diff options
author | marcelloc <marcellocoutinho@gmail.com> | 2011-11-11 13:21:26 -0200 |
---|---|---|
committer | marcelloc <marcellocoutinho@gmail.com> | 2011-11-11 13:21:26 -0200 |
commit | 14201ad21c92700ef26daf442f6d32a400e20b7f (patch) | |
tree | 8ac2dc8bde2cdfb3ac34a4659bda931a3a9c7674 /config/snort | |
parent | 86d84edf0d9dc59161004b61c409f92d730704f1 (diff) | |
parent | d378152135a49642975cb5a2ce5a106fe7a8fe07 (diff) | |
download | pfsense-packages-14201ad21c92700ef26daf442f6d32a400e20b7f.tar.gz pfsense-packages-14201ad21c92700ef26daf442f6d32a400e20b7f.tar.bz2 pfsense-packages-14201ad21c92700ef26daf442f6d32a400e20b7f.zip |
Merge branch 'master' of https://github.com/bsdperimeter/pfsense-packages
Diffstat (limited to 'config/snort')
-rw-r--r-- | config/snort/snort.inc | 584 | ||||
-rw-r--r-- | config/snort/snort.xml | 7 | ||||
-rw-r--r-- | config/snort/snort_barnyard.php | 2 | ||||
-rw-r--r-- | config/snort/snort_define_servers.php | 2 | ||||
-rw-r--r-- | config/snort/snort_dynamic_ip_reload.php | 45 | ||||
-rw-r--r-- | config/snort/snort_interfaces.php | 60 | ||||
-rw-r--r-- | config/snort/snort_interfaces_edit.php | 36 | ||||
-rw-r--r-- | config/snort/snort_interfaces_global.php | 2 | ||||
-rw-r--r-- | config/snort/snort_interfaces_whitelist_edit.php | 2 | ||||
-rw-r--r-- | config/snort/snort_preprocessors.php | 2 | ||||
-rw-r--r-- | config/snort/snort_rules.php | 2 | ||||
-rw-r--r-- | config/snort/snort_rulesets.php | 16 |
12 files changed, 92 insertions, 668 deletions
diff --git a/config/snort/snort.inc b/config/snort/snort.inc index 3d1bd57c..0e624c7f 100644 --- a/config/snort/snort.inc +++ b/config/snort/snort.inc @@ -37,7 +37,7 @@ require_once("functions.inc"); require_once("filter.inc"); /* package version */ -$snort_package_version = 'Snort 2.9.0.5 pkg v. 2.0'; +$snort_package_version = 'Snort 2.9.1 pkg v. 2.0'; /* Allow additional execution time 0 = no limit. */ ini_set('max_execution_time', '9999'); @@ -56,6 +56,8 @@ else $snort_pfsense_basever = 'yes'; /* find out what arch where in x86 , x64 */ +global $snort_arch; +$snort_arch = 'x86'; $snort_arch_ck = php_uname("m"); if ($snort_arch_ck == 'i386') $snort_arch = 'x86'; @@ -238,25 +240,10 @@ function build_base_whitelist($build_netlist, $wanip, $wangw, $wandns, $vips, $v function Running_Ck($snort_uuid, $if_real, $id) { global $config; - $snort_up_ck = exec("/bin/ps -U snort | /usr/bin/grep snort | /usr/bin/awk '{print \$1;}'"); - - if(snort_up_ck == '') { - $snort_up = 'no'; - return $snort_up; - } - - if(snort_up_ck != ''){ - - /* use ob_clean to clear output buffer, this code needs to be watched */ - ob_clean(); - $snort_up_prell = exec("/bin/ps -U snort | /usr/bin/grep \"\-R {$snort_uuid}\" | /usr/bin/awk '{print \$1;}'"); - - if ($snort_up_prell != '') { - $snort_uph = 'yes'; - }else{ - $snort_uph = 'no'; - } - } + $snort_uph = 'no'; + $snort_up_prell = exec("/bin/ps -ax | /usr/bin/grep \"R {$snort_uuid}\" | /usr/bin/grep -v grep | /usr/bin/awk '{print \$1;}'"); + if ($snort_up_prell != '') + $snort_uph = 'yes'; return $snort_uph; } @@ -265,24 +252,10 @@ function Running_Ck($snort_uuid, $if_real, $id) { function Running_Ck_b($snort_uuid, $if_real, $id) { global $config; - $snort_up_ck_b = exec("/bin/ps -U snort | /usr/bin/grep barnyard2 | /usr/bin/awk '{print \$1;}'"); - - if($snort_up_ck_b == ''){ - $snort_up_b = 'no'; - return $snort_up_b; - } - - if(snort_up_ck_b != '') { - - ob_clean(); - $snort_up_pre_b = exec("/bin/ps -U snort | grep \"f snort_{$snort_uuid}_{$if_real}.u2\" | awk '{print \$1;}'"); - - if ($snort_up_pre_b != '') { - $snort_up_b = 'yes'; - }else{ - $snort_up_b = 'no'; - } - } + $snort_up_b = 'no'; + $snort_up_pre_b = exec("/bin/ps -ax | /usr/bin/grep barnyard2 | /usr/bin/grep \"f snort_{$snort_uuid}_{$if_real}.u2\" | /usr/bin/grep -v grep | /usr/bin/awk '{print \$1;}'"); + if ($snort_up_pre_b != '') + $snort_up_b = 'yes'; return $snort_up_b; } @@ -293,43 +266,25 @@ function Running_Stop($snort_uuid, $if_real, $id) { /* if snort.sh crashed this will remove the pid */ @unlink('/tmp/snort.sh.pid'); - $start_up_s = exec("/bin/ps -U snort | grep \"\-R {$snort_uuid}\" | awk '{ print \$1; }'"); - $start_up_r = exec("/bin/ps -U root | grep \"\-R {$snort_uuid}\" | awk '{ print \$1; }'"); - - $start2_upb_s = exec("/bin/ps -U snort | grep \"snort_{$snort_uuid}_{$if_real}.u2\" | awk '{ print \$1; }'"); - $start2_upb_r = exec("/bin/ps -U root | grep \"snort_{$snort_uuid}_{$if_real}.u2\" | awk '{ print \$1; }'"); - - if ($start_up_s != '' || $start_up_r != '' || $start2_upb_s != '' || $start2_upb_r != '') { - if ($start_up_s != '') - { - exec("/bin/kill {$start_up_s}"); - exec("rm /var/log/snort/run/snort_{$if_real}{$snort_uuid}*"); - exec("rm /var/log/snort/snort_{$snort_uuid}_{$if_real}*"); - } - - if ($start2_upb_s != '') - { - exec("/bin/kill {$start2_upb_s}"); - exec("/bin/rm /var/run/barnyard2_{$snort_uuid}_{$if_real}*"); - } + $start_up = exec("/bin/ps -ax | /usr/bin/grep \"R {$snort_uuid}\" | /usr/bin/grep -v grep | /usr/bin/awk '{ print \$1; }'"); + $start_upb = exec("/bin/ps -ax | /usr/bin/grep \"snort_{$snort_uuid}_{$if_real}.u2\" | /usr/bin/grep -v grep | /usr/bin/awk '{ print \$1; }'"); - if ($start_up_r != '') - { - exec("/bin/kill {$start_up_r}"); - exec("rm /var/log/snort/run/snort_{$if_real}{$snort_uuid}*"); - exec("rm /var/log/snort/snort_{$snort_uuid}_{$if_real}*"); - } - - if ($start2_upb_r != '') - { - exec("/bin/kill {$start2_upb_r}"); - exec("/bin/rm /var/run/barnyard2_{$snort_uuid}_{$if_real}*"); - } + if ($start_up != '') { + exec("/bin/kill {$start_up}"); + exec("/bin/rm /var/log/snort/run/snort_{$if_real}{$snort_uuid}*"); + exec("/bin/rm /var/log/snort/snort_{$snort_uuid}_{$if_real}*"); + exec("/bin/rm -r /usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}"); + } - /* Log Iface stop */ - exec("/usr/bin/logger -p daemon.info -i -t SnortStartup 'Interface Rule STOP for {$snort_uuid}_{$if_real}...'"); - sleep(2); // Give time so GUI displays correctly + if ($start_upb != '') { + exec("/bin/kill {$start_upb}"); + exec("/bin/rm /var/run/barnyard2_{$snort_uuid}_{$if_real}*"); + exec("/bin/rm /var/log/snort/snort.u2_{$snort_uuid}_{$if_real}*"); } + + /* Log Iface stop */ + exec("/usr/bin/logger -p daemon.info -i -t SnortStartup 'Interface Rule STOP for {$snort_uuid}_{$if_real}...'"); + sleep(2); // Give time so GUI displays correctly } function Running_Start($snort_uuid, $if_real, $id) { @@ -341,11 +296,14 @@ function Running_Start($snort_uuid, $if_real, $id) { $snort_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['enable']; if ($snort_info_chk == 'on') exec("/usr/local/bin/snort -R \"{$snort_uuid}\" -D -q -l /var/log/snort --pid-path /var/log/snort/run -G {$snort_uuid} -c /usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/snort.conf -i {$if_real}"); + else + return; + /* define snortbarnyardlog_chk */ /* top will have trouble if the uuid is to far back */ $snortbarnyardlog_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['barnyard_enable']; $snortbarnyardlog_mysql_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['barnyard_mysql']; - if ($snortbarnyardlog_info_chk == 'on' && $snortbarnyardlog_mysql_info_chk != '' && $snort_info_chk == 'on') { + if ($snortbarnyardlog_info_chk == 'on' && $snortbarnyardlog_mysql_info_chk != '') { exec("/usr/local/bin/barnyard2 -f \"snort_{$snort_uuid}_{$if_real}.u2\" --pid-path /var/log/snort/run -c /usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/barnyard2.conf -d /var/log/snort -D -q"); } @@ -396,7 +354,7 @@ function snort_file_list($snort_log_dir, $snort_log_file) $dir = opendir ("$snort_log_dir"); while (false !== ($file = readdir($dir))) { if (strpos($file, "$snort_log_file",1) ) - $file_list[] = $file; + $file_list[] = basename($file); } return $file_list; } @@ -636,29 +594,11 @@ function snort_postinstall() if ($config['installedpackages']['snortglobal']['forcekeepsettings'] == 'on') { update_status(gettext("Saved settings detected...")); update_output_window(gettext("Please wait... rebuilding files...")); - sync_snort_package_empty(); + sync_snort_package_config(); update_output_window(gettext("Finnished Rebuilding files...")); } } -function sync_package_snort_reinstall() -{ - global $config; - - conf_mount_rw(); - - if (!$config['installedpackages']['snortglobal']) - return; - - /* create snort configuration file */ - create_snort_conf(); - - /* start snort service */ - // start_service("snort"); // do not start, may be needed latter. - - conf_mount_ro(); -} - function snort_Getdirsize($node) { if(!is_readable($node)) return false; @@ -889,79 +829,8 @@ function snort_rules_up_install_cron($should_install) { } } -function sync_snort_package_remove_old() -{ - global $config, $g; - - $snort_dir_scan = '/usr/local/etc/snort'; - - // scan dirm might have to make this into a funtion - $dh_scan = opendir($snort_dir_scan); - while (false !== ($dir_filename = readdir($dh_scan))) { - $list_dir_files[] = $dir_filename; - } - - // find patern in a array, very cool code - class array_ereg { - function array_ereg($pattern) { $this->pattern = $pattern; } - function ereg($string) { - return ereg($this->pattern, $string); - } - } - - $rule_array2 = $config['installedpackages']['snortglobal']['rule']; - foreach ($rule_array2 as $id => $value) { - $result_lan = $value['interface']; - $if_real = snort_get_real_interface($result_lan); - - $snort_rules_list[] = "snort_{$id}{$if_real}"; - } - - $snort_dir_filter = array_filter($list_dir_files, array(new array_ereg("snort_"), 'ereg')); - $snort_dir_filter_search_result = array_diff($snort_dir_filter, $snort_rules_list); - - foreach ($snort_dir_filter_search_result as $value) - exec("/bin/rm -r /usr/local/etc/snort/$value"); - -} - -/* make sure this func on writes to files and does not start snort */ -function sync_snort_package() { - global $config, $g; - - /* all new files are for the user snort nologin */ - if (!is_dir('/var/log/snort')) - exec('/bin/mkdir -p /var/log/snort'); - - if (!is_dir('/var/log/snort/run')) - exec('/bin/mkdir -p /var/log/snort/run'); - - if (!is_dir('/var/log/snort/barnyard2')) - exec('/bin/mkdir -p /var/log/snort/barnyard2'); - - /* all new files are for the user snort nologin */ - if (!file_exists('/var/log/snort/alert')) - exec('/usr/bin/touch /var/log/snort/alert'); - - /* XXX: These are needed if snort is run as snort user - mwexec('/usr/sbin/chown -R snort:snort /var/log/snort', true); - mwexec('/usr/sbin/chown -R snort:snort /usr/local/etc/snort', true); - mwexec('/usr/sbin/chown -R snort:snort /usr/local/lib/snort', true); - mwexec('/usr/sbin/chown snort:snort /tmp/snort*', true); - mwexec('/usr/sbin/chown snort:snort /var/db/whitelist', true); - */ - - /* important */ - mwexec('/bin/chmod 770 /var/db/whitelist', true); - mwexec('/bin/chmod 770 /var/run/snort*', true); - mwexec('/bin/chmod 770 /tmp/snort*', true); - mwexec('/bin/chmod -R 770 /var/log/snort', true); - mwexec('/bin/chmod -R 770 /usr/local/lib/snort', true); - mwexec('/bin/chmod -R 770 /usr/local/etc/snort/', true); -} - -/* only run when a single iface needs to sync */ -function sync_snort_package_all($id, $if_real, $snort_uuid) +/* Only run when all ifaces needed to sync. Expects filesystem rw */ +function sync_snort_package_config() { global $config, $g; @@ -973,62 +842,14 @@ function sync_snort_package_all($id, $if_real, $snort_uuid) //exec("/sbin/sysctl net.bpf.maxinsns=512"); //exec("/sbin/sysctl net.inet.tcp.rfc1323=1"); - /* do not start config build if rules is empty */ - if (!is_array($config['installedpackages']['snortglobal']['rule'])) - return; - if (!is_array($config['installedpackages']['snortglobal']['rule'][$id])) - return; - conf_mount_rw(); - $snort_uuid = $config['installedpackages']['snortglobal']['rule'][$id]['uuid']; - $result_lan = $config['installedpackages']['snortglobal']['rule'][$id]['interface']; - $if_real = snort_get_real_interface($result_lan); - - /* only build whitelist when needed */ - if ($config['installedpackages']['snortglobal']['rule'][$id]['blockoffenders7'] == 'on') - create_snort_whitelist($id, $if_real); - - /* only build threshold when needed */ - if ($config['installedpackages']['snortglobal']['rule'][$id]['suppresslistname'] != 'default') - create_snort_suppress($id, $if_real); - - /* create snort configuration file */ - create_snort_conf($id, $if_real, $snort_uuid); - - /* if rules exist cp rules to each iface */ - create_rules_iface($id, $if_real, $snort_uuid); - - /* create snort bootup file snort.sh only create once */ - create_snort_sh(); - - /* create barnyard2 configuration file */ - if ($config['installedpackages']['snortglobal']['rule'][$id]['barnyard_enable'] == 'on') - create_barnyard2_conf($id, $if_real, $snort_uuid); - - sync_snort_package(); - - conf_mount_ro(); -} - -/* Only run when all ifaces needed to sync. Expects filesystem rw */ -function sync_snort_package_empty() -{ - global $config, $g; - - /* RedDevil suggested code */ - /* TODO: more testing needs to be done */ - /* may cause voip to fail */ - //exec("/sbin/sysctl net.bpf.bufsize=8388608"); - //exec("/sbin/sysctl net.bpf.maxbufsize=4194304"); - //exec("/sbin/sysctl net.bpf.maxinsns=512"); - //exec("/sbin/sysctl net.inet.tcp.rfc1323=1"); - /* do not start config build if rules is empty */ - if (!is_array($config['installedpackages']['snortglobal']['rule'])) + if (!is_array($config['installedpackages']['snortglobal']['rule'])) { + exec('/bin/rm /usr/local/etc/rc.d/snort.sh'); + conf_mount_ro(); return; - - conf_mount_rw(); + } foreach ($config['installedpackages']['snortglobal']['rule'] as $id => $value) { $if_real = snort_get_real_interface($value['interface']); @@ -1051,8 +872,7 @@ function sync_snort_package_empty() create_rules_iface($id, $if_real, $snort_uuid); /* create barnyard2 configuration file */ - $snortbarnyardlog_info_chk = $value['barnyard_enable']; - if ($snortbarnyardlog_info_chk == 'on') + if ($value['barnyard_enable'] == 'on') create_barnyard2_conf($id, $if_real, $snort_uuid); } } @@ -1060,61 +880,39 @@ function sync_snort_package_empty() /* create snort bootup file snort.sh only create once */ create_snort_sh(); - sync_snort_package(); - - conf_mount_ro(); -} - -/* only bootup and ip refresh */ -function sync_snort_package_config() -{ - global $config, $g; - - /* RedDevil suggested code */ - /* TODO: more testing needs to be done */ - /* may cause voip to fail */ - //exec("/sbin/sysctl net.bpf.bufsize=8388608"); - //exec("/sbin/sysctl net.bpf.maxbufsize=4194304"); - //exec("/sbin/sysctl net.bpf.maxinsns=512"); - //exec("/sbin/sysctl net.inet.tcp.rfc1323=1"); - - /* do not start config build if rules is empty */ - if (!is_array($config['installedpackages']['snortglobal']['rule'])) - return; - - conf_mount_rw(); - - foreach ($config['installedpackages']['snortglobal']['rule'] as $id => $value) { - - $result_lan = $value['interface']; - $if_real = snort_get_real_interface($result_lan); - $snort_uuid = $value['uuid']; - - if (!empty($if_real) && !empty($snort_uuid)) { + /* all