aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorrobiscool <robrob2626@yahoo.com>2009-12-08 17:28:18 -0800
committerrobiscool <robrob2626@yahoo.com>2009-12-08 17:28:18 -0800
commit593b06c24de03f6a6d44e13e2849451cd088062b (patch)
treee301f60dc0eb6c1a5eead9a93433eebf58f6490c
parentda1daf005f921ef728759f618101967e4cc038d8 (diff)
downloadpfsense-packages-593b06c24de03f6a6d44e13e2849451cd088062b.tar.gz
pfsense-packages-593b06c24de03f6a6d44e13e2849451cd088062b.tar.bz2
pfsense-packages-593b06c24de03f6a6d44e13e2849451cd088062b.zip
snort-dev, add code to enable updates and remove block times, add repost rulesets.
-rw-r--r--config/snort-dev/snort.inc448
-rw-r--r--config/snort-dev/snort_barnyard.php9
-rw-r--r--config/snort-dev/snort_define_servers.php6
-rw-r--r--config/snort-dev/snort_interfaces.php4
-rw-r--r--config/snort-dev/snort_interfaces_edit.php7
-rw-r--r--config/snort-dev/snort_interfaces_global.php33
-rw-r--r--config/snort-dev/snort_preprocessors.php6
-rwxr-xr-xpkg_config.7.xml4
8 files changed, 281 insertions, 236 deletions
diff --git a/config/snort-dev/snort.inc b/config/snort-dev/snort.inc
index a514937d..fcb80394 100644
--- a/config/snort-dev/snort.inc
+++ b/config/snort-dev/snort.inc
@@ -206,6 +206,227 @@ function stop_snort()
}
+/* func for updating cron */
+function snort_rm_blocked_install_cron($should_install)
+{
+ global $config, $g;
+
+ if ($g['booting']==true)
+ return;
+
+ $is_installed = false;
+
+ if(!$config['cron']['item'])
+ return;
+
+ $x=0;
+ foreach($config['cron']['item'] as $item)
+ {
+ if (strstr($item['command'], "snort2c"))
+ {
+ $is_installed = true;
+ break;
+ }
+ $x++;
+ }
+
+ $snort_rm_blocked_info_ck = $config['installedpackages']['snortglobal']['rm_blocked'];
+ if ($snort_rm_blocked_info_ck == "1h_b")
+ {
+ $snort_rm_blocked_min = "*/5";
+ $snort_rm_blocked_hr = "*";
+ $snort_rm_blocked_mday = "*";
+ $snort_rm_blocked_month = "*";
+ $snort_rm_blocked_wday = "*";
+ $snort_rm_blocked_expire = "3600";
+ }
+ if ($snort_rm_blocked_info_ck == "3h_b")
+ {
+ $snort_rm_blocked_min = "*/15";
+ $snort_rm_blocked_hr = "*";
+ $snort_rm_blocked_mday = "*";
+ $snort_rm_blocked_month = "*";
+ $snort_rm_blocked_wday = "*";
+ $snort_rm_blocked_expire = "10800";
+ }
+ if ($snort_rm_blocked_info_ck == "6h_b")
+ {
+ $snort_rm_blocked_min = "*/30";
+ $snort_rm_blocked_hr = "*";
+ $snort_rm_blocked_mday = "*";
+ $snort_rm_blocked_month = "*";
+ $snort_rm_blocked_wday = "*";
+ $snort_rm_blocked_expire = "21600";
+ }
+ if ($snort_rm_blocked_info_ck == "12h_b")
+ {
+ $snort_rm_blocked_min = "2";
+ $snort_rm_blocked_hr = "*/1";
+ $snort_rm_blocked_mday = "*";
+ $snort_rm_blocked_month = "*";
+ $snort_rm_blocked_wday = "*";
+ $snort_rm_blocked_expire = "43200";
+ }
+ if ($snort_rm_blocked_info_ck == "1d_b")
+ {
+ $snort_rm_blocked_min = "2";
+ $snort_rm_blocked_hr = "*/2";
