diff options
author | Ermal <eri@pfsense.org> | 2011-08-03 15:43:43 +0000 |
---|---|---|
committer | Ermal <eri@pfsense.org> | 2011-08-03 15:43:43 +0000 |
commit | 8c0fcc9d45f382d5f171adaf5bba112b0172d566 (patch) | |
tree | cf91743acb85e4053a3ed65173df8b635d888848 /config/snort/snort.inc | |
parent | 2e06535daadd598e700b5619ca08d935bd97146a (diff) | |
download | pfsense-packages-8c0fcc9d45f382d5f171adaf5bba112b0172d566.tar.gz pfsense-packages-8c0fcc9d45f382d5f171adaf5bba112b0172d566.tar.bz2 pfsense-packages-8c0fcc9d45f382d5f171adaf5bba112b0172d566.zip |
Another round of fixes for whitelist and suppress. Also correct behaviour of some GUI.
Diffstat (limited to 'config/snort/snort.inc')
-rw-r--r-- | config/snort/snort.inc | 128 |
1 files changed, 49 insertions, 79 deletions
diff --git a/config/snort/snort.inc b/config/snort/snort.inc index c375766f..cbbebf26 100644 --- a/config/snort/snort.inc +++ b/config/snort/snort.inc @@ -79,7 +79,7 @@ function find_whitelist_key($find_wlist_number) { return 0; /* XXX */ foreach ($config['installedpackages']['snortglobal']['whitelist']['item'] as $w_key => $value) { - if ($value['uuid'] == $find_wlist_number) + if ($value['name'] == $find_wlist_number) return $w_key; } } @@ -93,8 +93,8 @@ function find_suppress_key($find_slist_number) { if (!is_array($config['installedpackages']['snortglobal']['suppress']['item'])) return 0; /* XXX */ - foreach ($config['installedpackages']['snortglobal']['supppress']['item'] as $s_key => $value) { - if ($value['uuid'] == $find_slist_number) + foreach ($config['installedpackages']['snortglobal']['suppress']['item'] as $s_key => $value) { + if ($value['name'] == $find_slist_number) return $s_key; } } @@ -1023,12 +1023,6 @@ function sync_snort_package_all($id, $if_real, $snort_uuid) $result_lan = $config['installedpackages']['snortglobal']['rule'][$id]['interface']; $if_real = snort_get_real_interface($result_lan); - /* create snort configuration file */ - create_snort_conf($id, $if_real, $snort_uuid); - - /* if rules exist cp rules to each iface */ - create_rules_iface($id, $if_real, $snort_uuid); - /* only build whitelist when needed */ if ($config['installedpackages']['snortglobal']['rule'][$id]['blockoffenders7'] == 'on') create_snort_whitelist($id, $if_real); @@ -1037,6 +1031,12 @@ function sync_snort_package_all($id, $if_real, $snort_uuid) if ($config['installedpackages']['snortglobal']['rule'][$id]['suppresslistname'] != 'default') create_snort_suppress($id, $if_real); + /* create snort configuration file */ + create_snort_conf($id, $if_real, $snort_uuid); + + /* if rules exist cp rules to each iface */ + create_rules_iface($id, $if_real, $snort_uuid); + /* create snort bootup file snort.sh only create once */ create_snort_sh(); @@ -1073,12 +1073,6 @@ function sync_snort_package_empty() $snort_uuid = $value['uuid']; if ($if_real != '' && $snort_uuid != '') { - - /* create snort configuration file */ - create_snort_conf($id, $if_real, $snort_uuid); - - /* if rules exist cp rules to each iface */ - create_rules_iface($id, $if_real, $snort_uuid); /* only build whitelist when needed */ if ($value['blockoffenders7'] == 'on') @@ -1088,6 +1082,12 @@ function sync_snort_package_empty() if ($value['suppresslistname'] != 'default') create_snort_suppress($id, $if_real); + /* create snort configuration file */ + create_snort_conf($id, $if_real, $snort_uuid); + + /* if rules exist cp rules to each iface */ + create_rules_iface($id, $if_real, $snort_uuid); + /* create barnyard2 configuration file */ $snortbarnyardlog_info_chk = $value['barnyard_enable']; if ($snortbarnyardlog_info_chk == 'on') @@ -1130,9 +1130,6 @@ function sync_snort_package_config() if (!empty($if_real) && !empty($snort_uuid)) { - /* create snort configuration file */ - create_snort_conf($id, $if_real, $snort_uuid); - /* only build whitelist when needed */ if ($value['blockoffenders7'] == 