diff options
author | Ermal <eri@pfsense.org> | 2012-07-22 13:27:55 +0000 |
---|---|---|
committer | Ermal <eri@pfsense.org> | 2012-07-22 13:27:55 +0000 |
commit | 43a1843df119d61e23a2026f3f7723461c83b043 (patch) | |
tree | 01c0ac34764454eaf03b93576ccab98a89300717 | |
parent | 8e58e615bd87e1f5486f3342909be1d58adedc3e (diff) | |
download | pfsense-packages-43a1843df119d61e23a2026f3f7723461c83b043.tar.gz pfsense-packages-43a1843df119d61e23a2026f3f7723461c83b043.tar.bz2 pfsense-packages-43a1843df119d61e23a2026f3f7723461c83b043.zip |
Extract emerging threats before snort and copy even ip lists into rules file
-rw-r--r-- | config/snort/snort_check_for_rule_updates.php | 72 |
1 files changed, 42 insertions, 30 deletions
diff --git a/config/snort/snort_check_for_rule_updates.php b/config/snort/snort_check_for_rule_updates.php index 89039f9f..112682d2 100644 --- a/config/snort/snort_check_for_rule_updates.php +++ b/config/snort/snort_check_for_rule_updates.php @@ -164,6 +164,42 @@ $sedcmd .= "s/^\\talert/alert/g\n"; $sedcmd .= "s/^[ \\t]*alert/alert/g\n"; @file_put_contents("{$snortdir}/tmp/sedcmd", $sedcmd); +/* Untar emergingthreats rules to tmp */ +if ($emergingthreats == 'on') { + safe_mkdir("{$snortdir}/tmp/emerging"); + if (file_exists("{$tmpfname}/{$emergingthreats_filename}")) { + update_status(gettext("Extracting rules...")); + exec("/usr/bin/tar xzf {$tmpfname}/{$emergingthreats_filename} -C {$snortdir}/tmp/emerging rules/"); + + $files = glob("{$snortdir}/tmp/emerging/rules/*.rules"); + foreach ($files as $file) { + $newfile = basename($file); + @copy($file, "{$snortdir}/rules/{$newfile}"); + } + /* IP lists */ + $files = glob("{$snortdir}/tmp/emerging/rules/*.txt"); + foreach ($files as $file) { + $newfile = basename($file); + @copy($file, "{$snortdir}/rules/{$newfile}"); + } + if ($snortdownload == 'off') { + foreach (array("classification.config", "reference.config", "sid-msg.map", "unicode.map") as $file) { + if (file_exists("{$snortdir}/tmp/emerging/rules/{$file}")) + @copy("{$snortdir}/tmp/emerging/rules/{$file}", "{$snortdir}/{$file}"); + } + } + + /* make shure default rules are in the right format */ + exec("/usr/bin/sed -I '' -f {$snortdir}/tmp/sedcmd {$snortdir}/rules/emerging*.rules"); + + /* Copy emergingthreats md5 sig to snort dir */ + if (file_exists("{$tmpfname}/$emergingthreats_filename_md5")) { + update_status(gettext("Copying md5 sig to snort directory...")); + @copy("{$tmpfname}/$emergingthreats_filename_md5", "{$snortdir}/$emergingthreats_filename_md5"); + } + } +} + /* Untar snort rules file individually to help people with low system specs */ if ($snortdownload == 'on') { if (file_exists("{$tmpfname}/{$snort_filename}")) { @@ -181,6 +217,12 @@ if ($snortdownload == 'on') { $newfile = basename($file); @copy($file, "{$snortdir}/rules/snort_{$newfile}"); } + /* IP lists */ + $files = glob("{$snortdir}/tmp/snortrules/rules/*.txt"); + foreach ($files as $file) { + $newfile = basename($file); + @copy($file, "{$snortdir}/rules/{$newfile}"); + } exec("rm -r {$snortdir}/tmp/snortrules"); /* extract so rules */ @@ -245,36 +287,6 @@ if ($snortdownload == 'on') { } } -/* Untar emergingthreats rules to tmp */ -if ($emergingthreats == 'on') { - safe_mkdir("{$snortdir}/tmp/emerging"); - if (file_exists("{$tmpfname}/{$emergingthreats_filename}")) { - update_status(gettext("Extracting rules...")); - exec("/usr/bin/tar xzf {$tmpfname}/{$emergingthreats_filename} -C {$snortdir}/tmp/emerging rules/"); - - $files = glob("{$snortdir}/tmp/emerging/rules/*.rules"); - foreach ($files as $file) { - $newfile = basename($file); - @copy($file, "{$snortdir}/rules/{$newfile}"); - } - if ($snortdownload == 'off') { - foreach (array("classification.config", "reference.config", "sid-msg.map", "unicode.map") as $file) { - if (file_exists("{$snortdir}/tmp/emerging/rules/{$file}")) - @copy("{$snortdir}/tmp/emerging/rules/{$file}", "{$snortdir}/{$file}"); - } - } - - /* make shure default rules are in the right format */ - exec("/usr/bin/sed -I '' -f {$snortdir}/tmp/sedcmd {$snortdir}/rules/emerging*.rules"); - - /* Copy emergingthreats md5 sig to snort dir */ - if (file_exists("{$tmpfname}/$emergingthreats_filename_md5")) { - update_status(gettext("Copying md5 sig to snort directory...")); - @copy("{$tmpfname}/$emergingthreats_filename_md5", "{$snortdir}/$emergingthreats_filename_md5"); - } - } -} - /* remove old $tmpfname files */ if (is_dir("{$snortdir}/tmp")) { update_status(gettext("Cleaning up...")); |