aboutsummaryrefslogtreecommitdiffstats
path: root/config/snort
diff options
context:
space:
mode:
authorErmal Luçi <eri@pfsense.org>2013-06-03 00:02:30 -0700
committerErmal Luçi <eri@pfsense.org>2013-06-03 00:02:30 -0700
commit6e7c1adafe9b7a2518ce020b8a86c8f5276b6c7b (patch)
tree06c98d6ac6dba0fc9f78ee6f8eb932528f312685 /config/snort
parentdcccb98d5d9dfbf3f3e9a8a2272324dbc3e67ed8 (diff)
parentf6f9238c81a70f4a9f093b0695153bd92baeac78 (diff)
downloadpfsense-packages-6e7c1adafe9b7a2518ce020b8a86c8f5276b6c7b.tar.gz
pfsense-packages-6e7c1adafe9b7a2518ce020b8a86c8f5276b6c7b.tar.bz2
pfsense-packages-6e7c1adafe9b7a2518ce020b8a86c8f5276b6c7b.zip
Merge pull request #454 from bmeeks8/master
Snort Pkg 2.5.8 Update to incorporate Ermal's comments and fix a few bugs
Diffstat (limited to 'config/snort')
-rwxr-xr-xconfig/snort/snort.inc23
-rwxr-xr-xconfig/snort/snort_alerts.php4
-rw-r--r--config/snort/snort_blocked.php5
-rwxr-xr-xconfig/snort/snort_check_for_rule_updates.php6
-rwxr-xr-xconfig/snort/snort_download_rules.php2
-rwxr-xr-xconfig/snort/snort_download_updates.php42
-rwxr-xr-xconfig/snort/snort_interfaces.php16
-rwxr-xr-xconfig/snort/snort_preprocessors.php2
-rw-r--r--config/snort/snort_rules_flowbits.php2
9 files changed, 54 insertions, 48 deletions
diff --git a/config/snort/snort.inc b/config/snort/snort.inc
index fe390a41..cf36ca86 100755
--- a/config/snort/snort.inc
+++ b/config/snort/snort.inc
@@ -146,6 +146,8 @@ function snort_load_suppress_sigs($snortcfg) {
$suppress = array();
+ if (!is_array($config['installedpackages']['snortglobal']))
+ return;
if (!is_array($config['installedpackages']['snortglobal']['suppress']))
return;
if (!is_array($config['installedpackages']['snortglobal']['suppress']['item']))
@@ -258,15 +260,7 @@ function snort_build_list($snortcfg, $listname = "", $whitelist = false) {
/* Skip the WAN interface as we do not typically want that whole subnet */
/* whitelisted (just the interface IP itself). */
/*************************************************************************/
- if (function_exists('get_configured_interface_list'))
- $int_array = get_configured_interface_list();
- else {
- $int_array = array('wan', 'lan');
- for ($j = 1; isset ($config['interfaces']['opt' . $j]); $j++) {
- if(isset($config['interfaces']['opt' . $j]['enable']))
- $int_array[] = "opt{$j}";
- }
- }
+ $int_array = get_configured_interface_list();
foreach ($int_array as $int) {
if ($int == "wan")
continue;
@@ -291,9 +285,6 @@ function snort_build_list($snortcfg, $listname = "", $whitelist = false) {
}
}
- /* Grab the default gateway if set */
- $default_gw = exec("/sbin/route -n get default |grep 'gateway:' | /usr/bin/awk '{ print $2 }'");
-
if ($wanip == 'yes') {
$ip = get_interface_ip("wan");
if (is_ipaddr($ip)) {
@@ -310,6 +301,8 @@ function snort_build_list($snortcfg, $listname = "", $whitelist = false) {
}
if ($wangw == 'yes') {
+ /* Grab the default gateway if set */
+ $default_gw = exec("/sbin/route -n get default |grep 'gateway:' | /usr/bin/awk '{ print $2 }'");
if (is_ipaddr($default_gw) && !in_array($default_gw, $home_net))
$home_net[] = $default_gw;
@@ -589,6 +582,7 @@ function snort_postinstall() {
update_status(gettext("Saved settings detected..."));
