aboutsummaryrefslogtreecommitdiffstats
path: root/config/snort
diff options
context:
space:
mode:
authorbmeeks8 <bmeeks8@bellsouth.net>2014-09-13 10:38:02 -0400
committerbmeeks8 <bmeeks8@bellsouth.net>2014-09-13 10:38:02 -0400
commit3ded21fc48a46974795072defc35541dc2f0690b (patch)
tree54e5ffa22148999fe6f938f261da2b35b9451ca1 /config/snort
parent3aba4f55b08aa2fbeec7af5a4a1063c2f91e3355 (diff)
downloadpfsense-packages-3ded21fc48a46974795072defc35541dc2f0690b.tar.gz
pfsense-packages-3ded21fc48a46974795072defc35541dc2f0690b.tar.bz2
pfsense-packages-3ded21fc48a46974795072defc35541dc2f0690b.zip
Add handler and install code for new LOG MGMT function.
Diffstat (limited to 'config/snort')
-rw-r--r--config/snort/snort_barnyard.php8
-rw-r--r--config/snort/snort_check_cron_misc.inc110
-rw-r--r--config/snort/snort_conf_template.inc2
-rw-r--r--config/snort/snort_generate_conf.php14
-rw-r--r--config/snort/snort_log_mgmt.php44
-rw-r--r--config/snort/snort_migrate_config.php34
-rw-r--r--config/snort/snort_post_install.php57
7 files changed, 229 insertions, 40 deletions
diff --git a/config/snort/snort_barnyard.php b/config/snort/snort_barnyard.php
index 1617e869..1e834ff0 100644
--- a/config/snort/snort_barnyard.php
+++ b/config/snort/snort_barnyard.php
@@ -57,8 +57,8 @@ $retentions = array( '0' => gettext('KEEP ALL'), '24' => gettext('1 DAY'), '168'
'720' => gettext('30 DAYS'), '1080' => gettext("45 DAYS"), '2160' => gettext('90 DAYS'), '4320' => gettext('180 DAYS'),
'8766' => gettext('1 YEAR'), '26298' => gettext("3 YEARS") );
-$log_sizes = array( '0' => gettext('NO LIMIT'), '8' => gettext('8 MB'), '16' => gettext('16 MB'), '32' => gettext('32 MB'),
- '64' => gettext('64 MB'), '128' => gettext('128 MB'), '256' => gettext('256 MB') );
+$log_sizes = array( '0' => gettext('NO LIMIT'), '128K' => '128 KB', '256K' => '256 KB', '512K' => '512 KB', '1M' => '1 MB', '4M' => '4 MB', '8M' => gettext('8 MB'),
+ '16M' => gettext('16 MB'), '32M' => gettext('32 MB'), '64M' => gettext('64 MB'), '128M' => gettext('128 MB'), '256M' => gettext('256 MB') );
if (isset($id) && $a_nat[$id]) {
$pconfig = $a_nat[$id];
@@ -69,7 +69,7 @@ if (isset($id) && $a_nat[$id]) {
if (empty($a_nat[$id]['barnyard_show_year']))
$pconfig['barnyard_show_year'] = "on";
if (empty($a_nat[$id]['unified2_log_limit']))
- $pconfig['unified2_log_limit'] = "32";
+ $pconfig['unified2_log_limit'] = "128K";
if (empty($a_nat[$id]['barnyard_archive_enable']))
$pconfig['barnyard_archive_enable'] = "on";
if (empty($a_nat[$id]['u2_archived_log_retention']))
@@ -284,7 +284,7 @@ include_once("head.inc");
<?php if ($k == $pconfig['unified2_log_limit']) echo "selected"; ?>>
<?=htmlspecialchars($p);?></option>
<?php endforeach; ?>
- </select>&nbsp;<?php echo gettext("Choose a Unified2 Log file size limit in megabytes (MB). Default is "); ?><strong><?=gettext("32 MB.");?></strong><br/><br/>
+ </select>&nbsp;<?php echo gettext("Choose a Unified2 Log file size limit. Default is "); ?><strong><?=gettext("128 KB.");?></strong><br/><br/>
<?php echo gettext("This sets the maximum size for a Unified2 Log file before it is rotated and a new one created."); ?>
</td>
</tr>
diff --git a/config/snort/snort_check_cron_misc.inc b/config/snort/snort_check_cron_misc.inc
index 9a1c7833..0f9b80ab 100644
--- a/config/snort/snort_check_cron_misc.inc
+++ b/config/snort/snort_check_cron_misc.inc
@@ -33,6 +33,7 @@
require_once("/usr/local/pkg/snort/snort.inc");
$snortlogdir = SNORTLOGDIR;
+global $g, $config;
