aboutsummaryrefslogtreecommitdiffstats
path: root/config/snort
diff options
context:
space:
mode:
authormarcelloc <marcellocoutinho@gmail.com>2011-11-11 13:21:26 -0200
committermarcelloc <marcellocoutinho@gmail.com>2011-11-11 13:21:26 -0200
commit14201ad21c92700ef26daf442f6d32a400e20b7f (patch)
tree8ac2dc8bde2cdfb3ac34a4659bda931a3a9c7674 /config/snort
parent86d84edf0d9dc59161004b61c409f92d730704f1 (diff)
parentd378152135a49642975cb5a2ce5a106fe7a8fe07 (diff)
downloadpfsense-packages-14201ad21c92700ef26daf442f6d32a400e20b7f.tar.gz
pfsense-packages-14201ad21c92700ef26daf442f6d32a400e20b7f.tar.bz2
pfsense-packages-14201ad21c92700ef26daf442f6d32a400e20b7f.zip
Merge branch 'master' of https://github.com/bsdperimeter/pfsense-packages
Diffstat (limited to 'config/snort')
-rw-r--r--config/snort/snort.inc584
-rw-r--r--config/snort/snort.xml7
-rw-r--r--config/snort/snort_barnyard.php2
-rw-r--r--config/snort/snort_define_servers.php2
-rw-r--r--config/snort/snort_dynamic_ip_reload.php45
-rw-r--r--config/snort/snort_interfaces.php60
-rw-r--r--config/snort/snort_interfaces_edit.php36
-rw-r--r--config/snort/snort_interfaces_global.php2
-rw-r--r--config/snort/snort_interfaces_whitelist_edit.php2
-rw-r--r--config/snort/snort_preprocessors.php2
-rw-r--r--config/snort/snort_rules.php2
-rw-r--r--config/snort/snort_rulesets.php16
12 files changed, 92 insertions, 668 deletions
diff --git a/config/snort/snort.inc b/config/snort/snort.inc
index 3d1bd57c..0e624c7f 100644
--- a/config/snort/snort.inc
+++ b/config/snort/snort.inc
@@ -37,7 +37,7 @@ require_once("functions.inc");
require_once("filter.inc");
/* package version */
-$snort_package_version = 'Snort 2.9.0.5 pkg v. 2.0';
+$snort_package_version = 'Snort 2.9.1 pkg v. 2.0';
/* Allow additional execution time 0 = no limit. */
ini_set('max_execution_time', '9999');
@@ -56,6 +56,8 @@ else
$snort_pfsense_basever = 'yes';
/* find out what arch where in x86 , x64 */
+global $snort_arch;
+$snort_arch = 'x86';
$snort_arch_ck = php_uname("m");
if ($snort_arch_ck == 'i386')
$snort_arch = 'x86';
@@ -238,25 +240,10 @@ function build_base_whitelist($build_netlist, $wanip, $wangw, $wandns, $vips, $v
function Running_Ck($snort_uuid, $if_real, $id) {
global $config;
- $snort_up_ck = exec("/bin/ps -U snort | /usr/bin/grep snort | /usr/bin/awk '{print \$1;}'");
-
- if(snort_up_ck == '') {
- $snort_up = 'no';
- return $snort_up;
- }
-
- if(snort_up_ck != ''){
-
- /* use ob_clean to clear output buffer, this code needs to be watched */
- ob_clean();
- $snort_up_prell = exec("/bin/ps -U snort | /usr/bin/grep \"\-R {$snort_uuid}\" | /usr/bin/awk '{print \$1;}'");
-
- if ($snort_up_prell != '') {
- $snort_uph = 'yes';
- }else{
- $snort_uph = 'no';
- }
- }
+ $snort_uph = 'no';
+ $snort_up_prell = exec("/bin/ps -ax | /usr/bin/grep \"R {$snort_uuid}\" | /usr/bin/grep -v grep | /usr/bin/awk '{print \$1;}'");
+ if ($snort_up_prell != '')
+ $snort_uph = 'yes';
return $snort_uph;
}
@@ -265,24 +252,10 @@ function Running_Ck($snort_uuid, $if_real, $id) {
function Running_Ck_b($snort_uuid, $if_real, $id) {
global $config;
- $snort_up_ck_b = exec("/bin/ps -U snort | /usr/bin/grep barnyard2 | /usr/bin/awk '{print \$1;}'");
-
- if($snort_up_ck_b == ''){
- $snort_up_b = 'no';
- return $snort_up_b;
- }
-
- if(snort_up_ck_b != '') {
-
- ob_clean();
- $snort_up_pre_b = exec("/bin/ps -U snort | grep \"f snort_{$snort_uuid}_{$if_real}.u2\" | awk '{print \$1;}'");
-
- if ($snort_up_pre_b != '') {
- $snort_up_b = 'yes';
- }else{
- $snort_up_b = 'no';
- }
- }
+ $snort_up_b = 'no';
+ $snort_up_pre_b = exec("/bin/ps -ax | /usr/bin/grep barnyard2 | /usr/bin/grep \"f snort_{$snort_uuid}_{$if_real}.u2\" | /usr/bin/grep -v grep | /usr/bin/awk '{print \$1;}'");
+ if ($snort_up_pre_b != '')
+ $snort_up_b = 'yes';
return $snort_up_b;
}
@@ -293,43 +266,25 @@ function Running_Stop($snort_uuid, $if_real, $id) {
/* if snort.sh crashed this will remove the pid */
@unlink('/tmp/snort.sh.pid');
- $start_up_s = exec("/bin/ps -U snort | grep \"\-R {$snort_uuid}\" | awk '{ print \$1; }'");
- $start_up_r = exec("/bin/ps -U root | grep \"\-R {$snort_uuid}\" | awk '{ print \$1; }'");
-
