diff options
author | bmeeks8 <bmeeks8@bellsouth.net> | 2014-09-13 10:38:02 -0400 |
---|---|---|
committer | bmeeks8 <bmeeks8@bellsouth.net> | 2014-09-13 10:38:02 -0400 |
commit | 3ded21fc48a46974795072defc35541dc2f0690b (patch) | |
tree | 54e5ffa22148999fe6f938f261da2b35b9451ca1 /config/snort | |
parent | 3aba4f55b08aa2fbeec7af5a4a1063c2f91e3355 (diff) | |
download | pfsense-packages-3ded21fc48a46974795072defc35541dc2f0690b.tar.gz pfsense-packages-3ded21fc48a46974795072defc35541dc2f0690b.tar.bz2 pfsense-packages-3ded21fc48a46974795072defc35541dc2f0690b.zip |
Add handler and install code for new LOG MGMT function.
Diffstat (limited to 'config/snort')
-rw-r--r-- | config/snort/snort_barnyard.php | 8 | ||||
-rw-r--r-- | config/snort/snort_check_cron_misc.inc | 110 | ||||
-rw-r--r-- | config/snort/snort_conf_template.inc | 2 | ||||
-rw-r--r-- | config/snort/snort_generate_conf.php | 14 | ||||
-rw-r--r-- | config/snort/snort_log_mgmt.php | 44 | ||||
-rw-r--r-- | config/snort/snort_migrate_config.php | 34 | ||||
-rw-r--r-- | config/snort/snort_post_install.php | 57 |
7 files changed, 229 insertions, 40 deletions
diff --git a/config/snort/snort_barnyard.php b/config/snort/snort_barnyard.php index 1617e869..1e834ff0 100644 --- a/config/snort/snort_barnyard.php +++ b/config/snort/snort_barnyard.php @@ -57,8 +57,8 @@ $retentions = array( '0' => gettext('KEEP ALL'), '24' => gettext('1 DAY'), '168' '720' => gettext('30 DAYS'), '1080' => gettext("45 DAYS"), '2160' => gettext('90 DAYS'), '4320' => gettext('180 DAYS'), '8766' => gettext('1 YEAR'), '26298' => gettext("3 YEARS") ); -$log_sizes = array( '0' => gettext('NO LIMIT'), '8' => gettext('8 MB'), '16' => gettext('16 MB'), '32' => gettext('32 MB'), - '64' => gettext('64 MB'), '128' => gettext('128 MB'), '256' => gettext('256 MB') ); +$log_sizes = array( '0' => gettext('NO LIMIT'), '128K' => '128 KB', '256K' => '256 KB', '512K' => '512 KB', '1M' => '1 MB', '4M' => '4 MB', '8M' => gettext('8 MB'), + '16M' => gettext('16 MB'), '32M' => gettext('32 MB'), '64M' => gettext('64 MB'), '128M' => gettext('128 MB'), '256M' => gettext('256 MB') ); if (isset($id) && $a_nat[$id]) { $pconfig = $a_nat[$id]; @@ -69,7 +69,7 @@ if (isset($id) && $a_nat[$id]) { if (empty($a_nat[$id]['barnyard_show_year'])) $pconfig['barnyard_show_year'] = "on"; if (empty($a_nat[$id]['unified2_log_limit'])) - $pconfig['unified2_log_limit'] = "32"; + $pconfig['unified2_log_limit'] = "128K"; if (empty($a_nat[$id]['barnyard_archive_enable'])) $pconfig['barnyard_archive_enable'] = "on"; if (empty($a_nat[$id]['u2_archived_log_retention'])) @@ -284,7 +284,7 @@ include_once("head.inc"); <?php if ($k == $pconfig['unified2_log_limit']) echo "selected"; ?>> <?=htmlspecialchars($p);?></option> <?php endforeach; ?> - </select> <?php echo gettext("Choose a Unified2 Log file size limit in megabytes (MB). Default is "); ?><strong><?=gettext("32 MB.");?></strong><br/><br/> + </select> <?php echo gettext("Choose a Unified2 Log file size limit. Default is "); ?><strong><?=gettext("128 KB.");?></strong><br/><br/> <?php echo gettext("This sets the maximum size for a Unified2 Log file before it is rotated and a new one created."); ?> </td> </tr> diff --git a/config/snort/snort_check_cron_misc.inc b/config/snort/snort_check_cron_misc.inc index 9a1c7833..0f9b80ab 100644 --- a/config/snort/snort_check_cron_misc.inc +++ b/config/snort/snort_check_cron_misc.inc @@ -33,6 +33,7 @@ require_once("/usr/local/pkg/snort/snort.inc"); $snortlogdir = SNORTLOGDIR; +global $g, $config; function snort_check_dir_size_limit($snortloglimitsize) { @@ -88,6 +89,56 @@ function snort_check_dir_size_limit($snortloglimitsize) { } } +function snort_check_rotate_log($log_file, $log_limit, $retention) { + + /******************************************************** + * This function checks the passed log file against * + * the passed size limit and rotates the log file if * + * necessary. It also checks the age of previously * + * rotated logs and removes those older than the * + * rentention parameter. * + * * + * On Entry: $log_file -> full pathname/filename of * + * log file to check * + * $log_limit -> size of file in bytes to * + * trigger rotation. Zero * + * means no rotation. * + * $retention -> retention period in hours * + * for rotated logs. Zero * + * means never remove. * + ********************************************************/ + + // Check the current log to see if it needs rotating. + // If it does, rotate it and put the current time + // on the end of the filename as UNIX timestamp. + if (!file_exists($log_file)) + return; + if (($log_limit > 0) && (filesize($log_file) >= $log_limit)) { + $newfile = $log_file . "." . strval(time()); + try { + copy($log_file, $newfile); + file_put_contents($log_file, ""); + } catch (Exception $e) { + log_error("[Snort] Failed to rotate file '{$log_file}' -- error was {$e->getMessage()}"); + } + } + + // Check previously rotated logs to see if time to + // delete any older than the retention period. + // Rotated logs have a UNIX timestamp appended to + // filename. + if ($retention > 0) { + $now = time(); + $rotated_files = glob("{$log_file}.