aboutsummaryrefslogtreecommitdiffstats
path: root/config/snort-dev
diff options
context:
space:
mode:
authorrobiscool <robrob2626@yahoo.com>2009-09-27 22:41:32 -0700
committerrobiscool <robrob2626@yahoo.com>2009-09-27 22:42:51 -0700
commit2b7e84819d7ff6af65ecf52f81ec02924c40ef8e (patch)
tree43eb582626861db8ba96ba857fff92aebd495124 /config/snort-dev
parentc08db1d0285bb5dfcd5a2665af8d228f4d9d0d05 (diff)
downloadpfsense-packages-2b7e84819d7ff6af65ecf52f81ec02924c40ef8e.tar.gz
pfsense-packages-2b7e84819d7ff6af65ecf52f81ec02924c40ef8e.tar.bz2
pfsense-packages-2b7e84819d7ff6af65ecf52f81ec02924c40ef8e.zip
snort-dev, update to RC5, update snort_download to restart if snort is running, update snort.inc code for failers, dynamic ip reload update
Diffstat (limited to 'config/snort-dev')
-rw-r--r--config/snort-dev/snort.inc6
-rw-r--r--config/snort-dev/snort.xml4
-rw-r--r--config/snort-dev/snort_check_for_rule_updates.php62
-rw-r--r--config/snort-dev/snort_download_rules.php75
-rw-r--r--config/snort-dev/snort_dynamic_ip_reload.php5
5 files changed, 74 insertions, 78 deletions
diff --git a/config/snort-dev/snort.inc b/config/snort-dev/snort.inc
index 38a91616..3b13ba14 100644
--- a/config/snort-dev/snort.inc
+++ b/config/snort-dev/snort.inc
@@ -88,7 +88,9 @@ function sync_package_snort()
exec("/bin/cp /usr/local/etc/snort/threshold.conf-sample /usr/local/etc/snort/threshold.conf");
exec("/bin/cp /usr/local/etc/snort/unicode.map-sample /usr/local/etc/snort/unicode.map");
exec("/bin/rm -f /usr/local/etc/rc.d/snort");
-
+ exec("/bin/rm /tmp/snort_download_halt.pid");
+ exec("/bin/rm /tmp/snort.sh.pid");
+
$first = 0;
$snortInterfaces = array(); /* -gtm */
@@ -152,7 +154,7 @@ function sync_package_snort()
if ($snortbarnyardlog_info_chk == on)
$start .= "\nsleep 4;barnyard2 -c /usr/local/etc/barnyard2.conf -d /var/log/snort -f snort.u2 -w /usr/local/etc/snort/barnyard2.waldo -D -q\n";
}
- $check_if_snort_runs = "\nif [ \"`pgrep -x snort`\" != \"\" ] ; then\n\tlogger -p daemon.info -i -t SnortStartup \"Snort already running...\"\n\texit 1\nfi\n\n";
+ $check_if_snort_runs = "\nif [ \"`pgrep -x snort`\" != \"\" ] ; then\n\tlogger -p daemon.info -i -t SnortStartup \"Snort already running...\"\n/usr/local/bin/php -f /usr/local/pkg/pf/snort_dynamic_ip_reload.php\n\texit 1\nfi\n\n";
$if_snort_pid = "\nif ls /tmp/snort.sh.pid > /dev/null\nthen\n echo \"snort.sh is running\"\n exit 0\nelse\n echo \"snort.sh is not running\"\nfi\n";
$echo_snort_sh_pid = "\necho \"snort.sh run\" > /tmp/snort.sh.pid\n";
$echo_snort_sh_startup_log = "\necho \"snort.sh run\" >> /tmp/snort.sh_startup.log\n";
diff --git a/config/snort-dev/snort.xml b/config/snort-dev/snort.xml
index 7a61d8c1..4f039a97 100644
--- a/config/snort-dev/snort.xml
+++ b/config/snort-dev/snort.xml
@@ -47,7 +47,7 @@
<faq>Currently there are no FAQ items provided.</faq>
<name>Snort</name>
<version>2.8.4.1_1</version>
- <title>Services: Snort 2.8.4.1_1 pkg v. 1.6 RC4</title>
+ <title>Services: Snort 2.8.4.1_2 pkg v. 1.6 RC5</title>
<include_file>/usr/local/pkg/snort.inc</include_file>
<menu>
<name>Snort</name>
@@ -164,7 +164,7 @@
<item>http://www.pfsense.com/packages/config/snort-dev/snort_alerts.php</item>
</additional_files_needed>
<additional_files_needed>
- <prefix>/usr/local/pkg/</prefix>
+ <prefix>/usr/local/pkg/pf/</prefix>
<chmod>077</chmod>
<item>http://www.pfsense.com/packages/config/snort-dev/snort_dynamic_ip_reload.php</item>
</additional_files_needed>
diff --git a/config/snort-dev/snort_check_for_rule_updates.php b/config/snort-dev/snort_check_for_rule_updates.php
index 8a6aedc9..4430c4a2 100644