+ $snort_rm_blocked_mday = "*";
+ $snort_rm_blocked_month = "*";
+ $snort_rm_blocked_wday = "*";
+ $snort_rm_blocked_expire = "86400";
+ }
+ if ($snort_rm_blocked_info_ck == "4d_b")
+ {
+ $snort_rm_blocked_min = "2";
+ $snort_rm_blocked_hr = "*/8";
+ $snort_rm_blocked_mday = "*";
+ $snort_rm_blocked_month = "*";
+ $snort_rm_blocked_wday = "*";
+ $snort_rm_blocked_expire = "345600";
+ }
+ if ($snort_rm_blocked_info_ck == "7d_b")
+ {
+ $snort_rm_blocked_min = "2";
+ $snort_rm_blocked_hr = "*/14";
+ $snort_rm_blocked_mday = "*";
+ $snort_rm_blocked_month = "*";
+ $snort_rm_blocked_wday = "*";
+ $snort_rm_blocked_expire = "604800";
+ }
+ if ($snort_rm_blocked_info_ck == "28d_b")
+ {
+ $snort_rm_blocked_min = "2";
+ $snort_rm_blocked_hr = "0";
+ $snort_rm_blocked_mday = "*/2";
+ $snort_rm_blocked_month = "*";
+ $snort_rm_blocked_wday = "*";
+ $snort_rm_blocked_expire = "2419200";
+ }
+ switch($should_install)
+ {
+ case true:
+ if(!$is_installed)
+ {
+ $cron_item = array();
+ $cron_item['minute'] = "$snort_rm_blocked_min";
+ $cron_item['hour'] = "$snort_rm_blocked_hr";
+ $cron_item['mday'] = "$snort_rm_blocked_mday";
+ $cron_item['month'] = "$snort_rm_blocked_month";
+ $cron_item['wday'] = "$snort_rm_blocked_wday";
+ $cron_item['who'] = "root";
+ $cron_item['command'] = "/usr/bin/nice -n20 /usr/local/sbin/expiretable -t $snort_rm_blocked_expire snort2c";
+ $config['cron']['item'][] = $cron_item;
+ write_config("Installed $snort_rm_blocked_info_ck minute filter reload for Time Based Rules");
+ configure_cron();
+ }
+ break;
+ case false:
+ if($is_installed == true)
+ {
+ if($x > 0)
+ {
+ unset($config['cron']['item'][$x]);
+ write_config();
+ conf_mount_rw();
+ }
+ configure_cron();
+ }
+ break;
+ }
+}
+
+/* func to install snort update */
+function snort_rules_up_install_cron($should_install) {
+ global $config, $g;
+
+ if ($g['booting']==true)
+ return;
+
+ $is_installed = false;
+
+ if(!$config['cron']['item'])
+ return;
+
+ $x=0;
+ foreach($config['cron']['item'] as $item) {
+ if (strstr($item['command'], "snort_check_for_rule_updates.php")) {
+ $is_installed = true;
+ break;
+ }
+ $x++;
+ }
+ $snort_rules_up_info_ck = $config['installedpackages']['snortglobal']['autorulesupdate7'];
+ if ($snort_rules_up_info_ck == "6h_up") {
+ $snort_rules_up_min = "3";
+ $snort_rules_up_hr = "*/6";
+ $snort_rules_up_mday = "*";
+ $snort_rules_up_month = "*";
+ $snort_rules_up_wday = "*";
+ }
+ if ($snort_rules_up_info_ck == "12h_up") {
+ $snort_rules_up_min = "3";
+ $snort_rules_up_hr = "*/12";
+ $snort_rules_up_mday = "*";
+ $snort_rules_up_month = "*";
+ $snort_rules_up_wday = "*";
+ }
+ if ($snort_rules_up_info_ck == "1d_up") {
+ $snort_rules_up_min = "3";
+ $snort_rules_up_hr = "0";
+ $snort_rules_up_mday = "*/1";
+ $snort_rules_up_month = "*";
+ $snort_rules_up_wday = "*";
+ }