- $start2_upb_s = exec("/bin/ps -U snort | grep \"snort_{$snort_uuid}_{$if_real}.u2\" | awk '{ print \$1; }'");
- $start2_upb_r = exec("/bin/ps -U root | grep \"snort_{$snort_uuid}_{$if_real}.u2\" | awk '{ print \$1; }'");
-
- if ($start_up_s != '' || $start_up_r != '' || $start2_upb_s != '' || $start2_upb_r != '') {
- if ($start_up_s != '')
- {
- exec("/bin/kill {$start_up_s}");
- exec("rm /var/log/snort/run/snort_{$if_real}{$snort_uuid}*");
- exec("rm /var/log/snort/snort_{$snort_uuid}_{$if_real}*");
- }
-
- if ($start2_upb_s != '')
- {
- exec("/bin/kill {$start2_upb_s}");
- exec("/bin/rm /var/run/barnyard2_{$snort_uuid}_{$if_real}*");
- }
+ $start_up = exec("/bin/ps -ax | /usr/bin/grep \"R {$snort_uuid}\" | /usr/bin/grep -v grep | /usr/bin/awk '{ print \$1; }'");
+ $start_upb = exec("/bin/ps -ax | /usr/bin/grep \"snort_{$snort_uuid}_{$if_real}.u2\" | /usr/bin/grep -v grep | /usr/bin/awk '{ print \$1; }'");
- if ($start_up_r != '')
- {
- exec("/bin/kill {$start_up_r}");
- exec("rm /var/log/snort/run/snort_{$if_real}{$snort_uuid}*");
- exec("rm /var/log/snort/snort_{$snort_uuid}_{$if_real}*");
- }
-
- if ($start2_upb_r != '')
- {
- exec("/bin/kill {$start2_upb_r}");
- exec("/bin/rm /var/run/barnyard2_{$snort_uuid}_{$if_real}*");
- }
+ if ($start_up != '') {
+ exec("/bin/kill {$start_up}");
+ exec("/bin/rm /var/log/snort/run/snort_{$if_real}{$snort_uuid}*");
+ exec("/bin/rm /var/log/snort/snort_{$snort_uuid}_{$if_real}*");
+ exec("/bin/rm -r /usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}");
+ }
- /* Log Iface stop */
- exec("/usr/bin/logger -p daemon.info -i -t SnortStartup 'Interface Rule STOP for {$snort_uuid}_{$if_real}...'");
- sleep(2); // Give time so GUI displays correctly
+ if ($start_upb != '') {
+ exec("/bin/kill {$start_upb}");
+ exec("/bin/rm /var/run/barnyard2_{$snort_uuid}_{$if_real}*");
+ exec("/bin/rm /var/log/snort/snort.u2_{$snort_uuid}_{$if_real}*");
}
+
+ /* Log Iface stop */
+ exec("/usr/bin/logger -p daemon.info -i -t SnortStartup 'Interface Rule STOP for {$snort_uuid}_{$if_real}...'");
+ sleep(2); // Give time so GUI displays correctly
}
function Running_Start($snort_uuid, $if_real, $id) {
@@ -341,11 +296,14 @@ function Running_Start($snort_uuid, $if_real, $id) {
$snort_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['enable'];
if ($snort_info_chk == 'on')
exec("/usr/local/bin/snort -R \"{$snort_uuid}\" -D -q -l /var/log/snort --pid-path /var/log/snort/run -G {$snort_uuid} -c /usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/snort.conf -i {$if_real}");
+ else
+ return;
+
/* define snortbarnyardlog_chk */
/* top will have trouble if the uuid is to far back */
$snortbarnyardlog_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['barnyard_enable'];
$snortbarnyardlog_mysql_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['barnyard_mysql'];
- if ($snortbarnyardlog_info_chk == 'on' && $snortbarnyardlog_mysql_info_chk != '' && $snort_info_chk == 'on') {
+ if ($snortbarnyardlog_info_chk == 'on' && $snortbarnyardlog_mysql_info_chk != '') {
exec("/usr/local/bin/barnyard2 -f \"snort_{$snort_uuid}_{$if_real}.u2\" --pid-path /var/log/snort/run -c /usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/barnyard2.conf -d /var/log/snort -D -q");
}
@@ -396,7 +354,7 @@ function snort_file_list($snort_log_dir, $snort_log_file)
$dir = opendir ("$snort_log_dir");
while (false !== ($file = readdir($dir))) {
if (strpos($file, "$snort_log_file",1) )
- $file_list[] = $file;
+ $file_list[] = basename($file);
}
return $file_list;
}
@@ -636,29 +594,11 @@ function snort_postinstall()
if ($config['installedpackages']['snortglobal']['forcekeepsettings'] == 'on') {
update_status(gettext("Saved settings detected..."));
update_output_window(gettext("Please wait... rebuilding files..."));
- sync_snort_package_empty();
+ sync_snort_package_config();
update_output_window(gettext("Finnished Rebuilding files..."));
}
}
-function sync_package_snort_reinstall()
-{
- global $config;
-
- conf_mount_rw();
-
- if (!$config['installedpackages']['snortglobal'])
- return;
-
- /* create snort configuration file */
- create_snort_conf();
-
- /* start snort service */
- // start_service("snort"); // do not start, may be needed latter.
