aboutsummaryrefslogtreecommitdiffstats
path: root/config/snort/snort.inc
diff options
context:
space:
mode:
authorErmal <eri@pfsense.org>2011-08-03 15:43:43 +0000
committerErmal <eri@pfsense.org>2011-08-03 15:43:43 +0000
commit8c0fcc9d45f382d5f171adaf5bba112b0172d566 (patch)
treecf91743acb85e4053a3ed65173df8b635d888848 /config/snort/snort.inc
parent2e06535daadd598e700b5619ca08d935bd97146a (diff)
downloadpfsense-packages-8c0fcc9d45f382d5f171adaf5bba112b0172d566.tar.gz
pfsense-packages-8c0fcc9d45f382d5f171adaf5bba112b0172d566.tar.bz2
pfsense-packages-8c0fcc9d45f382d5f171adaf5bba112b0172d566.zip
Another round of fixes for whitelist and suppress. Also correct behaviour of some GUI.
Diffstat (limited to 'config/snort/snort.inc')
-rw-r--r--config/snort/snort.inc128
1 files changed, 49 insertions, 79 deletions
diff --git a/config/snort/snort.inc b/config/snort/snort.inc
index c375766f..cbbebf26 100644
--- a/config/snort/snort.inc
+++ b/config/snort/snort.inc
@@ -79,7 +79,7 @@ function find_whitelist_key($find_wlist_number) {
return 0; /* XXX */
foreach ($config['installedpackages']['snortglobal']['whitelist']['item'] as $w_key => $value) {
- if ($value['uuid'] == $find_wlist_number)
+ if ($value['name'] == $find_wlist_number)
return $w_key;
}
}
@@ -93,8 +93,8 @@ function find_suppress_key($find_slist_number) {
if (!is_array($config['installedpackages']['snortglobal']['suppress']['item']))
return 0; /* XXX */
- foreach ($config['installedpackages']['snortglobal']['supppress']['item'] as $s_key => $value) {
- if ($value['uuid'] == $find_slist_number)
+ foreach ($config['installedpackages']['snortglobal']['suppress']['item'] as $s_key => $value) {
+ if ($value['name'] == $find_slist_number)
return $s_key;
}
}
@@ -1023,12 +1023,6 @@ function sync_snort_package_all($id, $if_real, $snort_uuid)
$result_lan = $config['installedpackages']['snortglobal']['rule'][$id]['interface'];
$if_real = snort_get_real_interface($result_lan);
- /* create snort configuration file */
- create_snort_conf($id, $if_real, $snort_uuid);
-
- /* if rules exist cp rules to each iface */
- create_rules_iface($id, $if_real, $snort_uuid);
-
/* only build whitelist when needed */
if ($config['installedpackages']['snortglobal']['rule'][$id]['blockoffenders7'] == 'on')
create_snort_whitelist($id, $if_real);
@@ -1037,6 +1031,12 @@ function sync_snort_package_all($id, $if_real, $snort_uuid)
if ($config['installedpackages']['snortglobal']['rule'][$id]['suppresslistname'] != 'default')
create_snort_suppress($id, $if_real);
+ /* create snort configuration file */
+ create_snort_conf($id, $if_real, $snort_uuid);
+
+ /* if rules exist cp rules to each iface */
+ create_rules_iface($id, $if_real, $snort_uuid);
+
/* create snort bootup file snort.sh only create once */
create_snort_sh();
@@ -1073,12 +1073,6 @@ function sync_snort_package_empty()
$snort_uuid = $value['uuid'];
if ($if_real != '' && $snort_uuid != '') {
-
- /* create snort configuration file */
- create_snort_conf($id, $if_real, $snort_uuid);
-
- /* if rules exist cp rules to each iface */
- create_rules_iface($id, $if_real, $snort_uuid);
/* only build whitelist when needed */
if ($value['blockoffenders7'] == 'on')
@@ -1088,6 +1082,12 @@ function sync_snort_package_empty()
if ($value['suppresslistname'] != 'default')
create_snort_suppress($id, $if_real);
+ /* create snort configuration file */
+ create_snort_conf($id, $if_real, $snort_uuid);
+
+ /* if rules exist cp rules to each iface */
+ create_rules_iface($id, $if_real, $snort_uuid);
+
/* create barnyard2 configuration file */
$snortbarnyardlog_info_chk = $value['barnyard_enable'];
if ($snortbarnyardlog_info_chk == 'on')
@@ -1130,9 +1130,6 @@ function sync_snort_package_config()
if (!empty($if_real) && !empty($snort_uuid)) {
- /* create snort configuration file */
- create_snort_conf($id, $if_real, $snort_uuid);
-
/* only build whitelist when needed */
if ($value['blockoffenders7'] == 'on')
