diff options
author | robiscool <robrob2626@yahoo.com> | 2009-09-27 22:41:32 -0700 |
---|---|---|
committer | robiscool <robrob2626@yahoo.com> | 2009-09-27 22:42:51 -0700 |
commit | 2b7e84819d7ff6af65ecf52f81ec02924c40ef8e (patch) | |
tree | 43eb582626861db8ba96ba857fff92aebd495124 /config/snort-dev | |
parent | c08db1d0285bb5dfcd5a2665af8d228f4d9d0d05 (diff) | |
download | pfsense-packages-2b7e84819d7ff6af65ecf52f81ec02924c40ef8e.tar.gz pfsense-packages-2b7e84819d7ff6af65ecf52f81ec02924c40ef8e.tar.bz2 pfsense-packages-2b7e84819d7ff6af65ecf52f81ec02924c40ef8e.zip |
snort-dev, update to RC5, update snort_download to restart if snort is running, update snort.inc code for failers, dynamic ip reload update
Diffstat (limited to 'config/snort-dev')
-rw-r--r-- | config/snort-dev/snort.inc | 6 | ||||
-rw-r--r-- | config/snort-dev/snort.xml | 4 | ||||
-rw-r--r-- | config/snort-dev/snort_check_for_rule_updates.php | 62 | ||||
-rw-r--r-- | config/snort-dev/snort_download_rules.php | 75 | ||||
-rw-r--r-- | config/snort-dev/snort_dynamic_ip_reload.php | 5 |
5 files changed, 74 insertions, 78 deletions
diff --git a/config/snort-dev/snort.inc b/config/snort-dev/snort.inc index 38a91616..3b13ba14 100644 --- a/config/snort-dev/snort.inc +++ b/config/snort-dev/snort.inc @@ -88,7 +88,9 @@ function sync_package_snort() exec("/bin/cp /usr/local/etc/snort/threshold.conf-sample /usr/local/etc/snort/threshold.conf"); exec("/bin/cp /usr/local/etc/snort/unicode.map-sample /usr/local/etc/snort/unicode.map"); exec("/bin/rm -f /usr/local/etc/rc.d/snort"); - + exec("/bin/rm /tmp/snort_download_halt.pid"); + exec("/bin/rm /tmp/snort.sh.pid"); + $first = 0; $snortInterfaces = array(); /* -gtm */ @@ -152,7 +154,7 @@ function sync_package_snort() if ($snortbarnyardlog_info_chk == on) $start .= "\nsleep 4;barnyard2 -c /usr/local/etc/barnyard2.conf -d /var/log/snort -f snort.u2 -w /usr/local/etc/snort/barnyard2.waldo -D -q\n"; } - $check_if_snort_runs = "\nif [ \"`pgrep -x snort`\" != \"\" ] ; then\n\tlogger -p daemon.info -i -t SnortStartup \"Snort already running...\"\n\texit 1\nfi\n\n"; + $check_if_snort_runs = "\nif [ \"`pgrep -x snort`\" != \"\" ] ; then\n\tlogger -p daemon.info -i -t SnortStartup \"Snort already running...\"\n/usr/local/bin/php -f /usr/local/pkg/pf/snort_dynamic_ip_reload.php\n\texit 1\nfi\n\n"; $if_snort_pid = "\nif ls /tmp/snort.sh.pid > /dev/null\nthen\n echo \"snort.sh is running\"\n exit 0\nelse\n echo \"snort.sh is not running\"\nfi\n"; $echo_snort_sh_pid = "\necho \"snort.sh run\" > /tmp/snort.sh.pid\n"; $echo_snort_sh_startup_log = "\necho \"snort.sh run\" >> /tmp/snort.sh_startup.log\n"; diff --git a/config/snort-dev/snort.xml b/config/snort-dev/snort.xml index 7a61d8c1..4f039a97 100644 --- a/config/snort-dev/snort.xml +++ b/config/snort-dev/snort.xml @@ -47,7 +47,7 @@ <faq>Currently there are no FAQ items provided.</faq> <name>Snort</name> <version>2.8.4.1_1</version> - <title>Services: Snort 2.8.4.1_1 pkg v. 1.6 RC4</title> + <title>Services: Snort 2.8.4.1_2 pkg v. 1.6 RC5</title> <include_file>/usr/local/pkg/snort.inc</include_file> <menu> <name>Snort</name> @@ -164,7 +164,7 @@ <item>http://www.pfsense.com/packages/config/snort-dev/snort_alerts.php</item> </additional_files_needed> <additional_files_needed> - <prefix>/usr/local/pkg/</prefix> + <prefix>/usr/local/pkg/pf/</prefix> <chmod>077</chmod> <item>http://www.pfsense.com/packages/config/snort-dev/snort_dynamic_ip_reload.php</item> </additional_files_needed> diff --git a/config/snort-dev/snort_check_for_rule_updates.php b/config/snort-dev/snort_check_for_rule_updates.php index 8a6aedc9..4430c4a2 100644 --- a/config/snort-dev/snort_check_for_rule_updates.php +++ b/config/snort-dev/snort_check_for_rule_updates.php @@ -237,12 +237,15 @@ if ($snort_md5_check_ok == on && $pfsense_md5_check_ok == on && $emergingthreats exit(0); } -/* "You are Not Up to date */; - echo "You are NOT up to date...