aboutsummaryrefslogtreecommitdiffstats
path: root/config/snort
diff options
context:
space:
mode:
authorbmeeks8 <bmeeks8@bellsouth.net>2013-05-24 17:38:23 -0400
committerbmeeks8 <bmeeks8@bellsouth.net>2013-05-24 17:38:23 -0400
commit31deb6977663ee773e05bfc6110c1035a7a3ef30 (patch)
treed338b026796d7e7d1eb7e5bdbda88b4851c3e0de /config/snort
parent2f8ce2e2fc4cf3dee7352b8d2344b23ad8b65502 (diff)
downloadpfsense-packages-31deb6977663ee773e05bfc6110c1035a7a3ef30.tar.gz
pfsense-packages-31deb6977663ee773e05bfc6110c1035a7a3ef30.tar.bz2
pfsense-packages-31deb6977663ee773e05bfc6110c1035a7a3ef30.zip
Swap rule download URL to current one and drop old CGI URL.
Diffstat (limited to 'config/snort')
-rwxr-xr-xconfig/snort/snort_check_for_rule_updates.php131
1 files changed, 53 insertions, 78 deletions
diff --git a/config/snort/snort_check_for_rule_updates.php b/config/snort/snort_check_for_rule_updates.php
index b825b329..296d4d40 100755
--- a/config/snort/snort_check_for_rule_updates.php
+++ b/config/snort/snort_check_for_rule_updates.php
@@ -60,7 +60,9 @@ $tmpfname = "{$snortdir}/tmp/snort_rules_up";
/* Snort VRT rules files and URL */
$snort_filename_md5 = "{$snort_rules_file}.md5";
$snort_filename = "{$snort_rules_file}";
-$snort_rule_url = "http://www.snort.org/pub-bin/oinkmaster.cgi/{$oinkid}/";
+//$snort_rule_url = "http://www.snort.org/pub-bin/oinkmaster.cgi/{$oinkid}/";
+/* Use current Sourcefire VRT download URL and abandon the old CGI one */
+$snort_rule_url = "https://www.snort.org/reg-rules/";
/* Emerging Threats rules MD5 file */
$emergingthreats_filename_md5 = "{$emergingthreats_filename}.md5";
@@ -149,45 +151,29 @@ if ($snortdownload == 'on') {
if ($pkg_interface <> "console")
update_status(gettext("Downloading Snort VRT md5 file..."));
error_log(gettext("\tDownloading Snort VRT md5 file...\n"), 3, $snort_rules_upd_log);
- $max_tries = 4;
- $rc = true;
- while ($max_tries > 0) {
- $rc = snort_download_file_url("{$snort_rule_url}{$snort_filename_md5}", "{$tmpfname}/{$snort_filename_md5}");
- if ($rc === true)
- break;
- else {
- /* If "forbidden" error, no need to retry so just exit */
- if ($rc == 403)
- break;
- $max_tries--;
- if ($max_tries > 0) {
- if ($pkg_interface <> "console")
- update_status(gettext("Server returned error code {$rc} ... retrying in 15 seconds..."));
- sleep(15);
- }
- continue;
- }
- }
- log_error("[Snort] Snort MD5 Attempts: " . (4 - $max_tries + 1));
+ $rc = snort_download_file_url("{$snort_rule_url}{$snort_filename_md5}/{$oinkid}/", "{$tmpfname}/{$snort_filename_md5}");
if ($rc === true) {
if ($pkg_interface <> "console")
update_status(gettext("Done downloading snort.org md5."));
error_log("\tChecking Snort VRT md5 file...\n", 3, $snort_rules_upd_log);
}
else {
- if ($rc == 403)
- $snort_err_msg = gettext("Too many attempts or Oinkcode not authorized for this level or version.");
+ if ($rc == 403) {
+ $snort_err_msg = gettext("Too many attempts or Oinkcode not authorized for this Snort version.\n");
+ $snort_err_msg .= gettext("\tFree Registered Users may download Snort VRT Rules once every 15 minutes.\n");
+ }
else
$snort_err_msg = gettext("Server returned error code {$rc}.");
if ($pkg_interface <> "console") {
- update_status(gettext("Snort VRT md5 error ... {$snort_err_msg}..."));
- update_output_window(gettext("Server returned error '{$last_curl_error}'.\nYou may download Snort VRT Rules once every 15 minutes."));
+ update_status(gettext("Snort VRT md5 error ... Server returned error code {$rc} ..."));
+ update_output_window(gettext("Server error msg: '{$last_curl_error}'"));
}
- log_error(gettext("[Snort] Snort VRT md5 download failed. {$snort_err_msg}..."));
- log_error(gettext("[Snort] Download server returned error '{$last_curl_error}' ..."));
+ log_error(gettext("[Snort] Snort VRT md5 download failed..."));
