diff options
author | Ermal Luçi <eri@pfsense.org> | 2013-06-03 00:02:30 -0700 |
---|---|---|
committer | Ermal Luçi <eri@pfsense.org> | 2013-06-03 00:02:30 -0700 |
commit | 6e7c1adafe9b7a2518ce020b8a86c8f5276b6c7b (patch) | |
tree | 06c98d6ac6dba0fc9f78ee6f8eb932528f312685 /config/snort | |
parent | dcccb98d5d9dfbf3f3e9a8a2272324dbc3e67ed8 (diff) | |
parent | f6f9238c81a70f4a9f093b0695153bd92baeac78 (diff) | |
download | pfsense-packages-6e7c1adafe9b7a2518ce020b8a86c8f5276b6c7b.tar.gz pfsense-packages-6e7c1adafe9b7a2518ce020b8a86c8f5276b6c7b.tar.bz2 pfsense-packages-6e7c1adafe9b7a2518ce020b8a86c8f5276b6c7b.zip |
Merge pull request #454 from bmeeks8/master
Snort Pkg 2.5.8 Update to incorporate Ermal's comments and fix a few bugs
Diffstat (limited to 'config/snort')
-rwxr-xr-x | config/snort/snort.inc | 23 | ||||
-rwxr-xr-x | config/snort/snort_alerts.php | 4 | ||||
-rw-r--r-- | config/snort/snort_blocked.php | 5 | ||||
-rwxr-xr-x | config/snort/snort_check_for_rule_updates.php | 6 | ||||
-rwxr-xr-x | config/snort/snort_download_rules.php | 2 | ||||
-rwxr-xr-x | config/snort/snort_download_updates.php | 42 | ||||
-rwxr-xr-x | config/snort/snort_interfaces.php | 16 | ||||
-rwxr-xr-x | config/snort/snort_preprocessors.php | 2 | ||||
-rw-r--r-- | config/snort/snort_rules_flowbits.php | 2 |
9 files changed, 54 insertions, 48 deletions
diff --git a/config/snort/snort.inc b/config/snort/snort.inc index fe390a41..cf36ca86 100755 --- a/config/snort/snort.inc +++ b/config/snort/snort.inc @@ -146,6 +146,8 @@ function snort_load_suppress_sigs($snortcfg) { $suppress = array(); + if (!is_array($config['installedpackages']['snortglobal'])) + return; if (!is_array($config['installedpackages']['snortglobal']['suppress'])) return; if (!is_array($config['installedpackages']['snortglobal']['suppress']['item'])) @@ -258,15 +260,7 @@ function snort_build_list($snortcfg, $listname = "", $whitelist = false) { /* Skip the WAN interface as we do not typically want that whole subnet */ /* whitelisted (just the interface IP itself). */ /*************************************************************************/ - if (function_exists('get_configured_interface_list')) - $int_array = get_configured_interface_list(); - else { - $int_array = array('wan', 'lan'); - for ($j = 1; isset ($config['interfaces']['opt' . $j]); $j++) { - if(isset($config['interfaces']['opt' . $j]['enable'])) - $int_array[] = "opt{$j}"; - } - } + $int_array = get_configured_interface_list(); foreach ($int_array as $int) { if ($int == "wan") continue; @@ -291,9 +285,6 @@ function snort_build_list($snortcfg, $listname = "", $whitelist = false) { } } - /* Grab the default gateway if set */ - $default_gw = exec("/sbin/route -n get default |grep 'gateway:' | /usr/bin/awk '{ print $2 }'"); - if ($wanip == 'yes') { $ip = get_interface_ip("wan"); if (is_ipaddr($ip)) { @@ -310,6 +301,8 @@ function snort_build_list($snortcfg, $listname = "", $whitelist = false) { } if ($wangw == 'yes') { + /* Grab the default gateway if set */ + $default_gw = exec("/sbin/route -n get default |grep 'gateway:' | /usr/bin/awk '{ print $2 }'"); if (is_ipaddr($default_gw) && !in_array($default_gw, $home_net)) $home_net[] = $default_gw; @@ -589,6 +582,7 @@ function snort_postinstall() { update_status(gettext("Saved settings detected...")); update_output_window(gettext("Please wait... rebuilding installation with saved settings...")); log_error(gettext("[Snort] Downloading and updating configured rule types...")); + update_output_window(gettext("Please wait... downloading and updating configured rule types...")); @include_once("/usr/local/pkg/snort/snort_check_for_rule_updates.php"); update_status(gettext("Generating snort.conf configuration file from saved settings...")); $rebuild_rules = "on"; @@ -600,7 +594,9 @@ function snort_postinstall() { /* Only try to start Snort if not in reboot */ if (!