-
- conf_mount_ro();
-}
-
function snort_Getdirsize($node) {
if(!is_readable($node))
return false;
@@ -889,79 +829,8 @@ function snort_rules_up_install_cron($should_install) {
}
}
-function sync_snort_package_remove_old()
-{
- global $config, $g;
-
- $snort_dir_scan = '/usr/local/etc/snort';
-
- // scan dirm might have to make this into a funtion
- $dh_scan = opendir($snort_dir_scan);
- while (false !== ($dir_filename = readdir($dh_scan))) {
- $list_dir_files[] = $dir_filename;
- }
-
- // find patern in a array, very cool code
- class array_ereg {
- function array_ereg($pattern) { $this->pattern = $pattern; }
- function ereg($string) {
- return ereg($this->pattern, $string);
- }
- }
-
- $rule_array2 = $config['installedpackages']['snortglobal']['rule'];
- foreach ($rule_array2 as $id => $value) {
- $result_lan = $value['interface'];
- $if_real = snort_get_real_interface($result_lan);
-
- $snort_rules_list[] = "snort_{$id}{$if_real}";
- }
-
- $snort_dir_filter = array_filter($list_dir_files, array(new array_ereg("snort_"), 'ereg'));
- $snort_dir_filter_search_result = array_diff($snort_dir_filter, $snort_rules_list);
-
- foreach ($snort_dir_filter_search_result as $value)
- exec("/bin/rm -r /usr/local/etc/snort/$value");
-
-}
-
-/* make sure this func on writes to files and does not start snort */
-function sync_snort_package() {
- global $config, $g;
-
- /* all new files are for the user snort nologin */
- if (!is_dir('/var/log/snort'))
- exec('/bin/mkdir -p /var/log/snort');
-
- if (!is_dir('/var/log/snort/run'))
- exec('/bin/mkdir -p /var/log/snort/run');
-
- if (!is_dir('/var/log/snort/barnyard2'))
- exec('/bin/mkdir -p /var/log/snort/barnyard2');
-
- /* all new files are for the user snort nologin */
- if (!file_exists('/var/log/snort/alert'))
- exec('/usr/bin/touch /var/log/snort/alert');
-
- /* XXX: These are needed if snort is run as snort user
- mwexec('/usr/sbin/chown -R snort:snort /var/log/snort', true);
- mwexec('/usr/sbin/chown -R snort:snort /usr/local/etc/snort', true);
- mwexec('/usr/sbin/chown -R snort:snort /usr/local/lib/snort', true);
- mwexec('/usr/sbin/chown snort:snort /tmp/snort*', true);
- mwexec('/usr/sbin/chown snort:snort /var/db/whitelist', true);
- */
-
- /* important */
- mwexec('/bin/chmod 770 /var/db/whitelist', true);
- mwexec('/bin/chmod 770 /var/run/snort*', true);
- mwexec('/bin/chmod 770 /tmp/snort*', true);
- mwexec('/bin/chmod -R 770 /var/log/snort', true);
- mwexec('/bin/chmod -R 770 /usr/local/lib/snort', true);
- mwexec('/bin/chmod -R 770 /usr/local/etc/snort/', true);
-}
-
-/* only run when a single iface needs to sync */
-function sync_snort_package_all($id, $if_real, $snort_uuid)
+/* Only run when all ifaces needed to sync. Expects filesystem rw */
+function sync_snort_package_config()
{
global $config, $g;
@@ -973,62 +842,14 @@ function sync_snort_package_all($id, $if_real, $snort_uuid)
//exec("/sbin/sysctl net.bpf.maxinsns=512");
//exec("/sbin/sysctl net.inet.tcp.rfc1323=1");
- /* do not start config build if rules is empty */
- if (!is_array($config['installedpackages']['snortglobal']['rule']))
- return;
- if (!is_array($config['installedpackages']['snortglobal']['rule'][$id]))
- return;
-
conf_mount_rw();
- $snort_uuid = $config['installedpackages']['snortglobal']['rule'][$id]['uuid'];
- $result_lan = $config['installedpackages']['snortglobal']['rule'][$id]['interface'];
- $if_real = snort_get_real_interface($result_lan);
-
- /* only build whitelist when needed */
- if ($config['installedpackages']['snortglobal']['rule'][$id]['blockoffenders7'] == 'on')
- create_snort_whitelist($id, $if_real);
-
- /* only build threshold when needed */
- if ($config['installedpackages']['snortglobal']['rule'][$id]['suppresslistname'] != 'default')
- create_snort_suppress($id, $if_real);
-
- /* create snort configuration file */
- create_snort_conf($id, $if_real, $snort_uuid);
-
- /* if rules exist cp rules to each iface */
- create_rules_iface($id, $if_real, $snort_uuid);
-
- /* create snort bootup file snort.sh only create once */
- create_snort_sh();
-
- /* create barnyard2 configuration file */
- if ($config['installedpackages']['snortglobal']['rule'][$id]['barnyard_enable'] == 'on')
- create_barnyard2_conf($id, $if_real, $snort_uuid);
-
- sync_snort_package();
-
- conf_mount_ro();
-}
-
-/* Only run when all ifaces needed to sync. Expects filesystem rw */
-function sync_snort_package_empty()
-{
- global $config, $g;
-
- /* RedDevil suggested code */
- /* TODO: more testing needs to be done */
- /* may cause voip to fail */
- //exec("/sbin/sysctl net.bpf.bufsize=8388608");
- //exec("/sbin/sysctl net.bpf.maxbufsize=4194304");
- //exec("/sbin/sysctl net.bpf.maxinsns=512");
- //exec("/sbin/sysctl net.inet.tcp.rfc1323=1");
-
/* do not start config build if rules is empty */
- if (!is_array($config['installedpackages']['snortglobal']['rule']))
+ if (!is_array($config['installedpackages']['snortglobal']['rule'])) {
+ exec('/bin/rm /usr/local/etc/rc.d/snort.sh');
+ conf_mount_ro();
return;
-
- conf_mount_rw();
+ }
foreach ($config['installedpackages']['snortglobal']['rule'] as $id => $value) {
$if_real = snort_get_real_interface($value['interface']);
@@ -1051,8 +872,7 @@ function sync_snort_package_empty()
create_rules_iface($id, $if_real, $snort_uuid);
/* create barnyard2 configuration file */
- $snortbarnyardlog_info_chk = $value['barnyard_enable'];
- if ($snortbarnyardlog_info_chk == 'on')
+ if ($value['barnyard_enable'] == 'on')
create_barnyard2_conf($id, $if_real, $snort_uuid);
}
}
@@ -1060,61 +880,39 @@ function sync_snort_package_empty()
/* create snort bootup file snort.sh only create once */
create_snort_sh();
- sync_snort_package();
-
- conf_mount_ro();
-}
-
-/* only bootup and ip refresh */
-function sync_snort_package_config()
-{
- global $config, $g;
-
- /* RedDevil suggested code */
