD_URL", "https://s3.amazonaws.com/snort-org/www/rules/community/"); define("FLOWBITS_FILENAME", "flowbit-required.rules"); define("ENFORCING_RULES_FILENAME", "snort.rules"); define("RULES_UPD_LOGFILE", SNORTLOGDIR . "/snort_rules_update.log"); diff --git a/config/snort/snort_check_for_rule_updates.php b/config/snort/snort_check_for_rule_updates.php index 30da4b74..21eb7bd2 100755 --- a/config/snort/snort_check_for_rule_updates.php +++ b/config/snort/snort_check_for_rule_updates.php @@ -35,29 +35,25 @@ require_once "/usr/local/pkg/snort/snort.inc"; global $g, $pkg_interface, $snort_gui_include, $rebuild_rules; - -if (!defined("VRT_DNLD_FILENAME")) - define("VRT_DNLD_FILENAME", "snortrules-snapshot-2946.tar.gz"); if (!defined("VRT_DNLD_URL")) define("VRT_DNLD_URL", "https://www.snort.org/reg-rules/"); if (!defined("ET_VERSION")) define("ET_VERSION", "2.9.0"); if (!defined("ET_BASE_DNLD_URL")) define("ET_BASE_DNLD_URL", "http://rules.emergingthreats.net/"); +if (!defined("ETPRO_BASE_DNLD_URL")) + define("ETPRO_BASE_DNLD_URL", "https://rules.emergingthreatspro.com/"); if (!defined("ET_DNLD_FILENAME")) define("ET_DNLD_FILENAME", "emerging.rules.tar.gz"); +if (!defined("ETPRO_DNLD_FILENAME")) + define("ETPRO_DNLD_FILENAME", "etpro.rules.tar.gz"); if (!defined("GPLV2_DNLD_FILENAME")) define("GPLV2_DNLD_FILENAME", "community-rules.tar.gz"); if (!defined("GPLV2_DNLD_URL")) define("GPLV2_DNLD_URL", "https://s3.amazonaws.com/snort-org/www/rules/community/"); -if (!defined("FLOWBITS_FILENAME")) - define("FLOWBITS_FILENAME", "flowbit-required.rules"); -if (!defined("ENFORCING_RULES_FILENAME")) - define("ENFORCING_RULES_FILENAME", "snort.rules"); if (!defined("RULES_UPD_LOGFILE")) define("RULES_UPD_LOGFILE", SNORTLOGDIR . "/snort_rules_update.log"); - $snortdir = SNORTDIR; $snortlibdir = SNORTLIBDIR; $snortlogdir = SNORTLOGDIR; @@ -72,8 +68,10 @@ else /* define checks */ $oinkid = $config['installedpackages']['snortglobal']['oinkmastercode']; +$etproid = $config['installedpackages']['snortglobal']['etpro_code']; $snortdownload = $config['installedpackages']['snortglobal']['snortdownload']; $emergingthreats = $config['installedpackages']['snortglobal']['emergingthreats']; +$etpro = $config['installedpackages']['snortglobal']['emergingthreats_pro']; $snortcommunityrules = $config['installedpackages']['snortglobal']['snortcommunityrules']; $vrt_enabled = $config['installedpackages']['snortglobal']['snortdownload']; $et_enabled = $config['installedpackages']['snortglobal']['emergingthreats']; @@ -81,19 +79,39 @@ $et_enabled = $config['installedpackages']['snortglobal']['emergingthreats']; /* Working directory for downloaded rules tarballs */ $tmpfname = "{$snortdir}/tmp/snort_rules_up"; -/* Snort VRT rules filenames and URL */ -$snort_filename = VRT_DNLD_FILENAME; -$snort_filename_md5 = VRT_DNLD_FILENAME . ".md5"; +/* Grab the Snort binary version programmatically and use it to construct */ +/* the proper Snort VRT rules tarball and md5 filenames. */ +exec("/usr/local/bin/snort -V 2>&1 |/usr/bin/grep Version | /usr/bin/cut -c20-26", $snortver); +// Save the version with decimal delimiters for use in extracting the rules +$snort_version = $snortver[0]; +// Create a collapsed version string for use in the tarball filename +$snortver[0] = str_replace(".", "", $snortver[0]); +$snort_filename = "snortrules-snapshot-{$snortver[0]}.tar.gz"; +$snort_filename_md5 = "{$snort_filename}.md5"; $snort_rule_url = VRT_DNLD_URL; -/* Emerging Threats rules filenames and URL */ -$emergingthreats_filename = ET_DNLD_FILENAME; -$emergingthreats_filename_md5 = ET_DNLD_FILENAME . ".md5"; -$emerging_threats_version = ET_VERSION; -$emergingthreats_url = ET_BASE_DNLD_URL; -// If using Sourcefire VRT rules with ET, then we should use the open-nogpl ET rules -$emergingthreats_url .