new files are for the user snort nologin */ + if (!is_dir('/var/log/snort')) + exec('/bin/mkdir -p /var/log/snort'); - /* only build whitelist when needed */ - if ($value['blockoffenders7'] == 'on') - create_snort_whitelist($id, $if_real); + if (!is_dir('/var/log/snort/run')) + exec('/bin/mkdir -p /var/log/snort/run'); - /* only build threshold when needed */ - if ($value['suppresslistname'] != 'default') - create_snort_suppress($id, $if_real); + if (!is_dir('/var/log/snort/barnyard2')) + exec('/bin/mkdir -p /var/log/snort/barnyard2'); - /* create snort configuration file */ - create_snort_conf($id, $if_real, $snort_uuid); + /* all new files are for the user snort nologin */ + if (!file_exists('/var/log/snort/alert')) + exec('/usr/bin/touch /var/log/snort/alert'); - /* create barnyard2 configuration file */ - if ($value['barnyard_enable'] == 'on') - create_barnyard2_conf($id, $if_real, $snort_uuid); - } - } + /* XXX: These are needed if snort is run as snort user + mwexec('/usr/sbin/chown -R snort:snort /var/log/snort', true); + mwexec('/usr/sbin/chown -R snort:snort /usr/local/etc/snort', true); + mwexec('/usr/sbin/chown -R snort:snort /usr/local/lib/snort', true); + mwexec('/usr/sbin/chown snort:snort /tmp/snort*', true); + mwexec('/usr/sbin/chown snort:snort /var/db/whitelist', true); + */ - sync_snort_package(); + /* important */ + mwexec('/bin/chmod 770 /var/db/whitelist', true); + mwexec('/bin/chmod 770 /var/run/snort*', true); + mwexec('/bin/chmod 770 /tmp/snort*', true); + mwexec('/bin/chmod -R 770 /var/log/snort', true); + mwexec('/bin/chmod -R 770 /usr/local/lib/snort', true); + mwexec('/bin/chmod -R 770 /usr/local/etc/snort/', true); conf_mount_ro(); } - /* Start of main config files */ /* create threshold file */ @@ -1226,7 +1024,6 @@ function create_snort_sh() $snortconf =& $config['installedpackages']['snortglobal']['rule']; - $snort_sh_text2 = array(); $snort_sh_text3 = array(); $snort_sh_text4 = array(); @@ -1250,8 +1047,8 @@ function create_snort_sh() #### Fake start only used on bootup and Pfsense IP changes #### Only try to restart if snort is running on Iface -if [ "`/bin/ps -auwx | /usr/bin/grep "R {$snort_uuid}" | /usr/bin/grep -v grep | /usr/bin/awk '{print $2;}'`" != "" ]; then - snort_pid=`/bin/ps -auwx | /usr/bin/grep -v grep | /usr/bin/grep "R {$snort_uuid}" | /usr/bin/awk '{print $2;}'` +if [ "`/bin/ps -ax | /usr/bin/grep "R {$snort_uuid}" | /usr/bin/grep -v grep | /usr/bin/awk '{print $1;}'`" != "" ]; then + snort_pid=`/bin/ps -ax | /usr/bin/grep "R {$snort_uuid}" | /usr/bin/grep -v grep | /usr/bin/awk '{print $1;}'` /usr/bin/logger -p daemon.info -i -t SnortStartup "Snort already running, soft restart" #### Restart Iface @@ -1272,9 +1069,9 @@ EOE; $snort_sh_text4[] = <<<EOF -pid_s=`/bin/ps -auwx | /usr/bin/grep "R {$snort_uuid}" | /usr/bin/grep -v grep | /usr/bin/awk '{print \$2;}'` +pid_s=`/bin/ps -ax | /usr/bin/grep "R {$snort_uuid}" | /usr/bin/grep -v grep | /usr/bin/awk '{print \$1;}'` sleep 3 -pid_b=`/bin/ps -auwx | /usr/bin/grep "snort_{$snort_uuid}_{$if_real}.u2" | /usr/bin/grep -v grep | /usr/bin/awk '{print \$2;}'` +pid_b=`/bin/ps -ax | /usr/bin/grep "snort_{$snort_uuid}_{$if_real}.u2" | /usr/bin/grep -v grep | /usr/bin/awk '{print \$1;}'` if [ \${pid_s} ] ; then /bin/echo "snort.sh run" > /tmp/snort.sh.pid @@ -1306,26 +1103,13 @@ EOF; rc_start() { /bin/echo "snort.sh run" > /tmp/snort.sh.pid - - #### Remake the configs on boot Important! - /usr/local/bin/php -f /usr/local/pkg/pf/snort_dynamic_ip_reload.php & - /usr/bin/logger -p daemon.info -i -t SnortStartup "Snort Startup files Sync..." - $start_snort_iface_start - /bin/rm /tmp/snort.sh.pid } rc_stop() { - #### Check for double starts, Pfsense has problems with that - if /bin/ls /tmp/snort.sh.pid > /dev/null ; then - /usr/bin/logger -p daemon.info -i -t SnortStartup "Error: snort.sh IS running" - exit 0 - fi - $start_snort_iface_stop - /bin/rm /tmp/snort.sh.pid /bin/rm /var/run/snort* @@ -1356,9 +1140,6 @@ EOD; @chmod("/usr/local/etc/rc.d/snort.sh", 0755); } - -///////////////////////// >>>>>>>>>>>> - /* if rules exist copy to new interfaces */ function create_rules_iface($id, $if_real, $snort_uuid) { @@ -1368,7 +1149,9 @@ function create_rules_iface($id, $if_real, $snort_uuid) $folder_chk = (count(glob("{$if_rule_dir}/rules/*")) === 0) ? 