\n"; - echo "Stopping Snort service...\n"; -stop_service("snort"); -sleep(2); -// start_service("snort"); +/* You are Not Up to date, always stop snort when updating rules for low end machines */; +echo "You are NOT up to date...\n"; +echo "Stopping Snort service...\n"; +$chk_if_snort_up = exec("pgrep -x snort"); +if ($chk_if_snort_up != "") { + exec("/usr/bin/touch /tmp/snort_download_halt.pid"); + stop_service("snort"); + sleep(2); +} /* download snortrules file */ if ($snort_md5_check_ok != on) { @@ -539,23 +542,6 @@ if (file_exists("{$snortdir}/doc/signatures")) { } } -/* Copy snort rules and emergingthreats and pfsense dir to snort dir */ -//if ($snort_md5_check_ok != on || $emerg_md5_check_chk_ok != on || $pfsense_md5_check_ok != on) { -//if (file_exists("{$tmpfname}/rules")) { -// echo "Copying rules...\n"; -// echo "May take a while...\n"; -// exec("/bin/cp {$tmpfname}/rules/* {$snortdir}/rules"); -// echo "Done copping rules.\n"; - /* Write out time of last sucsessful rule install catch */ -// $config['installedpackages']['snort']['last_rules_install'] = date("Y-M-jS-h:i-A"); -// write_config(); -//} else { -// echo "Directory rules does not exists...\n"; -// echo "Error copying rules direcory...\n"; -// exit(0); -// } -//} - /* double make shure clean up emerg rules that dont belong */ if (file_exists("/usr/local/etc/snort_bkup/rules/emerging-botcc-BLOCK.rules")) { apc_clear_cache(); @@ -584,7 +570,7 @@ exec("/usr/local/bin/perl /usr/local/bin/create-sidmap.pl /usr/local/etc/snort_b if ($snort_md5_check_ok != on || $emerg_md5_check_chk_ok != on || $pfsense_md5_check_ok != on) { if (empty($config['installedpackages']['snort']['rule_sid_on']) || empty($config['installedpackages']['snort']['rule_sid_off'])) { -echo "Your enable and disable changes are being applied to your fresh set of rules...\n"; +echo "Your first set of rules are being copied...\n"; echo "May take a while...\n"; exec("/bin/cp {$snortdir}/rules/* {$snortdir_wan}/rules/"); @@ -599,15 +585,16 @@ echo "May take a while...\n"; exec("/bin/cp {$snortdir}/unicode.map {$snortdir_wan}"); } else { - + echo "Your enable and disable changes are being applied to your fresh set of rules...\n"; + echo "May take a while...\n"; exec("/bin/cp {$snortdir}/classification.config {$snortdir_wan}"); - exec("/bin/cp {$snortdir}/gen-msg.map {$snortdir_wan}"); +// exec("/bin/cp {$snortdir}/gen-msg.map {$snortdir_wan}"); exec("/bin/cp {$snortdir}/generators {$snortdir_wan}"); exec("/bin/cp {$snortdir}/reference.config {$snortdir_wan}"); exec("/bin/cp {$snortdir}/sid {$snortdir_wan}"); exec("/bin/cp {$snortdir}/sid-msg.map {$snortdir_wan}"); - exec("/bin/cp {$snortdir}/snort.conf {$snortdir_wan}"); - exec("/bin/cp {$snortdir}/threshold.conf {$snortdir_wan}"); +// exec("/bin/cp {$snortdir}/snort.conf {$snortdir_wan}"); +// exec("/bin/cp {$snortdir}/threshold.conf {$snortdir_wan}"); exec("/bin/cp {$snortdir}/unicode.map {$snortdir_wan}"); /* oinkmaster.pl will convert saved changes for the new updates then we have to change #alert to # alert for the gui */ @@ -620,13 +607,26 @@ echo "May take a while...\n"; } } +/* remove old $tmpfname files */ +if (file_exists("{$tmpfname}")) { + echo "Cleaning up...