+ log_error(gettext("[Snort] Server returned error '{$last_curl_error}' ..."));
+ error_log(gettext("\tSnort VRT md5 download failed.\n"), 3, $snort_rules_upd_log);
+ error_log(gettext("\t{$snort_err_msg}\n"), 3, $snort_rules_upd_log);
+ error_log(gettext("\tServer error message was '{$last_curl_error}'\n"), 3, $snort_rules_upd_log);
$snortdownload = 'off';
- error_log(gettext("\tSnort VRT md5 download failed. {$snort_err_msg}\n"), 3, $snort_rules_upd_log);
- error_log(gettext("\tDownload server error is '{$last_curl_error}'\n"), 3, $snort_rules_upd_log);
}
}
@@ -212,38 +198,10 @@ if ($snortdownload == 'on') {
update_status(gettext("There is a new set of Snort VRT rules posted. Downloading..."));
log_error(gettext("[Snort] There is a new set of Snort VRT rules posted. Downloading..."));
error_log(gettext("\tThere is a new set of Snort VRT rules posted. Downloading...\n"), 3, $snort_rules_upd_log);
- $max_tries = 4;
- $rc = true;
- while ($max_tries > 0) {
- $rc = snort_download_file_url("{$snort_rule_url}{$snort_filename}", "{$tmpfname}/{$snort_filename}");
- if ($rc === true)
- break;
- else {
- if ($rc >= 500 || $rc === false) {
- $max_tries--;
- if ($max_tries > 0) {
- if ($pkg_interface <> "console")
- update_status(gettext("Server returned error code {$rc} ... retrying in 15 seconds..."));
- sleep(15);
- }
- continue;
- }
- else {
- if ($pkg_interface <> "console") {
- update_status(gettext("Server returned error code {$rc} ... try again in 15 minutes..."));
- update_output_window(gettext("Server returned error '{$last_curl_error}'.\nTry again in 15 minutes."));
- }
- log_error(gettext("[Snort] Server returned error code {$rc} ... try again in 15 minutes..."));
- error_log(gettext("\tThe server returned error '{$rc}' ... try again in 15 minutes\n"), 3, $snort_rules_upd_log);
- error_log(gettext("\tThe error text is '{$last_curl_error}'\n"), 3, $snort_rules_upd_log);
- break;
- }
- }
- }
+ $rc = snort_download_file_url("{$snort_rule_url}{$snort_filename}/{$oinkid}/", "{$tmpfname}/{$snort_filename}");
if ($rc === true) {
if ($pkg_interface <> "console")
update_status(gettext("Done downloading Snort VRT rules file."));
- log_error("[Snort] Snort VRT Rules Attempts: " . (4 - $max_tries + 1));
error_log(gettext("\tDone downloading rules file.\n"),3, $snort_rules_upd_log);
if (trim(file_get_contents("{$tmpfname}/{$snort_filename_md5}")) != trim(md5_file("{$tmpfname}/{$snort_filename}"))){
if ($pkg_interface <> "console")
@@ -261,12 +219,12 @@ if ($snortdownload == 'on') {
if ($pkg_interface <> "console")
update_output_window(gettext("Snort VRT rules file download failed..."));
log_error(gettext("[Snort] Snort VRT rules file download failed... server returned error {$rc}..."));
+ log_error(gettext("[Snort] The error text was '{$last_curl_error}' ..."));
error_log(gettext("\tSnort VRT rules file download failed. Server returned error {$rc}.\n"), 3, $snort_rules_upd_log);
- error_log(gettext("\tThe error text is '{$last_curl_error}'\n"), 3, $snort_rules_upd_log);
+ error_log(gettext("\tThe error text was '{$last_curl_error}'\n"), 3, $snort_rules_upd_log);
error_log(gettext("\tSnort VRT rules will not be updated.\n"), 3, $snort_rules_upd_log);
$snortdownload = 'off';
}
-
}
/* download md5 sig from Snort GPLv2 Community Rules */
@@ -301,7 +259,6 @@ if ($snortcommunityrules == 'on') {
error_log(gettext("\tSnort GPLv2 Community Rules will not be updated.\n"), 3, $snort_rules_upd_log);
$snortcommunityrules = 'off';
}
-
}
/* download Snort GPLv2 Community rules file */
@@ -348,8 +305,10 @@ if ($snortcommunityrules == "on") {
if ($snortcommunityrules == 'on') {
safe_mkdir("{$snortdir}/tmp/community");
if (file_exists("{$tmpfname}/{$snort_community_rules_filename}")) {
- if ($pkg_interface <> "console")
+ if ($pkg_interface <> "console") {