'empty' : 'full'; if ($folder_chk == "empty") { - exec("/bin/cp -R /usr/local/etc/snort/rules {$if_rule_dir}/rules"); + if (!is_dir("/usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/rules")) + exec("/bin/mkdir -p /usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/rules"); + exec("/bin/cp /usr/local/etc/snort/rules/* {$if_rule_dir}/rules"); if (file_exists("/usr/local/etc/snort/custom_rules/local_{$snort_uuid}_{$if_real}.rules")) exec("/bin/cp /usr/local/etc/snort/custom_rules/local_{$snort_uuid}_{$if_real}.rules {$if_rule_dir}/local_{$snort_uuid}_{$if_real}.rules"); } @@ -1417,29 +1200,6 @@ function generate_barnyard2_conf($id, $if_real, $snort_uuid) { # barnyard2.conf # barnyard2 can be found at http://www.securixlive.com/barnyard2/index.php # -# Copyright (C) 2006 Robert Zelaya -# part of pfSense -# All rights reserved. -# -# 1. Redistributions of source code must retain the above copyright notice, -# this list of conditions and the following disclaimer. -# -# 2. Redistributions in binary form must reproduce the above copyright -# notice, this list of conditions and the following disclaimer in the -# documentation and/or other materials provided with the distribution. -# -# THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, -# INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY -# AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE -# AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, -# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF -# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS -# INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN -# CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -# ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE -# POSSIBILITY OF SUCH DAMAGE. -# - # set the appropriate paths to the file(s) your Snort process is using config reference_file: /usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/reference.config @@ -2368,125 +2128,6 @@ EOD; return $snort_conf_text; } -/* check downloaded text from snort.org to make sure that an error did not occur - * for example, if you are not a premium subscriber you can only download rules - * so often, etc. TO BE: Removed unneeded. - */ -function check_for_common_errors($filename) { - global $snort_filename, $snort_filename_md5, $console_mode; - - // ob_flush(); - $contents = file_get_contents($filename); - if (!$contents) { - if(!$console_mode) { - update_all_status("An error occured while downloading {$filename}."); - hide_progress_bar_status(); - } else - log_error("An error occured. Scroll down to inspect it's contents."); - - if (!$console_mode) - update_output_window(strip_tags("$contents")); - else { - $contents = strip_tags($contents); - log_error("Error downloading snort rules: {$contents}"); - echo "Error downloading snort rules: {$contents}"; - } - - scroll_down_to_bottom_of_page(); - - return; - } -} - -/* force browser to scroll all the way down */ -function scroll_down_to_bottom_of_page() { - global $snort_filename, $console_mode; - - ob_flush(); - if(!$console_mode) - echo "\n<script type=\"text/javascript\">parent.scrollTo(0,1500);\n</script>"; -} - -/* ensure downloaded file looks sane */ -function verify_downloaded_file($filename) { - global $snort_filename, $snort_filename_md5, $console_mode; - - ob_flush(); - if (filesize($filename) < 9500) { - if(!$console_mode) { - update_all_status("Checking {$filename}..."); - check_for_common_errors($filename); - } - } - update_all_status("Verifying {$filename}..."); - if(!file_exists($filename)) { - if(!$console_mode) { - update_all_status("Could not fetch snort rules ({$filename}). Check oinkid key and dns and try again."); - hide_progress_bar_status(); - } else { - log_error("Could not fetch snort rules ({$filename}). Check oinkid key and dns and try again."); - echo "Could not fetch snort rules ({$filename}). Check oinkid key and dns and try again."; - } - return; - } - update_all_status("Verified {$filename}."); -} - -/* extract rules */ -function extract_snort_rules_md5($tmpfname) { - global $snort_filename, $snort_filename_md5, $console_mode; - - ob_flush(); - if(!$console_mode) { - $static_output = gettext("Extracting snort rules..."); - update_all_status($static_output); - } - if(!is_dir("/usr/local/etc/snort/rules/")) - @mkdir("/usr/local/etc/snort/rules/"); - - $cmd = "/usr/bin/tar xzf {$tmpfname}/{$snort_filename} -C /usr/local/etc/snort/ rules/"; - $handle = popen("{$cmd} 2>&1", 'r'); - while(!feof($handle)) { - $buffer = fgets($handle); - update_output_window($buffer); - } - pclose($handle); - - if(!$console_mode) { - $static_output = gettext("Snort rules extracted."); - update_all_status($static_output); - } else { - log_error("Snort rules extracted."); - echo "Snort rules extracted."; - } -} - -/* verify MD5 against downloaded item */ -function verify_snort_rules_md5($tmpfname) { - global $snort_filename, $snort_filename_md5, $console_mode; - - ob_flush(); - if(!$console_mode) { - $static_output = gettext("Verifying md5 signature..."); - update_all_status($static_output); - } - - $md555 = file_get_contents("{$tmpfname}/{$snort_filename_md5}"); - $md5 = `echo "{$md555}" | /usr/bin/awk '{ print $4 }'`; - $file_md5_ondisk = `/sbin/md5 {$tmpfname}/{$snort_filename} | /usr/bin/awk '{ print $4 }'`; - if($md5 == $file_md5_ondisk) { - if(!$console_mode) { - $static_output = gettext("snort rules: md5 signature of rules mismatch."); - update_all_status($static_output); - hide_progress_bar_status(); - } else { - log_error("snort rules: md5 signature of rules mismatch."); - echo "snort rules: md5 signature of rules mismatch."; - } - return; - } -} - /* hide progress bar */ function hide_progress_bar_status() { global $snort_filename, $snort_filename_md5, $console_mode; @@ -2516,87 +2157,4 @@ function update_all_status($status) { } } -/* obtain alert description for an ip address */ -function get_snort_alert($ip) { - global $snort_alert_file_split, $snort_config; - - if(!file_exists("/var/log/snort/alert")) - return; - if(!