- /* TODO: more testing needs to be done */
- /* may cause voip to fail */
- //exec("/sbin/sysctl net.bpf.bufsize=8388608");
- //exec("/sbin/sysctl net.bpf.maxbufsize=4194304");
- //exec("/sbin/sysctl net.bpf.maxinsns=512");
- //exec("/sbin/sysctl net.inet.tcp.rfc1323=1");
-
- /* do not start config build if rules is empty */
- if (!is_array($config['installedpackages']['snortglobal']['rule']))
- return;
-
- conf_mount_rw();
-
- foreach ($config['installedpackages']['snortglobal']['rule'] as $id => $value) {
-
- $result_lan = $value['interface'];
- $if_real = snort_get_real_interface($result_lan);
- $snort_uuid = $value['uuid'];
-
- if (!empty($if_real) && !empty($snort_uuid)) {
+ /* all new files are for the user snort nologin */
+ if (!is_dir('/var/log/snort'))
+ exec('/bin/mkdir -p /var/log/snort');
- /* only build whitelist when needed */
- if ($value['blockoffenders7'] == 'on')
- create_snort_whitelist($id, $if_real);
+ if (!is_dir('/var/log/snort/run'))
+ exec('/bin/mkdir -p /var/log/snort/run');
- /* only build threshold when needed */
- if ($value['suppresslistname'] != 'default')
- create_snort_suppress($id, $if_real);
+ if (!is_dir('/var/log/snort/barnyard2'))
+ exec('/bin/mkdir -p /var/log/snort/barnyard2');
- /* create snort configuration file */
- create_snort_conf($id, $if_real, $snort_uuid);
+ /* all new files are for the user snort nologin */
+ if (!file_exists('/var/log/snort/alert'))
+ exec('/usr/bin/touch /var/log/snort/alert');
- /* create barnyard2 configuration file */
- if ($value['barnyard_enable'] == 'on')
- create_barnyard2_conf($id, $if_real, $snort_uuid);
- }
- }
+ /* XXX: These are needed if snort is run as snort user
+ mwexec('/usr/sbin/chown -R snort:snort /var/log/snort', true);
+ mwexec('/usr/sbin/chown -R snort:snort /usr/local/etc/snort', true);
+ mwexec('/usr/sbin/chown -R snort:snort /usr/local/lib/snort', true);
+ mwexec('/usr/sbin/chown snort:snort /tmp/snort*', true);
+ mwexec('/usr/sbin/chown snort:snort /var/db/whitelist', true);
+ */
- sync_snort_package();
+ /* important */
+ mwexec('/bin/chmod 770 /var/db/whitelist', true);
+ mwexec('/bin/chmod 770 /var/run/snort*', true);
+ mwexec('/bin/chmod 770 /tmp/snort*', true);
+ mwexec('/bin/chmod -R 770 /var/log/snort', true);
+ mwexec('/bin/chmod -R 770 /usr/local/lib/snort', true);
+ mwexec('/bin/chmod -R 770 /usr/local/etc/snort/', true);
conf_mount_ro();
}
-
/* Start of main config files */
/* create threshold file */
@@ -1226,7 +1024,6 @@ function create_snort_sh()
$snortconf =& $config['installedpackages']['snortglobal']['rule'];
- $snort_sh_text2 = array();
$snort_sh_text3 = array();
$snort_sh_text4 = array();
@@ -1250,8 +1047,8 @@ function create_snort_sh()
#### Fake start only used on bootup and Pfsense IP changes
#### Only try to restart if snort is running on Iface
-if [ "`/bin/ps -auwx | /usr/bin/grep "R {$snort_uuid}" | /usr/bin/grep -v grep | /usr/bin/awk '{print $2;}'`" != "" ]; then
- snort_pid=`/bin/ps -auwx | /usr/bin/grep -v grep | /usr/bin/grep "R {$snort_uuid}" | /usr/bin/awk '{print $2;}'`
+if [ "`/bin/ps -ax | /usr/bin/grep "R {$snort_uuid}" | /usr/bin/grep -v grep | /usr/bin/awk '{print $1;}'`" != "" ]; then
+ snort_pid=`/bin/ps -ax | /usr/bin/grep "R {$snort_uuid}" | /usr/bin/grep -v grep | /usr/bin/awk '{print $1;}'`
/usr/bin/logger -p daemon.info -i -t SnortStartup "Snort already running, soft restart"
#### Restart Iface
@@ -1272,9 +1069,9 @@ EOE;
$snort_sh_text4[] = <<<EOF
-pid_s=`/bin/ps -auwx | /usr/bin/grep "R {$snort_uuid}" | /usr/bin/grep -v grep | /usr/bin/awk '{print \$2;}'`
+pid_s=`/bin/ps -ax | /usr/bin/grep "R {$snort_uuid}" | /usr/bin/grep -v grep | /usr/bin/awk '{print \$1;}'`
sleep 3
-pid_b=`/bin/ps -auwx | /usr/bin/grep "snort_{$snort_uuid}_{$if_real}.u2" | /usr/bin/grep -v grep | /usr/bin/awk '{print \$2;}'`
+pid_b=`/bin/ps -ax | /usr/bin/grep "snort_{$snort_uuid}_{$if_real}.u2" | /usr/bin/grep -v grep | /usr/bin/awk '{print \$1;}'`
if [ \${pid_s} ] ; then
/bin/echo "snort.sh run" > /tmp/snort.sh.pid
@@ -1306,26 +1103,13 @@ EOF;
rc_start() {
/bin/echo "snort.sh run" > /tmp/snort.sh.pid
-
- #### Remake the configs on boot Important!
- /usr/local/bin/php -f /usr/local/pkg/pf/snort_dynamic_ip_reload.php &
- /usr/bin/logger -p daemon.info -i -t SnortStartup "Snort Startup files Sync..."
-
$start_snort_iface_start
-
/bin/rm /tmp/snort.sh.pid
}
rc_stop() {
- #### Check for double starts, Pfsense has problems with that
- if /bin/ls /tmp/snort.sh.pid > /dev/null ; then
- /usr/bin/logger -p daemon.info -i -t SnortStartup "Error: snort.sh IS running"
- exit 0
- fi
-
$start_snort_iface_stop
-
/bin/rm /tmp/snort.sh.pid
/bin/rm /var/run/snort*
@@ -1356,9 +1140,6 @@ EOD;
@chmod("/usr/local/etc/rc.d/snort.sh", 0755);
}
-
-///////////////////////// >>>>>>>>>>>>
-
/* if rules exist copy to new interfaces */
function create_rules_iface($id, $if_real, $snort_uuid)
{
@@ -1368,7 +1149,9 @@ function create_rules_iface($id, $if_real, $snort_uuid)
$folder_chk = (count(glob("{$if_rule_dir}/rules/*")) === 0) ? 'empty' : 'full';
if ($folder_chk == "empty") {
- exec("/bin/cp -R /usr/local/etc/snort/rules {$if_rule_dir}/rules");
+ if (!is_dir("/usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/rules"))
+ exec("/bin/mkdir -p /usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/rules");
+ exec("/bin/cp /usr/local/etc/snort/rules/* {$if_rule_dir}/rules");
if (file_exists("/usr/local/etc/snort/custom_rules/local_{$snort_uuid}_{$if_real}.rules"))
exec("/bin/cp /usr/local/etc/snort/custom_rules/local_{$snort_uuid}_{$if_real}.rules {$if_rule_dir}/local_{$snort_uuid}_{$if_real}.rules");
}
@@ -1417,29 +1200,6 @@ function generate_barnyard2_conf($id, $if_real, $snort_uuid) {
# barnyard2.conf
# barnyard2 can be found at http://www.securixlive.com/barnyard2/index.php
#
-# Copyright (C) 2006 Robert Zelaya
-# part of pfSense
-# All rights reserved.