function snort_check_dir_size_limit($snortloglimitsize) {
@@ -88,6 +89,56 @@ function snort_check_dir_size_limit($snortloglimitsize) {
}
}
+function snort_check_rotate_log($log_file, $log_limit, $retention) {
+
+ /********************************************************
+ * This function checks the passed log file against *
+ * the passed size limit and rotates the log file if *
+ * necessary. It also checks the age of previously *
+ * rotated logs and removes those older than the *
+ * rentention parameter. *
+ * *
+ * On Entry: $log_file -> full pathname/filename of *
+ * log file to check *
+ * $log_limit -> size of file in bytes to *
+ * trigger rotation. Zero *
+ * means no rotation. *
+ * $retention -> retention period in hours *
+ * for rotated logs. Zero *
+ * means never remove. *
+ ********************************************************/
+
+ // Check the current log to see if it needs rotating.
+ // If it does, rotate it and put the current time
+ // on the end of the filename as UNIX timestamp.
+ if (!file_exists($log_file))
+ return;
+ if (($log_limit > 0) && (filesize($log_file) >= $log_limit)) {
+ $newfile = $log_file . "." . strval(time());
+ try {
+ copy($log_file, $newfile);
+ file_put_contents($log_file, "");
+ } catch (Exception $e) {
+ log_error("[Snort] Failed to rotate file '{$log_file}' -- error was {$e->getMessage()}");
+ }
+ }
+
+ // Check previously rotated logs to see if time to
+ // delete any older than the retention period.
+ // Rotated logs have a UNIX timestamp appended to
+ // filename.
+ if ($retention > 0) {
+ $now = time();
+ $rotated_files = glob("{$log_file}.*");
+ foreach ($rotated_files as $file) {
+ if (($now - filemtime($file)) > ($retention * 3600))
+ unlink_if_exists($file);
+ }
+ unset($rotated_files);
+ }
+}
+
+
/*************************
* Start of main code *
*************************/
@@ -96,27 +147,56 @@ function snort_check_dir_size_limit($snortloglimitsize) {
if ($g['booting'] == true)
return;
+$logs = array ();
+
+// Build an array of files to check and limits to check them against from our saved configuration
+$logs['sid_changes.log']['limit'] = $config['installedpackages']['snortglobal']['sid_changes_log_limit_size'];
+$logs['sid_changes.log']['retention'] = $config['installedpackages']['snortglobal']['sid_changes_log_retention'];
+
// If no interfaces defined, there is nothing to clean up
if (!is_array($config['installedpackages']['snortglobal']['rule']))
return;
-// Check unified2 archived log retention in the interface logging directories if enabled
-foreach ($config['installedpackages']['snortglobal']['rule'] as $value) {
- $if_real = get_real_interface($value['interface']);
- $snort_log_dir = SNORTLOGDIR . "/snort_{$if_real}{$value['uuid']}";
- if (is_dir("{$snort_log_dir}/barnyard2/archive") && $value['u2_archived_log_retention'] > 0) {
- $now = time();
- $files = glob("{$snort_log_dir}/barnyard2/archive/snort_{$value['uuid']}_{$if_real}.u2.*");
- $prune_count = 0;
- foreach ($files as $f) {
- if (($now - filemtime($f)) > ($value['u2_archived_log_retention'] * 3600)) {
- $prune_count++;
- unlink_if_exists($f);
+// Check log limits and retention in the interface logging directories if enabled
+if ($config['installedpackages']['snortglobal']['enable_log_mgmt'] == 'on') {
+ foreach ($config['installedpackages']['snortglobal']['rule'] as $value) {
+ $if_real = get_real_interface($value['interface']);
+ $snort_log_dir = SNORTLOGDIR . "/snort_{$if_real}{$value['uuid']}";