--- a/config/snort-dev/snort_check_for_rule_updates.php
+++ b/config/snort-dev/snort_check_for_rule_updates.php
@@ -237,12 +237,15 @@ if ($snort_md5_check_ok == on && $pfsense_md5_check_ok == on && $emergingthreats
exit(0);
}
-/* "You are Not Up to date */;
- echo "You are NOT up to date...\n";
- echo "Stopping Snort service...\n";
-stop_service("snort");
-sleep(2);
-// start_service("snort");
+/* You are Not Up to date, always stop snort when updating rules for low end machines */;
+echo "You are NOT up to date...\n";
+echo "Stopping Snort service...\n";
+$chk_if_snort_up = exec("pgrep -x snort");
+if ($chk_if_snort_up != "") {
+ exec("/usr/bin/touch /tmp/snort_download_halt.pid");
+ stop_service("snort");
+ sleep(2);
+}
/* download snortrules file */
if ($snort_md5_check_ok != on) {
@@ -539,23 +542,6 @@ if (file_exists("{$snortdir}/doc/signatures")) {
}
}
-/* Copy snort rules and emergingthreats and pfsense dir to snort dir */
-//if ($snort_md5_check_ok != on || $emerg_md5_check_chk_ok != on || $pfsense_md5_check_ok != on) {
-//if (file_exists("{$tmpfname}/rules")) {
-// echo "Copying rules...\n";
-// echo "May take a while...\n";
-// exec("/bin/cp {$tmpfname}/rules/* {$snortdir}/rules");
-// echo "Done copping rules.\n";
- /* Write out time of last sucsessful rule install catch */
-// $config['installedpackages']['snort']['last_rules_install'] = date("Y-M-jS-h:i-A");
-// write_config();
-//} else {
-// echo "Directory rules does not exists...\n";
-// echo "Error copying rules direcory...\n";
-// exit(0);
-// }
-//}
-
/* double make shure clean up emerg rules that dont belong */
if (file_exists("/usr/local/etc/snort_bkup/rules/emerging-botcc-BLOCK.rules")) {
apc_clear_cache();
@@ -584,7 +570,7 @@ exec("/usr/local/bin/perl /usr/local/bin/create-sidmap.pl /usr/local/etc/snort_b
if ($snort_md5_check_ok != on || $emerg_md5_check_chk_ok != on || $pfsense_md5_check_ok != on) {
if (empty($config['installedpackages']['snort']['rule_sid_on']) || empty($config['installedpackages']['snort']['rule_sid_off'])) {
-echo "Your enable and disable changes are being applied to your fresh set of rules...\n";
+echo "Your first set of rules are being copied...\n";
echo "May take a while...\n";
exec("/bin/cp {$snortdir}/rules/* {$snortdir_wan}/rules/");
@@ -599,15 +585,16 @@ echo "May take a while...\n";
exec("/bin/cp {$snortdir}/unicode.map {$snortdir_wan}");
} else {
-
+ echo "Your enable and disable changes are being applied to your fresh set of rules...\n";
+ echo "May take a while...\n";
exec("/bin/cp {$snortdir}/classification.config {$snortdir_wan}");
- exec("/bin/cp {$snortdir}/gen-msg.map {$snortdir_wan}");
+// exec("/bin/cp {$snortdir}/gen-msg.map {$snortdir_wan}");
exec("/bin/cp {$snortdir}/generators {$snortdir_wan}");
exec("/bin/cp {$snortdir}/reference.config {$snortdir_wan}");
exec("/bin/cp {$snortdir}/sid {$snortdir_wan}");
exec("/bin/cp {$snortdir}/sid-msg.map {$snortdir_wan}");
- exec("/bin/cp {$snortdir}/snort.conf {$snortdir_wan}");
- exec("/bin/cp {$snortdir}/threshold.conf {$snortdir_wan}");
+// exec("/bin/cp {$snortdir}/snort.conf {$snortdir_wan}");
+// exec("/bin/cp {$snortdir}/threshold.conf {$snortdir_wan}");
exec("/bin/cp {$snortdir}/unicode.map {$snortdir_wan}");
/* oinkmaster.pl will convert saved changes for the new updates then we have to change #alert to # alert for the gui */
@@ -620,13 +607,26 @@ echo "May take a while...\n";
}
}
+/* remove old $tmpfname files */
+if (file_exists("{$tmpfname}")) {
+ echo "Cleaning up...\n";
+ exec("/bin/rm -r /tmp/snort_rules_up");
+}
+
/* php code to flush out cache some people are reportting missing files this might help */