\n"; + exec("/bin/rm -r /tmp/snort_rules_up"); +} + /* php code to flush out cache some people are reportting missing files this might help */ sleep(5); apc_clear_cache(); exec("/bin/sync ;/bin/sync ;/bin/sync ;/bin/sync ;/bin/sync ;/bin/sync ;/bin/sync ;/bin/sync"); -/* php code finish */ -echo "The Rules update finished...\n"; -echo "You may start snort now...\n"; +/* if snort is running hardrestart, if snort is not running do nothing */ +if (file_exists("/tmp/snort_download_halt.pid")) { + start_service("snort"); + echo "The Rules update finished...\n"; + echo "Snort has restarted with your new set of rules...\n"; + exec("/bin/rm /tmp/snort_download_halt.pid"); +} else { + echo "The Rules update finished...\n"; + echo "You may start snort now...\n"; +} ?> diff --git a/config/snort-dev/snort_download_rules.php b/config/snort-dev/snort_download_rules.php index 73618dd7..8eca3d34 100644 --- a/config/snort-dev/snort_download_rules.php +++ b/config/snort-dev/snort_download_rules.php @@ -296,9 +296,6 @@ if ($emerg_md5_check_new == $emerg_md5_check_old) { update_output_window(gettext("You may start Snort now, check update.")); hide_progress_bar_status(); $emerg_md5_check_chk_ok = on; - /* Timestamps to html */ -// echo "\n<p align=center><b>You last checked for updates: </b>{$last_md5_download}</p>\n"; -// echo "\n<p align=center><b>You last installed for rules: </b>{$last_rules_install}</p>\n"; } } } @@ -338,12 +335,15 @@ if ($snort_md5_check_ok == on && $pfsense_md5_check_ok == on && $emergingthreats exit(0); } -/* "You are Not Up to date */; +/* You are Not Up to date, always stop snort when updating rules for low end machines */; update_status(gettext("You are NOT up to date...")); - update_output_window(gettext("Stopping Snort service...")); -stop_service("snort"); -sleep(2); -// start_service("snort"); +update_output_window(gettext("Stopping Snort service...")); +$chk_if_snort_up = exec("pgrep -x snort"); +if ($chk_if_snort_up != "") { + exec("/usr/bin/touch /tmp/snort_download_halt.pid"); + stop_service("snort"); + sleep(2); +} /* download snortrules file */ if ($snort_md5_check_ok != on) { @@ -660,23 +660,6 @@ if (file_exists("{$snortdir}/doc/signatures")) { } } -/* Copy snort rules and emergingthreats and pfsense dir to snort dir */ -// if ($snort_md5_check_ok != on || $emerg_md5_check_chk_ok != on || $pfsense_md5_check_ok != on) { -// if (file_exists("{$tmpfname}/rules")) { -// update_status(gettext("Copying rules...")); -// update_output_window(gettext("May take a while...")); -// exec("/bin/cp {$tmpfname}/rules/* {$snortdir}/rules"); -// update_status(gettext("Done copping rules.")); -// /* Write out time of last sucsessful rule install catch */ -// $config['installedpackages']['snort']['last_rules_install'] = date("Y-M-jS-h:i-A"); -// write_config(); -// } else { -// update_status(gettext("Directory rules does not exists...")); -// update_output_window(gettext("Error copying rules direcory...")); -// exit(0); -// } -// } - /* double make shure cleanup emerg rules that dont belong */ if (file_exists("/usr/local/etc/snort_bkup/rules/emerging-botcc-BLOCK.rules")) { apc_clear_cache(); @@ -705,9 +688,8 @@ exec("/usr/local/bin/perl /usr/local/bin/create-sidmap.pl /usr/local/etc/snort_b if ($snort_md5_check_ok != on || $emerg_md5_check_chk_ok != on || $pfsense_md5_check_ok != on) { if (empty($config['installedpackages']['snort']['rule_sid_on']) || empty($config['installedpackages']['snort']['rule_sid_off'])) { -update_status(gettext("Your enable and disable changes are being applied to your fresh set of rules...")); -update_output_window(gettext("May take a while...")); - + update_status(gettext("Your first set of rules are being copied...")); + update_output_window(gettext("May