aboutsummaryrefslogtreecommitdiffstats
path: root/config/snort/snort_download_rules.php
diff options
context:
space:
mode:
authorrobiscool <robrob2626@yahoo.com>2009-06-09 10:56:03 -0700
committerrobiscool <robrob2626@yahoo.com>2009-06-09 10:56:03 -0700
commit9897f8deb603c33a57014230825fabf509e4b229 (patch)
treeef0246aa643a55626d7af95b0b572c95a6c41d78 /config/snort/snort_download_rules.php
parent6aefeb8d9be1acd1e0cab8c3fde76f7a175740f1 (diff)
downloadpfsense-packages-9897f8deb603c33a57014230825fabf509e4b229.tar.gz
pfsense-packages-9897f8deb603c33a57014230825fabf509e4b229.tar.bz2
pfsense-packages-9897f8deb603c33a57014230825fabf509e4b229.zip
Major feature update, added Emergingthreats rules,Alerts Tab logging type full or fast,Send alerts to main OS System logs,Log to a Tcpdump,Log to a mysql database,Log Alerts to a snort unified
Diffstat (limited to 'config/snort/snort_download_rules.php')
-rw-r--r--config/snort/snort_download_rules.php173
1 files changed, 158 insertions, 15 deletions
diff --git a/config/snort/snort_download_rules.php b/config/snort/snort_download_rules.php
index e82a0239..240f9ea6 100644
--- a/config/snort/snort_download_rules.php
+++ b/config/snort/snort_download_rules.php
@@ -32,6 +32,8 @@ $tmpfname = "/tmp/snort_rules_up";
$snortdir = "/usr/local/etc/snort";
$snort_filename_md5 = "snortrules-snapshot-2.8.tar.gz.md5";
$snort_filename = "snortrules-snapshot-2.8.tar.gz";
+$emergingthreats_filename_md5 = "version.txt";
+$emergingthreats_filename = "emerging.rules.tar.gz";
require_once("guiconfig.inc");
require_once("functions.inc");
@@ -174,7 +176,7 @@ if (file_exists($tmpfname)) {
/* unhide progress bar and lets end this party */
unhide_progress_bar_status();
-/* download md5 sig */
+/* download md5 sig from snort.org */
if (file_exists("{$tmpfname}/{$snort_filename_md5}")) {
update_status(gettext("md5 temp file exists..."));
} else {
@@ -188,6 +190,19 @@ if (file_exists("{$tmpfname}/{$snort_filename_md5}")) {
update_status(gettext("Done. downloading md5"));
}
+/* download md5 sig from emergingthreats.net */
+$emergingthreats_url_chk = $config['installedpackages']['snort']['config'][0]['emergingthreats'];
+if ($emergingthreats_url_chk == on) {
+ update_status(gettext("Downloading md5 file..."));
+ ini_set('user_agent','Mozilla/4.0 (compatible; MSIE 6.0)');
+ $image = @file_get_contents("http://www.emergingthreats.net/version.txt");
+// $image = @file_get_contents("http://www.mtest.local/pub-bin/oinkmaster.cgi/{$oinkid}/version.txt");
+ $f = fopen("{$tmpfname}/version.txt", 'w');
+ fwrite($f, $image);
+ fclose($f);
+ update_status(gettext("Done. downloading md5"));
+}
+
/* Time stamps define */
$last_md5_download = $config['installedpackages']['snort']['last_md5_download'];
$last_rules_install = $config['installedpackages']['snort']['last_rules_install'];
@@ -204,7 +219,22 @@ if (0 == filesize("{$tmpfname}/snortrules-snapshot-2.8.tar.gz.md5")){
exit(0);
}
-/* Check if were up to date */
+/* If emergingthreats md5 file is empty wait 15min exit */
+$emergingthreats_url_chk = $config['installedpackages']['snort']['config'][0]['emergingthreats'];
+if ($emergingthreats_url_chk == on) {
+if (0 == filesize("{$tmpfname}/version.txt")){
+ update_status(gettext("There was an error getting emergingthreats md5."));
+ update_output_window(gettext("There was an error getting emergingthreats md5."));
+ hide_progress_bar_status();
+ /* Display last time of sucsessful md5 check from cache */
+// echo "\n<p align=center><b>You last checked for updates: </b>{$last_md5_download}</p>\n";
+// echo "\n<p align=center><b>You last installed for rules: </b>{$last_rules_install}</p>\n";