+ if ($snort_rules_up_info_ck == "4d_up") {
+ $snort_rules_up_min = "3";
+ $snort_rules_up_hr = "0";
+ $snort_rules_up_mday = "*/4";
+ $snort_rules_up_month = "*";
+ $snort_rules_up_wday = "*";
+ }
+ if ($snort_rules_up_info_ck == "7d_up") {
+ $snort_rules_up_min = "3";
+ $snort_rules_up_hr = "0";
+ $snort_rules_up_mday = "*/7";
+ $snort_rules_up_month = "*";
+ $snort_rules_up_wday = "*";
+ }
+ if ($snort_rules_up_info_ck == "28d_up") {
+ $snort_rules_up_min = "3";
+ $snort_rules_up_hr = "0";
+ $snort_rules_up_mday = "*/28";
+ $snort_rules_up_month = "*";
+ $snort_rules_up_wday = "*";
+ }
+ switch($should_install) {
+ case true:
+ if(!$is_installed) {
+ $cron_item = array();
+ $cron_item['minute'] = "$snort_rules_up_min";
+ $cron_item['hour'] = "$snort_rules_up_hr";
+ $cron_item['mday'] = "$snort_rules_up_mday";
+ $cron_item['month'] = "$snort_rules_up_month";
+ $cron_item['wday'] = "$snort_rules_up_wday";
+ $cron_item['who'] = "root";
+ $cron_item['command'] = "/usr/bin/nice -n20 /usr/local/bin/php -f /usr/local/pkg/snort/snort_check_for_rule_updates.php >> /usr/local/etc/snort/snort_update.log";
+ $config['cron']['item'][] = $cron_item;
+ write_config("Installed 15 minute filter reload for Time Based Rules");
+ configure_cron();
+ }
+ break;
+ case false:
+ if($is_installed == true) {
+ if($x > 0) {
+ unset($config['cron']['item'][$x]);
+ write_config();
+ conf_mount_rw();
+ }
+ configure_cron();
+ }
+ break;
+ }
+}
/* make sure this func on writes to files and does not start snort */
function sync_package_snort()
@@ -1023,233 +1244,6 @@ else
else
$snort_performance = "lowmem";
- /* set the snort block hosts time IMPORTANT snort has trouble installing if snort_rm_blocked_info_ck != "" */
- $snort_rm_blocked_info_ck = $config['installedpackages']['snortglobal']['rm_blocked'];
- if ($snort_rm_blocked_info_ck == "never_b")
- $snort_rm_blocked_false = "";
- else
- $snort_rm_blocked_false = "true";
-
-
-if ($snort_rm_blocked_info_ck != "") {
-function snort_rm_blocked_install_cron($should_install) {
- global $config, $g;
-
- if ($g['booting']==true)
- return;
-
- $is_installed = false;
-
- if(!$config['cron']['item'])
- return;
-
- $x=0;
- foreach($config['cron']['item'] as $item) {
- if (strstr($item['command'], "snort2c")) {
- $is_installed = true;
- break;
- }
- $x++;
- }
- $snort_rm_blocked_info_ck = $config['installedpackages']['snortglobal']['rm_blocked'];
- if ($snort_rm_blocked_info_ck == "1h_b") {
- $snort_rm_blocked_min = "*/5";
- $snort_rm_blocked_hr = "*";
- $snort_rm_blocked_mday = "*";
- $snort_rm_blocked_month = "*";
- $snort_rm_blocked_wday = "*";
- $snort_rm_blocked_expire = "3600";
- }
- if ($snort_rm_blocked_info_ck == "3h_b") {
- $snort_rm_blocked_min = "*/15";
- $snort_rm_blocked_hr = "*";
- $snort_rm_blocked_mday = "*";
- $snort_rm_blocked_month = "*";
- $snort_rm_blocked_wday = "*";