+ foreach ($logs as $k => $p) {
+ snort_check_rotate_log("{$snort_log_dir}/{$k}", $p['limit']*1024, $p['retention']);
+ }
+
+ // Prune aged-out event packet capture files if any exist
+ if ($config['installedpackages']['snortglobal']['event_pkts_log_retention'] > 0) {
+ $now = time();
+ $rotated_files = glob("{$snort_log_dir}/snort.log.*");
+ $prune_count = 0;
+ foreach ($rotated_files as $file) {
+ if (($now - filemtime($file)) > ($config['installedpackages']['snortglobal']['event_pkts_log_retention'] * 3600)) {
+ $prune_count++;
+ unlink_if_exists($file);
+ }
+ }
+ unset($rotated_files);
+ if ($prune_count > 0)
+ log_error(gettext("[Snort] Alert pcap file cleanup job removed {$prune_count} pcap file(s) from {$snort_log_dir}/..."));
+ }
+
+ // Prune any aged-out Barnyard2 archived logs if any exist
+ if (is_dir("{$snort_log_dir}/barnyard2/archive") && $value['u2_archived_log_retention'] > 0) {
+ $now = time();
+ $files = glob("{$snort_log_dir}/barnyard2/archive/snort_{$value['uuid']}_{$if_real}.u2.*");
+ $prune_count = 0;
+ foreach ($files as $f) {
+ if (($now - filemtime($f)) > ($value['u2_archived_log_retention'] * 3600)) {
+ $prune_count++;
+ unlink_if_exists($f);
+ }
}
+ unset($files);
+ if ($prune_count > 0)
+ log_error(gettext("[Snort] Barnyard2 archived logs cleanup job removed {$prune_count} file(s) from {$snort_log_dir}/barnyard2/archive/..."));
}
- unset($files);
- if ($prune_count > 0)
- log_error(gettext("[Snort] Barnyard2 archived logs cleanup job removed {$prune_count} file(s) from {$snort_log_dir}/barnyard2/archive/..."));
}
}
diff --git a/config/snort/snort_conf_template.inc b/config/snort/snort_conf_template.inc
index be4791af..e1b11acc 100644
--- a/config/snort/snort_conf_template.inc
+++ b/config/snort/snort_conf_template.inc
@@ -89,7 +89,7 @@ dynamicdetection directory {$snort_dirs['dynamicrules']}
{$host_attrib_config}
# Snort Output Logs #
-output alert_csv: alert timestamp,sig_generator,sig_id,sig_rev,msg,proto,src,srcport,dst,dstport,id,classification,priority
+output alert_csv: alert timestamp,sig_generator,sig_id,sig_rev,msg,proto,src,srcport,dst,dstport,id,classification,priority {$alert_log_limit_size}
{$alertsystemlog_type}
{$snortunifiedlog_type}
{$spoink_type}
diff --git a/config/snort/snort_generate_conf.php b/config/snort/snort_generate_conf.php
index e65f4836..a5cc08d0 100644
--- a/config/snort/snort_generate_conf.php
+++ b/config/snort/snort_generate_conf.php
@@ -87,6 +87,12 @@ foreach ($snort_files as $file) {
}
}
+/* define alert log limit */
+if (!empty($config['installedpackages']['snortglobal']['alert_log_limit_size']) && $config['installedpackages']['snortglobal']['alert_log_limit_size'] != "0")
+ $alert_log_limit_size = $config['installedpackages']['snortglobal']['alert_log_limit_size'] . "K";
+else
+ $alert_log_limit_size = "";
+
/* define alertsystemlog */
$alertsystemlog_type = "";
if ($snortcfg['alertsystemlog'] == "on") {
@@ -107,7 +113,7 @@ if ($snortcfg['barnyard_enable'] == "on") {
if (isset($snortcfg['unified2_log_limit']))
$u2_log_limit = "limit {$snortcfg['unified2_log_limit']}";
else
- $u2_log_limit = "limit 128";
+ $u2_log_limit = "limit 128K";
$snortunifiedlog_type = "output unified2: filename snort_{$snort_uuid}_{$if_real}.u2, {$u2_log_limit}";
if ($snortcfg['barnyard_log_vlan_events'] == 'on')
@@ -201,9 +207,13 @@ $stream5_ports_both .= "\t 55555 56712";
/* def perform_stat */
+if (!empty($config['installedpackages']['snortglobal']['stats_log_limit_size']) && $config['installedpackages']['snortglobal']['stats_log_limit_size'] != "0")