+ echo "\n\n</body>\n</html>\n";
+ exit(0);
+ }
+}
+
+/* Check if were up to date snort.org */
if (file_exists("{$snortdir}/snortrules-snapshot-2.8.tar.gz.md5")){
$md5_check_new_parse = file_get_contents("{$tmpfname}/{$snort_filename_md5}");
$md5_check_new = `/bin/echo "{$md5_check_new_parse}" | /usr/bin/awk '{ print $1 }'`;
@@ -222,25 +252,92 @@ if ($md5_check_new == $md5_check_old) {
echo "\n<p align=center><b>You last installed for rules: </b>{$last_rules_install}</p>\n";
// echo "P is this code {$premium_subscriber}";
echo "\n\n</body>\n</html>\n";
- exit(0);
+ $snort_md5_check_ok = on;
}
}
+/* Check if were up to date emergingthreats.net */
+$emergingthreats_url_chk = $config['installedpackages']['snort']['config'][0]['emergingthreats'];
+if ($emergingthreats_url_chk == on) {
+if (file_exists("{$snortdir}/version.txt")){
+$emerg_md5_check_new_parse = file_get_contents("{$tmpfname}/version.txt");
+$emerg_md5_check_new = `/bin/echo "{$emerg_md5_check_new_parse}" | /usr/bin/awk '{ print $1 }'`;
+$emerg_md5_check_old_parse = file_get_contents("{$snortdir}/version.txt");
+$emerg_md5_check_old = `/bin/echo "{$emerg_md5_check_old_parse}" | /usr/bin/awk '{ print $1 }'`;
+/* Write out time of last sucsessful md5 to cache */
+$config['installedpackages']['snort']['last_md5_download'] = date("Y-M-jS-h:i-A");
+write_config();
+if ($emerg_md5_check_new == $emerg_md5_check_old) {
+ update_status(gettext("Your emergingthreats rules are up to date..."));
+ update_output_window(gettext("You may start Snort now, check update."));
+ hide_progress_bar_status();
+ $emerg_md5_check_chk_ok = on;
+ /* Timestamps to html */
+// echo "\n<p align=center><b>You last checked for updates: </b>{$last_md5_download}</p>\n";
+// echo "\n<p align=center><b>You last installed for rules: </b>{$last_rules_install}</p>\n";
+ }
+ }
+}
+
+/* Make Clean Snort Directory emergingthreats not checked */
+if ($snort_md5_check_ok == on && $emergingthreats_url_chk != on) {
+ update_status(gettext("Cleaning the snort Directory..."));
+ update_output_window(gettext("removing..."));
+ exec("/bin/rm -r {$snortdir}/rules/emerging*");
+ exec("/bin/rm -r {$snortdir}/version.txt");
+ update_status(gettext("Done making snort direcory."));
+}
+
+/* Check if were up to date exits */
+if ($snort_md5_check_ok == on && $emerg_md5_check_chk_ok == on) {
+ update_status(gettext("Your rules are up to date..."));
+ update_output_window(gettext("You may start Snort now..."));
+ exit(0);
+}
+
+if ($snort_md5_check_ok == on && $emergingthreats_url_chk != on) {
+ update_status(gettext("Your rules are up to date..."));
+ update_output_window(gettext("You may start Snort now..."));
+ exit(0);
+}
+
/* "You are Not Up to date */;
update_status(gettext("You are NOT up to date..."));
+ update_output_window(gettext("Stoping Snort service..."));
+stop_service("snort");
+sleep(2);
+// start_service("snort");
/* download snortrules file */
+if ($snort_md5_check_ok != on) {
if (file_exists("{$tmpfname}/{$snort_filename}")) {
update_status(gettext("Snortrule tar file exists..."));
} else {
+ unhide_progress_bar_status();
update_status(gettext("There is a new set of Snort rules posted. Downloading..."));
update_output_window(gettext("May take 4 to 10 min..."));
-// download_file_with_progress_bar("http://www.mtest.local/pub-bin/oinkmaster.cgi/{$oinkid}/snortrules-snapshot-2.8{$premium_subscriber}.tar.gz", $tmpfname . "/{$snort_filename}", "read_body_firmware");
- download_file_with_progress_bar("http://dl.snort.org/{$premium_url}/snortrules-snapshot-2.8{$premium_subscriber}.tar.gz?oink_code={$oinkid}", $tmpfname . "/{$snort_filename}", "read_body_firmware");