- $snort_rm_blocked_expire = "10800";
- }
- if ($snort_rm_blocked_info_ck == "6h_b") {
- $snort_rm_blocked_min = "*/30";
- $snort_rm_blocked_hr = "*";
- $snort_rm_blocked_mday = "*";
- $snort_rm_blocked_month = "*";
- $snort_rm_blocked_wday = "*";
- $snort_rm_blocked_expire = "21600";
- }
- if ($snort_rm_blocked_info_ck == "12h_b") {
- $snort_rm_blocked_min = "2";
- $snort_rm_blocked_hr = "*/1";
- $snort_rm_blocked_mday = "*";
- $snort_rm_blocked_month = "*";
- $snort_rm_blocked_wday = "*";
- $snort_rm_blocked_expire = "43200";
- }
- if ($snort_rm_blocked_info_ck == "1d_b") {
- $snort_rm_blocked_min = "2";
- $snort_rm_blocked_hr = "*/2";
- $snort_rm_blocked_mday = "*";
- $snort_rm_blocked_month = "*";
- $snort_rm_blocked_wday = "*";
- $snort_rm_blocked_expire = "86400";
- }
- if ($snort_rm_blocked_info_ck == "4d_b") {
- $snort_rm_blocked_min = "2";
- $snort_rm_blocked_hr = "*/8";
- $snort_rm_blocked_mday = "*";
- $snort_rm_blocked_month = "*";
- $snort_rm_blocked_wday = "*";
- $snort_rm_blocked_expire = "345600";
- }
- if ($snort_rm_blocked_info_ck == "7d_b") {
- $snort_rm_blocked_min = "2";
- $snort_rm_blocked_hr = "*/14";
- $snort_rm_blocked_mday = "*";
- $snort_rm_blocked_month = "*";
- $snort_rm_blocked_wday = "*";
- $snort_rm_blocked_expire = "604800";
- }
- if ($snort_rm_blocked_info_ck == "28d_b") {
- $snort_rm_blocked_min = "2";
- $snort_rm_blocked_hr = "0";
- $snort_rm_blocked_mday = "*/2";
- $snort_rm_blocked_month = "*";
- $snort_rm_blocked_wday = "*";
- $snort_rm_blocked_expire = "2419200";
- }
- switch($should_install) {
- case true:
- if(!$is_installed) {
- $cron_item = array();
- $cron_item['minute'] = "$snort_rm_blocked_min";
- $cron_item['hour'] = "$snort_rm_blocked_hr";
- $cron_item['mday'] = "$snort_rm_blocked_mday";
- $cron_item['month'] = "$snort_rm_blocked_month";
- $cron_item['wday'] = "$snort_rm_blocked_wday";
- $cron_item['who'] = "root";
- $cron_item['command'] = "/usr/bin/nice -n20 /usr/local/sbin/expiretable -t $snort_rm_blocked_expire snort2c";
- $config['cron']['item'][] = $cron_item;
- write_config("Installed 15 minute filter reload for Time Based Rules");
- configure_cron();
- }
- break;
- case false:
- if($is_installed == true) {
- if($x > 0) {
- unset($config['cron']['item'][$x]);
- write_config();
- conf_mount_rw();
- }
- configure_cron();
- }
- break;
- }
- }
- snort_rm_blocked_install_cron("");
- snort_rm_blocked_install_cron($snort_rm_blocked_false);
-}
-
- /* set the snort rules update time */
- $snort_rules_up_info_ck = $config['installedpackages']['snortglobal']['autorulesupdate7'];
- if ($snort_rules_up_info_ck == "never_up")
- $snort_rules_up_false = "";
- else
- $snort_rules_up_false = "true";
-
-if ($snort_rules_up_info_ck != "") {
-function snort_rules_up_install_cron($should_install) {
- global $config, $g;
-
- if ($g['booting']==true)