-#
-# 1. Redistributions of source code must retain the above copyright notice,
-# this list of conditions and the following disclaimer.
-#
-# 2. Redistributions in binary form must reproduce the above copyright
-# notice, this list of conditions and the following disclaimer in the
-# documentation and/or other materials provided with the distribution.
-#
-# THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
-# INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
-# AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
-# AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
-# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
-# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
-# INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
-# CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-# ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
-# POSSIBILITY OF SUCH DAMAGE.
-#
-
# set the appropriate paths to the file(s) your Snort process is using
config reference_file: /usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/reference.config
@@ -2368,125 +2128,6 @@ EOD;
return $snort_conf_text;
}
-/* check downloaded text from snort.org to make sure that an error did not occur
- * for example, if you are not a premium subscriber you can only download rules
- * so often, etc. TO BE: Removed unneeded.
- */
-function check_for_common_errors($filename) {
- global $snort_filename, $snort_filename_md5, $console_mode;
-
- // ob_flush();
- $contents = file_get_contents($filename);
- if (!$contents) {
- if(!$console_mode) {
- update_all_status("An error occured while downloading {$filename}.");
- hide_progress_bar_status();
- } else
- log_error("An error occured. Scroll down to inspect it's contents.");
-
- if (!$console_mode)
- update_output_window(strip_tags("$contents"));
- else {
- $contents = strip_tags($contents);
- log_error("Error downloading snort rules: {$contents}");
- echo "Error downloading snort rules: {$contents}";
- }
-
- scroll_down_to_bottom_of_page();
-
- return;
- }
-}
-
-/* force browser to scroll all the way down */
-function scroll_down_to_bottom_of_page() {
- global $snort_filename, $console_mode;
-
- ob_flush();
- if(!$console_mode)
- echo "\n<script type=\"text/javascript\">parent.scrollTo(0,1500);\n</script>";
-}
-
-/* ensure downloaded file looks sane */
-function verify_downloaded_file($filename) {
- global $snort_filename, $snort_filename_md5, $console_mode;
-
- ob_flush();
- if (filesize($filename) < 9500) {
- if(!$console_mode) {
- update_all_status("Checking {$filename}...");
- check_for_common_errors($filename);
- }
- }
- update_all_status("Verifying {$filename}...");
- if(!file_exists($filename)) {
- if(!$console_mode) {
- update_all_status("Could not fetch snort rules ({$filename}). Check oinkid key and dns and try again.");
- hide_progress_bar_status();
- } else {
- log_error("Could not fetch snort rules ({$filename}). Check oinkid key and dns and try again.");
- echo "Could not fetch snort rules ({$filename}). Check oinkid key and dns and try again.";
- }
- return;
- }
- update_all_status("Verified {$filename}.");
-}
-
-/* extract rules */
-function extract_snort_rules_md5($tmpfname) {
- global $snort_filename, $snort_filename_md5, $console_mode;
-
- ob_flush();
- if(!$console_mode) {
- $static_output = gettext("Extracting snort rules...");
- update_all_status($static_output);
- }
- if(!is_dir("/usr/local/etc/snort/rules/"))
- @mkdir("/usr/local/etc/snort/rules/");
-
- $cmd = "/usr/bin/tar xzf {$tmpfname}/{$snort_filename} -C /usr/local/etc/snort/ rules/";
- $handle = popen("{$cmd} 2>&1", 'r');
- while(!feof($handle)) {
- $buffer = fgets($handle);
- update_output_window($buffer);
- }
- pclose($handle);
-
- if(!$console_mode) {
- $static_output = gettext("Snort rules extracted.");
- update_all_status($static_output);
- } else {
- log_error("Snort rules extracted.");
- echo "Snort rules extracted.";
- }
-}
-
-/* verify MD5 against downloaded item */
-function verify_snort_rules_md5($tmpfname) {
- global $snort_filename, $snort_filename_md5, $console_mode;
-
- ob_flush();
- if(!$console_mode) {
- $static_output = gettext("Verifying md5 signature...");
- update_all_status($static_output);
- }
-
- $md555 = file_get_contents("{$tmpfname}/{$snort_filename_md5}");
- $md5 = `echo "{$md555}" | /usr/bin/awk '{ print $4 }'`;
- $file_md5_ondisk = `/sbin/md5 {$tmpfname}/{$snort_filename} | /usr/bin/awk '{ print $4 }'`;
- if($md5 == $file_md5_ondisk) {
- if(!$console_mode) {
- $static_output = gettext("snort rules: md5 signature of rules mismatch.");
- update_all_status($static_output);
- hide_progress_bar_status();
- } else {
- log_error("snort rules: md5 signature of rules mismatch.");
- echo "snort rules: md5 signature of rules mismatch.";
- }
- return;
- }
-}
-
/* hide progress bar */
function hide_progress_bar_status() {
global $snort_filename, $snort_filename_md5, $console_mode;
@@ -2516,87 +2157,4 @@ function update_all_status($status) {
}
}
-/* obtain alert description for an ip address */
-function get_snort_alert($ip) {
- global $snort_alert_file_split, $snort_config;
-
- if(!file_exists("/var/log/snort/alert"))
- return;
- if(!$snort_config)
- $snort_config = read_snort_config_cache();
- if($snort_config[$ip])
- return $snort_config[$ip];
- if(!$snort_alert_file_split)
- $snort_alert_file_split = split("\n", file_get_contents("/var/log/snort/alert"));
-