update_output_window(gettext("Please wait... rebuilding installation with saved settings..."));
log_error(gettext("[Snort] Downloading and updating configured rule types..."));
+ update_output_window(gettext("Please wait... downloading and updating configured rule types..."));
@include_once("/usr/local/pkg/snort/snort_check_for_rule_updates.php");
update_status(gettext("Generating snort.conf configuration file from saved settings..."));
$rebuild_rules = "on";
@@ -600,7 +594,9 @@ function snort_postinstall() {
/* Only try to start Snort if not in reboot */
if (!$g['booting']) {
update_status(gettext("Starting Snort using rebuilt configuration..."));
+ update_output_window(gettext("Please wait... while Snort is started..."));
log_error(gettext("[Snort] Starting Snort using rebuilt configuration..."));
+ update_output_window(gettext("Snort has been started using the rebuilt configuration..."));
start_service("snort");
}
}
@@ -852,12 +848,13 @@ function sync_snort_package_config() {
global $snort_version, $rebuild_rules, $is_postinstall;
$snortdir = SNORTDIR;
+ $rcdir = RCFILEPREFIX;
conf_mount_rw();
/* do not start config build if rules is empty or there are no Snort settings */
if (!is_array($config['installedpackages']['snortglobal']) || !is_array($config['installedpackages']['snortglobal']['rule'])) {
- exec("/bin/rm /usr/local/etc/rc.d/snort.sh");
+ @unlink("{$rcdir}/snort.sh");
conf_mount_ro();
return;
}
diff --git a/config/snort/snort_alerts.php b/config/snort/snort_alerts.php
index 607fba54..8c42fa89 100755
--- a/config/snort/snort_alerts.php
+++ b/config/snort/snort_alerts.php
@@ -305,6 +305,8 @@ if (file_exists("/var/log/snort/snort_{$if_real}{$snort_uuid}/alert")) {
$alert_proto = $fields[5];
/* IP SRC */
$alert_ip_src = $fields[6];
+ /* Add zero-width space as soft-break opportunity after each colon if we have an IPv6 address */
+ $alert_ip_src = str_replace(":", ":&#8203;", $alert_ip_src);
if (isset($tmpblocked[$fields[6]])) {
$alert_ip_src .= "<br/><a href='?instance={$id}&todelete=" . trim(urlencode($fields[6])) . "'>
<img title=\"" . gettext("Remove host from Blocked Table") . "\" border=\"0\" width='10' height='10' name='todelete' id='todelete' alt=\"Remove from Blocked Hosts\" src=\"../themes/{$g['theme']}/images/icons/icon_x.gif\"/></a>";
@@ -313,6 +315,8 @@ if (file_exists("/var/log/snort/snort_{$if_real}{$snort_uuid}/alert")) {
$alert_src_p = $fields[7];
/* IP Destination */
$alert_ip_dst = $fields[8];
+ /* Add zero-width space as soft-break opportunity after each colon if we have an IPv6 address */
+ $alert_ip_dst = str_replace(":", ":&#8203;", $alert_ip_dst);
if (isset($tmpblocked[$fields[8]])) {
$alert_ip_dst .= "<br/><a href='?instance={$id}&todelete=" . trim(urlencode($fields[8])) . "'>
<img title=\"" . gettext("Remove host from Blocked Table") . "\" border=\"0\" width='10' height='10' name='todelete' id='todelete' alt=\"Remove from Blocked Hosts\" src=\"../themes/{$g['theme']}/images/icons/icon_x.gif\"/></a>";
diff --git a/config/snort/snort_blocked.php b/config/snort/snort_blocked.php
index 5fb7e608..43b351ab 100644
--- a/config/snort/snort_blocked.php
+++ b/config/snort/snort_blocked.php
@@ -249,10 +249,13 @@ if ($pconfig['brefresh'] == 'on')
else
$counter++;