- return;
-
- $is_installed = false;
-
- if(!$config['cron']['item'])
- return;
-
- $x=0;
- foreach($config['cron']['item'] as $item) {
- if (strstr($item['command'], "snort_check_for_rule_updates.php")) {
- $is_installed = true;
- break;
- }
- $x++;
- }
- $snort_rules_up_info_ck = $config['installedpackages']['snortglobal']['autorulesupdate7'];
- if ($snort_rules_up_info_ck == "6h_up") {
- $snort_rules_up_min = "3";
- $snort_rules_up_hr = "*/6";
- $snort_rules_up_mday = "*";
- $snort_rules_up_month = "*";
- $snort_rules_up_wday = "*";
- }
- if ($snort_rules_up_info_ck == "12h_up") {
- $snort_rules_up_min = "3";
- $snort_rules_up_hr = "*/12";
- $snort_rules_up_mday = "*";
- $snort_rules_up_month = "*";
- $snort_rules_up_wday = "*";
- }
- if ($snort_rules_up_info_ck == "1d_up") {
- $snort_rules_up_min = "3";
- $snort_rules_up_hr = "0";
- $snort_rules_up_mday = "*/1";
- $snort_rules_up_month = "*";
- $snort_rules_up_wday = "*";
- }
- if ($snort_rules_up_info_ck == "4d_up") {
- $snort_rules_up_min = "3";
- $snort_rules_up_hr = "0";
- $snort_rules_up_mday = "*/4";
- $snort_rules_up_month = "*";
- $snort_rules_up_wday = "*";
- }
- if ($snort_rules_up_info_ck == "7d_up") {
- $snort_rules_up_min = "3";
- $snort_rules_up_hr = "0";
- $snort_rules_up_mday = "*/7";
- $snort_rules_up_month = "*";
- $snort_rules_up_wday = "*";
- }
- if ($snort_rules_up_info_ck == "28d_up") {
- $snort_rules_up_min = "3";
- $snort_rules_up_hr = "0";
- $snort_rules_up_mday = "*/28";
- $snort_rules_up_month = "*";
- $snort_rules_up_wday = "*";
- }
- switch($should_install) {
- case true:
- if(!$is_installed) {
- $cron_item = array();
- $cron_item['minute'] = "$snort_rules_up_min";
- $cron_item['hour'] = "$snort_rules_up_hr";
- $cron_item['mday'] = "$snort_rules_up_mday";
- $cron_item['month'] = "$snort_rules_up_month";
- $cron_item['wday'] = "$snort_rules_up_wday";
- $cron_item['who'] = "root";
- $cron_item['command'] = "/usr/bin/nice -n20 /usr/local/bin/php -f /usr/local/pkg/snort_check_for_rule_updates.php >> /usr/local/etc/snort_bkup/snort_update.log";
- $config['cron']['item'][] = $cron_item;
- write_config("Installed 15 minute filter reload for Time Based Rules");
- configure_cron();
- }
- break;
- case false:
- if($is_installed == true) {
- if($x > 0) {
- unset($config['cron']['item'][$x]);
- write_config();
- conf_mount_rw();
- }
- configure_cron();
- }
- break;
- }
- }
- snort_rules_up_install_cron("");
- snort_rules_up_install_cron($snort_rules_up_false);
-}
-
/* open snort's whitelist for writing */
$whitelist = fopen("/var/db/whitelist", "w");
if(!$whitelist) {
diff --git a/config/snort-dev/snort_barnyard.php b/config/snort-dev/snort_barnyard.php
index a28bf0e7..3aa6d4a8 100644
--- a/config/snort-dev/snort_barnyard.php
+++ b/config/snort-dev/snort_barnyard.php
@@ -111,7 +111,10 @@ if (isset($id) && $a_nat[$id]) {