+// download_file_with_progress_bar("http://www.mtest.local/pub-bin/oinkmaster.cgi/{$oinkid}/snortrules-snapshot-2.8{$premium_subscriber}.tar.gz", $tmpfname . "/{$snort_filename}", "read_body_firmware");
+ download_file_with_progress_bar("http://dl.snort.org/{$premium_url}/snortrules-snapshot-2.8{$premium_subscriber}.tar.gz?oink_code={$oinkid}", $tmpfname . "/{$snort_filename}", "read_body_firmware");
update_all_status($static_output);
update_status(gettext("Done downloading rules file."));
+ }
}
+/* download emergingthreats rules file */
+if ($emergingthreats_url_chk == on) {
+if ($emerg_md5_check_chk_ok != on) {
+if (file_exists("{$tmpfname}/{$emergingthreats_filename}")) {
+ update_status(gettext("Emergingthreats tar file exists..."));
+} else {
+ update_status(gettext("There is a new set of Emergingthreats rules posted. Downloading..."));
+ update_output_window(gettext("May take 4 to 10 min..."));
+// download_file_with_progress_bar("http://www.mtest.local/pub-bin/oinkmaster.cgi/{$oinkid}/emerging.rules.tar.gz", $tmpfname . "/{$emergingthreats_filename}", "read_body_firmware");
+ download_file_with_progress_bar("http://www.emergingthreats.net/rules/emerging.rules.tar.gz", $tmpfname . "/{$emergingthreats_filename}", "read_body_firmware");
+ update_all_status($static_output);
+ update_status(gettext("Done downloading Emergingthreats rules file."));
+ }
+ }
+ }
/* Compair md5 sig to file sig */
@@ -271,7 +368,8 @@ if (file_exists("{$tmpfname}/{$snort_filename}")) {
//}
/* Untar snort rules file individually to help people with low system specs */
-if (file_exists("{$tmpfname}/$snort_filename")) {
+if ($snort_md5_check_ok != on) {
+if (file_exists("{$tmpfname}/{$snort_filename}")) {
update_status(gettext("Extracting rules..."));
update_output_window(gettext("May take a while..."));
exec("/usr/bin/tar xzf {$tmpfname}/{$snort_filename} -C {$tmpfname} rules/");
@@ -296,46 +394,70 @@ if (file_exists("{$tmpfname}/$snort_filename")) {
update_status(gettext("The Download rules file missing..."));
update_output_window(gettext("Error rules extracting failed..."));
exit(0);
+ }
+}
+
+/* Untar emergingthreats rules to tmp */
+if ($emergingthreats_url_chk == on) {
+if ($emerg_md5_check_chk_ok != on) {
+if (file_exists("{$tmpfname}/{$emergingthreats_filename}")) {
+ update_status(gettext("Extracting rules..."));
+ update_output_window(gettext("May take a while..."));
+ exec("/usr/bin/tar xzf {$tmpfname}/{$emergingthreats_filename} -C {$tmpfname} rules/");
+ }
+ }
}
+/* Untar snort signatures */
+if ($snort_md5_check_ok != on) {
+if (file_exists("{$tmpfname}/{$snort_filename}")) {
$signature_info_chk = $config['installedpackages']['snort']['config'][0]['signatureinfo'];
if ($premium_url_chk == on) {
update_status(gettext("Extracting Signatures..."));
update_output_window(gettext("May take a while..."));
exec("/usr/bin/tar xzf {$tmpfname}/{$snort_filename} -C {$tmpfname} doc/signatures/");
update_status(gettext("Done extracting Signatures."));
+ }
+ }
}
-/* Making Cleaning Snort Directory */
-if (file_exists("{$snortdir}")) {
+/* Make Clean Snort Directory */
+if ($snort_md5_check_ok != on && $emerg_md5_check_chk_ok != on) {
+if (file_exists("{$snortdir}/rules")) {
update_status(gettext("Cleaning the snort Directory..."));
update_output_window(gettext("removing..."));
exec("/bin/rm -r {$snortdir}/*");
- exec("/bin/rm -r /usr/local/lib/snort/dynamicrules/*");
+ exec("/bin/rm -r {$snortdir}/rules/*");
+ exec("/bin/rm -r /usr/local/lib/snort/dynamicrules/*");
} else {
update_status(gettext("Making Snort Directory..."));
update_output_window(gettext("should be fast..."));
exec("/bin/mkdir {$snortdir}");
+ exec("/bin/mkdir {$snortdir}/rules");