$g['booting']) { update_status(gettext("Starting Snort using rebuilt configuration...")); + update_output_window(gettext("Please wait... while Snort is started...")); log_error(gettext("[Snort] Starting Snort using rebuilt configuration...")); + update_output_window(gettext("Snort has been started using the rebuilt configuration...")); start_service("snort"); } } @@ -852,12 +848,13 @@ function sync_snort_package_config() { global $snort_version, $rebuild_rules, $is_postinstall; $snortdir = SNORTDIR; + $rcdir = RCFILEPREFIX; conf_mount_rw(); /* do not start config build if rules is empty or there are no Snort settings */ if (!is_array($config['installedpackages']['snortglobal']) || !is_array($config['installedpackages']['snortglobal']['rule'])) { - exec("/bin/rm /usr/local/etc/rc.d/snort.sh"); + @unlink("{$rcdir}/snort.sh"); conf_mount_ro(); return; } diff --git a/config/snort/snort_alerts.php b/config/snort/snort_alerts.php index 607fba54..8c42fa89 100755 --- a/config/snort/snort_alerts.php +++ b/config/snort/snort_alerts.php @@ -305,6 +305,8 @@ if (file_exists("/var/log/snort/snort_{$if_real}{$snort_uuid}/alert")) { $alert_proto = $fields[5]; /* IP SRC */ $alert_ip_src = $fields[6]; + /* Add zero-width space as soft-break opportunity after each colon if we have an IPv6 address */ + $alert_ip_src = str_replace(":", ":​", $alert_ip_src); if (isset($tmpblocked[$fields[6]])) { $alert_ip_src .= "<br/><a href='?instance={$id}&todelete=" . trim(urlencode($fields[6])) . "'> <img title=\"" . gettext("Remove host from Blocked Table") . "\" border=\"0\" width='10' height='10' name='todelete' id='todelete' alt=\"Remove from Blocked Hosts\" src=\"../themes/{$g['theme']}/images/icons/icon_x.gif\"/></a>"; @@ -313,6 +315,8 @@ if (file_exists("/var/log/snort/snort_{$if_real}{$snort_uuid}/alert")) { $alert_src_p = $fields[7]; /* IP Destination */ $alert_ip_dst = $fields[8]; + /* Add zero-width space as soft-break opportunity after each colon if we have an IPv6 address */ + $alert_ip_dst = str_replace(":", ":​", $alert_ip_dst); if (isset($tmpblocked[$fields[8]])) { $alert_ip_dst .= "<br/><a href='?instance={$id}&todelete=" . trim(urlencode($fields[8])) . "'> <img title=\"" . gettext("Remove host from Blocked Table") . "\" border=\"0\" width='10' height='10' name='todelete' id='todelete' alt=\"Remove from Blocked Hosts\" src=\"../themes/{$g['theme']}/images/icons/icon_x.gif\"/></a>"; diff --git a/config/snort/snort_blocked.php b/config/snort/snort_blocked.php index 5fb7e608..43b351ab 100644 --- a/config/snort/snort_blocked.php +++ b/config/snort/snort_blocked.php @@ -249,10 +249,13 @@ if ($pconfig['brefresh'] == 'on') else $counter++; + /* Add zero-width space as soft-break opportunity after each colon if we have an IPv6 address */ + $tmp_ip = str_replace(":", ":​", $blocked_ip); + /* use one echo to do the magic*/ echo "<tr> <td align=\"center\" valign=\"middle\" class=\"listr\">{$counter}</td> - <td valign=\"middle\" class=\"listr\">{$blocked_ip}</td> + <td valign=\"middle\" class=\"listr\">{$tmp_ip}</td> <td valign=\"middle\" class=\"listr\">{$blocked_desc}</td> <td align=\"center\" valign=\"middle\" class=\"listr\"><a href='snort_blocked.php?todelete=" . trim(urlencode($blocked_ip)) . "'> <img title=\"" . gettext("Delete host from Blocked Table") . "\" border=\"0\" name='todelete' id='todelete' alt=\"Delete host from Blocked Table\" src=\"../themes/{$g['theme']}/images/icons/icon_x.gif\"></a></td> diff --git a/config/snort/snort_check_for_rule_updates.php b/config/snort/snort_check_for_rule_updates.php index 3e3dd658..f08ebc18 100755 --- a/config/snort/snort_check_for_rule_updates.php +++ b/config/snort/snort_check_for_rule_updates.php @@ -122,6 +122,8 @@ function snort_download_file_url($url, $file_out) { $rc = curl_exec($ch); if ($rc === true) break; + log_error(gettext("[Snort] Rules download error: " . curl_error($ch))); + log_error(gettext("[Snort] Will retry in 15 seconds...")); sleep(15); } if ($rc === false) @@ -726,6 +728,10 @@ if ($snortdownload == 'on' || $emergingthreats == 'on' || $snortcommunityrules = log_error(gettext("[Snort] Snort has restarted with your new set of rules...")); error_log(gettext("\tSnort has restarted with your new set of rules.