$pconfig['snortalertlogtype'] = $a_nat[$id]['snortalertlogtype'];
$pconfig['alertsystemlog'] = $a_nat[$id]['alertsystemlog'];
$pconfig['tcpdumplog'] = $a_nat[$id]['tcpdumplog'];
- $pconfig['snortunifiedlog'] = $a_nat[$id]['snortunifiedlog'];
+ $pconfig['snortunifiedlog'] = $a_nat[$id]['snortunifiedlog'];
+ $pconfig['rulesets'] = $a_nat[$id]['rulesets'];
+ $pconfig['rule_sid_off'] = $a_nat[$id]['rule_sid_off'];
+ $pconfig['rule_sid_on'] = $a_nat[$id]['rule_sid_on'];
if (!$pconfig['interface'])
$pconfig['interface'] = "wan";
@@ -191,7 +194,9 @@ if ($_POST) {
if ($pconfig['def_rlogin_ports'] != "") { $natent['def_rlogin_ports'] = $pconfig['def_rlogin_ports']; }
if ($pconfig['def_rsh_ports'] != "") { $natent['def_rsh_ports'] = $pconfig['def_rsh_ports']; }
if ($pconfig['def_ssl_ports'] != "") { $natent['def_ssl_ports'] = $pconfig['def_ssl_ports']; }
-
+ if ($pconfig['rulesets'] != "") { $natent['rulesets'] = $pconfig['rulesets']; }
+ if ($pconfig['rule_sid_off'] != "") { $natent['rule_sid_off'] = $pconfig['rule_sid_off']; }
+ if ($pconfig['rule_sid_on'] != "") { $natent['rule_sid_on'] = $pconfig['rule_sid_on']; }
/* post new options */
$natent['barnyard_enable'] = $_POST['barnyard_enable'] ? on : off;
diff --git a/config/snort-dev/snort_define_servers.php b/config/snort-dev/snort_define_servers.php
index aca2f036..779598b0 100644
--- a/config/snort-dev/snort_define_servers.php
+++ b/config/snort-dev/snort_define_servers.php
@@ -112,6 +112,9 @@ if (isset($id) && $a_nat[$id]) {
$pconfig['alertsystemlog'] = $a_nat[$id]['alertsystemlog'];
$pconfig['tcpdumplog'] = $a_nat[$id]['tcpdumplog'];
$pconfig['snortunifiedlog'] = $a_nat[$id]['snortunifiedlog'];
+ $pconfig['rulesets'] = $a_nat[$id]['rulesets'];
+ $pconfig['rule_sid_off'] = $a_nat[$id]['rule_sid_off'];
+ $pconfig['rule_sid_on'] = $a_nat[$id]['rule_sid_on'];
if (isset($_GET['dup']))
unset($id);
@@ -149,6 +152,9 @@ if ($_POST) {
if ($pconfig['dns_preprocessor'] != "") { $natent['dns_preprocessor'] = $pconfig['dns_preprocessor']; }
if ($pconfig['barnyard_enable'] != "") { $natent['barnyard_enable'] = $pconfig['barnyard_enable']; }
if ($pconfig['barnyard_mysql'] != "") { $natent['barnyard_mysql'] = $pconfig['barnyard_mysql']; }
+ if ($pconfig['rulesets'] != "") { $natent['rulesets'] = $pconfig['rulesets']; }
+ if ($pconfig['rule_sid_off'] != "") { $natent['rule_sid_off'] = $pconfig['rule_sid_off']; }
+ if ($pconfig['rule_sid_on'] != "") { $natent['rule_sid_on'] = $pconfig['brule_sid_on']; }
/* post new options */
diff --git a/config/snort-dev/snort_interfaces.php b/config/snort-dev/snort_interfaces.php
index f358e6c6..53db7528 100644
--- a/config/snort-dev/snort_interfaces.php
+++ b/config/snort-dev/snort_interfaces.php
@@ -275,7 +275,7 @@ if ($_GET['act'] == "toggle" && $_GET['id'] != "")
}