create_snort_whitelist($id, $if_real);
@@ -1141,6 +1138,9 @@ function sync_snort_package_config()
if ($value['suppresslistname'] != 'default')
create_snort_suppress($id, $if_real);
+ /* create snort configuration file */
+ create_snort_conf($id, $if_real, $snort_uuid);
+
/* create barnyard2 configuration file */
if ($value['barnyard_enable'] == 'on')
create_barnyard2_conf($id, $if_real, $snort_uuid);
@@ -1167,28 +1167,21 @@ function create_snort_suppress($id, $if_real) {
return;
if ($config['installedpackages']['snortglobal']['rule'][$id]['suppresslistname'] != 'default') {
+ $whitelist_key_s = find_suppress_key($config['installedpackages']['snortglobal']['rule'][$id]['suppresslistname']);
+ if (empty($whitelist_key_s))
+ return "";
- if (preg_match('/([0-9]+)$/', $config['installedpackages']['snortglobal']['rule'][$id]['suppresslistname'], $slist_num_wrt)) {
- $whitelist_key_s = find_suppress_key($slist_num_wrt[0]);
+ /* file name */
+ $suppress_file_name = $config['installedpackages']['snortglobal']['suppress']['item'][$whitelist_key_s]['name'];
- /* file name */
- $suppress_file_name = $config['installedpackages']['snortglobal']['suppress']['item'][$whitelist_key_s]['name'];
-
- /* Message */
- $s_data .= '# This file is auto generated by the snort package. Please do not edit this file by hand.' . "\n\n";
+ /* Message */
+ $s_data .= '# This file is auto generated by the snort package. Please do not edit this file by hand.' . "\n\n";
- /* user added arguments */
- $s_data .= str_replace("\r", "", base64_decode($config['installedpackages']['snortglobal']['suppress']['item'][$whitelist_key_s]['suppresspassthru']));
+ /* user added arguments */
+ $s_data .= str_replace("\r", "", base64_decode($config['installedpackages']['snortglobal']['suppress']['item'][$whitelist_key_s]['suppresspassthru']));
- /* open snort's whitelist for writing */
- $suppresslist_w = fopen("/usr/local/etc/snort/suppress/$suppress_file_name", "w");
- if(!$suppresslist_w) {
- log_error("Could not open /usr/local/etc/snort/suppress/$suppress_file_name for writing.");
- return;
- }
- fwrite($suppresslist_w, $s_data);
- fclose($suppresslist_w);
- }
+ /* open snort's whitelist for writing */
+ @file_put_contents("/usr/local/etc/snort/suppress/$suppress_file_name", $s_data);
}
}
@@ -1204,39 +1197,20 @@ function create_snort_whitelist($id, $if_real) {
$w_data = build_base_whitelist('whitelist', 'yes', 'yes', 'yes', 'yes', 'yes', 'no');
/* open snort's whitelist for writing */
- $whitelist_w = fopen("/usr/local/etc/snort/whitelist/defaultwlist", "w");
- if (!$whitelist_w) {
- log_error("Could not open /usr/local/etc/snort/whitelist/defaultwlist for writing.");
- return;
- }
- fwrite($whitelist_w, $w_data);
- fclose($whitelist_w);
-
- } else if (preg_match('/^([a-zA-z0-9]+)/', $config['installedpackages']['snortglobal']['rule'][$id]['whitelistname'], $wlist_name_wrt)) {
- if (preg_match('/([0-9]+)$/', $config['installedpackages']['snortglobal']['rule'][$id]['whitelistname'], $wlist_num_wrt)) {
- $whitelist_key_w = find_whitelist_key($wlist_num_wrt[0]);
+ @file_put_contents("/usr/local/etc/snort/whitelist/defaultwlist", $w_data);
- if (!is_array($config['installedpackages']['snortglobal']['whitelist']['item']))
- return;
+ } else if (!empty($config['installedpackages']['snortglobal']['rule'][$id]['whitelistname'])) {
+ $whitelist_key_w = find_whitelist_key($config['installedpackages']['snortglobal']['rule'][$id]['whitelistname']);
- $build_netlist = $config['installedpackages']['snortglobal']['whitelist']['item'][$whitelist_key_w]['snortlisttype'];
- $wanip = $config['installedpackages']['snortglobal']['whitelist']['item'][$whitelist_key_w]['wanips'];
- $wangw = $config['installedpackages']['snortglobal']['whitelist']['item'][$whitelist_key_w]['wangateips'];
- $wandns = $config['installedpackages']['snortglobal']['whitelist']['item'][$whitelist_key_w]['wandnsips'];
