diff options
author | robiscool <robrob2626@yahoo.com> | 2009-06-07 01:23:38 -0700 |
---|---|---|
committer | robiscool <robrob2626@yahoo.com> | 2009-06-07 01:24:19 -0700 |
commit | 220458488aaab40e21255abbdc6cb4d1308dd1de (patch) | |
tree | d44c874013667f8d4d40c201408704f1846840cb /config/snort | |
parent | eb5f77e60fb94c2d8fbc15bf8f7d559efb1d1aca (diff) | |
download | pfsense-packages-220458488aaab40e21255abbdc6cb4d1308dd1de.tar.gz pfsense-packages-220458488aaab40e21255abbdc6cb4d1308dd1de.tar.bz2 pfsense-packages-220458488aaab40e21255abbdc6cb4d1308dd1de.zip |
added shared object rules from private companies, improved rule extraction, fix and old snort double start error
Diffstat (limited to 'config/snort')
-rw-r--r-- | config/snort/snort.xml | 11 | ||||
-rw-r--r-- | config/snort/snort_download_rules.php | 88 | ||||
-rw-r--r-- | config/snort/snort_rulesets.php | 2 |
3 files changed, 81 insertions, 20 deletions
diff --git a/config/snort/snort.xml b/config/snort/snort.xml index e9a8c87d..14165e62 100644 --- a/config/snort/snort.xml +++ b/config/snort/snort.xml @@ -46,8 +46,8 @@ <requirements>Describe your package requirements here</requirements> <faq>Currently there are no FAQ items provided.</faq> <name>Snort</name> - <version>2.8.4</version> - <title>Services: Snort</title> + <version>2.8.4.1</version> + <title>Services: Snort 2.8.4.1 pkg v. 1.0</title> <include_file>/usr/local/pkg/snort.inc</include_file> <menu> <name>Snort</name> @@ -258,9 +258,14 @@ <description>Checking this option will automatically sync the snort configuration via XMLRPC to CARP cluster members.</description> <type>checkbox</type> </field> + <field> + <fielddescr>Snort signature info files.</fielddescr> + <fieldname>signatureinfo</fieldname> + <description>15,000 snort alert info summary files. At leats a 1GHz system requierment</description> + <type>checkbox</type> + </field> </fields> <custom_add_php_command> - sync_package_snort(); </custom_add_php_command> <custom_php_resync_config_command> sync_package_snort(); diff --git a/config/snort/snort_download_rules.php b/config/snort/snort_download_rules.php index 78bbf232..e508252e 100644 --- a/config/snort/snort_download_rules.php +++ b/config/snort/snort_download_rules.php @@ -180,8 +180,8 @@ if (file_exists("{$tmpfname}/{$snort_filename_md5}")) { } else { update_status(gettext("Downloading md5 file...")); ini_set('user_agent','Mozilla/4.0 (compatible; MSIE 6.0)'); - $image = @file_get_contents("http://dl.snort.org/{$premium_url}/snortrules-snapshot-2.8{$premium_subscriber}.tar.gz.md5?oink_code={$oinkid}"); -// $image = @file_get_contents("http://www.mtest.local/pub-bin/oinkmaster.cgi/{$oinkid}/snortrules-snapshot-2.8{$premium_subscriber}.tar.gz.md5"); +// $image = @file_get_contents("http://dl.snort.org/{$premium_url}/snortrules-snapshot-2.8{$premium_subscriber}.tar.gz.md5?oink_code={$oinkid}"); + $image = @file_get_contents("http://www.mtest.local/pub-bin/oinkmaster.cgi/{$oinkid}/snortrules-snapshot-2.8{$premium_subscriber}.tar.gz.md5"); $f = fopen("{$tmpfname}/snortrules-snapshot-2.8.tar.gz.md5", 'w'); fwrite($f, $image); fclose($f); @@ -235,8 +235,8 @@ if (file_exists("{$tmpfname}/{$snort_filename}")) { } else { update_status(gettext("There is a new set of Snort rules posted. Downloading...")); update_output_window(gettext("May take 4 to 10 min...")); -// download_file_with_progress_bar("http://www.mtest.local/pub-bin/oinkmaster.cgi/{$oinkid}/snortrules-snapshot-2.8{$premium_subscriber}.tar.gz", $tmpfname . "/{$snort_filename}", "read_body_firmware"); - download_file_with_progress_bar("http://dl.snort.org/{$premium_url}/snortrules-snapshot-2.8{$premium_subscriber}.tar.gz?oink_code={$oinkid}", $tmpfname . "/{$snort_filename}", "read_body_firmware"); + download_file_with_progress_bar("http://www.mtest.local/pub-bin/oinkmaster.cgi/{$oinkid}/snortrules-snapshot-2.8{$premium_subscriber}.tar.gz", $tmpfname . "/{$snort_filename}", "read_body_firmware"); +// download_file_with_progress_bar("http://dl.snort.org/{$premium_url}/snortrules-snapshot-2.8{$premium_subscriber}.tar.gz?oink_code={$oinkid}", $tmpfname . "/{$snort_filename}", "read_body_firmware"); update_all_status($static_output); update_status(gettext("Done downloading rules file.")); } @@ -270,27 +270,53 @@ $file_md5_ondisk2 = `/sbin/md5 {$tmpfname}/{$snort_filename} | /usr/bin/awk '{ p } } -/* Untar snort rules file */ +/* Untar snort rules file individually to help people with low system specs */ if (file_exists("{$tmpfname}/$snort_filename")) { update_status(gettext("Extracting rules...")); update_output_window(gettext("May take a while...")); - exec("/usr/bin/tar xzf {$tmpfname}/{$snort_filename} -C {$tmpfname}"); - update_status(gettext("Done extracting.")); + exec("/usr/bin/tar xzf {$tmpfname}/{$snort_filename} -C {$tmpfname} rules/"); + exec("/usr/bin/tar xzf {$tmpfname}/{$snort_filename} -C {$tmpfname} etc/"); + exec("`/usr/bin/tar xzf {$tmpfname}/{$snort_filename} -C {$tmpfname} so_rules/precompiled/FreeBSD-7.0/i386/2.8.4/*`"); + exec("/usr/bin/tar xzf {$tmpfname}/{$snort_filename} -C {$tmpfname} so_rules/bad-traffic.rules/"); + exec("/usr/bin/tar xzf {$tmpfname}/{$snort_filename} -C {$tmpfname} so_rules/chat.rules/"); + exec("/usr/bin/tar xzf {$tmpfname}/{$snort_filename} -C {$tmpfname} so_rules/dos.rules/"); + exec("/usr/bin/tar xzf {$tmpfname}/{$snort_filename} -C {$tmpfname} so_rules/exploit.rules/"); + exec("/usr/bin/tar xzf {$tmpfname}/{$snort_filename} -C {$tmpfname} so_rules/imap.rules/"); + exec("/usr/bin/tar xzf {$tmpfname}/{$snort_filename} -C {$tmpfname} so_rules/misc.rules/"); + exec("/usr/bin/tar xzf {$tmpfname}/{$snort_filename} -C {$tmpfname} so_rules/multimedia.rules/"); + exec("/usr/bin/tar xzf {$tmpfname}/{$snort_filename} -C {$tmpfname} so_rules/netbios.rules/"); + exec("/usr/bin/tar xzf {$tmpfname}/{$snort_filename} -C {$tmpfname} so_rules/nntp.rules/"); + exec("/usr/bin/tar xzf {$tmpfname}/{$snort_filename} -C {$tmpfname} so_rules/p2p.rules/"); + exec("/usr/bin/tar xzf {$tmpfname}/{$snort_filename} -C {$tmpfname} so_rules/smtp.rules/"); + exec("/usr/bin/tar xzf {$tmpfname}/{$snort_filename} -C {$tmpfname} so_rules/sql.rules/"); + exec("/usr/bin/tar xzf {$tmpfname}/{$snort_filename} -C {$tmpfname} so_rules/web-client.rules/"); + exec("/usr/bin/tar xzf {$tmpfname}/{$snort_filename} -C {$tmpfname} so_rules/web-misc.rules/"); + update_status(gettext("Done extracting Rules.")); } else { update_status(gettext("The Download rules file missing...")); update_output_window(gettext("Error rules extracting failed...")); exit(0); } +$signature_info_chk = $config['installedpackages']['snort']['config'][0]['signatureinfo']; +if ($premium_url_chk == on) { + update_status(gettext("Extracting Signatures...")); + update_output_window(gettext("May take a while...")); + exec("/usr/bin/tar xzf {$tmpfname}/{$snort_filename} -C {$tmpfname} doc/signatures/"); + update_status(gettext("Done extracting Signatures.")); +} -/* Making Snort Directory */ +/* Making Cleaning Snort Directory */ if (file_exists("{$snortdir}")) { - update_status(gettext("Directory rules exists...")); - update_output_window(gettext("Directory rules exists...")); + update_status(gettext("Cleaning the snort Directory...")); + update_output_window(gettext("removing...")); + exec("/bin/rm -r {$snortdir}/*"); + exec("/bin/rm -r /usr/local/lib/snort/dynamicrules/*"); } else { update_status(gettext("Making Snort Directory...")); update_output_window(gettext("should be fast...")); exec("/bin/mkdir {$snortdir}"); + exec("/bin/rm -r /usr/local/lib/snort/dynamicrules/*"); update_status(gettext("Done making snort direcory.")); } @@ -298,13 +324,13 @@ if (file_exists("{$snortdir}")) { if (file_exists("{$tmpfname}/rules")) { update_status(gettext("Copying rules...")); update_output_window(gettext("May take a while...")); - exec("/bin/cp -r {$tmpfname}/rules {$snortdir}/rules"); + exec("/bin/mv -f {$tmpfname}/rules {$snortdir}/rules"); update_status(gettext("Done copping rules.")); /* Write out time of last sucsessful rule install catch */ $config['installedpackages']['snort']['last_rules_install'] = date("Y-M-jS-h:i-A"); write_config(); } else { - update_status(gettext("Directory rules exists...")); + update_status(gettext("Directory