update_status(gettext("Extracting Snort GPLv2 Community Rules..."));
+ update_output_window(gettext("Installing Snort GPLv2 Community Rules..."));
+ }
error_log(gettext("\tExtracting and installing Snort GPLv2 Community Rules...\n"), 3, $snort_rules_upd_log);
exec("/usr/bin/tar xzf {$tmpfname}/{$snort_community_rules_filename} -C {$snortdir}/tmp/community/");
@@ -369,8 +328,10 @@ if ($snortcommunityrules == 'on') {
update_status(gettext("Copying md5 signature to snort directory..."));
@copy("{$tmpfname}/{$snort_community_rules_filename_md5}", "{$snortdir}/{$snort_community_rules_filename_md5}");
}
- if ($pkg_interface <> "console")
+ if ($pkg_interface <> "console") {
update_status(gettext("Extraction of Snort GPLv2 Community Rules completed..."));
+ update_output_window(gettext("Installation of Snort GPLv2 Community Rules file completed..."));
+ }
error_log(gettext("\tInstallation of Snort GPLv2 Community Rules completed.\n"), 3, $snort_rules_upd_log);
exec("rm -r {$snortdir}/tmp/community");
}
@@ -463,8 +424,10 @@ if ($emergingthreats == "on") {
if ($emergingthreats == 'on') {
safe_mkdir("{$snortdir}/tmp/emerging");
if (file_exists("{$tmpfname}/{$emergingthreats_filename}")) {
- if ($pkg_interface <> "console")
+ if ($pkg_interface <> "console") {
update_status(gettext("Extracting EmergingThreats.org rules..."));
+ update_output_window(gettext("Installing EmergingThreats rules..."));
+ }
error_log(gettext("\tExtracting and installing EmergingThreats.org rules...\n"), 3, $snort_rules_upd_log);
exec("/usr/bin/tar xzf {$tmpfname}/{$emergingthreats_filename} -C {$snortdir}/tmp/emerging rules/");
@@ -491,8 +454,10 @@ if ($emergingthreats == 'on') {
update_status(gettext("Copying md5 signature to snort directory..."));
@copy("{$tmpfname}/{$emergingthreats_filename_md5}", "{$snortdir}/{$emergingthreats_filename_md5}");
}
- if ($pkg_interface <> "console")
+ if ($pkg_interface <> "console") {
update_status(gettext("Extraction of EmergingThreats.org rules completed..."));
+ update_output_window(gettext("Installation of EmergingThreats rules completed..."));
+ }
error_log(gettext("\tInstallation of EmergingThreats.org rules completed.\n"), 3, $snort_rules_upd_log);
exec("rm -r {$snortdir}/tmp/emerging");
}
@@ -501,15 +466,16 @@ if ($emergingthreats == 'on') {
/* Untar snort rules file individually to help people with low system specs */
if ($snortdownload == 'on') {
if (file_exists("{$tmpfname}/{$snort_filename}")) {
-
/* Currently, only FreeBSD-8-1 and FreeBSD-9-0 precompiled SO rules exist from Snort.org */
/* Default to FreeBSD 8.1, and then test for FreeBSD 9.x */
$freebsd_version_so = 'FreeBSD-8-1';
if (substr(php_uname("r"), 0, 1) == '9')
$freebsd_version_so = 'FreeBSD-9-0';
- if ($pkg_interface <> "console")
+ if ($pkg_interface <> "console") {
update_status(gettext("Extracting Snort VRT rules..."));
+ update_output_window(gettext("Installing Sourcefire VRT rules..."));
+ }
error_log(gettext("\tExtracting and installing Snort VRT rules...\n"), 3, $snort_rules_upd_log);
/* extract snort.org rules and add prefix to all snort.org files */
safe_mkdir("{$snortdir}/tmp/snortrules");
@@ -526,10 +492,11 @@ if ($snortdownload == 'on') {
@copy($file, "{$snortdir}/rules/{$newfile}");
}
exec("rm -r {$snortdir}/tmp/snortrules");
-
/* extract so rules */
- if ($pkg_interface <> "console")
+ if ($pkg_interface <> "console") {
update_status(gettext("Extracting Snort VRT Shared Objects rules..."));
+ update_output_window(gettext("Installing precompiled Shared Objects rules for {$freebsd_version_so}..."));
+ }
exec("/bin/mkdir -p {$snortlibdir}/dynamicrules/");
error_log(gettext("\tUsing Snort VRT precompiled SO rules for {$freebsd_version_so} ...\n"), 3, $snort_rules_upd_log);
$snort_arch = php_uname("m");
@@ -543,7 +510,6 @@ if ($snortdownload == 'on') {