+ /* Add zero-width space as soft-break opportunity after each colon if we have an IPv6 address */
+ $tmp_ip = str_replace(":", ":&#8203;", $blocked_ip);
+
/* use one echo to do the magic*/
echo "<tr>
<td align=\"center\" valign=\"middle\" class=\"listr\">{$counter}</td>
- <td valign=\"middle\" class=\"listr\">{$blocked_ip}</td>
+ <td valign=\"middle\" class=\"listr\">{$tmp_ip}</td>
<td valign=\"middle\" class=\"listr\">{$blocked_desc}</td>
<td align=\"center\" valign=\"middle\" class=\"listr\"><a href='snort_blocked.php?todelete=" . trim(urlencode($blocked_ip)) . "'>
<img title=\"" . gettext("Delete host from Blocked Table") . "\" border=\"0\" name='todelete' id='todelete' alt=\"Delete host from Blocked Table\" src=\"../themes/{$g['theme']}/images/icons/icon_x.gif\"></a></td>
diff --git a/config/snort/snort_check_for_rule_updates.php b/config/snort/snort_check_for_rule_updates.php
index 3e3dd658..f08ebc18 100755
--- a/config/snort/snort_check_for_rule_updates.php
+++ b/config/snort/snort_check_for_rule_updates.php
@@ -122,6 +122,8 @@ function snort_download_file_url($url, $file_out) {
$rc = curl_exec($ch);
if ($rc === true)
break;
+ log_error(gettext("[Snort] Rules download error: " . curl_error($ch)));
+ log_error(gettext("[Snort] Will retry in 15 seconds..."));
sleep(15);
}
if ($rc === false)
@@ -726,6 +728,10 @@ if ($snortdownload == 'on' || $emergingthreats == 'on' || $snortcommunityrules =
log_error(gettext("[Snort] Snort has restarted with your new set of rules..."));
error_log(gettext("\tSnort has restarted with your new set of rules.\n"), 3, $snort_rules_upd_log);
}
+ else {
+ if ($pkg_interface <> "console")
+ update_output_window(gettext("The rules update task is complete..."));
+ }
}
if ($pkg_interface <> "console")
diff --git a/config/snort/snort_download_rules.php b/config/snort/snort_download_rules.php
index e35eb983..562a6b36 100755
--- a/config/snort/snort_download_rules.php
+++ b/config/snort/snort_download_rules.php
@@ -49,7 +49,7 @@ include("head.inc");
<table width="100%" border="0" cellpadding="6" cellspacing="0">
<tr>
- <td align="center"><div id="mainarea">
+ <td align="center"><div id="boxarea">
<table id="maintable" class="tabcont" width="100%" border="0" cellpadding="6" cellspacing="0">
<tr>
<td class="tabcont" align="center">
diff --git a/config/snort/snort_download_updates.php b/config/snort/snort_download_updates.php
index a397a7b0..c6e24532 100755
--- a/config/snort/snort_download_updates.php
+++ b/config/snort/snort_download_updates.php
@@ -129,35 +129,31 @@ h += 96;
<tr align="center">
<td>
<br/>
- <table id="download_rules" height="32px" width="725px" border="0"
- cellpadding="5px" cellspacing="0">
+ <table id="download_rules" height="32px" width="725px" border="0" cellpadding="5px" cellspacing="0">
<tr>
<td id="download_rules_td" style="background-color: #eeeeee">
<div height="32" width="725px" style="background-color: #eeeeee">
-
<font color="#777777" size="2.5px">
<p style="text-align: left; margin-left: 225px;">
- <b><?php echo gettext("INSTALLED RULESET SIGNATURES"); ?></b></font><br/>
+ <b><?php echo gettext("INSTALLED RULESET SIGNATURES"); ?></b></font><br/><br/>
<font color="#FF850A" size="1px"><b>SNORT.ORG&nbsp;&nbsp;--></b></font>
- <font size="1px" color="#000000">&nbsp;&nbsp;<? echo $snort_org_sig_chk_local; ?></font><br>