rules does not exists...")); update_output_window(gettext("Error copping rules direcory...")); exit(0); } @@ -314,7 +340,7 @@ if (file_exists("{$tmpfname}/$snort_filename_md5")) { update_status(gettext("Copying md5 sig to snort directory...")); exec("/bin/cp {$tmpfname}/$snort_filename_md5 {$snortdir}/$snort_filename_md5"); } else { - update_status(gettext("The md5 file exists...")); + update_status(gettext("The md5 file does not exist...")); update_output_window(gettext("Error copping config...")); exit(0); } @@ -324,23 +350,53 @@ if (file_exists("{$tmpfname}/etc/Makefile.am")) { update_status(gettext("Copying configs to snort directory...")); exec("/bin/cp {$tmpfname}/etc/* {$snortdir}"); } else { - update_status(gettext("The snort configs exists...")); + update_status(gettext("The snort configs does not exist...")); update_output_window(gettext("Error copping config...")); exit(0); } /* Copy signatures dir to snort dir */ +$signature_info_chk = $config['installedpackages']['snort']['config'][0]['signatureinfo']; +if ($premium_url_chk == on) { if (file_exists("{$tmpfname}/doc/signatures")) { update_status(gettext("Copying signatures...")); update_output_window(gettext("May take a while...")); - exec("/bin/cp -r {$tmpfname}/doc/signatures {$snortdir}/signatures"); + exec("/bin/mv -f {$tmpfname}/doc/signatures {$snortdir}/signatures"); update_status(gettext("Done copying signatures.")); } else { - update_status(gettext("Directory signatures exists...")); + update_status(gettext("Directory signatures exist...")); update_output_window(gettext("Error copping signature...")); exit(0); + } +} + +/* Copy so_rules dir to snort lib dir */ +if (file_exists("{$tmpfname}/so_rules/precompiled/FreeBSD-7.0/i386/2.8.4/")) { + update_status(gettext("Copying so_rules...")); + update_output_window(gettext("May take a while...")); + exec("`/bin/cp -f {$tmpfname}/so_rules/precompiled/FreeBSD-7.0/i386/2.8.4/* /usr/local/lib/snort/dynamicrules/`"); + exec("/bin/cp {$tmpfname}/so_rules/bad-traffic.rules {$snortdir}/rules/bad-traffic.so.rules"); + exec("/bin/cp {$tmpfname}/so_rules/chat.rules {$snortdir}/rules/chat.so.rules"); + exec("/bin/cp {$tmpfname}/so_rules/dos.rules {$snortdir}/rules/dos.so.rules"); + exec("/bin/cp {$tmpfname}/so_rules/exploit.rules {$snortdir}/rules/exploit.so.rules"); + exec("/bin/cp {$tmpfname}/so_rules/imap.rules {$snortdir}/rules/imap.so.rules"); + exec("/bin/cp {$tmpfname}/so_rules/misc.rules {$snortdir}/rules/misc.so.rules"); + exec("/bin/cp {$tmpfname}/so_rules/multimedia.rules {$snortdir}/rules/multimedia.so.rules"); + exec("/bin/cp {$tmpfname}/so_rules/netbios.rules {$snortdir}/rules/netbios.so.rules"); + exec("/bin/cp {$tmpfname}/so_rules/nntp.rules {$snortdir}/rules/nntp.so.rules"); + exec("/bin/cp {$tmpfname}/so_rules/p2p.rules {$snortdir}/rules/p2p.so.rules"); + exec("/bin/cp {$tmpfname}/so_rules/smtp.rules {$snortdir}/rules/smtp.so.rules"); + exec("/bin/cp {$tmpfname}/so_rules/sql.rules {$snortdir}/rules/sql.so.rules"); + exec("/bin/cp {$tmpfname}/so_rules/web-client.rules {$snortdir}/rules/web-client.so.rules"); + exec("/bin/cp {$tmpfname}/so_rules/web.misc.rules {$snortdir}/rules/web.misc.so.rules"); + update_status(gettext("Done copying so_rules.")); +} else { + update_status(gettext("Directory so_rules does not exist...")); + update_output_window(gettext("Error copping so_rules...")); + exit(0); } + /* php code finish */ update_status(gettext("Rules update finished...")); update_output_window(gettext("You may start Snort now finnal.")); diff --git a/config/snort/snort_rulesets.php b/config/snort/snort_rulesets.php index 3d2e9ab4..527dc712 100644 --- a/config/snort/snort_rulesets.php +++ b/config/snort/snort_rulesets.php @@ -99,7 +99,7 @@ if(!$pgtitle_output) <table id="sortabletable1" class="sortable" width="100%" border="0" cellpadding="0" cellspacing="0"> <tr id="frheader"> <td width="5%" class="listhdrr">Enabled</td> - <td class="listhdrr">Ruleset</td> + <td class="listhdrr">Ruleset: Rules that end with "so.rules" are shared object rules.</td> <!-- <td class="listhdrr">Description</td> --> </tr> <?php |