-$pgtitle = "Services: Snort 2.8.4.1_6 pkg v. 1.8 RC2";
+$pgtitle = "Services: Snort 2.8.4.1_6 pkg v. 1.8 RC3";
include("head.inc");
?>
@@ -398,7 +398,7 @@ padding: 15px 10px 50% 50px;
else if(strtolower($natent['interface']) == "pptp")
echo "PPTP";
else
- echo strtoupper($config['interfaces']);
+ echo strtoupper($natent['interface']);
?>
</td>
<td class="listr" onClick="fr_toggle(<?=$nnats;?>)" id="frd<?=$nnats;?>" ondblclick="document.location='snort_interfaces_edit.php?id=<?=$nnats;?>';">
diff --git a/config/snort-dev/snort_interfaces_edit.php b/config/snort-dev/snort_interfaces_edit.php
index 881df8a2..3c837349 100644
--- a/config/snort-dev/snort_interfaces_edit.php
+++ b/config/snort-dev/snort_interfaces_edit.php
@@ -105,6 +105,10 @@ if (isset($id) && $a_nat[$id]) {
$pconfig['alertsystemlog'] = $a_nat[$id]['alertsystemlog'];
$pconfig['tcpdumplog'] = $a_nat[$id]['tcpdumplog'];
$pconfig['snortunifiedlog'] = $a_nat[$id]['snortunifiedlog'];
+ $pconfig['rulesets'] = $a_nat[$id]['rulesets'];
+ $pconfig['rule_sid_off'] = $a_nat[$id]['rule_sid_off'];
+ $pconfig['rule_sid_on'] = $a_nat[$id]['rule_sid_on'];
+
if (!$pconfig['interface'])
$pconfig['interface'] = "wan";
@@ -258,6 +262,9 @@ if ($_POST["Submit"]) {
if ($pconfig['def_ssl_ports'] != "") { $natent['def_ssl_ports'] = $pconfig['def_ssl_ports']; }
if ($pconfig['barnyard_enable'] != "") { $natent['barnyard_enable'] = $pconfig['barnyard_enable']; }
if ($pconfig['barnyard_mysql'] != "") { $natent['barnyard_mysql'] = $pconfig['barnyard_mysql']; }
+ if ($pconfig['rulesets'] != "") { $natent['rulesets'] = $pconfig['rulesets']; }
+ if ($pconfig['rule_sid_off'] != "") { $natent['rule_sid_off'] = $pconfig['rule_sid_off']; }
+ if ($pconfig['rule_sid_on'] != "") { $natent['rule_sid_on'] = $pconfig['rule_sid_on']; }
if (isset($id) && $a_nat[$id])
diff --git a/config/snort-dev/snort_interfaces_global.php b/config/snort-dev/snort_interfaces_global.php
index 9ee1a204..d6e8679d 100644
--- a/config/snort-dev/snort_interfaces_global.php
+++ b/config/snort-dev/snort_interfaces_global.php
@@ -31,6 +31,7 @@
$pgtitle = "Services:[Snort][Global Settings]";
require("guiconfig.inc");
+require("/usr/local/pkg/snort/snort.inc");
/* make things short */
$pconfig['snortdownload'] = $config['installedpackages']['snortglobal']['snortdownload'];
@@ -42,6 +43,7 @@ $pconfig['whitelistvpns'] = $config['installedpackages']['snortglobal']['whiteli
$pconfig['clickablalerteurls'] = $config['installedpackages']['snortglobal']['clickablalerteurls'];
$pconfig['associatealertip'] = $config['installedpackages']['snortglobal']['associatealertip'];
+
if ($_POST) {
unset($input_errors);
@@ -111,13 +113,38 @@ if ($_POST) {
$config['installedpackages']['snortglobal']['associatealertip'] = $_POST['associatealertip'] ? on : off;
write_config();
+ sleep(2);
$retval = 0;
- config_lock();
- $retval = captiveportal_configure();