\n"), 3, $snort_rules_upd_log); } + else { + if ($pkg_interface <> "console") + update_output_window(gettext("The rules update task is complete...")); + } } if ($pkg_interface <> "console") diff --git a/config/snort/snort_download_rules.php b/config/snort/snort_download_rules.php index e35eb983..562a6b36 100755 --- a/config/snort/snort_download_rules.php +++ b/config/snort/snort_download_rules.php @@ -49,7 +49,7 @@ include("head.inc"); <table width="100%" border="0" cellpadding="6" cellspacing="0"> <tr> - <td align="center"><div id="mainarea"> + <td align="center"><div id="boxarea"> <table id="maintable" class="tabcont" width="100%" border="0" cellpadding="6" cellspacing="0"> <tr> <td class="tabcont" align="center"> diff --git a/config/snort/snort_download_updates.php b/config/snort/snort_download_updates.php index a397a7b0..c6e24532 100755 --- a/config/snort/snort_download_updates.php +++ b/config/snort/snort_download_updates.php @@ -129,35 +129,31 @@ h += 96; <tr align="center"> <td> <br/> - <table id="download_rules" height="32px" width="725px" border="0" - cellpadding="5px" cellspacing="0"> + <table id="download_rules" height="32px" width="725px" border="0" cellpadding="5px" cellspacing="0"> <tr> <td id="download_rules_td" style="background-color: #eeeeee"> <div height="32" width="725px" style="background-color: #eeeeee"> - <font color="#777777" size="2.5px"> <p style="text-align: left; margin-left: 225px;"> - <b><?php echo gettext("INSTALLED RULESET SIGNATURES"); ?></b></font><br/> + <b><?php echo gettext("INSTALLED RULESET SIGNATURES"); ?></b></font><br/><br/> <font color="#FF850A" size="1px"><b>SNORT.ORG --></b></font> - <font size="1px" color="#000000"> <? echo $snort_org_sig_chk_local; ?></font><br> + <font size="1px" color="#000000"> <? echo $snort_org_sig_chk_local; ?></font><br/> <font color="#FF850A" size="1px"><b>EMERGINGTHREATS.NET --></b></font> - <font size="1px" color="#000000"> <? echo $emergingt_net_sig_chk_local; ?></font><br> + <font size="1px" color="#000000"> <? echo $emergingt_net_sig_chk_local; ?></font><br/> <font color="#FF850A" size="1px"><b>SNORT GPLv2 COMMUNITY RULES --></b></font> - <font size="1px" color="#000000"> <? echo $snort_community_sig_chk_local; ?></font><br> + <font size="1px" color="#000000"> <? echo $snort_community_sig_chk_local; ?></font><br/> </p> </div> </td> </tr> </table> <br/> - <table id="download_rules" height="32px" width="725px" border="0" - cellpadding="5px" cellspacing="0"> + <table id="download_rules" height="32px" width="725px" border="0" cellpadding="5px" cellspacing="0"> <tr> <td id="download_rules_td" style='background-color: #eeeeee'> <div height="32" width="725px" style='background-color: #eeeeee'> - <p style="text-align: left; margin-left: 225px;"> - <font color='#777777' size='2.5px'><b><?php echo gettext("UPDATE YOUR RULESET"); ?></b></font><br> + <font color='#777777' size='2.5px'><b><?php echo gettext("UPDATE YOUR RULESET"); ?></b></font><br/> <br/> <?php @@ -167,7 +163,7 @@ h += 96; <button disabled="disabled"><span class="download">' . gettext("Update Rules") . '</span></button><br/> <p style="text-align:left; margin-left:150px;"> <font color="#fc3608" size="2px"><b>' . gettext("WARNING:") . '</b></font><font size="1px" color="#000000"> ' . gettext('No rule types have been selected for download. ') . - gettext('Visit the ') . '<a href="snort_interfaces_global.php">Global Settings Tab</a>' . gettext(' to select rule types.') . '</font><br>'; + gettext('Visit the ') . '<a href="snort_interfaces_global.php">Global Settings Tab</a>' . gettext(' to select rule types.') . '</font><br/>'; echo '</p>' . "\n"; } else { @@ -184,14 +180,12 @@ h += 96; </tr> </table> <br/> - <table id="download_rules" height="32px" width="725px" border="0" - cellpadding="5px" cellspacing="0"> + <table id="download_rules" height="32px" width="725px" border="0" cellpadding="5px" cellspacing="0"> <tr> <td id="download_rules_td" style='background-color: #eeeeee'> <div height="32" width="725px" style='background-color: #eeeeee'> - <p style="text-align: left; margin-left: 225px;"> - <font color='#777777' size='2.5px'><b><?php echo gettext("VIEW UPDATE LOG"); ?