sleep(5);
apc_clear_cache();
exec("/bin/sync ;/bin/sync ;/bin/sync ;/bin/sync ;/bin/sync ;/bin/sync ;/bin/sync ;/bin/sync");
-/* php code finish */
-echo "The Rules update finished...\n";
-echo "You may start snort now...\n";
+/* if snort is running hardrestart, if snort is not running do nothing */
+if (file_exists("/tmp/snort_download_halt.pid")) {
+ start_service("snort");
+ echo "The Rules update finished...\n";
+ echo "Snort has restarted with your new set of rules...\n";
+ exec("/bin/rm /tmp/snort_download_halt.pid");
+} else {
+ echo "The Rules update finished...\n";
+ echo "You may start snort now...\n";
+}
?>
diff --git a/config/snort-dev/snort_download_rules.php b/config/snort-dev/snort_download_rules.php
index 73618dd7..8eca3d34 100644
--- a/config/snort-dev/snort_download_rules.php
+++ b/config/snort-dev/snort_download_rules.php
@@ -296,9 +296,6 @@ if ($emerg_md5_check_new == $emerg_md5_check_old) {
update_output_window(gettext("You may start Snort now, check update."));
hide_progress_bar_status();
$emerg_md5_check_chk_ok = on;
- /* Timestamps to html */
-// echo "\n<p align=center><b>You last checked for updates: </b>{$last_md5_download}</p>\n";
-// echo "\n<p align=center><b>You last installed for rules: </b>{$last_rules_install}</p>\n";
}
}
}
@@ -338,12 +335,15 @@ if ($snort_md5_check_ok == on && $pfsense_md5_check_ok == on && $emergingthreats
exit(0);
}
-/* "You are Not Up to date */;
+/* You are Not Up to date, always stop snort when updating rules for low end machines */;
update_status(gettext("You are NOT up to date..."));
- update_output_window(gettext("Stopping Snort service..."));
-stop_service("snort");
-sleep(2);
-// start_service("snort");
+update_output_window(gettext("Stopping Snort service..."));
+$chk_if_snort_up = exec("pgrep -x snort");
+if ($chk_if_snort_up != "") {
+ exec("/usr/bin/touch /tmp/snort_download_halt.pid");
+ stop_service("snort");
+ sleep(2);
+}
/* download snortrules file */
if ($snort_md5_check_ok != on) {
@@ -660,23 +660,6 @@ if (file_exists("{$snortdir}/doc/signatures")) {
}
}
-/* Copy snort rules and emergingthreats and pfsense dir to snort dir */
-// if ($snort_md5_check_ok != on || $emerg_md5_check_chk_ok != on || $pfsense_md5_check_ok != on) {
-// if (file_exists("{$tmpfname}/rules")) {
-// update_status(gettext("Copying rules..."));
-// update_output_window(gettext("May take a while..."));
-// exec("/bin/cp {$tmpfname}/rules/* {$snortdir}/rules");
-// update_status(gettext("Done copping rules."));
-// /* Write out time of last sucsessful rule install catch */
-// $config['installedpackages']['snort']['last_rules_install'] = date("Y-M-jS-h:i-A");
-// write_config();
-// } else {
-// update_status(gettext("Directory rules does not exists..."));
-// update_output_window(gettext("Error copying rules direcory..."));
-// exit(0);
-// }
-// }
-
/* double make shure cleanup emerg rules that dont belong */
if (file_exists("/usr/local/etc/snort_bkup/rules/emerging-botcc-BLOCK.rules")) {
apc_clear_cache();
@@ -705,9 +688,8 @@ exec("/usr/local/bin/perl /usr/local/bin/create-sidmap.pl /usr/local/etc/snort_b
if ($snort_md5_check_ok != on || $emerg_md5_check_chk_ok != on || $pfsense_md5_check_ok != on) {
if (empty($config['installedpackages']['snort']['rule_sid_on']) || empty($config['installedpackages']['snort']['rule_sid_off'])) {
-update_status(gettext("Your enable and disable changes are being applied to your fresh set of rules..."));
-update_output_window(gettext("May take a while..."));
-
+ update_status(gettext("Your first set of rules are being copied..."));
+ update_output_window(gettext("May take a while..."));
