diff options
| author | Scott Ullrich <sullrich@pfsense.org> | 2006-09-27 03:32:31 +0000 |
|---|---|---|
| committer | Scott Ullrich <sullrich@pfsense.org> | 2006-09-27 03:32:31 +0000 |
| commit | 239aad07e293bbc8f2cf2146add430bc215a0b58 (patch) | |
| tree | 99545a47361d61b10d88180271c23ecc6d781b85 | |
| parent | 18c6ff8f5d16565f042264297f24d06593f02ba1 (diff) | |
| download | pfsense-packages-239aad07e293bbc8f2cf2146add430bc215a0b58.tar.gz pfsense-packages-239aad07e293bbc8f2cf2146add430bc215a0b58.tar.bz2 pfsense-packages-239aad07e293bbc8f2cf2146add430bc215a0b58.zip | |
Add a new script for automatic snort.org rules updating
| -rw-r--r-- | packages/snort/snort.inc | 108 | ||||
| -rw-r--r-- | packages/snort/snort_check_for_rule_updates.php | 91 | ||||
| -rw-r--r-- | packages/snort/snort_download_rules.php | 102 |
3 files changed, 212 insertions, 89 deletions
diff --git a/packages/snort/snort.inc b/packages/snort/snort.inc index 6a59d11d..e86ac148 100644 --- a/packages/snort/snort.inc +++ b/packages/snort/snort.inc @@ -29,6 +29,10 @@ $snort_conf_file = "/usr/local/etc/snort/snort.conf"; +/* define oinkid */ +if($config['installedpackages']['snort']) + $oinkid = $config['installedpackages']['snort']['config'][0]['oinkmastercode']; + function sync_package_snort() { global $config, $g, $snort_conf_file; exec("/bin/mkdir -p /usr/local/etc/snort"); @@ -281,4 +285,108 @@ EOD; return $snort_conf_text; } +function check_for_common_errors($filename) { + global $snort_filename, $snort_filename_md5, $console_mode; + ob_flush(); + $contents = file_get_contents($filename); + if(stristr($contents, "You don't have permission")) { + if(!$console_mode) { + update_all_status("An error occured. Scroll down to inspect it's contents."); + hide_progress_bar_status(); + } + echo " + <center> + <div id='error' style='background:white;width:90%'> + <!-- TODO: The below paragraphs are kind of stupid. Use CSS instead --> + <p> </p><p> </p><p> </p><p> </p><p> </p><p> </p><p> </p> + <p> </p><p> </p><p> </p><p> </p><p> </p><p> </p><p> </p> + <p> </p><p> </p><p> </p><p> </p><p> </p><p> </p><p> </p> + <p> </p><p> </p><p> </p><p> </p><p> </p><p> </p><p> </p> + <p>The following error occured while downloading the snort rules file from snort.org:</p> + {$contents} + <p> </p><p> </p><p> </p><p> </p><p> </p><p> </p><p> </p> + </div> + </center> + "; + scroll_down_to_bottom_of_page(); + exit; + } +} + +function scroll_down_to_bottom_of_page() { + global $snort_filename, $console_mode; + ob_flush(); + if(!$console_mode) + echo "\n<script type=\"text/javascript\">parent.scrollTo(0,1500);\n</script>"; +} + +function verify_downloaded_file($filename) { + global $snort_filename, $snort_filename_md5, $console_mode; + ob_flush(); + if(filesize($filename)<99500) { + if(!$console_mode) { + update_all_status("Checking {$filename}..."); + check_for_common_errors($filename); + } + } + update_all_status("Verifying {$filename}..."); + if(!file_exists($filename)) { + if(!$console_mode) { + update_all_status("Could not fetch snort rules ({$filename}). Check oinkid key and dns and try again."); + hide_progress_bar_status(); + } + exit; + } + update_all_status("Verifyied {$filename}."); +} + +function extract_snort_rules_md5($tmpfname) { + global $snort_filename, $snort_filename_md5, $console_mode; + ob_flush(); + if(!$console_mode) { + $static_output = gettext("Extracting snort rules..."); + update_all_status($static_output); + } + exec("/usr/bin/tar xzf {$tmpfname}/{$snort_filename} -C /usr/local/etc/snort/"); + if(!$console_mode) { + $static_output = gettext("Snort rules extracted."); + update_all_status($static_output); + } +} + +function verify_snort_rules_md5($tmpfname) { + global $snort_filename, $snort_filename_md5, $console_mode; + ob_flush(); + if(!