- $vips = $config['installedpackages']['snortglobal']['whitelist']['item'][$whitelist_key_w]['vips'];
- $vpns = $config['installedpackages']['snortglobal']['whitelist']['item'][$whitelist_key_w]['vpnips'];
+ if (!is_array($config['installedpackages']['snortglobal']['whitelist']['item']))
+ return;
- $w_data = build_base_whitelist($build_netlist, $wanip, $wangw, $wandns, $vips, $vpns, $whitelist_key_w);
+ $whitelist = $config['installedpackages']['snortglobal']['whitelist']['item'][$whitelist_key_w];
+ $w_data = build_base_whitelist($whitelist['snortlisttype'], $whitelist['wanips'], $whitelist['wangateips'],
+ $whitelist['wandnsips'], $whitelist['vips'], $whitelist['vpnips'], $whitelist_key_w);
- /* open snort's whitelist for writing */
- $whitelist_w = fopen("/usr/local/etc/snort/whitelist/$wlist_name_wrt[0]", "w");
- if(!$whitelist_w) {
- log_error("Could not open /usr/local/etc/snort/whitelist/$wlist_name_wrt[0] for writing.");
- return;
- }
- fwrite($whitelist_w, $w_data);
- fclose($whitelist_w);
- }
+ /* open snort's whitelist for writing */
+ @file_put_contents("/usr/local/etc/snort/whitelist/" . $config['installedpackages']['snortglobal']['rule'][$id]['whitelistname'], $w_data);
}
}
@@ -1245,8 +1219,8 @@ function create_snort_homenet($id, $if_real) {
if ($config['installedpackages']['snortglobal']['rule'][$id]['homelistname'] == 'default' || $config['installedpackages']['snortglobal']['rule'][$id]['homelistname'] == '')
return build_base_whitelist('netlist', 'yes', 'yes', 'yes', 'yes', 'yes', 'no');
- else if (preg_match('/([0-9]+)$/', $config['installedpackages']['snortglobal']['rule'][$id]['homelistname'], $hlist_num_wrt)) {
- $whitelist_key_h = find_whitelist_key($hlist_num_wrt[0]);
+ else if (!empty($config['installedpackages']['snortglobal']['rule'][$id]['homelistname'])) {
+ $whitelist_key_h = find_whitelist_key($config['installedpackages']['snortglobal']['rule'][$id]['homelistname']);
if (!is_array($config['installedpackages']['snortglobal']['whitelist']['item']))
return;
@@ -1265,8 +1239,8 @@ function create_snort_homenet($id, $if_real) {
function create_snort_externalnet($id, $if_real) {
global $config, $g;
- if (preg_match('/([0-9]+)$/', $config['installedpackages']['snortglobal']['rule'][$id]['externallistname'], $exlist_num_wrt)) {
- $whitelist_key_ex = find_whitelist_key($exlist_num_wrt[0]);
+ if (!empty($config['installedpackages']['snortglobal']['rule'][$id]['externallistname'])) {
+ $whitelist_key_ex = find_whitelist_key($config['installedpackages']['snortglobal']['rule'][$id]['externallistname']);
if (!is_array($config['installedpackages']['snortglobal']['whitelist']['item']))
return;
@@ -1740,23 +1714,19 @@ function generate_snort_conf($id, $if_real, $snort_uuid)
/* define spoink */
$spoink_type = "";
if ($snortcfg['blockoffenders7'] == "on") {
- if (preg_match('/^([a-zA-z0-9]+)/', $snortcfg['whitelistname'], $wlist_name_file)) {
- if ($wlist_name_file[0] == 'default')
- $spoink_whitelist_name = 'defaultwlist';
- else
- $spoink_whitelist_name = $wlist_name_file[0];
+ if ($snortcfg['whitelistname'] == "default")
+ $spoink_whitelist_name = 'defaultwlist';
+ else if (file_exists("/usr/local/etc/snort/whitelist/{$snortcfg['whitelistname']}"))
+ $spoink_whitelist_name = $snortcfg['whitelistname'];
- $spoink_type = "output alert_pf: /usr/local/etc/snort/whitelist/{$spoink_whitelist_name},snort2c";
- }
+ $spoink_type = "output alert_pf: /usr/local/etc/snort/whitelist/{$spoink_whitelist_name},snort2c";
}
/* define threshold file */
$threshold_file_name = "";
if ($snortcfg['suppresslistname'] != 'default') {
- if (preg_match('/^([a-zA-z0-9]+)/', $snortcfg['suppresslistname'], $slist_name_file2)) {
- $threshold_name = $slist_name_file2[0];
+ if (file_exists("/usr/local/etc/snort/suppress/{$snortcfg['suppresslistname']}"))
$threshold_file_name = "include /usr/local/etc/snort/suppress/{$threshold_name}";
- }
}
/* define servers and ports snortdefservers */