></b></font><br> + <font color='#777777' size='2.5px'><b><?php echo gettext("VIEW UPDATE LOG"); ?></b></font><br/> <br> <?php @@ -214,15 +208,13 @@ h += 96; <br/> - <table id="download_rules" height="32px" width="725px" border="0" - cellpadding="5px" cellspacing="0"> + <table id="download_rules" height="32px" width="725px" border="0" cellpadding="5px" cellspacing="0"> <tr> <td id="download_rules_td" style='background-color: #eeeeee'> - <div height="32" width="725px" style='background-color: #eeeeee'> - <font size='1px'><span class="red"><b><?php echo gettext("NOTE:"); ?></b></span></font><font size='1px' - color='#000000'> <?php echo gettext("Snort.org and EmergingThreats.net " . - "will go down from time to time. Please be patient."); ?> - </font> + <div height="32" width="725px" style='background-color: #eeeeee'><span class="vexpl"> + <span class="red"><b><?php echo gettext("NOTE:"); ?></b></span> + <?php echo gettext("Snort.org and EmergingThreats.net " . + "will go down from time to time. Please be patient."); ?></span> </div> </td> </tr> @@ -236,8 +228,8 @@ h += 96; </td> </tr> </table> -<!-- end of final table --></div> - </form> +<!-- end of final table --> +</form> <?php include("fend.inc"); ?> </body> </html> diff --git a/config/snort/snort_interfaces.php b/config/snort/snort_interfaces.php index ad492df2..390b83eb 100755 --- a/config/snort/snort_interfaces.php +++ b/config/snort/snort_interfaces.php @@ -35,6 +35,7 @@ require_once("/usr/local/pkg/snort/snort.inc"); global $g, $rebuild_rules; $snortdir = SNORTDIR; +$rcdir = RCFILEPREFIX; $id = $_GET['id']; if (isset($_POST['id'])) @@ -60,11 +61,14 @@ if (isset($_POST['del_x'])) { // If interface had auto-generated Suppress List, then // delete that along with the interface $autolist = "{$a_nat[$rulei]['interface']}" . "suppress"; - $a_suppress = &$config['installedpackages']['snortglobal']['suppress']['item']; - foreach ($a_suppress as $k => $i) { - if ($i['name'] == $autolist) { - unset($config['installedpackages']['snortglobal']['suppress']['item'][$k]); - break; + if (is_array($config['installedpackages']['snortglobal']['suppress']) && + is_array($config['installedpackages']['snortglobal']['suppress']['item'])) { + $a_suppress = &$config['installedpackages']['snortglobal']['suppress']['item']; + foreach ($a_suppress as $k => $i) { + if ($i['name'] == $autolist) { + unset($config['installedpackages']['snortglobal']['suppress']['item'][$k]); + break; + } } } @@ -85,7 +89,7 @@ if (isset($_POST['del_x'])) { snort_create_rc(); else { conf_mount_rw(); - @unlink('/usr/local/etc/rc.d/snort.sh'); + @unlink("{$rcdir}/snort.sh"); conf_mount_ro(); } diff --git a/config/snort/snort_preprocessors.php b/config/snort/snort_preprocessors.php index b813e8bf..4c921ca4 100755 --- a/config/snort/snort_preprocessors.php +++ b/config/snort/snort_preprocessors.php @@ -754,7 +754,7 @@ include_once("head.inc"); <?php echo gettext("Do not queue large packets in reassembly buffer to increase performance. Default is ") . "<strong>" . gettext("Not Checked") . "</strong>"; ?>.<br/> <?php echo "<span class=\"red\"><strong>" . gettext("Warning: ") . "</strong></span>" . - gettext("Enabing this option could result in missed packets. Recommended setting is not checked."); ?></td> + gettext("Enabling this option could result in missed packets. Recommended setting is not checked."); ?></td> </tr> <tr> <td valign="top" class="vncell"><?php echo gettext("Max Queued Bytes"); ?></td> diff --git a/config/snort/snort_rules_flowbits.php b/config/snort/snort_rules_flowbits.php index 0b836813..215399c6 100644 --- a/config/snort/snort_rules_flowbits.php +++ b/config/snort/snort_rules_flowbits.php @@ -142,7 +142,7 @@ if ($savemsg) print_info_box($savemsg); ?> <form action="snort_rules_flowbits.php" method="post" name="iform" id="iform"> -<div id="mainarea"> +<div id="boxarea"> <table width="100%" border="0" cellpadding="0" cellspacing="0"> <tr> <td class="tabcont"> |