+ <font size="1px" color="#000000">&nbsp;&nbsp;<? echo $snort_org_sig_chk_local; ?></font><br/>
<font color="#FF850A" size="1px"><b>EMERGINGTHREATS.NET&nbsp;&nbsp;--></b></font>
- <font size="1px" color="#000000">&nbsp;&nbsp;<? echo $emergingt_net_sig_chk_local; ?></font><br>
+ <font size="1px" color="#000000">&nbsp;&nbsp;<? echo $emergingt_net_sig_chk_local; ?></font><br/>
<font color="#FF850A" size="1px"><b>SNORT GPLv2 COMMUNITY RULES&nbsp;&nbsp;--></b></font>
- <font size="1px" color="#000000">&nbsp;&nbsp;<? echo $snort_community_sig_chk_local; ?></font><br>
+ <font size="1px" color="#000000">&nbsp;&nbsp;<? echo $snort_community_sig_chk_local; ?></font><br/>
</p>
</div>
</td>
</tr>
</table>
<br/>
- <table id="download_rules" height="32px" width="725px" border="0"
- cellpadding="5px" cellspacing="0">
+ <table id="download_rules" height="32px" width="725px" border="0" cellpadding="5px" cellspacing="0">
<tr>
<td id="download_rules_td" style='background-color: #eeeeee'>
<div height="32" width="725px" style='background-color: #eeeeee'>
-
<p style="text-align: left; margin-left: 225px;">
- <font color='#777777' size='2.5px'><b><?php echo gettext("UPDATE YOUR RULESET"); ?></b></font><br>
+ <font color='#777777' size='2.5px'><b><?php echo gettext("UPDATE YOUR RULESET"); ?></b></font><br/>
<br/>
<?php
@@ -167,7 +163,7 @@ h += 96;
<button disabled="disabled"><span class="download">' . gettext("Update Rules") . '</span></button><br/>
<p style="text-align:left; margin-left:150px;">
<font color="#fc3608" size="2px"><b>' . gettext("WARNING:") . '</b></font><font size="1px" color="#000000">&nbsp;&nbsp;' . gettext('No rule types have been selected for download. ') .
- gettext('Visit the ') . '<a href="snort_interfaces_global.php">Global Settings Tab</a>' . gettext(' to select rule types.') . '</font><br>';
+ gettext('Visit the ') . '<a href="snort_interfaces_global.php">Global Settings Tab</a>' . gettext(' to select rule types.') . '</font><br/>';
echo '</p>' . "\n";
} else {
@@ -184,14 +180,12 @@ h += 96;
</tr>
</table>
<br/>
- <table id="download_rules" height="32px" width="725px" border="0"
- cellpadding="5px" cellspacing="0">
+ <table id="download_rules" height="32px" width="725px" border="0" cellpadding="5px" cellspacing="0">
<tr>
<td id="download_rules_td" style='background-color: #eeeeee'>
<div height="32" width="725px" style='background-color: #eeeeee'>
-
<p style="text-align: left; margin-left: 225px;">
- <font color='#777777' size='2.5px'><b><?php echo gettext("VIEW UPDATE LOG"); ?></b></font><br>
+ <font color='#777777' size='2.5px'><b><?php echo gettext("VIEW UPDATE LOG"); ?></b></font><br/>
<br>
<?php
@@ -214,15 +208,13 @@ h += 96;
<br/>
- <table id="download_rules" height="32px" width="725px" border="0"
- cellpadding="5px" cellspacing="0">
+ <table id="download_rules" height="32px" width="725px" border="0" cellpadding="5px" cellspacing="0">
<tr>
<td id="download_rules_td" style='background-color: #eeeeee'>
- <div height="32" width="725px" style='background-color: #eeeeee'>
- <font size='1px'><span class="red"><b><?php echo gettext("NOTE:"); ?></b></span></font><font size='1px'
- color='#000000'>&nbsp;&nbsp;<?php echo gettext("Snort.org and EmergingThreats.net " .