exec("/bin/rm -r /usr/local/lib/snort/dynamicrules/*");
update_status(gettext("Done making snort direcory."));
+ }
}
-/* Copy rules dir to snort dir */
+/* Copy snort rules and emergingthreats dir to snort dir */
+if ($snort_md5_check_ok != on || $emerg_md5_check_chk_ok != on) {
if (file_exists("{$tmpfname}/rules")) {
update_status(gettext("Copying rules..."));
update_output_window(gettext("May take a while..."));
- exec("/bin/mv -f {$tmpfname}/rules {$snortdir}/rules");
+ exec("/bin/cp {$tmpfname}/rules/* {$snortdir}/rules");
update_status(gettext("Done copping rules."));
/* Write out time of last sucsessful rule install catch */
$config['installedpackages']['snort']['last_rules_install'] = date("Y-M-jS-h:i-A");
write_config();
} else {
update_status(gettext("Directory rules does not exists..."));
- update_output_window(gettext("Error copping rules direcory..."));
+ update_output_window(gettext("Error copying rules direcory..."));
exit(0);
+ }
}
/* Copy md5 sig to snort dir */
+if ($snort_md5_check_ok != on) {
if (file_exists("{$tmpfname}/$snort_filename_md5")) {
update_status(gettext("Copying md5 sig to snort directory..."));
exec("/bin/cp {$tmpfname}/$snort_filename_md5 {$snortdir}/$snort_filename_md5");
@@ -343,9 +465,25 @@ if (file_exists("{$tmpfname}/$snort_filename_md5")) {
update_status(gettext("The md5 file does not exist..."));
update_output_window(gettext("Error copping config..."));
exit(0);
+ }
+}
+
+/* Copy emergingthreats md5 sig to snort dir */
+if ($emergingthreats_url_chk == on) {
+if ($emerg_md5_check_chk_ok != on) {
+if (file_exists("{$tmpfname}/$emergingthreats_filename_md5")) {
+ update_status(gettext("Copying md5 sig to snort directory..."));
+ exec("/bin/cp {$tmpfname}/$emergingthreats_filename_md5 {$snortdir}/$emergingthreats_filename_md5");
+} else {
+ update_status(gettext("The emergingthreats md5 file does not exist..."));
+ update_output_window(gettext("Error copping config..."));
+ exit(0);
+ }
+ }
}
/* Copy configs to snort dir */
+if ($snort_md5_check_ok != on) {
if (file_exists("{$tmpfname}/etc/Makefile.am")) {
update_status(gettext("Copying configs to snort directory..."));
exec("/bin/cp {$tmpfname}/etc/* {$snortdir}");
@@ -353,9 +491,11 @@ if (file_exists("{$tmpfname}/etc/Makefile.am")) {
update_status(gettext("The snort configs does not exist..."));
update_output_window(gettext("Error copping config..."));
exit(0);
+ }
}
/* Copy signatures dir to snort dir */
+if ($snort_md5_check_ok != on) {
$signature_info_chk = $config['installedpackages']['snort']['config'][0]['signatureinfo'];
if ($premium_url_chk == on) {
if (file_exists("{$tmpfname}/doc/signatures")) {
@@ -368,9 +508,11 @@ if (file_exists("{$tmpfname}/doc/signatures")) {
update_output_window(gettext("Error copping signature..."));
exit(0);
}
+ }
}
-
+
/* Copy so_rules dir to snort lib dir */
+if ($snort_md5_check_ok != on) {
if (file_exists("{$tmpfname}/so_rules/precompiled/FreeBSD-7.0/i386/2.8.4/")) {
update_status(gettext("Copying so_rules..."));
update_output_window(gettext("May take a while..."));
@@ -394,12 +536,13 @@ if (file_exists("{$tmpfname}/so_rules/precompiled/FreeBSD-7.0/i386/2.8.4/")) {
update_status(gettext("Directory so_rules does not exist..."));
update_output_window(gettext("Error copping so_rules..."));
exit(0);
+ }
}
/* php code finish */
-update_status(gettext("Rules update finished..."));
-update_output_window(gettext("You may start Snort now finnal."));
+update_status(gettext("The Rules update finished..."));
+update_output_window(gettext("Please reboot Pfsense before starting Snort..."));
/* hide progress bar and lets end this party */
hide_progress_bar_status();