'on') create_snort_whitelist($id, $if_real); @@ -1141,6 +1138,9 @@ function sync_snort_package_config() if ($value['suppresslistname'] != 'default') create_snort_suppress($id, $if_real); + /* create snort configuration file */ + create_snort_conf($id, $if_real, $snort_uuid); + /* create barnyard2 configuration file */ if ($value['barnyard_enable'] == 'on') create_barnyard2_conf($id, $if_real, $snort_uuid); @@ -1167,28 +1167,21 @@ function create_snort_suppress($id, $if_real) { return; if ($config['installedpackages']['snortglobal']['rule'][$id]['suppresslistname'] != 'default') { + $whitelist_key_s = find_suppress_key($config['installedpackages']['snortglobal']['rule'][$id]['suppresslistname']); + if (empty($whitelist_key_s)) + return ""; - if (preg_match('/([0-9]+)$/', $config['installedpackages']['snortglobal']['rule'][$id]['suppresslistname'], $slist_num_wrt)) { - $whitelist_key_s = find_suppress_key($slist_num_wrt[0]); + /* file name */ + $suppress_file_name = $config['installedpackages']['snortglobal']['suppress']['item'][$whitelist_key_s]['name']; - /* file name */ - $suppress_file_name = $config['installedpackages']['snortglobal']['suppress']['item'][$whitelist_key_s]['name']; - - /* Message */ - $s_data .= '# This file is auto generated by the snort package. Please do not edit this file by hand.' . "\n\n"; + /* Message */ + $s_data .= '# This file is auto generated by the snort package. Please do not edit this file by hand.' . "\n\n"; - /* user added arguments */ - $s_data .= str_replace("\r", "", base64_decode($config['installedpackages']['snortglobal']['suppress']['item'][$whitelist_key_s]['suppresspassthru'])); + /* user added arguments */ + $s_data .= str_replace("\r", "", base64_decode($config['installedpackages']['snortglobal']['suppress']['item'][$whitelist_key_s]['suppresspassthru'])); - /* open snort's whitelist for writing */ - $suppresslist_w = fopen("/usr/local/etc/snort/suppress/$suppress_file_name", "w"); - if(!$suppresslist_w) { - log_error("Could not open /usr/local/etc/snort/suppress/$suppress_file_name for writing."); - return; - } - fwrite($suppresslist_w, $s_data); - fclose($suppresslist_w); - } + /* open snort's whitelist for writing */ + @file_put_contents("/usr/local/etc/snort/suppress/$suppress_file_name", $s_data); } } @@ -1204,39 +1197,20 @@ function create_snort_whitelist($id, $if_real) { $w_data = build_base_whitelist('whitelist', 'yes', 'yes', 'yes', 'yes', 'yes', 'no'); /* open snort's whitelist for writing */ - $whitelist_w = fopen("/usr/local/etc/snort/whitelist/defaultwlist", "w"); - if (!$whitelist_w) { - log_error("Could not open /usr/local/etc/snort/whitelist/defaultwlist for writing."); - return; - } - fwrite($whitelist_w, $w_data); - fclose($whitelist_w); - - } else if (preg_match('/^([a-zA-z0-9]+)/', $config['installedpackages']['snortglobal']['rule'][$id]['whitelistname'], $wlist_name_wrt)) { - if (preg_match('/([0-9]+)$/', $config['installedpackages']['snortglobal']['rule'][$id]['whitelistname'], $wlist_num_wrt)) { - $whitelist_key_w = find_whitelist_key($wlist_num_wrt[0]); + @file_put_contents("/usr/local/etc/snort/whitelist/defaultwlist", $w_data); - if (!is_array($config['installedpackages']['snortglobal']['whitelist']['item'])) - return; + } else if (!empty($config['installedpackages']['snortglobal']['rule'][$id]['whitelistname'])) { + $whitelist_key_w = find_whitelist_key($config['installedpackages']['snortglobal']['rule'][$id]['whitelistname']); - $build_netlist = $config['installedpackages']['snortglobal']['whitelist']['item'][$whitelist_key_w]['snortlisttype']; - $wanip = $config['installedpackages']['snortglobal']['whitelist']['item'][$whitelist_key_w]['wanips']; - $wangw = $config['installedpackages']['snortglobal']['whitelist']['item'][$whitelist_key_w]['wangateips']; - $wandns = $config['installedpackages']['snortglobal']['whitelist']['item'][$whitelist_key_w]['wandnsips']; - $vips = $config['installedpackages']['snortglobal']['whitelist']['item'][$whitelist_key_w]['vips']; - $vpns = $config['installedpackages']['snortglobal']['whitelist']['item'][$whitelist_key_w]['vpnips']; + if (!is_array($config['installedpackages']['snortglobal']['whitelist']['item'])) + return; - $w_data = build_base_whitelist($build_netlist, $wanip, $wangw, $wandns, $vips, $vpns, $whitelist_key_w); + $whitelist = $config['installedpackages']['snortglobal']['whitelist']['item'][$whitelist_key_w]; + $w_data = build_base_whitelist($whitelist['snortlisttype'], $whitelist['wanips'], $whitelist['wangateips'], + $whitelist['wandnsips'], $whitelist['vips'], $whitelist['vpnips'], $whitelist_key_w); - /* open snort's whitelist for writing */ - $whitelist_w = fopen("/usr/local/etc/snort/whitelist/$wlist_name_wrt[0]", "w"); - if(!$whitelist_w) { - log_error("Could not open /usr/local/etc/snort/whitelist/$wlist_name_wrt[0] for writing."); - return; - } - fwrite($whitelist_w, $w_data); - fclose($whitelist_w); - } + /* open snort's whitelist for writing */ + @file_put_contents("/usr/local/etc/snort/whitelist/" . $config['installedpackages']['snortglobal']['rule'][$id]['whitelistname'], $w_data); } } @@ -1245,8 +1219,8 @@ function create_snort_homenet($id, $if_real) { if ($config['installedpackages']['snortglobal']['rule'][$id]['homelistname'] == 'default' || $config['installedpackages']['snortglobal']['rule'][$id]['homelistname'] == '') return build_base_whitelist('netlist', 'yes', 'yes', 'yes', 'yes', 'yes', 'no'); - else if (preg_match('/([0-9]+)$/', $config['installedpackages']['snortglobal']['rule'][$id]['homelistname'], $hlist_num_wrt)) { - $whitelist_key_h = find_whitelist_key($hlist_num_wrt[0]); + else if (!empty($config['installedpackages']['snortglobal']['rule'][$id]['homelistname'])) { + $whitelist_key_h = find_whitelist_key($config['installedpackages']['snortglobal']['rule'][$id]['homelistname']); if (!is_array($config['installedpackages']['snortglobal']['whitelist']['item'])) return; @@ -1265,8 +1239,8 @@ function create_snort_homenet($id, $if_real) { function create_snort_externalnet($id, $if_real) { global $config, $g; - if (preg_match('/([0-9]+)$/', $config['installedpackages']['snortglobal']['rule'][$id]['externallistname'], $exlist_num_wrt)) { - $whitelist_key_ex = find_whitelist_key($exlist_num_wrt[0]); + if (!empty($config['installedpackages']['snortglobal']['rule'][$id]['externallistname'])) { + $whitelist_key_ex = find_whitelist_key($config['installedpackages']['snortglobal']['rule'][$id]['externallistname']); if (!is_array($config['installedpackages']['snortglobal']['whitelist']['item'])) return; @@ -1740,23 +1714,19 @@ function generate_snort_conf($id, $if_real, $snort_uuid) /* define spoink */ $spoink_type = ""; if ($snortcfg['blockoffenders7'] == "on") { - if (preg_match('/^([a-zA-z0-9]+)/', $snortcfg['whitelistname'], $wlist_name_file)) { - if ($wlist_name_file[0] == 'default') - $spoink_whitelist_name = 'defaultwlist'; - else - $spoink_whitelist_name = $wlist_name_file[0]; + if ($snortcfg['whitelistname'] == "default") + $spoink_whitelist_name = 'defaultwlist'; + else if (file_exists("/usr/local/etc/snort/whitelist/{$snortcfg['whitelistname']}")) + $spoink_whitelist_name = $snortcfg['whitelistname']; - $spoink_type = "output alert_pf: /usr/local/etc/snort/whitelist/{$spoink_whitelist_name},snort2c"; - } + $spoink_type = "output alert_pf: /usr/local/etc/snort/whitelist/{$spoink_whitelist_name},snort2c"; } /* define threshold file */ $threshold_file_name = ""; if ($snortcfg['suppresslistname'] != 'default') { - if (preg_match('/^([a-zA-z0-9]+)/', $snortcfg['suppresslistname'], $slist_name_file2)) { - $threshold_name = $slist_name_file2[0]; + if (file_exists("/usr/local/etc/snort/suppress/{$snortcfg['suppresslistname']}")) $threshold_file_name = "include /usr/local/etc/snort/suppress/{$threshold_name}"; - } } /* define servers and ports snortdefservers */ |