} else
$nosorules = true;
exec("rm -r {$snortdir}/tmp/so_rules");
-
if ($nosorules == false) {
/* extract so stub rules, rename and copy to the rules folder. */
if ($pkg_interface <> "console")
@@ -556,17 +522,17 @@ if ($snortdownload == 'on') {
}
exec("rm -r {$snortdir}/tmp/so_rules");
}
-
/* extract base etc files */
- if ($pkg_interface <> "console")
+ if ($pkg_interface <> "console") {
update_status(gettext("Extracting Snort VRT config and map files..."));
+ update_output_window(gettext("Copying config and map files..."));
+ }
exec("/usr/bin/tar xzf {$tmpfname}/{$snort_filename} -C {$snortdir}/tmp etc/");
foreach (array("classification.config", "reference.config", "gen-msg.map", "unicode.map") as $file) {
if (file_exists("{$snortdir}/tmp/etc/{$file}"))
@copy("{$snortdir}/tmp/etc/{$file}", "{$snortdir}/tmp/VRT_{$file}");
}
exec("rm -r {$snortdir}/tmp/etc");
-
/* Untar snort signatures */
$signature_info_chk = $config['installedpackages']['snortglobal']['signatureinfo'];
if ($premium_url_chk == 'on') {
@@ -584,8 +550,9 @@ if ($snortdownload == 'on') {
update_status(gettext("Done copying signatures."));
}
}
-
/* Extract the Snort preprocessor rules */
+ if ($pkg_interface <> "console")
+ update_output_window(gettext("Extracting preprocessor rules files..."));
exec("/usr/bin/tar xzf {$tmpfname}/{$snort_filename} -C {$snortdir}/tmp preproc_rules/");
if (file_exists("{$tmpfname}/{$snort_filename_md5}")) {
@@ -593,8 +560,10 @@ if ($snortdownload == 'on') {
update_status(gettext("Copying md5 signature to snort directory..."));
@copy("{$tmpfname}/{$snort_filename_md5}", "{$snortdir}/{$snort_filename_md5}");
}
- if ($pkg_interface <> "console")
+ if ($pkg_interface <> "console") {
update_status(gettext("Extraction of Snort VRT rules completed..."));
+ update_output_window(gettext("Installation of Sourcefire VRT rules completed..."));
+ }
error_log(gettext("\tInstallation of Snort VRT rules completed.\n"), 3, $snort_rules_upd_log);
}
}
@@ -681,8 +650,10 @@ if ($snortdownload == 'on' || $emergingthreats == 'on' || $snortcommunityrules =
foreach ($config['installedpackages']['snortglobal']['rule'] as $id => $value) {
$if_real = snort_get_real_interface($value['interface']);
$tmp = "Updating rules configuration for: " . snort_get_friendly_interface($value['interface']) . " ...";
- if ($pkg_interface <> "console")
+ if ($pkg_interface <> "console"){
update_status(gettext($tmp));
+ update_output_window(gettext("Please wait while Snort interface files are being updated..."));
+ }
snort_apply_customizations($value, $if_real);
/* Log a message in Update Log if protecting customized preprocessor rules. */
@@ -695,8 +666,10 @@ if ($snortdownload == 'on' || $emergingthreats == 'on' || $snortcommunityrules =
}
}
else {
- if ($pkg_interface <> "console")
+ if ($pkg_interface <> "console") {
update_output_window(gettext("Warning: No interfaces configured for Snort were found..."));
+ update_output_window(gettext("No interfaces currently have Snort configured and enabled on them..."));
+ }
error_log(gettext("\tWarning: No interfaces configured for Snort were found...\n"), 3, $snort_rules_upd_log);
}
@@ -712,8 +685,10 @@ if ($snortdownload == 'on' || $emergingthreats == 'on' || $snortcommunityrules =
/* Restart snort if already running and we are not rebooting to pick up the new rules. */
if (is_process_running("snort") && !$g['booting']) {
- if ($pkg_interface <> "console")
+ if ($pkg_interface <> "console") {
update_status(gettext('Restarting Snort to activate the new set of rules...'));
+ update_output_window(gettext("Please wait ... restarting Snort will take some time..."));
+ }
error_log(gettext("\tRestarting Snort to activate the new set of rules...\n"), 3, $snort_rules_upd_log);
restart_service("snort");
if ($pkg_interface <> "console")