- foreach($snort_alert_file_split as $fileline) {
- if (preg_match("/\[\*\*\] (\[.*\]) (.*) (\[\*\*\])/", $fileline, $matches))
- $alert_title = $matches[2];
- if (preg_match("/(\b(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\b)/", $fileline, $matches))
- $alert_ip = $matches[$id];
- if($alert_ip == $ip) {
- if(!$snort_config[$ip])
- $snort_config[$ip] = $alert_title;
-
- return $alert_title;
- }
- }
- return "n/a";
-}
-
-function make_clickable($buffer) {
- global $config, $g;
-
- /* if clickable urls is disabled, simply return buffer back to caller */
- $clickablalerteurls = $config['installedpackages']['snort']['config'][$id]['oinkmastercode'];
- if(!$clickablalerteurls)
- return $buffer;
-
- $buffer = eregi_replace("(^|[ \n\r\t])((http(s?)://)(www\.)?([a-z0-9_-]+(\.[a-z0-9_-]+)+)(/[^/ \n\r]*)*)","\\1<a href=\"\\2\" target=\"_blank\">\\2</a>", $buffer);
- $buffer = eregi_replace("(^|[ \n\r\t])((ftp://)(www\.)?([a-z0-9_-]+(\.[a-z0-9_-]+)+)(/[^/ \n\r]*)*)","\\1<a href=\"\\2\" target=\"_blank\">\\2</a>", $buffer);
- $buffer = eregi_replace("([a-z_-][a-z0-9\._-]*@[a-z0-9_-]+(\.[a-z0-9_-]+)+)","<a href=\"mailto:\\1\">\\1</a>", $buffer);
- $buffer = eregi_replace("(^|[ \n\r\t])(www\.([a-z0-9_-]+(\.[a-z0-9_-]+)+)(/[^/ \n\r]*)*)","\\1<a href=\"http://\\2\" target=\"_blank\">\\2</a>", $buffer);
- $buffer = eregi_replace("(^|[ \n\r\t])(ftp\.([a-z0-9_-]+(\.[a-z0-9_-]+)+)(/[^/ \n\r]*)*)","\\1<a href=\"ftp://\\2\" target=\"_blank\">\\2</a>", $buffer);
-
- return $buffer;
-}
-
-function read_snort_config_cache() {
- global $g, $config, $snort_config;
-
- if($snort_config)
- return $snort_config;
-
- if(file_exists($g['tmp_path'] . '/snort_config.cache'))
- $snort_config = unserialize(file_get_contents($g['tmp_path'] . '/snort_config.cache'));
-
- return $snort_config;
-}
-
-function write_snort_config_cache($snort_config) {
- global $g, $config;
-
- $configcache = fopen($g['tmp_path'] . '/snort_config.cache', "w");
- if(!$configcache) {
- log_error("Could not open {$g['tmp_path']}/snort_config.cache for writing.");
- return false;
- }
- fwrite($configcache, serialize($snort_config));
- fclose($configcache);
-
- return true;
-}
-
-function snort_advanced() {
- global $g, $config;
-
- sync_package_snort();
-}
-
-function snort_define_servers() {
- global $g, $config;
-
- sync_package_snort();
-}
-
?>
diff --git a/config/snort/snort.xml b/config/snort/snort.xml
index c80bf672..2365bbea 100644
--- a/config/snort/snort.xml
+++ b/config/snort/snort.xml
@@ -95,11 +95,6 @@
<item>http://www.pfsense.com/packages/config/snort/bin/oinkmaster_contrib/snort_rename.pl</item>
</additional_files_needed>
<additional_files_needed>
- <prefix>/usr/local/pkg/pf/</prefix>
- <chmod>077</chmod>
- <item>http://www.pfsense.com/packages/config/snort/snort_dynamic_ip_reload.php</item>
- </additional_files_needed>
- <additional_files_needed>
<prefix>/usr/local/www/snort/</prefix>
<chmod>077</chmod>
<item>http://www.pfsense.com/packages/config/snort/snort_alerts.php</item>
@@ -199,7 +194,7 @@
<custom_add_php_command>
</custom_add_php_command>
<custom_php_resync_config_command>
- sync_snort_package();
+ sync_snort_package_config();
</custom_php_resync_config_command>
<custom_php_install_command>
snort_postinstall();
diff --git a/config/snort/snort_barnyard.php b/config/snort/snort_barnyard.php
index c4ac1292..b647c007 100644
--- a/config/snort/snort_barnyard.php
+++ b/config/snort/snort_barnyard.php
@@ -115,7 +115,7 @@ if ($_POST) {
}
write_config();
- sync_snort_package_all($id, $if_real, $snort_uuid);
+ sync_snort_package_config();
/* after click go to this page */
header( 'Expires: Sat, 26 Jul 1997 05:00:00 GMT' );
diff --git a/config/snort/snort_define_servers.php b/config/snort/snort_define_servers.php
index ddb1e378..e3238ef7 100644
--- a/config/snort/snort_define_servers.php
+++ b/config/snort/snort_define_servers.php
@@ -159,7 +159,7 @@ if ($_POST) {
write_config();
- sync_snort_package_all($id, $if_real, $snort_uuid);
+ sync_snort_package_config();
/* after click go to this page */
header( 'Expires: Sat, 26 Jul 1997 05:00:00 GMT' );
diff --git a/config/snort/snort_dynamic_ip_reload.php b/config/snort/snort_dynamic_ip_reload.php
deleted file mode 100644
index 66bc505c..00000000
--- a/config/snort/snort_dynamic_ip_reload.php
+++ /dev/null
@@ -1,45 +0,0 @@
-<?php
-
-/* $Id$ */
-/*
- snort_dynamic_ip_reload.php
- Copyright (C) 2009 Robert Zeleya
- All rights reserved.
-
- Redistribution and use in source and binary forms, with or without
- modification, are permitted provided that the following conditions are met:
-
- 1. Redistributions of source code must retain the above copyright notice,
- this list of conditions and the following disclaimer.
-
- 2. Redistributions in binary form must reproduce the above copyright
- notice, this list of conditions and the following disclaimer in the
- documentation and/or other materials provided with the distribution.
-
- THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
- INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
- AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
- AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
- OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
- SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
- INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
- CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
- POSSIBILITY OF SUCH DAMAGE.