+ $stats_log_limit = "max_file_size " . $config['installedpackages']['snortglobal']['stats_log_limit_size'] * 1000;
+else
+ $stats_log_limit = "";
$perform_stat = <<<EOD
# Performance Statistics #
-preprocessor perfmonitor: time 300 file {$snortlogdir}/snort_{$if_real}{$snort_uuid}/{$if_real}.stats pktcnt 10000
+preprocessor perfmonitor: time 300 file {$snortlogdir}/snort_{$if_real}{$snort_uuid}/{$if_real}.stats pktcnt 10000 {$stats_log_limit}
EOD;
diff --git a/config/snort/snort_log_mgmt.php b/config/snort/snort_log_mgmt.php
index aee98a99..4415863b 100644
--- a/config/snort/snort_log_mgmt.php
+++ b/config/snort/snort_log_mgmt.php
@@ -55,6 +55,8 @@ $pconfig['stats_log_limit_size'] = $config['installedpackages']['snortglobal']['
$pconfig['stats_log_retention'] = $config['installedpackages']['snortglobal']['stats_log_retention'];
$pconfig['sid_changes_log_limit_size'] = $config['installedpackages']['snortglobal']['sid_changes_log_limit_size'];
$pconfig['sid_changes_log_retention'] = $config['installedpackages']['snortglobal']['sid_changes_log_retention'];
+$pconfig['event_pkts_log_limit_size'] = '0';
+$pconfig['event_pkts_log_retention'] = $config['installedpackages']['snortglobal']['event_pkts_log_retention'];
// Load up some arrays with selection values (we use these later).
// The keys in the $retentions array are the retention period
@@ -80,18 +82,16 @@ if (!isset($pconfig['alert_log_retention']))
$pconfig['alert_log_retention'] = "336";
if (!isset($pconfig['stats_log_retention']))
$pconfig['stats_log_retention'] = "168";
-if (!isset($pconfig['u2_archive_log_retention']))
- $pconfig['u2_archive_log_retention'] = "168";
if (!isset($pconfig['sid_changes_log_retention']))
$pconfig['sid_changes_log_retention'] = "336";
+if (!isset($pconfig['event_pkts_log_retention']))
+ $pconfig['event_pkts_log_retention'] = "336";
// Set default log file size limits
if (!isset($pconfig['alert_log_limit_size']))
$pconfig['alert_log_limit_size'] = "500";
if (!isset($pconfig['stats_log_limit_size']))
$pconfig['stats_log_limit_size'] = "500";
-if (!isset($pconfig['unified2_log_limit']))
- $pconfig['unified2_log_limit'] = "32";
if (!isset($pconfig['sid_changes_log_limit_size']))
$pconfig['sid_changes_log_limit_size'] = "250";
@@ -101,10 +101,12 @@ if ($_POST['ResetAll']) {
$pconfig['alert_log_retention'] = "336";
$pconfig['stats_log_retention'] = "168";
$pconfig['sid_changes_log_retention'] = "336";
+ $pconfig['event_pkts_log_retention'] = "336";
$pconfig['alert_log_limit_size'] = "500";
$pconfig['stats_log_limit_size'] = "500";
$pconfig['sid_changes_log_limit_size'] = "250";
+ $pconfig['event_pkts_log_limit_size'] = "0";
/* Log a message at the top of the page to inform the user */
$savemsg = gettext("All log management settings on this page have been reset to their defaults. Click APPLY if you wish to keep these new settings.");
@@ -142,6 +144,8 @@ if ($_POST["save"] || $_POST['apply']) {
$config['installedpackages']['snortglobal']['stats_log_retention'] = $_POST['stats_log_retention'];
$config['installedpackages']['snortglobal']['sid_changes_log_limit_size'] = $_POST['sid_changes_log_limit_size'];
$config['installedpackages']['snortglobal']['sid_changes_log_retention'] = $_POST['sid_changes_log_retention'];
+ $config['installedpackages']['snortglobal']['event_pkts_log_limit_size'] = $_POST['event_pkts_log_limit_size'];