$console_mode) { + $static_output = gettext("Verifying md5 signature..."); + update_all_status($static_output); + } + $md5 = file_get_contents("{$tmpfname}/{$snort_filename_md5}"); + $file_md5_ondisk = `/sbin/md5 {$tmpfname}/{$snort_filename} | /usr/bin/awk '{ print $4 }'`; + if($md5 <> $file_md5_ondisk) { + if(!$console_mode) { + $static_output = gettext("md5 signature of rules mismatch."); + update_all_status($static_output); + hide_progress_bar_status(); + } + exit; + } +} + +function hide_progress_bar_status() { + global $snort_filename, $snort_filename_md5, $console_mode; + ob_flush(); + if(!$console_mode) + echo "\n<script type=\"text/javascript\">document.progressbar.style.visibility='hidden';\n</script>"; +} + +function update_all_status($status) { + global $snort_filename, $snort_filename_md5; + ob_flush(); + if(!$console_mode) { + update_status($status); + update_output_window($status); + } +} + ?>
\ No newline at end of file diff --git a/packages/snort/snort_check_for_rule_updates.php b/packages/snort/snort_check_for_rule_updates.php new file mode 100644 index 00000000..f9082eae --- /dev/null +++ b/packages/snort/snort_check_for_rule_updates.php @@ -0,0 +1,91 @@ +<?php + +/* $Id$ */ +/* + snort_check_for_rule_updates.php + Copyright (C) 2006 Scott Ullrich + All rights reserved. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. +*/ + +$console_mode = true; + +require_once("config.inc"); +require_once("functions.inc"); +require_once("/usr/local/pkg/snort.inc"); +require_once("service-utils.inc"); + +$last_ruleset_download = $config['installedpackages']['snort']['last_ruleset_download']; +$text = file_get_contents("http://www.snort.org/pub-bin/downloads.cgi"); +if (preg_match_all("/.*RELEASED\: (.*)\</", $text, $matches)) + $last_update_date = trim($matches[1][0]); +$date1ts = strtotime($last_ruleset_download); +$date2ts = strtotime($last_ruleset_download); +/* is there a newer ruleset available? */ +if($date1ts > $date2ts or !$last_ruleset_download) { + if(!$oinkid) { + log_error("Oinkid is not defined. We cannot automatically update the ruleset."); + echo "Oinkid is not defined. We cannot automatically update the ruleset."; + exit; + } + echo "Downloading snort rule updates..."; + /* setup some variables */ + $snort_filename = "snortrules-snapshot-CURRENT.tar.gz"; + $snort_filename_md5 = "snortrules-snapshot-CURRENT.tar.gz.md5"; + $dl = "http://www.snort.org/pub-bin/oinkmaster.cgi/{$oinkid}/{$snort_filename}"; + $dl_md5 = "http://www.snort.org/pub-bin/oinkmaster.cgi/{$oinkid}/{$snort_filename_md5}"; + + /* multi user system, request new filename and create directory */ + $tmpfname = tempnam("/tmp", "snortRules"); + exec("/bin/rm -rf {$tmpfname};/bin/mkdir -p {$tmpfname}"); + + /* download snort rules */ + exec("fetch -vvv -o {$tmpfname}/{$snort_filename} $dl"); + verify_downloaded_file($tmpfname . "/{$snort_filename}"); + + /* download snort rules md5 file */ + $static_output = gettext("Downloading current snort rules md5... "); + exec("fetch -vvv -o {$tmpfname}/{$snort_filename_md5} $dl_md5"); + verify_downloaded_file($tmpfname . "/{$snort_filename_md5}"); + + /* verify downloaded rules signature */ + verify_snort_rules_md5($tmpfname); + + /* extract rules */ + extract_snort_rules_md5($tmpfname); + + $config['installedpackages']['snort']['last_ruleset_download'] = date("Y-m-d"); + write_config(); + + stop_service("snort"); + sleep(2); + start_service("snort"); + + /* cleanup temporary directory */ + exec("/bin/rm -rf {$tmpfname};"); + echo "Rules are now up to date."; +} else { + echo "Rules are up to date."; +} + +?>