exec("/bin/cp {$snortdir}/rules/* {$snortdir_wan}/rules/");
exec("/bin/cp {$snortdir}/classification.config {$snortdir_wan}");
exec("/bin/cp {$snortdir}/gen-msg.map {$snortdir_wan}");
@@ -720,15 +702,17 @@ update_output_window(gettext("May take a while..."));
exec("/bin/cp {$snortdir}/unicode.map {$snortdir_wan}");
} else {
+ update_status(gettext("Your enable and disable changes are being applied to your fresh set of rules..."));
+ update_output_window(gettext("May take a while..."));
exec("/bin/cp {$snortdir}/classification.config {$snortdir_wan}");
- exec("/bin/cp {$snortdir}/gen-msg.map {$snortdir_wan}");
+// exec("/bin/cp {$snortdir}/gen-msg.map {$snortdir_wan}");
exec("/bin/cp {$snortdir}/generators {$snortdir_wan}");
exec("/bin/cp {$snortdir}/reference.config {$snortdir_wan}");
exec("/bin/cp {$snortdir}/sid {$snortdir_wan}");
exec("/bin/cp {$snortdir}/sid-msg.map {$snortdir_wan}");
- exec("/bin/cp {$snortdir}/snort.conf {$snortdir_wan}");
- exec("/bin/cp {$snortdir}/threshold.conf {$snortdir_wan}");
+// exec("/bin/cp {$snortdir}/snort.conf {$snortdir_wan}");
+// exec("/bin/cp {$snortdir}/threshold.conf {$snortdir_wan}");
exec("/bin/cp {$snortdir}/unicode.map {$snortdir_wan}");
/* oinkmaster.pl will convert saved changes for the new updates then we have to change #alert to # alert for the gui */
@@ -742,21 +726,28 @@ update_output_window(gettext("May take a while..."));
}
}
+/* remove old $tmpfname files */
+if (file_exists("{$tmpfname}")) {
+ update_status(gettext("Cleaning up..."));
+ exec("/bin/rm -r /tmp/snort_rules_up");
+// apc_clear_cache();
+}
+
/* php code to flush out cache some people are reportting missing files this might help */
-sleep(5);
+sleep(2);
apc_clear_cache();
exec("/bin/sync ;/bin/sync ;/bin/sync ;/bin/sync ;/bin/sync ;/bin/sync ;/bin/sync ;/bin/sync");
-/* remove old $tmpfname files */
-//if (file_exists("{$tmpfname}")) {
-// update_status(gettext("Cleaning up..."));
-// exec("/bin/rm -r {$tmpfname}");
-// apc_clear_cache();
-//}
-
-/* php code finish */
-update_status(gettext("The Rules update finished..."));
-update_output_window(gettext("You may start snort now..."));
+/* if snort is running hardrestart, if snort is not running do nothing */
+if (file_exists("/tmp/snort_download_halt.pid")) {
+ start_service("snort");
+ update_status(gettext("The Rules update finished..."));
+ update_output_window(gettext("Snort has restarted with your new set of rules..."));
+ exec("/bin/rm /tmp/snort_download_halt.pid");
+} else {
+ update_status(gettext("The Rules update finished..."));
+ update_output_window(gettext("You may start snort now..."));
+}
/* hide progress bar and lets end this party */
hide_progress_bar_status();
diff --git a/config/snort-dev/snort_dynamic_ip_reload.php b/config/snort-dev/snort_dynamic_ip_reload.php
index dbd6d015..7933ba16 100644
--- a/config/snort-dev/snort_dynamic_ip_reload.php
+++ b/config/snort-dev/snort_dynamic_ip_reload.php
@@ -40,7 +40,10 @@ if($config['interfaces']['wan']['ipaddr'] == "pppoe" or
create_snort_conf();
mwexec("/sbin/pfctl -t snort2c -T flush");
exec("killall -HUP snort");
- exec("/usr/bin/killall snort2c; snort2c -w /var/db/whitelist -a /var/log/snort/alert");
+ /* define snortbarnyardlog_chk */
+ $snortbarnyardlog_info_chk = $config['installedpackages']['snortadvanced']['config'][0]['snortbarnyardlog'];
+ if ($snortbarnyardlog_info_chk == on)
+ exec("/usr/bin/killall barnyard2; /usr/local/bin/barnyard2 -c /usr/local/etc/barnyard2.conf -d /var/log/snort -f snort.u2 -w /usr/local/etc/snort/barnyard2.waldo -D -q\n");
}
?> \ No newline at end of file