+ $config['installedpackages']['snortglobal']['event_pkts_log_retention'] = $_POST['event_pkts_log_retention'];
write_config("Snort pkg: saved updated configuration for LOGS MGMT.");
sync_snort_package_config();
@@ -194,7 +198,7 @@ if ($savemsg) {
$tab_array[6] = array(gettext("Suppress"), false, "/snort/snort_interfaces_suppress.php");
$tab_array[7] = array(gettext("IP Lists"), false, "/snort/snort_ip_list_mgmt.php");
$tab_array[8] = array(gettext("SID Mgmt"), false, "/snort/snort_sid_mgmt.php");
- $tab_array[9] = array(gettext("Log Mgmt"), true, "/snort/snort_logs_mgmt.php");
+ $tab_array[9] = array(gettext("Log Mgmt"), true, "/snort/snort_log_mgmt.php");
$tab_array[10] = array(gettext("Sync"), false, "/pkg_edit.php?xml=snort/snort_sync.xml");
display_top_tabs($tab_array, true);
?>
@@ -284,7 +288,7 @@ if ($savemsg) {
<td class="listr" align="center"><select name="alert_log_limit_size" class="formselect" id="alert_log_limit_size">
<?php foreach ($log_sizes as $k => $l): ?>
<option value="<?=$k;?>"
- <?php if ($k == $pconfig['alert_log_limit_size']) echo "selected"; ?>>
+ <?php if ($k == $pconfig['alert_log_limit_size']) echo " selected"; ?>>
<?=htmlspecialchars($l);?></option>
<?php endforeach; ?>
</select>
@@ -292,13 +296,31 @@ if ($savemsg) {
<td class="listr" align="center"><select name="alert_log_retention" class="formselect" id="alert_log_retention">
<?php foreach ($retentions as $k => $p): ?>
<option value="<?=$k;?>"
- <?php if ($k == $pconfig['alert_log_retention']) echo "selected"; ?>>
+ <?php if ($k == $pconfig['alert_log_retention']) echo " selected"; ?>>
<?=htmlspecialchars($p);?></option>
<?php endforeach; ?>
</select>
</td>
<td class="listbg"><?=gettext("Snort alerts and event details");?></td>
</tr>
+
+ <tr>
+ <td class="listbg">event pcaps</td>
+ <td class="listr" align="center"><select name="event_pkts_log_limit_size" class="formselect" id="event_pkts_log_limit_size">
+ <option value="0" selected>NO LIMIT</option>
+ </select>
+ </td>
+ <td class="listr" align="center"><select name="event_pkts_log_retention" class="formselect" id="event_pkts_log_retention">
+ <?php foreach ($retentions as $k => $p): ?>
+ <option value="<?=$k;?>"
+ <?php if ($k == $pconfig['event_pkts_log_retention']) echo " selected"; ?>>
+ <?=htmlspecialchars($p);?></option>
+ <?php endforeach; ?>
+ </select>
+ </td>
+ <td class="listbg"><?=gettext("Snort alert related packet captures");?></td>
+ </tr>
+
<tr>
<td class="listbg">sid_changes</td>
<td class="listr" align="center"><select name="sid_changes_log_limit_size" class="formselect" id="sid_changes_log_limit_size">
@@ -312,7 +334,7 @@ if ($savemsg) {
<td class="listr" align="center"><select name="sid_changes_log_retention" class="formselect" id="sid_changes_log_retention">
<?php foreach ($retentions as $k => $p): ?>
<option value="<?=$k;?>"
- <?php if ($k == $pconfig['sid_changes_log_retention']) echo "selected"; ?>>
+ <?php if ($k == $pconfig['sid_changes_log_retention']) echo " selected"; ?>>
<?=htmlspecialchars($p);?></option>
<?php endforeach; ?>
</select>
@@ -324,7 +346,7 @@ if ($savemsg) {
<td class="listr" align="center"><select name="stats_log_limit_size" class="formselect" id="stats_log_limit_size">
<?php foreach ($log_sizes as $k => $l): ?>
<option value="<?=$k;?>"
- <?php if ($k == $pconfig['stats_log_limit_size']) echo "selected"; ?>>
+ <?php if ($k == $pconfig['stats_log_limit_size']) echo " selected"; ?>>
<?=htmlspecialchars($l);?></option>
<?php endforeach; ?>
</select>
@@ -332,7 +354,7 @@ if ($savemsg) {