- "will go down from time to time. Please be patient."); ?>
- </font>
+ <div height="32" width="725px" style='background-color: #eeeeee'><span class="vexpl">
+ <span class="red"><b><?php echo gettext("NOTE:"); ?></b></span>
+ &nbsp;&nbsp;<?php echo gettext("Snort.org and EmergingThreats.net " .
+ "will go down from time to time. Please be patient."); ?></span>
</div>
</td>
</tr>
@@ -236,8 +228,8 @@ h += 96;
</td>
</tr>
</table>
-<!-- end of final table --></div>
- </form>
+<!-- end of final table -->
+</form>
<?php include("fend.inc"); ?>
</body>
</html>
diff --git a/config/snort/snort_interfaces.php b/config/snort/snort_interfaces.php
index ad492df2..390b83eb 100755
--- a/config/snort/snort_interfaces.php
+++ b/config/snort/snort_interfaces.php
@@ -35,6 +35,7 @@ require_once("/usr/local/pkg/snort/snort.inc");
global $g, $rebuild_rules;
$snortdir = SNORTDIR;
+$rcdir = RCFILEPREFIX;
$id = $_GET['id'];
if (isset($_POST['id']))
@@ -60,11 +61,14 @@ if (isset($_POST['del_x'])) {
// If interface had auto-generated Suppress List, then
// delete that along with the interface
$autolist = "{$a_nat[$rulei]['interface']}" . "suppress";
- $a_suppress = &$config['installedpackages']['snortglobal']['suppress']['item'];
- foreach ($a_suppress as $k => $i) {
- if ($i['name'] == $autolist) {
- unset($config['installedpackages']['snortglobal']['suppress']['item'][$k]);
- break;
+ if (is_array($config['installedpackages']['snortglobal']['suppress']) &&
+ is_array($config['installedpackages']['snortglobal']['suppress']['item'])) {
+ $a_suppress = &$config['installedpackages']['snortglobal']['suppress']['item'];
+ foreach ($a_suppress as $k => $i) {
+ if ($i['name'] == $autolist) {
+ unset($config['installedpackages']['snortglobal']['suppress']['item'][$k]);
+ break;
+ }
}
}
@@ -85,7 +89,7 @@ if (isset($_POST['del_x'])) {
snort_create_rc();
else {
conf_mount_rw();
- @unlink('/usr/local/etc/rc.d/snort.sh');
+ @unlink("{$rcdir}/snort.sh");
conf_mount_ro();
}
diff --git a/config/snort/snort_preprocessors.php b/config/snort/snort_preprocessors.php
index b813e8bf..4c921ca4 100755
--- a/config/snort/snort_preprocessors.php
+++ b/config/snort/snort_preprocessors.php
@@ -754,7 +754,7 @@ include_once("head.inc");
<?php echo gettext("Do not queue large packets in reassembly buffer to increase performance. Default is ") .
"<strong>" . gettext("Not Checked") . "</strong>"; ?>.<br/>
<?php echo "<span class=\"red\"><strong>" . gettext("Warning: ") . "</strong></span>" .
- gettext("Enabing this option could result in missed packets. Recommended setting is not checked."); ?></td>
+ gettext("Enabling this option could result in missed packets. Recommended setting is not checked."); ?></td>
</tr>
<tr>
<td valign="top" class="vncell"><?php echo gettext("Max Queued Bytes"); ?></td>
diff --git a/config/snort/snort_rules_flowbits.php b/config/snort/snort_rules_flowbits.php
index 0b836813..215399c6 100644
--- a/config/snort/snort_rules_flowbits.php
+++ b/config/snort/snort_rules_flowbits.php
@@ -142,7 +142,7 @@ if ($savemsg)
print_info_box($savemsg);
?>
<form action="snort_rules_flowbits.php" method="post" name="iform" id="iform">
-<div id="mainarea">
+<div id="boxarea">
<table width="100%" border="0" cellpadding="0" cellspacing="0">
<tr>
<td class="tabcont">