$snort_config) - $snort_config = read_snort_config_cache(); - if($snort_config[$ip]) - return $snort_config[$ip]; - if(!$snort_alert_file_split) - $snort_alert_file_split = split("\n", file_get_contents("/var/log/snort/alert")); - - foreach($snort_alert_file_split as $fileline) { - if (preg_match("/\[\*\*\] (\[.*\]) (.*) (\[\*\*\])/", $fileline, $matches)) - $alert_title = $matches[2]; - if (preg_match("/(\b(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\b)/", $fileline, $matches)) - $alert_ip = $matches[$id]; - if($alert_ip == $ip) { - if(!$snort_config[$ip]) - $snort_config[$ip] = $alert_title; - - return $alert_title; - } - } - return "n/a"; -} - -function make_clickable($buffer) { - global $config, $g; - - /* if clickable urls is disabled, simply return buffer back to caller */ - $clickablalerteurls = $config['installedpackages']['snort']['config'][$id]['oinkmastercode']; - if(!$clickablalerteurls) - return $buffer; - - $buffer = eregi_replace("(^|[ \n\r\t])((http(s?)://)(www\.)?([a-z0-9_-]+(\.[a-z0-9_-]+)+)(/[^/ \n\r]*)*)","\\1<a href=\"\\2\" target=\"_blank\">\\2</a>", $buffer); - $buffer = eregi_replace("(^|[ \n\r\t])((ftp://)(www\.)?([a-z0-9_-]+(\.[a-z0-9_-]+)+)(/[^/ \n\r]*)*)","\\1<a href=\"\\2\" target=\"_blank\">\\2</a>", $buffer); - $buffer = eregi_replace("([a-z_-][a-z0-9\._-]*@[a-z0-9_-]+(\.[a-z0-9_-]+)+)","<a href=\"mailto:\\1\">\\1</a>", $buffer); - $buffer = eregi_replace("(^|[ \n\r\t])(www\.([a-z0-9_-]+(\.[a-z0-9_-]+)+)(/[^/ \n\r]*)*)","\\1<a href=\"http://\\2\" target=\"_blank\">\\2</a>", $buffer); - $buffer = eregi_replace("(^|[ \n\r\t])(ftp\.([a-z0-9_-]+(\.[a-z0-9_-]+)+)(/[^/ \n\r]*)*)","\\1<a href=\"ftp://\\2\" target=\"_blank\">\\2</a>", $buffer); - - return $buffer; -} - -function read_snort_config_cache() { - global $g, $config, $snort_config; - - if($snort_config) - return $snort_config; - - if(file_exists($g['tmp_path'] . '/snort_config.cache')) - $snort_config = unserialize(file_get_contents($g['tmp_path'] . '/snort_config.cache')); - - return $snort_config; -} - -function write_snort_config_cache($snort_config) { - global $g, $config; - - $configcache = fopen($g['tmp_path'] . '/snort_config.cache', "w"); - if(!$configcache) { - log_error("Could not open {$g['tmp_path']}/snort_config.cache for writing."); - return false; - } - fwrite($configcache, serialize($snort_config)); - fclose($configcache); - - return true; -} - -function snort_advanced() { - global $g, $config; - - sync_package_snort(); -} - -function snort_define_servers() { - global $g, $config; - - sync_package_snort(); -} - ?> diff --git a/config/snort/snort.xml b/config/snort/snort.xml index c80bf672..2365bbea 100644 --- a/config/snort/snort.xml +++ b/config/snort/snort.xml @@ -95,11 +95,6 @@ <item>http://www.pfsense.com/packages/config/snort/bin/oinkmaster_contrib/snort_rename.pl</item> </additional_files_needed> <additional_files_needed> - <prefix>/usr/local/pkg/pf/</prefix> - <chmod>077</chmod> - <item>http://www.pfsense.com/packages/config/snort/snort_dynamic_ip_reload.php</item> - </additional_files_needed> - <additional_files_needed> <prefix>/usr/local/www/snort/</prefix> <chmod>077</chmod> <item>http://www.pfsense.com/packages/config/snort/snort_alerts.php</item> @@ -199,7 +194,7 @@ <custom_add_php_command> </custom_add_php_command> <custom_php_resync_config_command> - sync_snort_package(); + sync_snort_package_config(); </custom_php_resync_config_command> <custom_php_install_command> snort_postinstall(); diff --git a/config/snort/snort_barnyard.php b/config/snort/snort_barnyard.php index c4ac1292..b647c007 100644 --- a/config/snort/snort_barnyard.php +++ b/config/snort/snort_barnyard.php @@ -115,7 +115,7 @@ if ($_POST) { } write_config(); - sync_snort_package_all($id, $if_real, $snort_uuid); + sync_snort_package_config(); /* after click go to this page */ header( 'Expires: Sat, 26 Jul 1997 05:00:00 GMT' ); diff --git a/config/snort/snort_define_servers.php b/config/snort/snort_define_servers.php index ddb1e378..e3238ef7 100644 --- a/config/snort/snort_define_servers.php +++ b/config/snort/snort_define_servers.php @@ -159,7 +159,7 @@ if ($_POST) { write_config(); - sync_snort_package_all($id, $if_real, $snort_uuid); + sync_snort_package_config(); /* after click go to this page */ header( 'Expires: Sat, 26 Jul 1997 05:00:00 GMT' ); diff --git a/config/snort/snort_dynamic_ip_reload.php b/config/snort/snort_dynamic_ip_reload.php deleted file mode 100644 index 66bc505c..00000000 --- a/config/snort/snort_dynamic_ip_reload.php +++ /dev/null @@ -1,45 +0,0 @@ -<?php - -/* $Id$ */ -/* - snort_dynamic_ip_reload.php - Copyright (C) 2009 Robert Zeleya - All rights reserved. - - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions are met: - - 1. Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. - - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - - THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, - OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. - */ - -/* NOTE: this file gets included from the pfSense filter.inc plugin process */ -/* NOTE: file location /usr/local/pkg/pf, all files in pf dir get exec on filter reloads */ - -require_once("/usr/local/pkg/snort/snort.inc"); - -if (file_exists('/var/run/snort_dynamic_ip_reload.dirty')) { - exit(); -} - -exec('/usr/bin/touch /var/run/snort_dynamic_ip_reload.dirty'); - -sync_snort_package_config(); -@unlink("/var/run/snort_dynamic_ip_reload.dirty"); - -?> diff --git a/config/snort/snort_interfaces.php b/config/snort/snort_interfaces.php index 39f8eddc..9174c24f 100644 --- a/config/snort/snort_interfaces.php +++ b/config/snort/snort_interfaces.php @@ -51,56 +51,13 @@ if (isset($_POST['del_x'])) { /* delete selected rules */ if (is_array($_POST['rule'])) { conf_mount_rw(); - foreach ($_POST['rule'] as $rulei) { /* convert fake interfaces to real */ $if_real = snort_get_real_interface($a_nat[$rulei]['interface']); $snort_uuid = $a_nat[$rulei]['uuid']; - /* cool code to check if any snort is up */ - $snort_up_ck = exec("/bin/ps -auwx | /usr/bin/grep -v grep | /usr/bin/grep snort | /usr/bin/awk '{print \$2;}' | sed 1q"); - - if ($snort_up_ck != "") - { - - $start_up_pre = exec("/usr/bin/top -a -U snort -u | grep -v grep | grep \"R {$snort_uuid}\" | awk '{print \$1;}'"); - $start_up_s = exec("/usr/bin/top -U snort -u | grep snort | grep {$start_up_pre} | awk '{ print $1; }'"); - $start_up_r = exec("/usr/bin/top -U root -u | grep snort | grep {$start_up_pre} | awk '{ print $1; }'"); - - $start2_upb_pre = exec("/bin/cat /var/run/barnyard2_{$snort_uuid}_{$if_real}.pid"); - $start2_upb_s = exec("/usr/bin/top -U snort -u | grep barnyard2 | grep {$start2_upb_pre} | awk '{ print $1; }'"); - $start2_upb_r = exec("/usr/bin/top -U root -u | grep barnyard2 | grep {$start2_upb_pre} | awk '{ print $1; }'"); - - - if ($start_up_s != "" || $start_up_r != "" || $start2_upb_s != "" || $start2_upb_r != "") { - /* remove only running instances */ - if ($start_up_s != "") { - exec("/bin/kill {$start_up_s}"); - exec("/bin/rm /var/run/snort_{$snort_uuid}_{$if_real}*"); - } - - if ($start2_upb_s != "") { - exec("/bin/kill {$start2_upb_s}"); - exec("/bin/rm /var/run/barnyard2_{$snort_uuid}_{$if_real}*"); - } - - if ($start_up_r != "") { - exec("/bin/kill {$start_up_r}"); - exec("/bin/rm /var/run/snort_{$snort_uuid}_{$if_real}*"); - } - - if ($start2_upb_r != "") { - exec("/bin/kill {$start2_upb_r}"); - exec("/bin/rm /var/run/barnyard2_{$snort_uuid}_{$if_real}*"); - } - } - - } - - /* for every iface do these steps */ - exec("/bin/rm /var/log/snort/snort.u2_{$snort_uuid}_{$if_real}*"); - exec("/bin/rm -r /usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}"); + Running_Stop($snort_uuid,$if_real, $rulei); unset($a_nat[$rulei]); } @@ -110,15 +67,15 @@ if (isset($_POST['del_x'])) { sleep(2); /* if there are no ifaces do not create snort.sh */ - if (isset($config['installedpackages']['snortglobal']['rule'][0]['enable'])) { + if (!empty($config['installedpackages']['snortglobal']['rule'])) create_snort_sh(); - }else{ + else { conf_mount_rw(); exec('/bin/rm /usr/local/etc/rc.d/snort.sh'); conf_mount_ro(); } - sync_snort_package_empty(); + sync_snort_package_config(); header( 'Expires: Sat, 26 Jul 1997 05:00:00 GMT' ); header( 'Last-Modified: ' . gmdate( 'D, d M Y H:i:s' ) . ' GMT' ); @@ -141,15 +98,11 @@ if ($_GET['act'] == 'toggle' && is_numeric($id)) { /* Log Iface stop */ exec("/usr/bin/logger -p daemon.info -i -t SnortStartup 'Toggle for {$snort_uuid}_{$if_real}...'"); - sync_snort_package_all($id, $if_real, $snort_uuid); + sync_snort_package_config(); $tester2 = Running_Ck($snort_uuid, $if_real, $id); if ($tester2 == 'yes') { - - /* Log Iface stop */ - exec("/usr/bin/logger -p daemon.info -i -t SnortStartup '{$tester2} yn for {$snort_uuid}_{$if_real}...'"); - Running_Stop($snort_uuid, $if_real, $id); header( 'Expires: Sat, 26 Jul 1997 05:00:00 GMT' ); @@ -158,8 +111,7 @@ if ($_GET['act'] == 'toggle' && is_numeric($id)) { header( 'Cache-Control: post-check=0, pre-check=0', false ); header( 'Pragma: no-cache' ); - }else{ - + } else { Running_Start($snort_uuid, $if_real, $id); header( 'Expires: Sat, 26 Jul 1997 05:00:00 GMT' ); diff --git a/config/snort/snort_interfaces_edit.php b/config/snort/snort_interfaces_edit.php index c843a3f7..b1a091e7 100644 --- a/config/snort/snort_interfaces_edit.php +++ b/config/snort/snort_interfaces_edit.php @@ -284,7 +284,7 @@ if (isset($_GET['dup'])) write_config(); - sync_snort_package_all($id, $if_real, $snort_uuid); + sync_snort_package_config(); sleep(1); /* if snort.sh crashed this will remove the pid */ @@ -295,7 +295,7 @@ if (isset($_GET['dup'])) header( 'Cache-Control: no-store, no-cache, must-revalidate' ); header( 