aboutsummaryrefslogtreecommitdiffstats
path: root/config/snort-dev2
diff options
context:
space:
mode:
authorrobiscool <robrob2626@yahoo.com>2012-06-12 23:04:39 -0700
committerrobiscool <robrob2626@yahoo.com>2012-06-12 23:04:39 -0700
commitede8a5141d24d7a7f72071811bd78de099dc681f (patch)
tree9f4855788da54411c2d33bde76b877b975ce486c /config/snort-dev2
parentbc2c451e729f31303e687605af16dce80185a646 (diff)
downloadpfsense-packages-ede8a5141d24d7a7f72071811bd78de099dc681f.tar.gz
pfsense-packages-ede8a5141d24d7a7f72071811bd78de099dc681f.tar.bz2
pfsense-packages-ede8a5141d24d7a7f72071811bd78de099dc681f.zip
snort-dev2, fixed interface remove dir issue when iface rule stop, changed iface rule log dir
Diffstat (limited to 'config/snort-dev2')
-rw-r--r--config/snort-dev2/snort.inc42
-rw-r--r--config/snort-dev2/snort_interfaces.php4
2 files changed, 27 insertions, 19 deletions
diff --git a/config/snort-dev2/snort.inc b/config/snort-dev2/snort.inc
index 0b595c89..0fafd187 100644
--- a/config/snort-dev2/snort.inc
+++ b/config/snort-dev2/snort.inc
@@ -270,18 +270,18 @@ function Running_Stop($snort_uuid, $if_real, $id) {
$start_up = exec("/bin/ps -ax | /usr/bin/grep \"R {$snort_uuid}\" | /usr/bin/grep -v grep | /usr/bin/awk '{ print \$1; }'");
$start_upb = exec("/bin/ps -ax | /usr/bin/grep \"snort_{$snort_uuid}_{$if_real}.u2\" | /usr/bin/grep -v grep | /usr/bin/awk '{ print \$1; }'");
+
if ($start_up != '') {
exec("/bin/kill {$start_up}");
exec("/bin/rm /var/log/snort/run/snort_{$if_real}{$snort_uuid}*");
- exec("/bin/rm /var/log/snort/snort_{$snort_uuid}_{$if_real}*");
- @unlink("/var/log/snort/alert_{$snort_uuid}");
- exec("/bin/rm -r /usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}");
+ exec("/bin/rm /var/log/snort/snort_{$if_real}{$snort_uuid}/snort_{$snort_uuid}_{$if_real}*");
+ @unlink("/var/log/snort/snort_{$if_real}{$snort_uuid}/alert_{$snort_uuid}");
}
if ($start_upb != '') {
exec("/bin/kill {$start_upb}");
exec("/bin/rm /var/run/barnyard2_{$snort_uuid}_{$if_real}*");
- exec("/bin/rm /var/log/snort/snort.u2_{$snort_uuid}_{$if_real}*");
+ exec("/bin/rm /var/log/snort/snort_{$if_real}{$snort_uuid}/snort.u2_{$snort_uuid}_{$if_real}*");
}
/* Log Iface stop */
@@ -297,7 +297,7 @@ function Running_Start($snort_uuid, $if_real, $id) {
$snort_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['enable'];
if ($snort_info_chk == 'on')
- exec("/usr/local/bin/snort -R \"{$snort_uuid}\" -D -q -l /var/log/snort --pid-path /var/log/snort/run -G {$snort_uuid} -c /usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/snort.conf -i {$if_real}");
+ exec("/usr/local/bin/snort -R \"{$snort_uuid}\" -D -q -l /var/log/snort/snort_{$if_real}{$snort_uuid} --pid-path /var/log/snort/run -G {$snort_uuid} -c /usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/snort.conf -i {$if_real}");
else
return;
@@ -306,7 +306,7 @@ function Running_Start($snort_uuid, $if_real, $id) {
$snortbarnyardlog_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['barnyard_enable'];
$snortbarnyardlog_mysql_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['barnyard_mysql'];
if ($snortbarnyardlog_info_chk == 'on' && $snortbarnyardlog_mysql_info_chk != '') {
- exec("/usr/local/bin/barnyard2 -f \"snort_{$snort_uuid}_{$if_real}.u2\" --pid-path /var/log/snort/run -c /usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/barnyard2.conf -d /var/log/snort -D -q");
+ exec("/usr/local/bin/barnyard2 -f \"snort_{$snort_uuid}_{$if_real}.u2\" --pid-path /var/log/snort/run -c /usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/barnyard2.conf -d /var/log/snort/snort_{$snort_uuid}_{$if_real}/ -D -q");
}
/* Log Iface stop */
@@ -410,6 +410,14 @@ function snort_remove_files($snort_list_rm, $snort_file_safe)
}
}
+/*
+ * TODO:
+ * This is called by snort_alerts.php.
+ *
+ * This func needs to be made to only clear one interface rule log
+ * at a time.