- */
-
-/* NOTE: this file gets included from the pfSense filter.inc plugin process */
-/* NOTE: file location /usr/local/pkg/pf, all files in pf dir get exec on filter reloads */
-
-require_once("/usr/local/pkg/snort/snort.inc");
-
-if (file_exists('/var/run/snort_dynamic_ip_reload.dirty')) {
- exit();
-}
-
-exec('/usr/bin/touch /var/run/snort_dynamic_ip_reload.dirty');
-
-sync_snort_package_config();
-@unlink("/var/run/snort_dynamic_ip_reload.dirty");
-
-?>
diff --git a/config/snort/snort_interfaces.php b/config/snort/snort_interfaces.php
index 39f8eddc..9174c24f 100644
--- a/config/snort/snort_interfaces.php
+++ b/config/snort/snort_interfaces.php
@@ -51,56 +51,13 @@ if (isset($_POST['del_x'])) {
/* delete selected rules */
if (is_array($_POST['rule'])) {
conf_mount_rw();
-
foreach ($_POST['rule'] as $rulei) {
/* convert fake interfaces to real */
$if_real = snort_get_real_interface($a_nat[$rulei]['interface']);
$snort_uuid = $a_nat[$rulei]['uuid'];
- /* cool code to check if any snort is up */
- $snort_up_ck = exec("/bin/ps -auwx | /usr/bin/grep -v grep | /usr/bin/grep snort | /usr/bin/awk '{print \$2;}' | sed 1q");
-
- if ($snort_up_ck != "")
- {
-
- $start_up_pre = exec("/usr/bin/top -a -U snort -u | grep -v grep | grep \"R {$snort_uuid}\" | awk '{print \$1;}'");
- $start_up_s = exec("/usr/bin/top -U snort -u | grep snort | grep {$start_up_pre} | awk '{ print $1; }'");
- $start_up_r = exec("/usr/bin/top -U root -u | grep snort | grep {$start_up_pre} | awk '{ print $1; }'");
-
- $start2_upb_pre = exec("/bin/cat /var/run/barnyard2_{$snort_uuid}_{$if_real}.pid");
- $start2_upb_s = exec("/usr/bin/top -U snort -u | grep barnyard2 | grep {$start2_upb_pre} | awk '{ print $1; }'");
- $start2_upb_r = exec("/usr/bin/top -U root -u | grep barnyard2 | grep {$start2_upb_pre} | awk '{ print $1; }'");
-
-
- if ($start_up_s != "" || $start_up_r != "" || $start2_upb_s != "" || $start2_upb_r != "") {
- /* remove only running instances */
- if ($start_up_s != "") {
- exec("/bin/kill {$start_up_s}");
- exec("/bin/rm /var/run/snort_{$snort_uuid}_{$if_real}*");
- }
-
- if ($start2_upb_s != "") {
- exec("/bin/kill {$start2_upb_s}");
- exec("/bin/rm /var/run/barnyard2_{$snort_uuid}_{$if_real}*");
- }
-
- if ($start_up_r != "") {
- exec("/bin/kill {$start_up_r}");
- exec("/bin/rm /var/run/snort_{$snort_uuid}_{$if_real}*");
- }
-
- if ($start2_upb_r != "") {
- exec("/bin/kill {$start2_upb_r}");
- exec("/bin/rm /var/run/barnyard2_{$snort_uuid}_{$if_real}*");
- }
- }
-
- }
-
- /* for every iface do these steps */
- exec("/bin/rm /var/log/snort/snort.u2_{$snort_uuid}_{$if_real}*");
- exec("/bin/rm -r /usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}");
+ Running_Stop($snort_uuid,$if_real, $rulei);
unset($a_nat[$rulei]);
}
@@ -110,15 +67,15 @@ if (isset($_POST['del_x'])) {
sleep(2);
/* if there are no ifaces do not create snort.sh */
- if (isset($config['installedpackages']['snortglobal']['rule'][0]['enable'])) {
+ if (!empty($config['installedpackages']['snortglobal']['rule']))
create_snort_sh();
- }else{
+ else {
conf_mount_rw();
exec('/bin/rm /usr/local/etc/rc.d/snort.sh');
conf_mount_ro();
}
- sync_snort_package_empty();
+ sync_snort_package_config();
header( 'Expires: Sat, 26 Jul 1997 05:00:00 GMT' );
header( 'Last-Modified: ' . gmdate( 'D, d M Y H:i:s' ) . ' GMT' );
@@ -141,15 +98,11 @@ if ($_GET['act'] == 'toggle' && is_numeric($id)) {
/* Log Iface stop */
exec("/usr/bin/logger -p daemon.info -i -t SnortStartup 'Toggle for {$snort_uuid}_{$if_real}...'");
- sync_snort_package_all($id, $if_real, $snort_uuid);
+ sync_snort_package_config();
$tester2 = Running_Ck($snort_uuid, $if_real, $id);
if ($tester2 == 'yes') {
-
- /* Log Iface stop */
- exec("/usr/bin/logger -p daemon.info -i -t SnortStartup '{$tester2} yn for {$snort_uuid}_{$if_real}...'");
-
Running_Stop($snort_uuid, $if_real, $id);
header( 'Expires: Sat, 26 Jul 1997 05:00:00 GMT' );
@@ -158,8 +111,7 @@ if ($_GET['act'] == 'toggle' && is_numeric($id)) {
header( 'Cache-Control: post-check=0, pre-check=0', false );
header( 'Pragma: no-cache' );
- }else{
-
+ } else {
Running_Start($snort_uuid, $if_real, $id);
header( 'Expires: Sat, 26 Jul 1997 05:00:00 GMT' );
diff --git a/config/snort/snort_interfaces_edit.php b/config/snort/snort_interfaces_edit.php
index c843a3f7..b1a091e7 100644
--- a/config/snort/snort_interfaces_edit.php
+++ b/config/snort/snort_interfaces_edit.php
@@ -284,7 +284,7 @@ if (isset($_GET['dup']))
write_config();
- sync_snort_package_all($id, $if_real, $snort_uuid);
+ sync_snort_package_config();
sleep(1);
/* if snort.sh crashed this will remove the pid */
@@ -295,7 +295,7 @@ if (isset($_GET['dup']))
header( 'Cache-Control: no-store, no-cache, must-revalidate' );
header( 'Cache-Control: post-check=0, pre-check=0', false );
header( 'Pragma: no-cache' );
- header("Location: /snort/snort_interfaces_edit.php?id=$id");