= $vrt_enabled == "on" ? "open-nogpl/" : "open/"; -$emergingthreats_url .= "snort-" . ET_VERSION . "/"; +/* Set up Emerging Threats rules filenames and URL */ +if ($etpro == "on") { + $emergingthreats_filename = ETPRO_DNLD_FILENAME; + $emergingthreats_filename_md5 = ETPRO_DNLD_FILENAME . ".md5"; + $emergingthreats_url = ETPRO_BASE_DNLD_URL; + $emergingthreats_url .= "{$etproid}/snort-" . ET_VERSION . "/"; + $emergingthreats = "on"; + $et_name = "Emerging Threats Pro"; + $et_md5_remove = ET_DNLD_FILENAME . ".md5"; + @unlink("{$snortdir}/{$et_md5_remove}"); +} +else { + $emergingthreats_filename = ET_DNLD_FILENAME; + $emergingthreats_filename_md5 = ET_DNLD_FILENAME . ".md5"; + $emergingthreats_url = ET_BASE_DNLD_URL; + // If using Sourcefire VRT rules with ET, then we should use the open-nogpl ET rules + $emergingthreats_url .= $vrt_enabled == "on" ? "open-nogpl/" : "open/"; + $emergingthreats_url .= "snort-" . ET_VERSION . "/"; + $et_name = "Emerging Threats Open"; + $et_md5_remove = ETPRO_DNLD_FILENAME . ".md5"; + @unlink("{$snortdir}/{$et_md5_remove}"); +} /* Snort GPLv2 Community Rules filenames and URL */ $snort_community_rules_filename = GPLV2_DNLD_FILENAME; @@ -418,34 +436,34 @@ if ($snortcommunityrules == 'on') { /* download md5 sig from emergingthreats.net */ if ($emergingthreats == 'on') { if ($pkg_interface <> "console") - update_status(gettext("Downloading EmergingThreats md5 file...")); - error_log(gettext("\tDownloading EmergingThreats md5 file '{$emergingthreats_filename_md5}'...\n"), 3, $snort_rules_upd_log); + update_status(gettext("Downloading {$et_name} md5 file...")); + error_log(gettext("\tDownloading {$et_name} md5 file '{$emergingthreats_filename_md5}'...\n"), 3, $snort_rules_upd_log); $rc = snort_download_file_url("{$emergingthreats_url}{$emergingthreats_filename_md5}", "{$tmpfname}/{$emergingthreats_filename_md5}"); if ($rc === true) { if ($pkg_interface <> "console") - update_status(gettext("Done downloading EmergingThreats md5 file {$emergingthreats_filename_md5}")); - error_log(gettext("\tChecking EmergingThreats md5.\n"), 3, $snort_rules_upd_log); + update_status(gettext("Done downloading {$et_name} md5 file {$emergingthreats_filename_md5}")); + error_log(gettext("\tChecking {$et_name} md5.\n"), 3, $snort_rules_upd_log); if (file_exists("{$snortdir}/{$emergingthreats_filename_md5}") && $emergingthreats == "on") { /* Check if were up to date emergingthreats.net */ $emerg_md5_check_new = file_get_contents("{$tmpfname}/{$emergingthreats_filename_md5}"); $emerg_md5_check_old = file_get_contents("{$snortdir}/{$emergingthreats_filename_md5}"); if ($emerg_md5_check_new == $emerg_md5_check_old) { if ($pkg_interface <> "console") - update_status(gettext("Emerging Threats rules are up to date...")); - log_error(gettext("[Snort] Emerging Threat rules are up to date...")); - error_log(gettext("\tEmerging Threats rules are up to date.\n"), 3, $snort_rules_upd_log); + update_status(gettext("{$et_name} rules are up to date...")); + log_error(gettext("[Snort] {$et_name} rules are up to date...")); + error_log(gettext("\t{$et_name} rules are up to date.\n"), 3, $snort_rules_upd_log); $emergingthreats = 'off'; } } } else { if ($pkg_interface <> "console") - update_output_window(gettext("EmergingThreats md5 file download failed. EmergingThreats rules will not be updated.")); - log_error(gettext("[Snort] EmergingThreats md5 file download failed. Server returned error code '{$rc}'.")); - error_log(gettext("\tEmergingThreats md5 file download failed. Server returned error code '{$rc}'.\n"), 3, $snort_rules_upd_log); + update_output_window(gettext("{$et_name} md5 file download failed. {$et_name} rules will not be updated.")); + log_error(gettext("[Snort] {$et_name} md5 file download failed. Server returned error code '{$rc}'.")); + error_log(gettext("\t{$et_name} md5 file download failed. Server returned error code '{$rc}'.