\ No newline at end of file diff --git a/packages/snort/snort_download_rules.php b/packages/snort/snort_download_rules.php index d726d650..948b9f14 100644 --- a/packages/snort/snort_download_rules.php +++ b/packages/snort/snort_download_rules.php @@ -28,10 +28,13 @@ */ -require_once("config.inc"); -require_once("functions.inc"); -require_once("guiconfig.inc"); -require_once("service-utils.inc"); +/* do not require all of this if we already have. */ +if(!$start_me_up) { + require_once("config.inc"); + require_once("functions.inc"); + require_once("guiconfig.inc"); + require_once("service-utils.inc"); +} $pgtitle = "Services: Snort: Update Rules"; @@ -39,6 +42,11 @@ $pgtitle = "Services: Snort: Update Rules"; if($config['installedpackages']['snort']) $oinkid = $config['installedpackages']['snort']['config'][0]['oinkmastercode']; +if($_GET['start'] or $_POST['start']) + $start_me_up = true; +else + $start_me_up = false; + include("head.inc"); ?> @@ -66,7 +74,7 @@ include("head.inc"); </td> </tr> <?php - if(!$_GET['start'] && !$_POST['start']) { + if($start_me_up == false) { echo "<tr>"; echo "<td>"; echo "<div id=\"mainarea\">"; @@ -206,90 +214,6 @@ hide_progress_bar_status(); <?php -function check_for_common_errors($filename) { - global $snort_filename, $snort_filename_md5; - ob_flush(); - $contents = file_get_contents($filename); - if(stristr($contents, "You don't have permission")) { - update_all_status("An error occured. Scroll down to inspect it's contents."); - hide_progress_bar_status(); - echo " - <center> - <div id='error' style='background:white;width:90%'> - <!-- TODO: The below paragraphs are kind of stupid. Use CSS instead --> - <p> </p><p> </p><p> </p><p> </p><p> </p><p> </p><p> </p> - <p> </p><p> </p><p> </p><p> </p><p> </p><p> </p><p> </p> - <p> </p><p> </p><p> </p><p> </p><p> </p><p> </p><p> </p> - <p> </p><p> </p><p> </p><p> </p><p> </p><p> </p><p> </p> - <p>The following error occured while downloading the snort rules file from snort.org:</p> - {$contents} - <p> </p><p> </p><p> </p><p> </p><p> </p><p> </p><p> </p> - </div> - </center> - "; - scroll_down_to_bottom_of_page(); - exit; - } -} - -function scroll_down_to_bottom_of_page() { - global $snort_filename; - ob_flush(); - echo "\n<script type=\"text/javascript\">parent.scrollTo(0,1500);\n</script>"; -} - -function verify_downloaded_file($filename) { - global $snort_filename, $snort_filename_md5; - ob_flush(); - if(filesize($filename)<99500) { - update_all_status("Checking {$filename}..."); - check_for_common_errors($filename); - } - update_all_status("Verifying {$filename}..."); - if(!file_exists($filename)) { - update_all_status("Could not fetch snort rules ({$filename}). Check oinkid key and dns and try again."); - hide_progress_bar_status(); - exit; - } - update_all_status("Verifyied {$filename}."); -} - -function extract_snort_rules_md5($tmpfname) { - global $snort_filename, $snort_filename_md5; - ob_flush(); - $static_output = gettext("Extracting snort rules..."); - update_all_status($static_output); - exec("/usr/bin/tar xzf {$tmpfname}/{$snort_filename} -C /usr/local/etc/snort/"); - $static_output = gettext("Snort rules extracted."); - update_all_status($static_output); -} - -function verify_snort_rules_md5($tmpfname) { - global $snort_filename, $snort_filename_md5; - ob_flush(); - $static_output = gettext("Verifying md5 signature..."); - update_all_status($static_output); - $md5 = file_get_contents("{$tmpfname}/{$snort_filename_md5}"); - $file_md5_ondisk = `/sbin/md5 {$tmpfname}/{$snort_filename} | /usr/bin/awk '{ print $4 }'`; - if($md5 <> $file_md5_ondisk) { - $static_output = gettext("md5 signature of rules mismatch."); - update_all_status($static_output); - hide_progress_bar_status(); - exit; - } -} - -function hide_progress_bar_status() { - global $snort_filename, $snort_filename_md5; - ob_flush(); - echo "\n<script type=\"text/javascript\">document.progressbar.style.visibility='hidden';\n</script>"; -} -function update_all_status($status) { - global $snort_filename, $snort_filename_md5; - ob_flush(); - update_status($status); - update_output_window($status); -} ?>
\ No newline at end of file |