+ *
+ */
function post_delete_logs()
{
global $config, $g;
@@ -841,14 +849,14 @@ function sync_snort_package_config()
create_snort_sh();
/* all new files are for the user snort nologin */
- if (!is_dir('/var/log/snort'))
- exec('/bin/mkdir -p /var/log/snort');
+ if (!is_dir("/var/log/snort/snort_{$if_real}{$snort_uuid}"))
+ exec("/bin/mkdir -p /var/log/snort/snort_{$if_real}{$snort_uuid}");
if (!is_dir('/var/log/snort/run'))
exec('/bin/mkdir -p /var/log/snort/run');
- if (!is_dir('/var/log/snort/barnyard2'))
- exec('/bin/mkdir -p /var/log/snort/barnyard2');
+ if (!is_dir("/var/log/snort/barnyard2/snort_{$if_real}{$snort_uuid}"))
+ exec("/bin/mkdir -p /var/log/snort/barnyard2/snort_{$if_real}{$snort_uuid}");
/* XXX: These are needed if snort is run as snort user
mwexec('/usr/sbin/chown -R snort:snort /var/log/snort', true);
@@ -995,7 +1003,7 @@ function create_snort_sh()
$snortbarnyardlog_mysql_info_chk = $value['barnyard_mysql'];
if ($snortbarnyardlog_info_chk == 'on' && $snortbarnyardlog_mysql_info_chk != '')
- $start_barnyard2 = "sleep 4;/usr/local/bin/barnyard2 -f snort_{$snort_uuid}_{$if_real}.u2 --pid-path /var/log/snort/run -c /usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/barnyard2.conf -d /var/log/snort -D -q";
+ $start_barnyard2 = "sleep 4;/usr/local/bin/barnyard2 -f snort_{$snort_uuid}_{$if_real}.u2 --pid-path /var/log/snort/run -c /usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/barnyard2.conf -d /var/log/snort/snort_{$if_real}{$snort_uuid} -D -q";
$snort_sh_text3[] = <<<EOE
@@ -1015,7 +1023,7 @@ else
/bin/echo "snort.sh run" > /tmp/snort.sh.pid
/bin/rm /var/run/snort_{$snort_uuid}_{$if_real}.pid
- /usr/local/bin/snort -R {$snort_uuid} -D -q -l /var/log/snort --pid-path /var/log/snort/run -G {$snort_uuid} -c /usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/snort.conf -i {$if_real}
+ /usr/local/bin/snort -R {$snort_uuid} -D -q -l /var/log/snort/snort_{$if_real}{$snort_uuid} --pid-path /var/log/snort/run -G {$snort_uuid} -c /usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/snort.conf -i {$if_real}
$start_barnyard2
/usr/bin/logger -p daemon.info -i -t SnortStartup "Snort HARD START For {$snort_uuid}_{$if_real}..."
@@ -1121,10 +1129,10 @@ function create_barnyard2_conf($id, $if_real, $snort_uuid) {
exec("/usr/bin/touch /usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/barnyard2.conf");
if (!file_exists("/var/log/snort/barnyard2/{$snort_uuid}_{$if_real}.waldo")) {
- mwexec("/usr/bin/touch /var/log/snort/barnyard2/{$snort_uuid}_{$if_real}.waldo", true);
+ mwexec("/usr/bin/touch /var/log/snort/barnyard2/snort_{$if_real}{$snort_uuid}/{$snort_uuid}_{$if_real}.waldo", true);
/* XXX: This is needed if snort is run as snort user */
//mwexec("/usr/sbin/chown snort:snort /var/log/snort/barnyard2/{$snort_uuid}_{$if_real}.waldo", true);
- mwexec("/bin/chmod 770 /var/log/snort/barnyard2/{$snort_uuid}_{$if_real}.waldo", true);
+ mwexec("/bin/chmod 770 /var/log/snort/barnyard2/snort_{$if_real}{$snort_uuid}/{$snort_uuid}_{$if_real}.waldo", true);
}
$barnyard2_conf_text = generate_barnyard2_conf($id, $if_real, $snort_uuid);
@@ -1166,7 +1174,7 @@ config sid_file: /usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/sid
config hostname: $snortbarnyardlog_hostname_info_chk
config interface: {$snort_uuid}_{$if_real}
config decode_data_link
-config waldo_file: /var/log/snort/barnyard2/{$snort_uuid}_{$if_real}.waldo
+config waldo_file: /var/log/snort/barnyard2/snort_{$if_real}{$snort_uuid}/{$snort_uuid}_{$if_real}.waldo
## START user pass through ##
@@ -1177,7 +1185,7 @@ config waldo_file: /var/log/snort/barnyard2/{$snort_uuid}_{$if_real}.waldo
# Step 2: setup the input plugins
input unified2
-config logdir: /var/log/snort
+config logdir: /var/log/snort/snort_{$if_real}{$snort_uuid}
# database: log to a variety of databases
# output database: log, mysql, user=xxxx password=xxxxxx dbname=xxxx host=xxx.xxx.xxx.xxxx
@@ -1639,7 +1647,7 @@ function generate_snort_conf($id, $if_real, $snort_uuid)
#
##########################
-preprocessor perfmonitor: time 300 file /var/log/snort/snort_{$snort_uuid}_{$if_real}.stats pktcnt 10000
+preprocessor perfmonitor: time 300 file /var/log/snort/snort_{$if_real}{$snort_uuid}/snort_{$snort_uuid}_{$if_real}.stats pktcnt 10000
EOD;
diff --git a/config/snort-dev2/snort_interfaces.php b/config/snort-dev2/snort_interfaces.php
index 86a9aff6..966c115d 100644
--- a/config/snort-dev2/snort_interfaces.php
+++ b/config/snort-dev2/snort_interfaces.php
@@ -97,12 +97,12 @@ if ($_GET['act'] == 'toggle' && is_numeric($id)) {
/* Log Iface stop */
exec("/usr/bin/logger -p daemon.info -i -t SnortStartup 'Toggle for {$snort_uuid}_{$if_real}...'");
- sync_snort_package_config();
+ // sync_snort_package_config();
$tester2 = Running_Ck($snort_uuid, $if_real, $id);
if ($tester2 == 'yes') {
- Running_Stop($snort_uuid, $if_real, $id);
+ Running_Stop($snort_uuid, $if_real, $id); // causeing snort to delete the ifcae rule dir
header( 'Expires: Sat, 26 Jul 1997 05:00:00 GMT' );
header( 'Last-Modified: ' . gmdate( 'D, d M Y H:i:s' ) . ' GMT' );