\n"), 3, $snort_rules_upd_log); if ($pkg_interface == "console") error_log(gettext("\tThe error text is '{$last_curl_error}'\n"), 3, $snort_rules_upd_log); - error_log(gettext("\tEmergingThreats rules will not be updated.\n"), 3, $snort_rules_upd_log); + error_log(gettext("\t{$et_name} rules will not be updated.\n"), 3, $snort_rules_upd_log); $emergingthreats = 'off'; } } @@ -453,9 +471,9 @@ if ($emergingthreats == 'on') { /* download emergingthreats rules file */ if ($emergingthreats == "on") { if ($pkg_interface <> "console") - update_status(gettext("There is a new set of EmergingThreats rules posted. Downloading {$emergingthreats_filename}...")); - log_error(gettext("[Snort] There is a new set of EmergingThreats rules posted. Downloading...")); - error_log(gettext("\tThere is a new set of EmergingThreats rules posted.\n"), 3, $snort_rules_upd_log); + update_status(gettext("There is a new set of {$et_name} rules posted. Downloading {$emergingthreats_filename}...")); + log_error(gettext("[Snort] There is a new set of {$et_name} rules posted. Downloading...")); + error_log(gettext("\tThere is a new set of {$et_name} rules posted.\n"), 3, $snort_rules_upd_log); error_log(gettext("\tDownloading file '{$emergingthreats_filename}'...\n"), 3, $snort_rules_upd_log); $rc = snort_download_file_url("{$emergingthreats_url}{$emergingthreats_filename}", "{$tmpfname}/{$emergingthreats_filename}"); @@ -463,29 +481,29 @@ if ($emergingthreats == "on") { if ($rc === true) { if (trim(file_get_contents("{$tmpfname}/{$emergingthreats_filename_md5}")) != trim(md5_file("{$tmpfname}/{$emergingthreats_filename}"))){ if ($pkg_interface <> "console") - update_output_window(gettext("EmergingThreats rules file MD5 checksum failed...")); - log_error(gettext("[Snort] EmergingThreats rules file download failed. Bad MD5 checksum...")); + update_output_window(gettext("{$et_name} rules file MD5 checksum failed...")); + log_error(gettext("[Snort] {$et_name} rules file download failed. Bad MD5 checksum...")); log_error(gettext("[Snort] Failed File MD5: " . md5_file("{$tmpfname}/{$emergingthreats_filename}"))); log_error(gettext("[Snort] Expected File MD5: " . file_get_contents("{$tmpfname}/{$emergingthreats_filename_md5}"))); - error_log(gettext("\tEmergingThreats rules file download failed. EmergingThreats rules will not be updated.\n"), 3, $snort_rules_upd_log); + error_log(gettext("\t{$et_name} rules file download failed. {$et_name} rules will not be updated.\n"), 3, $snort_rules_upd_log); error_log(gettext("\tDownloaded ET file MD5: " . md5_file("{$tmpfname}/{$emergingthreats_filename}") . "\n"), 3, $snort_rules_upd_log); error_log(gettext("\tExpected ET file MD5: " . file_get_contents("{$tmpfname}/{$emergingthreats_filename_md5}") . "\n"), 3, $snort_rules_upd_log); $emergingthreats = 'off'; } else { if ($pkg_interface <> "console") - update_status(gettext('Done downloading EmergingThreats rules file.')); - log_error("[Snort] EmergingThreats rules file update downloaded successfully"); - error_log(gettext("\tDone downloading EmergingThreats rules file.\n"), 3, $snort_rules_upd_log); + update_status(gettext('Done downloading {$et_name} rules file.')); + log_error("[Snort] {$et_name} rules file update downloaded successfully"); + error_log(gettext("\tDone downloading {$et_name} rules file.\n"), 3, $snort_rules_upd_log); } } else { if ($pkg_interface <> "console") { - update_status(gettext("The server returned error code {$rc} ... skipping EmergingThreats update...")); - update_output_window(gettext("EmergingThreats rules file download failed...")); + update_status(gettext("The server returned error code {$rc} ... skipping {$et_name} update...")); + update_output_window(gettext("{$et_name} rules file download failed...")); } - log_error(gettext("[Snort] EmergingThreats rules file download failed. Server returned error '{$rc}'...")); - error_log(gettext("\tEmergingThreats rules file download failed. Server returned error '{$rc}'...