- config_unlock();
+ /* set the snort block hosts time IMPORTANT */
+ $snort_rm_blocked_info_ck = $config['installedpackages']['snortglobal']['rm_blocked'];
+ if ($snort_rm_blocked_info_ck == "never_b")
+ $snort_rm_blocked_false = "";
+ else
+ $snort_rm_blocked_false = "true";
+
+ if ($snort_rm_blocked_info_ck != "")
+ {
+ snort_rm_blocked_install_cron("");
+ snort_rm_blocked_install_cron($snort_rm_blocked_false);
+ }
+
+ /* set the snort rules update time */
+ $snort_rules_up_info_ck = $config['installedpackages']['snortglobal']['autorulesupdate7'];
+ if ($snort_rules_up_info_ck == "never_up")
+ $snort_rules_up_false = "";
+ else
+ $snort_rules_up_false = "true";
+ if ($snort_rules_up_info_ck != "")
+ {
+ snort_rules_up_install_cron("");
+ snort_rules_up_install_cron($snort_rules_up_false);
+ }
+
+
+
$savemsg = get_std_save_message($retval);
}
}
diff --git a/config/snort-dev/snort_preprocessors.php b/config/snort-dev/snort_preprocessors.php
index 39ed86d4..8fb437eb 100644
--- a/config/snort-dev/snort_preprocessors.php
+++ b/config/snort-dev/snort_preprocessors.php
@@ -115,6 +115,9 @@ if (isset($id) && $a_nat[$id]) {
$pconfig['tcpdumplog'] = $a_nat[$id]['tcpdumplog'];
$pconfig['snortunifiedlog'] = $a_nat[$id]['snortunifiedlog'];
$pconfig['flow_depth'] = $a_nat[$id]['flow_depth'];
+ $pconfig['rulesets'] = $a_nat[$id]['rulesets'];
+ $pconfig['rule_sid_off'] = $a_nat[$id]['rule_sid_off'];
+ $pconfig['rule_sid_on'] = $a_nat[$id]['rule_sid_on'];
if (isset($_GET['dup']))
unset($id);
@@ -175,6 +178,9 @@ if ($_POST) {
if ($pconfig['def_rlogin_ports'] != "") { $natent['def_rlogin_ports'] = $pconfig['def_rlogin_ports']; }
if ($pconfig['def_rsh_ports'] != "") { $natent['def_rsh_ports'] = $pconfig['def_rsh_ports']; }
if ($pconfig['def_ssl_ports'] != "") { $natent['def_ssl_ports'] = $pconfig['def_ssl_ports']; }
+ if ($pconfig['rulesets'] != "") { $natent['rulesets'] = $pconfig['rulesets']; }
+ if ($pconfig['rule_sid_off'] != "") { $natent['rule_sid_off'] = $pconfig['rule_sid_off']; }
+ if ($pconfig['rule_sid_on'] != "") { $natent['rule_sid_on'] = $pconfig['rule_sid_on']; }
/* post new options */
$natent['perform_stat'] = $_POST['perform_stat'];
diff --git a/pkg_config.7.xml b/pkg_config.7.xml
index 472e2948..23cf6318 100755
--- a/pkg_config.7.xml
+++ b/pkg_config.7.xml
@@ -323,9 +323,9 @@
<config_file>http://www.pfsense.com/packages/config/snort-dev/snort.xml</config_file>
<version>2.8.4.1_6 pkg v. 1.8</version>
<required_version>1.2.2</required_version>
- <status>RC2</status>
+ <status>RC3</status>
<configurationfile>snort.xml</configurationfile>
- <after_install_info>This is the Snort-dev branch and is stable as of RC2.</after_install_info>
+ <after_install_info>This is the Snort-dev branch and is stable as of RC3.</after_install_info>
</package>
<package>
<name>spamd</name>