'Cache-Control: post-check=0, pre-check=0', false ); header( 'Pragma: no-cache' ); - header("Location: /snort/snort_interfaces_edit.php?id=$id"); + header("Location: /snort/snort_interfaces.php"); exit; } @@ -303,7 +303,7 @@ if (isset($_GET['dup'])) if ($_POST["Submit2"]) { - sync_snort_package_all($id, $if_real, $snort_uuid); + sync_snort_package_config(); sleep(1); Running_Start($snort_uuid, $if_real, $id); @@ -317,35 +317,6 @@ if (isset($_GET['dup'])) exit; } - if ($_POST["Submit3"]) - { - - Running_Stop($snort_uuid, $if_real, $id); - - header( 'Expires: Sat, 26 Jul 1997 05:00:00 GMT' ); - header( 'Last-Modified: ' . gmdate( 'D, d M Y H:i:s' ) . ' GMT' ); - header( 'Cache-Control: no-store, no-cache, must-revalidate' ); - header( 'Cache-Control: post-check=0, pre-check=0', false ); - header( 'Pragma: no-cache' ); - header("Location: /snort/snort_interfaces_edit.php?id=$id"); - exit; - - } - - /* This code needs to be below headers */ - if (isset($config['installedpackages']['snortglobal']['rule'][$id]['interface'])) - { - - $snort_up_ck2_info = Running_Ck($snort_uuid, $if_real, $id); - - if ($snort_up_ck2_info == 'no') - $snort_up_ck = '<input name="Submit2" type="submit" class="formbtn" value="Start" onClick="enable_change(true)">'; - else - $snort_up_ck = '<input name="Submit3" type="submit" class="formbtn" value="Stop" onClick="enable_change(true)">'; - } else - $snort_up_ck = ''; - - $pgtitle = "Snort: Interface Edit: $id $snort_uuid $if_real"; include_once("head.inc"); @@ -694,7 +665,6 @@ function enable_change(enable_change) { <tr> <td width="22%" valign="top"></td> <td width="78%"><input name="Submit" type="submit" class="formbtn" value="Save"> - <?php echo $snort_up_ck; ?> <?php if (isset($id) && $a_nat[$id]): ?> <input name="id" type="hidden" value="<?=$id;?>"> <?php endif; ?></td> diff --git a/config/snort/snort_interfaces_global.php b/config/snort/snort_interfaces_global.php index 9a47bb24..57fec1f1 100644 --- a/config/snort/snort_interfaces_global.php +++ b/config/snort/snort_interfaces_global.php @@ -103,7 +103,7 @@ if (!$input_errors) { write_config(); /* create whitelist and homenet file then sync files */ - sync_snort_package_empty(); + sync_snort_package_config(); /* forces page to reload new settings */ header( 'Expires: Sat, 26 Jul 1997 05:00:00 GMT' ); diff --git a/config/snort/snort_interfaces_whitelist_edit.php b/config/snort/snort_interfaces_whitelist_edit.php index 03ba1df8..fe3c54a5 100644 --- a/config/snort/snort_interfaces_whitelist_edit.php +++ b/config/snort/snort_interfaces_whitelist_edit.php @@ -184,7 +184,7 @@ if ($_POST['submit']) { write_config(); /* create whitelist and homenet file then sync files */ - sync_snort_package_empty(); + sync_snort_package_config(); header("Location: /snort/snort_interfaces_whitelist.php"); exit; diff --git a/config/snort/snort_preprocessors.php b/config/snort/snort_preprocessors.php index c5c7a4a8..7f89d433 100644 --- a/config/snort/snort_preprocessors.php +++ b/config/snort/snort_preprocessors.php @@ -113,7 +113,7 @@ if ($_POST) { write_config(); $if_real = snort_get_real_interface($pconfig['interface']); - sync_snort_package_all($id, $if_real, $snort_uuid); + sync_snort_package_config(); /* after click go to this page */ header( 'Expires: Sat, 26 Jul 1997 05:00:00 GMT' ); diff --git a/config/snort/snort_rules.php b/config/snort/snort_rules.php index 2aa49865..871eb39e 100644 --- a/config/snort/snort_rules.php +++ b/config/snort/snort_rules.php @@ -157,7 +157,7 @@ while (false !== ($filename = readdir($dh))) //only populate this array if its a rule file $isrulefile = strstr($filename, ".rules"); if ($isrulefile !== false) - $files[] = $filename; + $files[] = basename($filename); } sort($files); diff --git a/config/snort/snort_rulesets.php b/config/snort/snort_rulesets.php index e0bdd882..e4577818 100644 --- a/config/snort/snort_rulesets.php +++ b/config/snort/snort_rulesets.php @@ -136,20 +136,14 @@ $d_snortconfdirty_path = "/var/run/snort_conf_{$iface_uuid}_{$if_real}.dirty"; if ($_POST["Submit"]) { $enabled_items = ""; $isfirst = true; - if (is_array($_POST['toenable'])) { - foreach($_POST['toenable'] as $toenable) { - if(!$isfirst) - $enabled_items .= "||"; - $enabled_items .= "{$toenable}"; - $isfirst = false; - } - }else{ + if (is_array($_POST['toenable'])) + $enabled_items = implode("||", $_POST['toenable']); + else $enabled_items = $_POST['toenable']; - } $a_nat[$id]['rulesets'] = $enabled_items; write_config(); - sync_snort_package_all($id, $if_real, $iface_uuid); + sync_snort_package_config(); header( 'Expires: Sat, 26 Jul 1997 05:00:00 GMT' ); header( 'Last-Modified: ' . gmdate( 'D, d M Y H:i:s' ) . ' GMT' ); @@ -256,7 +250,7 @@ if (file_exists($d_snortconfdirty_path)) { $dir = "/usr/local/etc/snort/snort_{$iface_uuid}_{$if_real}/rules/"; $dh = opendir($dir); while (false !== ($filename = readdir($dh))) { - $files[] = $filename; + $files[] = basename($filename); } sort($files); foreach($files as $file) { |