\n"), 3, $snort_rules_upd_log); + log_error(gettext("[Snort] {$et_name} rules file download failed. Server returned error '{$rc}'...")); + error_log(gettext("\t{$et_name} rules file download failed. Server returned error '{$rc}'...\n"), 3, $snort_rules_upd_log); if ($pkg_interface == "console") error_log(gettext("\tThe error text is '{$last_curl_error}'\n"), 3, $snort_rules_upd_log); $emergingthreats = 'off'; @@ -497,22 +515,34 @@ if ($emergingthreats == 'on') { safe_mkdir("{$snortdir}/tmp/emerging"); if (file_exists("{$tmpfname}/{$emergingthreats_filename}")) { if ($pkg_interface <> "console") { - update_status(gettext("Extracting EmergingThreats.org rules...")); - update_output_window(gettext("Installing EmergingThreats rules...")); + update_status(gettext("Extracting {$et_name} rules...")); + update_output_window(gettext("Installing {$et_name} rules...")); } - error_log(gettext("\tExtracting and installing EmergingThreats.org rules...\n"), 3, $snort_rules_upd_log); + error_log(gettext("\tExtracting and installing {$et_name} rules...\n"), 3, $snort_rules_upd_log); exec("/usr/bin/tar xzf {$tmpfname}/{$emergingthreats_filename} -C {$snortdir}/tmp/emerging rules/"); + /* Remove the old Emerging Threats rules files */ + array_map('unlink', glob("{$snortdir}/rules/emerging-*.rules")); + array_map('unlink', glob("{$snortdir}/rules/etpro-*.rules")); + array_map('unlink', glob("{$snortdir}/rules/emerging-*ips.txt")); + array_map('unlink', glob("{$snortdir}/rules/etpro-*ips.txt")); + $files = glob("{$snortdir}/tmp/emerging/rules/*.rules"); foreach ($files as $file) { $newfile = basename($file); - @copy($file, "{$snortdir}/rules/{$newfile}"); + if ($etpro == "on") + @copy($file, "{$snortdir}/rules/etpro-{$newfile}"); + else + @copy($file, "{$snortdir}/rules/{$newfile}"); } /* IP lists for Emerging Threats rules */ $files = glob("{$snortdir}/tmp/emerging/rules/*ips.txt"); foreach ($files as $file) { $newfile = basename($file); - @copy($file, "{$snortdir}/rules/{$newfile}"); + if ($etpro == "on") + @copy($file, "{$snortdir}/rules/etpro-{$newfile}"); + else + @copy($file, "{$snortdir}/rules/emerging-{$newfile}"); } /* base etc files for Emerging Threats rules */ foreach (array("classification.config", "reference.config", "gen-msg.map", "unicode.map") as $file) { @@ -527,10 +557,10 @@ if ($emergingthreats == 'on') { @copy("{$tmpfname}/{$emergingthreats_filename_md5}", "{$snortdir}/{$emergingthreats_filename_md5}"); } if ($pkg_interface <> "console") { - update_status(gettext("Extraction of EmergingThreats.org rules completed...")); - update_output_window(gettext("Installation of EmergingThreats rules completed...")); + update_status(gettext("Extraction of {$et_name} rules completed...")); + update_output_window(gettext("Installation of {$et_name} rules completed...")); } - error_log(gettext("\tInstallation of EmergingThreats.org rules completed.\n"), 3, $snort_rules_upd_log); + error_log(gettext("\tInstallation of {$et_name} rules completed.