take a while...")); exec("/bin/cp {$snortdir}/rules/* {$snortdir_wan}/rules/"); exec("/bin/cp {$snortdir}/classification.config {$snortdir_wan}"); exec("/bin/cp {$snortdir}/gen-msg.map {$snortdir_wan}"); @@ -720,15 +702,17 @@ update_output_window(gettext("May take a while...")); exec("/bin/cp {$snortdir}/unicode.map {$snortdir_wan}"); } else { + update_status(gettext("Your enable and disable changes are being applied to your fresh set of rules...")); + update_output_window(gettext("May take a while...")); exec("/bin/cp {$snortdir}/classification.config {$snortdir_wan}"); - exec("/bin/cp {$snortdir}/gen-msg.map {$snortdir_wan}"); +// exec("/bin/cp {$snortdir}/gen-msg.map {$snortdir_wan}"); exec("/bin/cp {$snortdir}/generators {$snortdir_wan}"); exec("/bin/cp {$snortdir}/reference.config {$snortdir_wan}"); exec("/bin/cp {$snortdir}/sid {$snortdir_wan}"); exec("/bin/cp {$snortdir}/sid-msg.map {$snortdir_wan}"); - exec("/bin/cp {$snortdir}/snort.conf {$snortdir_wan}"); - exec("/bin/cp {$snortdir}/threshold.conf {$snortdir_wan}"); +// exec("/bin/cp {$snortdir}/snort.conf {$snortdir_wan}"); +// exec("/bin/cp {$snortdir}/threshold.conf {$snortdir_wan}"); exec("/bin/cp {$snortdir}/unicode.map {$snortdir_wan}"); /* oinkmaster.pl will convert saved changes for the new updates then we have to change #alert to # alert for the gui */ @@ -742,21 +726,28 @@ update_output_window(gettext("May take a while...")); } } +/* remove old $tmpfname files */ +if (file_exists("{$tmpfname}")) { + update_status(gettext("Cleaning up...")); + exec("/bin/rm -r /tmp/snort_rules_up"); +// apc_clear_cache(); +} + /* php code to flush out cache some people are reportting missing files this might help */ -sleep(5); +sleep(2); apc_clear_cache(); exec("/bin/sync ;/bin/sync ;/bin/sync ;/bin/sync ;/bin/sync ;/bin/sync ;/bin/sync ;/bin/sync"); -/* remove old $tmpfname files */ -//if (file_exists("{$tmpfname}")) { -// update_status(gettext("Cleaning up...")); -// exec("/bin/rm -r {$tmpfname}"); -// apc_clear_cache(); -//} - -/* php code finish */ -update_status(gettext("The Rules update finished...")); -update_output_window(gettext("You may start snort now...")); +/* if snort is running hardrestart, if snort is not running do nothing */ +if (file_exists("/tmp/snort_download_halt.pid")) { + start_service("snort"); + update_status(gettext("The Rules update finished...")); + update_output_window(gettext("Snort has restarted with your new set of rules...")); + exec("/bin/rm /tmp/snort_download_halt.pid"); +} else { + update_status(gettext("The Rules update finished...")); + update_output_window(gettext("You may start snort now...")); +} /* hide progress bar and lets end this party */ hide_progress_bar_status(); diff --git a/config/snort-dev/snort_dynamic_ip_reload.php b/config/snort-dev/snort_dynamic_ip_reload.php index dbd6d015..7933ba16 100644 --- a/config/snort-dev/snort_dynamic_ip_reload.php +++ b/config/snort-dev/snort_dynamic_ip_reload.php @@ -40,7 +40,10 @@ if($config['interfaces']['wan']['ipaddr'] == "pppoe" or create_snort_conf(); mwexec("/sbin/pfctl -t snort2c -T flush"); exec("killall -HUP snort"); - exec("/usr/bin/killall snort2c; snort2c -w /var/db/whitelist -a /var/log/snort/alert"); + /* define snortbarnyardlog_chk */ + $snortbarnyardlog_info_chk = $config['installedpackages']['snortadvanced']['config'][0]['snortbarnyardlog']; + if ($snortbarnyardlog_info_chk == on) + exec("/usr/bin/killall barnyard2; /usr/local/bin/barnyard2 -c /usr/local/etc/barnyard2.conf -d /var/log/snort -f snort.u2 -w /usr/local/etc/snort/barnyard2.waldo -D -q\n"); } ?>
\ No newline at end of file |