+ header("Location: /snort/snort_interfaces.php");
exit;
}
@@ -303,7 +303,7 @@ if (isset($_GET['dup']))
if ($_POST["Submit2"]) {
- sync_snort_package_all($id, $if_real, $snort_uuid);
+ sync_snort_package_config();
sleep(1);
Running_Start($snort_uuid, $if_real, $id);
@@ -317,35 +317,6 @@ if (isset($_GET['dup']))
exit;
}
- if ($_POST["Submit3"])
- {
-
- Running_Stop($snort_uuid, $if_real, $id);
-
- header( 'Expires: Sat, 26 Jul 1997 05:00:00 GMT' );
- header( 'Last-Modified: ' . gmdate( 'D, d M Y H:i:s' ) . ' GMT' );
- header( 'Cache-Control: no-store, no-cache, must-revalidate' );
- header( 'Cache-Control: post-check=0, pre-check=0', false );
- header( 'Pragma: no-cache' );
- header("Location: /snort/snort_interfaces_edit.php?id=$id");
- exit;
-
- }
-
- /* This code needs to be below headers */
- if (isset($config['installedpackages']['snortglobal']['rule'][$id]['interface']))
- {
-
- $snort_up_ck2_info = Running_Ck($snort_uuid, $if_real, $id);
-
- if ($snort_up_ck2_info == 'no')
- $snort_up_ck = '<input name="Submit2" type="submit" class="formbtn" value="Start" onClick="enable_change(true)">';
- else
- $snort_up_ck = '<input name="Submit3" type="submit" class="formbtn" value="Stop" onClick="enable_change(true)">';
- } else
- $snort_up_ck = '';
-
-
$pgtitle = "Snort: Interface Edit: $id $snort_uuid $if_real";
include_once("head.inc");
@@ -694,7 +665,6 @@ function enable_change(enable_change) {
<tr>
<td width="22%" valign="top"></td>
<td width="78%"><input name="Submit" type="submit" class="formbtn" value="Save">
- <?php echo $snort_up_ck; ?>
<?php if (isset($id) && $a_nat[$id]): ?>
<input name="id" type="hidden" value="<?=$id;?>">
<?php endif; ?></td>
diff --git a/config/snort/snort_interfaces_global.php b/config/snort/snort_interfaces_global.php
index 9a47bb24..57fec1f1 100644
--- a/config/snort/snort_interfaces_global.php
+++ b/config/snort/snort_interfaces_global.php
@@ -103,7 +103,7 @@ if (!$input_errors) {
write_config();
/* create whitelist and homenet file then sync files */
- sync_snort_package_empty();
+ sync_snort_package_config();
/* forces page to reload new settings */
header( 'Expires: Sat, 26 Jul 1997 05:00:00 GMT' );
diff --git a/config/snort/snort_interfaces_whitelist_edit.php b/config/snort/snort_interfaces_whitelist_edit.php
index 03ba1df8..fe3c54a5 100644
--- a/config/snort/snort_interfaces_whitelist_edit.php
+++ b/config/snort/snort_interfaces_whitelist_edit.php
@@ -184,7 +184,7 @@ if ($_POST['submit']) {
write_config();
/* create whitelist and homenet file then sync files */
- sync_snort_package_empty();
+ sync_snort_package_config();
header("Location: /snort/snort_interfaces_whitelist.php");
exit;
diff --git a/config/snort/snort_preprocessors.php b/config/snort/snort_preprocessors.php
index c5c7a4a8..7f89d433 100644
--- a/config/snort/snort_preprocessors.php
+++ b/config/snort/snort_preprocessors.php
@@ -113,7 +113,7 @@ if ($_POST) {
write_config();
$if_real = snort_get_real_interface($pconfig['interface']);
- sync_snort_package_all($id, $if_real, $snort_uuid);
+ sync_snort_package_config();
/* after click go to this page */
header( 'Expires: Sat, 26 Jul 1997 05:00:00 GMT' );
diff --git a/config/snort/snort_rules.php b/config/snort/snort_rules.php
index 2aa49865..871eb39e 100644
--- a/config/snort/snort_rules.php
+++ b/config/snort/snort_rules.php
@@ -157,7 +157,7 @@ while (false !== ($filename = readdir($dh)))
//only populate this array if its a rule file
$isrulefile = strstr($filename, ".rules");
if ($isrulefile !== false)
- $files[] = $filename;
+ $files[] = basename($filename);
}
sort($files);
diff --git a/config/snort/snort_rulesets.php b/config/snort/snort_rulesets.php
index e0bdd882..e4577818 100644
--- a/config/snort/snort_rulesets.php
+++ b/config/snort/snort_rulesets.php
@@ -136,20 +136,14 @@ $d_snortconfdirty_path = "/var/run/snort_conf_{$iface_uuid}_{$if_real}.dirty";
if ($_POST["Submit"]) {
$enabled_items = "";
$isfirst = true;
- if (is_array($_POST['toenable'])) {
- foreach($_POST['toenable'] as $toenable) {
- if(!$isfirst)
- $enabled_items .= "||";
- $enabled_items .= "{$toenable}";
- $isfirst = false;
- }
- }else{
+ if (is_array($_POST['toenable']))
+ $enabled_items = implode("||", $_POST['toenable']);
+ else
$enabled_items = $_POST['toenable'];
- }
$a_nat[$id]['rulesets'] = $enabled_items;
write_config();
- sync_snort_package_all($id, $if_real, $iface_uuid);
+ sync_snort_package_config();
header( 'Expires: Sat, 26 Jul 1997 05:00:00 GMT' );
header( 'Last-Modified: ' . gmdate( 'D, d M Y H:i:s' ) . ' GMT' );
@@ -256,7 +250,7 @@ if (file_exists($d_snortconfdirty_path)) {
$dir = "/usr/local/etc/snort/snort_{$iface_uuid}_{$if_real}/rules/";
$dh = opendir($dir);
while (false !== ($filename = readdir($dh))) {
- $files[] = $filename;
+ $files[] = basename($filename);
}
sort($files);
foreach($files as $file) {