\n"), 3, $snort_rules_upd_log); exec("rm -r {$snortdir}/tmp/emerging"); } } @@ -544,6 +574,9 @@ if ($snortdownload == 'on') { if (substr(php_uname("r"), 0, 1) == '9') $freebsd_version_so = 'FreeBSD-9-0'; + /* Remove the old Snort rules files */ + array_map('unlink', glob("{$snortdir}/rules/snort_*.rules")); + if ($pkg_interface <> "console") { update_status(gettext("Extracting Snort VRT rules...")); update_output_window(gettext("Installing Sourcefire VRT rules...")); diff --git a/config/snort/snort_download_updates.php b/config/snort/snort_download_updates.php index 1f87fbbc..09ab646a 100755 --- a/config/snort/snort_download_updates.php +++ b/config/snort/snort_download_updates.php @@ -40,8 +40,14 @@ require_once("/usr/local/pkg/snort/snort.inc"); $snortdir = SNORTDIR; $snort_rules_upd_log = RULES_UPD_LOGFILE; $log = $snort_rules_upd_log; -$snort_rules_file = VRT_DNLD_FILENAME; -$emergingthreats_filename = ET_DNLD_FILENAME; + +/* Grab the Snort binary version programmatically and */ +/* use it to construct the proper Snort VRT rules */ +/* tarball filename. */ +exec("/usr/local/bin/snort -V 2>&1 |/usr/bin/grep Version | /usr/bin/cut -c20-26", $snortver); +$snortver[0] = str_replace(".", "", $snortver[0]); +$snort_rules_file = "snortrules-snapshot-{$snortver[0]}.tar.gz"; +//$snort_rules_file = VRT_DNLD_FILENAME; $snort_community_rules_filename = GPLV2_DNLD_FILENAME; /* load only javascript that is needed */ @@ -49,8 +55,18 @@ $snort_load_jquery = 'yes'; $snort_load_jquery_colorbox = 'yes'; $snortdownload = $config['installedpackages']['snortglobal']['snortdownload']; $emergingthreats = $config['installedpackages']['snortglobal']['emergingthreats']; +$etpro = $config['installedpackages']['snortglobal']['emergingthreats_pro']; $snortcommunityrules = $config['installedpackages']['snortglobal']['snortcommunityrules']; +if ($etpro == "on") { + $emergingthreats_filename = ETPRO_DNLD_FILENAME; + $et_name = "EMERGING THREATS PRO RULES"; +} +else { + $emergingthreats_filename = ET_DNLD_FILENAME; + $et_name = "EMERGING THREATS RULES"; +} + /* quick md5s chk */ $snort_org_sig_chk_local = 'N/A'; if (file_exists("{$snortdir}/{$snort_rules_file}.md5")) @@ -138,9 +154,9 @@ h += 96; <p style="text-align: left; margin-left: 225px;"> <font color="#777777" size="2.5px"> <b><?php echo gettext("INSTALLED RULESET SIGNATURES"); ?></b></font><br/><br/> - <font color="#FF850A" size="1px"><b>SNORT.ORG --></b></font> + <font color="#FF850A" size="1px"><b>SNORT VRT RULES --></b></font> <font size="1px" color="#000000"> <? echo $snort_org_sig_chk_local; ?></font><br/> - <font color="#FF850A" size="1px"><b>EMERGINGTHREATS.NET --></b></font> + <font color="#FF850A" size="1px"><b><?=$et_name;?> --></b></font> <font size="1px" color="#000000"> <? echo $emergingt_net_sig_chk_local; ?></font><br/> <font color="#FF850A" size="1px"><b>SNORT GPLv2 COMMUNITY RULES --></b></font> <font size="1px" color="#000000"> <? echo $snort_community_sig_chk_local; ?></font><br/> @@ -160,7 +176,7 @@ h += 96; <?php - if ($snortdownload != 'on' && $emergingthreats != 'on') { + if ($snortdownload != 'on' && $emergingthreats != 'on' && $etpro != 'on') { echo ' <button disabled="disabled"><span class="download">' . gettext("Update Rules") . '</span></button><br/> <p style="text-align:left; margin-left:150px;"> diff --git a/config/snort/snort_interfaces_global.php b/config/snort/snort_interfaces_global.php index d28ec2b4..089255b6 100644 --- a/config/snort/snort_interfaces_global.php +++ b/config/snort/snort_interfaces_global.php @@ -44,7 +44,9 @@ $snortdir = SNORTDIR; /* make things short */ $pconfig['snortdownload'] = $config['installedpackages']['snortglobal']['snortdownload']; $pconfig['oinkmastercode'] = $config['installedpackages']['snortglobal']['oinkmastercode']; +$pconfig['etpro_code'] = $config['installedpackages']['snortglobal']['etpro_code']; $pconfig['emergingthreats'] = $config['installedpackages']['snortglobal']['emergingthreats']; +$pconfig['emergingthreats_pro'] = $config['installedpackages']['snortglobal']['emergingthreats_pro']; $pconfig['rm_blocked'] = $config['installedpackages']['snortglobal']['rm_blocked']; $pconfig['snortloglimit'] = $config['installedpackages']['snortglobal']['snortloglimit']; $pconfig['snortloglimitsize'] = $config['installedpackages']['snortglobal']['snortloglimitsize']; @@ -63,14 +65,22 @@ if ($_POST['rule_update_starttime']) { $input_errors[] = "Invalid Rule Update Start Time! Please supply a value in 24-hour format as 'HH:MM'."; } +if ($_POST['snortdownload'] == "on" && empty($_POST['oinkmastercode'])) + $input_errors[] = "You must supply an Oinkmaster code in the box provided in order to enable Snort VRT rules!"; + +if ($_POST['emergingthreats_pro'] == "on" && empty($_POST['etpro_code'])) + $input_errors[] = "You must supply a subscription code in the box provided in order to enable Emerging Threats Pro rules!"; + /* if no errors move foward */ if (!$input_errors) { if ($_POST["Submit"]) { - $config['installedpackages']['snortglobal']['snortdownload'] = $_POST['snortdownload']; + $config['installedpackages']['snortglobal']['snortdownload'] = $_POST['snortdownload'] ? 'on' : 'off'; $config['installedpackages']['snortglobal']['oinkmastercode'] = $_POST['oinkmastercode']; $config['installedpackages']['snortglobal']['snortcommunityrules'] = $_POST['snortcommunityrules'] ? 'on' : 'off'; $config['installedpackages']['snortglobal']['emergingthreats'] = $_POST['emergingthreats'] ? 'on' : 'off'; + $config['installedpackages']['snortglobal']['emergingthreats_pro'] = $_POST['emergingthreats_pro'] ? 'on' : 'off'; + $config['installedpackages']['snortglobal']['etpro_code'] = $_POST['etpro_code']; $config['installedpackages']['snortglobal']['rm_blocked'] = $_POST['rm_blocked']; if ($_POST['snortloglimitsize']) { @@ -160,19 +170,14 @@ if ($input_errors) <td width="78%" class="vtable"> <table width="100%" border="0" cellpadding="2" cellspacing="0"> <tr> - <td><input name="snortdownload" type="radio" id="snortdownload" value="off" onclick="enable_snort_vrt('off')" - <?php if($pconfig['snortdownload']=='off' || $pconfig['snortdownload']=='') echo 'checked'; ?> > </td> - <td><span class="vexpl"><?php printf(gettext("Do %sNOT%s Install"), '<strong>', '</strong>'); ?></span></td> - </tr> - <tr> - <td><input name="snortdownload" type="radio" id="snortdownload" value="on" onclick="enable_snort_vrt('on')" + <td><input name="snortdownload" type="checkbox" id="snortdownload" value="on" onclick="enable_snort_vrt();" <?php if($pconfig['snortdownload']=='on') echo 'checked'; ?>></td> - <td><span class="vexpl"><?php echo gettext("Install Basic Rules or Premium rules"); ?></span></td> + <td><span class="vexpl"><?php echo gettext("Snort VRT free Registered User or paid Subscriber rules"); ?></span></td> <tr> <td> </td> - <td><a href="https://www.snort.org/signup" target="_blank"><?php echo gettext("Sign Up for a Basic Rule Account"); ?> </a><br> + <td><a href="https://www.snort.org/signup" target="_blank"><?php echo gettext("Sign Up for a free Registered User Rule Account"); ?> </a><br> <a href="http://www.snort.org/vrt/buy-a-subscription" target="_blank"> - <?php echo gettext("Sign Up for Sourcefire VRT Certified Premium Rules. This Is Highly Recommended"); ?></a></td> + <?php echo gettext("Sign Up for paid Sourcefire VRT Certified Subscriber Rules"); ?></a></td> </tr> <tr> <td colspan="2"> </td> @@ -180,17 +185,17 @@ if ($input_errors) </table> <table width="100%" border="0" cellpadding="2" cellspacing="0"> <tr> - <td colspan="2" valign="top"><b><span class="vexpl"><?php echo gettext("Oinkmaster Configuration"); ?></span></b></td> + <td colspan="2" valign="top"><b><span class="vexpl"><?php echo gettext("Snort VRT Oinkmaster Configuration"); ?></span></b></td> </tr> <tr> - <td valign="top"><span class="vexpl"><strong><?php echo gettext("Code"); ?></strong></span></td> + <td valign="top"><span class="vexpl"><strong><?php echo gettext("Code:"); ?></strong></span></td> <td><input name="oinkmastercode" type="text" class="formfld" id="oinkmastercode" size="52" value="<?=htmlspecialchars($pconfig['oinkmastercode']);?