<td class="listr" align="center"><select name="stats_log_retention" class="formselect" id="stats_log_retention">
<?php foreach ($retentions as $k => $p): ?>
<option value="<?=$k;?>"
- <?php if ($k == $pconfig['stats_log_retention']) echo "selected"; ?>>
+ <?php if ($k == $pconfig['stats_log_retention']) echo " selected"; ?>>
<?=htmlspecialchars($p);?></option>
<?php endforeach; ?>
</select>
@@ -371,6 +393,8 @@ function enable_change() {
document.iform.stats_log_retention.disabled = endis;
document.iform.sid_changes_log_retention.disabled = endis;
document.iform.sid_changes_log_limit_size.disabled = endis;
+ document.iform.event_pkts_log_limit_size.disabled = endis;
+ document.iform.event_pkts_log_retention.disabled = endis;
}
function enable_change_dirSize() {
diff --git a/config/snort/snort_migrate_config.php b/config/snort/snort_migrate_config.php
index af02261f..2cef217a 100644
--- a/config/snort/snort_migrate_config.php
+++ b/config/snort/snort_migrate_config.php
@@ -70,6 +70,30 @@ if (empty($config['installedpackages']['snortglobal']['snort_config_ver']) &&
$updated_cfg = true;
}
+/**********************************************************/
+/* Create new Auto SID Mgmt settings if not set */
+/**********************************************************/
+ if (empty($config['installedpackages']['snortglobal']['auto_manage_sids'])) {
+ $config['installedpackages']['snortglobal']['auto_manage_sids'] = "off";
+ $config['installedpackages']['snortglobal']['sid_changes_log_limit_size'] = "250";
+ $config['installedpackages']['snortglobal']['sid_changes_log_retention'] = "336";
+ $updated_cfg = true;
+ }
+
+/**********************************************************/
+/* Create new LOG MGMT settings if not set */
+/**********************************************************/
+ if (empty($config['installedpackages']['snortglobal']['enable_log_mgmt'])) {
+ $config['installedpackages']['snortglobal']['enable_log_mgmt'] = "on";
+ $config['installedpackages']['snortglobal']['alert_log_limit_size'] = "500";
+ $config['installedpackages']['snortglobal']['alert_log_retention'] = "336";
+ $config['installedpackages']['snortglobal']['stats_log_limit_size'] = "500";
+ $config['installedpackages']['snortglobal']['stats_log_retention'] = "168";
+ $config['installedpackages']['snortglobal']['event_pkts_log_limit_size'] = "0";
+ $config['installedpackages']['snortglobal']['event_pkts_log_retention'] = "336";
+ $updated_cfg = true;
+}
+
foreach ($rule as &$r) {
// Initialize arrays for supported preprocessors if necessary
if (!is_array($r['frag3_engine']['item']))
@@ -344,7 +368,7 @@ foreach ($rule as &$r) {
// Since Barnyard2 was enabled, configure the new archived log settings
$pconfig['u2_archived_log_retention'] = '168';
$pconfig['barnyard_archive_enable'] = 'on';
- $pconfig['unified2_log_limit'] = '32';
+ $pconfig['unified2_log_limit'] = '32M';
$updated_cfg = true;
}
@@ -451,6 +475,14 @@ foreach ($rule as &$r) {
$updated_cfg = true;
}
+
+ // Migrate any BY2 limit for unified2 logs to new format
+ if (!empty($pconfig['unified2_log_limit']) &&
+ !preg_match('/^\d+[g|k|m|G|K|M]/', $pconfig['unified2_log_limit'])) {
+ $pconfig['unified2_log_limit'] .= "M";
+ $updated_cfg = true;
+ }
+
// Save the new configuration data into the $config array pointer
$r = $pconfig;
}
diff --git a/config/snort/snort_post_install.php b/config/snort/snort_post_install.php
index 0650d187..addb6329 100644
--- a/config/snort/snort_post_install.php