>" <?php if($pconfig['snortdownload']<>'on') echo 'disabled'; ?>><br> <?php echo gettext("Obtain a snort.org Oinkmaster code and paste it here."); ?></td> </tr> - </table> + </table> </tr> <tr> <td width="22%" valign="top" class="vncell"><?php printf(gettext("Install %sSnort Community%s " . @@ -198,7 +203,7 @@ if ($input_errors) <td width="78%" class="vtable"> <table width="100%" border="0" cellpadding="2" cellspacing="0"> <tr> - <td valign="top" width="8%"><input name="snortcommunityrules" type="checkbox" value="yes" + <td valign="top" width="8%"><input name="snortcommunityrules" type="checkbox" value="on" <?php if ($config['installedpackages']['snortglobal']['snortcommunityrules']=="on") echo "checked"; ?> ></td> <td><span class="vexpl"><?php echo gettext("The Snort Community Ruleset is a GPLv2 VRT certified ruleset that is distributed free of charge " . "without any VRT License restrictions. This ruleset is updated daily and is a subset of the subscriber ruleset."); ?> @@ -212,11 +217,41 @@ if ($input_errors) <td width="78%" class="vtable"> <table width="100%" border="0" cellpadding="2" cellspacing="0"> <tr> - <td valign="top" width="8%"><input name="emergingthreats" type="checkbox" value="yes" - <?php if ($config['installedpackages']['snortglobal']['emergingthreats']=="on") echo "checked"; ?>> - <td><span class="vexpl"><?php echo gettext("Emerging Threats is an open source community that produces fast " . - "moving and diverse Snort Rules."); ?></span></td> + <td valign="top" width="8%"><input name="emergingthreats" type="checkbox" value="on" onclick="enable_et_rules();" + <?php if ($config['installedpackages']['snortglobal']['emergingthreats']=="on") echo "checked"; ?>></td> + <td><span class="vexpl"><?php echo gettext("ETOpen is an open source set of Snort rules whose coverage " . + "is more limited than ETPro."); ?></span></td> + </tr> + <tr> + <td valign="top" width="8%"><input name="emergingthreats_pro" type="checkbox" value="on" onclick="enable_etpro_rules();" + <?php if ($config['installedpackages']['snortglobal']['emergingthreats_pro']=="on") echo "checked"; ?>></td> + <td><span class="vexpl"><?php echo gettext("ETPro for Snort offers daily updates and extensive coverage of current malware threats."); ?></span></td> </tr> + <tr> + <td> </td> + <td><a href="http://www.emergingthreats.net/solutions/etpro-ruleset/" target="_blank"><?php echo gettext("Sign Up for an ETPro Account"); ?> </a></td> + </tr> + <tr> + <td> </td> + <td class="vexpl"><?php echo "<span class='red'><strong>" . gettext("Note:") . "</strong></span>" . " " . + gettext("The ETPro rules contain all of the ETOpen rules, so the ETOpen rules are not required and are disabled when the ETPro rules are selected."); ?></td> + </tr> + <tr> + <td colspan="2"> </td> + </tr> + </table> + <table width="100%" border="0" cellpadding="2" cellspacing="0"> + <tr> + <td colspan="2" valign="top"><b><span class="vexpl"><?php echo gettext("ETPro Subscription Configuration"); ?></span></b></td> + </tr> + <tr> + <td valign="top"><span class="vexpl"><strong><?php echo gettext("Code:"); ?></strong></span></td> + <td><input name="etpro_code" type="text" + class="formfld" id="etpro_code" size="52" + value="<?=htmlspecialchars($pconfig['etpro_code']);?>" + <?php if($pconfig['emergingthreats_pro']<>'on') echo 'disabled'; ?>><br> + <?php echo gettext("Obtain an ETPro subscription code and paste it here."); ?></td> + </tr> </table> </td> </tr> @@ -330,13 +365,28 @@ if ($input_errors) <script language="JavaScript"> <!-- -function enable_snort_vrt(btn) { - if (btn == 'off') { - document.iform.oinkmastercode.disabled = "true"; +function enable_snort_vrt() { + var endis = !(document.iform.snortdownload.checked); + document.iform.oinkmastercode.disabled = endis; + document.iform.etpro_code.disabled = endis; +} + +function enable_et_rules() { + var endis = document.iform.emergingthreats.checked; + if (endis) { + document.iform.emergingthreats_pro.checked = !(endis); + document.iform.etpro_code.disabled = "true"; } - if (btn == 'on') { - document.iform.oinkmastercode.disabled = ""; - } +} + +function enable_etpro_rules() { + var endis = document.iform.emergingthreats_pro.checked; + if (endis) { + document.iform.emergingthreats.checked = !(endis); + document.iform.etpro_code.disabled = ""; + } + else + document.iform.etpro_code.disabled = "true"; } function enable_change_rules_upd() { diff --git a/config/snort/snort_rulesets.php b/config/snort/snort_rulesets.php index 7ec0edbd..3c613f84 100755 --- a/config/snort/snort_rulesets.php +++ b/config/snort/snort_rulesets.php @@ -63,6 +63,7 @@ $if_real = snort_get_real_interface($pconfig['interface']); $snort_uuid = $a_nat[$id]['uuid']; $snortdownload = $config['installedpackages']['snortglobal']['snortdownload']; $emergingdownload = $config['installedpackages']['snortglobal']['emergingthreats']; +$etpro = $config['installedpackages']['snortglobal']['emergingthreats_pro']; $snortcommunitydownload = $config['installedpackages']['snortglobal']['snortcommunityrules']; $no_emerging_files = false; @@ -70,10 +71,13 @@ $no_snort_files = false; $no_community_files = false; /* Test rule categories currently downloaded to $SNORTDIR/rules and set appropriate flags */ -$test = glob("{$snortdir}/rules/emerging-*.rules"); +if (($etpro == 'off' || empty($etpro)) && $emergingdownload == 'on') + $test = glob("{$snortdir}/rules/emerging-*.rules"); +elseif ($etpro == 'on' && ($emergingdownload == 'off' || empty($emergingdownload))) + $test = glob("{$snortdir}/rules/etpro-*.rules"); if (empty($test)) $no_emerging_files = true; -$test = glob("{$snortdir}/rules/snort_*.rules"); +$test = glob("{$snortdir}/rules/snort*.rules"); if (empty($test)) $no_snort_files = true; if (!file_exists("{$snortdir}/rules/GPLv2_community.rules")) @@ -184,10 +188,16 @@ if ($_POST['selectall']) { } if ($emergingdownload == 'on') { - $files = glob("{$snortdir}/rules/emerging*.rules"); + $files = glob("{$snortdir}/rules/emerging-*.rules"); foreach ($files as $file) $rulesets[] = basename($file); } + elseif ($etpro == 'on') { + $files = glob("{$snortdir}/rules/etpro-*.rules"); + foreach ($files as $file) + $rulesets[] = basename($file); + } + if ($snortcommunitydownload == 'on') { $files = glob("{$snortdir}/rules/*_community.rules"); foreach ($files as $file) @@ -421,7 +431,10 @@ if ($savemsg) { <tr id="frheader"> <?php if ($emergingdownload == 'on' && !$no_emerging_files): ?> <td width="5%" class="listhdrr" align="center"><?php echo gettext("Enabled"); ?></td> - <td width="25%" class="listhdrr"><?php echo gettext('Ruleset: Emerging Threats');?></td> + <td width="25%" class="listhdrr"><?php echo gettext('Ruleset: ET Open Rules');?></td> + <?php elseif ($etpro == 'on' && !$no_emerging_files): ?> + <td width="5%" class="listhdrr" align="center"><?php echo gettext("Enabled"); ?></td> + <td width="25%" class="listhdrr"><?php echo gettext('Ruleset: ET Pro Rules');?></td> <?php else: ?> <td colspan="2" align="center" width="30%" class="listhdrr"><?php echo gettext("Emerging Threats rules not {$msg_emerging}"); ?></td> <?php endif; ?> @@ -446,7 +459,9 @@ if ($savemsg) { $filename = basename($filename); if (substr($filename, -5) != "rules") continue; - if (strstr($filename, "emerging") && $emergingdownload == 'on') + if (strstr($filename, "emerging-") && $emergingdownload == 'on') + $emergingrules[] = $filename; + else if (strstr($filename, "etpro-") && $etpro == 'on') $emergingrules[] = $filename; else if (strstr($filename, "snort") && $snortdownload == 'on') { if (strstr($filename, ".so.rules")) |