+++ b/config/snort/snort_post_install.php
@@ -44,10 +44,32 @@ require_once("/usr/local/pkg/snort/snort.inc");
global $config, $g, $rebuild_rules, $pkg_interface, $snort_gui_include;
+/****************************************
+ * Define any new constants here that *
+ * may not be yet defined in the old *
+ * "snort.inc" include file that might *
+ * be cached and used by the package *
+ * manager installation code. *
+ * *
+ * This is a hack to work around the *
+ * fact the old version of suricata.inc *
+ * is cached and used instead of the *
+ * updated version icluded with the *
+ * updated GUI package. *
+ ****************************************/
+if (!defined('SID_MODS_PATH'))
+ define('SID_MODS_PATH', '/var/db/snort/sidmods/');
+
+/****************************************
+ * End of PHP caching workaround *
+ ****************************************/
+
$snortdir = SNORTDIR;
$snortlogdir = SNORTLOGDIR;
$snortlibdir = SNORTLIBDIR;
$rcdir = RCFILEPREFIX;
+$flowbit_rules_file = FLOWBITS_FILENAME;
+$snort_enforcing_rules_file = ENFORCING_RULES_FILENAME;
/* Hard kill any running Snort processes that may have been started by any */
/* of the pfSense scripts such as check_reload_status() or rc.start_packages */
@@ -97,6 +119,7 @@ foreach ($preproc_rules as $file) {
/* Create required log and db directories in /var */
safe_mkdir(SNORTLOGDIR);
safe_mkdir(IPREP_PATH);
+safe_mkdir(SID_MODS_PATH);
/* If installed, absorb the Snort Dashboard Widget into this package */
/* by removing it as a separately installed package. */
@@ -164,15 +187,35 @@ if ($config['installedpackages']['snortglobal']['forcekeepsettings'] == 'on') {
/* Create the snort.conf files for each enabled interface */
$snortconf = $config['installedpackages']['snortglobal']['rule'];
- foreach ($snortconf as $value) {
- $if_real = get_real_interface($value['interface']);
+ foreach ($snortconf as $snortcfg) {
+ $if_real = get_real_interface($snortcfg['interface']);
+ $snort_uuid = $snortcfg['uuid'];
+ $snortcfgdir = "{$snortdir}/snort_{$snort_uuid}_{$if_real}";
+
+ // Pull in the PHP code that generates the snort.conf file
+ // variables that will be substituted further down below.
+ include("/usr/local/pkg/snort/snort_generate_conf.php");
+
+ // Pull in the boilerplate template for the snort.conf
+ // configuration file. The contents of the template along
+ // with substituted variables are stored in $snort_conf_text
+ // (which is defined in the included file).
+ include("/usr/local/pkg/snort/snort_conf_template.inc");
+
+ // Now write out the conf file using $snort_conf_text contents
+ @file_put_contents("{$snortcfgdir}/snort.conf", $snort_conf_text);
+ unset($snort_conf_text);
+
+ // Create the actual rules files and save them in the interface directory
+ snort_prepare_rule_files($snortcfg, $snortcfgdir);
- /* create a snort.conf file for interface */
- snort_generate_conf($value);
+ // Clean up variables we no longer need and free memory
+ unset($snort_conf_text, $selected_rules_sections, $suppress_file_name, $snort_misc_include_rules, $spoink_type, $snortunifiedlog_type, $alertsystemlog_type);
+ unset($home_net, $external_net, $ipvardef, $portvardef);
- /* create barnyard2.conf file for interface */
- if ($value['barnyard_enable'] == 'on')
- snort_generate_barnyard2_conf($value, $if_real);
+ // create barnyard2.conf file for interface
+ if ($snortcfg['barnyard_enable'] == 'on')
+ snort_generate_barnyard2_conf($snortcfg, $if_real);
}
/* create snort bootup file snort.sh */