*"); + foreach ($rotated_files as $file) { + if (($now - filemtime($file)) > ($retention * 3600)) + unlink_if_exists($file); + } + unset($rotated_files); + } +} + + /************************* * Start of main code * *************************/ @@ -96,27 +147,56 @@ function snort_check_dir_size_limit($snortloglimitsize) { if ($g['booting'] == true) return; +$logs = array (); + +// Build an array of files to check and limits to check them against from our saved configuration +$logs['sid_changes.log']['limit'] = $config['installedpackages']['snortglobal']['sid_changes_log_limit_size']; +$logs['sid_changes.log']['retention'] = $config['installedpackages']['snortglobal']['sid_changes_log_retention']; + // If no interfaces defined, there is nothing to clean up if (!is_array($config['installedpackages']['snortglobal']['rule'])) return; -// Check unified2 archived log retention in the interface logging directories if enabled -foreach ($config['installedpackages']['snortglobal']['rule'] as $value) { - $if_real = get_real_interface($value['interface']); - $snort_log_dir = SNORTLOGDIR . "/snort_{$if_real}{$value['uuid']}"; - if (is_dir("{$snort_log_dir}/barnyard2/archive") && $value['u2_archived_log_retention'] > 0) { - $now = time(); - $files = glob("{$snort_log_dir}/barnyard2/archive/snort_{$value['uuid']}_{$if_real}.u2.*"); - $prune_count = 0; - foreach ($files as $f) { - if (($now - filemtime($f)) > ($value['u2_archived_log_retention'] * 3600)) { - $prune_count++; - unlink_if_exists($f); +// Check log limits and retention in the interface logging directories if enabled +if ($config['installedpackages']['snortglobal']['enable_log_mgmt'] == 'on') { + foreach ($config['installedpackages']['snortglobal']['rule'] as $value) { + $if_real = get_real_interface($value['interface']); + $snort_log_dir = SNORTLOGDIR . "/snort_{$if_real}{$value['uuid']}"; + foreach ($logs as $k => $p) { + snort_check_rotate_log("{$snort_log_dir}/{$k}", $p['limit']*1024, $p['retention']); + } + + // Prune aged-out event packet capture files if any exist + if ($config['installedpackages']['snortglobal']['event_pkts_log_retention'] > 0) { + $now = time(); + $rotated_files = glob("{$snort_log_dir}/snort.log.*"); + $prune_count = 0; + foreach ($rotated_files as $file) { + if (($now - filemtime($file)) > ($config['installedpackages']['snortglobal']['event_pkts_log_retention'] * 3600)) { + $prune_count++; + unlink_if_exists($file); + } + } + unset($rotated_files); + if ($prune_count > 0) + log_error(gettext("[Snort] Alert pcap file cleanup job removed {$prune_count} pcap file(s) from {$snort_log_dir}/...")); + } + + // Prune any aged-out Barnyard2 archived logs if any exist + if (is_dir("{$snort_log_dir}/barnyard2/archive") && $value['u2_archived_log_retention'] > 0) { + $now = time(); + $files = glob("{$snort_log_dir}/barnyard2/archive/snort_{$value['uuid']}_{$if_real}.u2.*"); + $prune_count = 0; + foreach ($files as $f) { + if (($now - filemtime($f)) > ($value['u2_archived_log_retention'] * 3600)) { + $prune_count++; + unlink_if_exists($f); + } } + unset($files); + if ($prune_count > 0) + log_error(gettext("[Snort] Barnyard2 archived logs cleanup job removed {$prune_count} file(s) from {$snort_log_dir}/barnyard2/archive/...")); } - unset($files); - if ($prune_count > 0) - log_error(gettext("[Snort] Barnyard2 archived logs cleanup job removed {$prune_count} file(s) from {$snort_log_dir}/barnyard2/archive/...")); } } diff --git a/config/snort/snort_conf_template.inc b/config/snort/snort_conf_template.inc index be4791af..e1b11acc 100644 --- a/config/snort/snort_conf_template.inc +++ b/config/snort/snort_conf_template.inc @@ -89,7 +89,7 @@ dynamicdetection directory {$snort_dirs['dynamicrules']} {$host_attrib_config} # Snort Output Logs # -output alert_csv: alert timestamp,sig_generator,sig_id,sig_rev,msg,proto,src,srcport,dst,dstport,id,classification,priority +output alert_csv: alert timestamp,sig_generator,sig_id,sig_rev,msg,proto,src,srcport,dst,dstport,id,classification,priority {$alert_log_limit_size} {$alertsystemlog_type} {$snortunifiedlog_type} {$spoink_type} diff --git a/config/snort/snort_generate_conf.php b/config/snort/snort_generate_conf.php index e65f4836..a5cc08d0 100644 --- a/config/snort/snort_generate_conf.php +++ b/config/snort/snort_generate_conf.php @@ -87,6 +87,12 @@ foreach ($snort_files as $file) { } } +/* define alert log limit */ +if (!empty($config['installedpackages']['snortglobal']['alert_log_limit_size']) && $config['installedpackages']['snortglobal']['alert_log_limit_size'] != "0") + $alert_log_limit_size = $config['installedpackages']['snortglobal']['alert_log_limit_size'] . "K"; +else + $alert_log_limit_size = ""; + /* define alertsystemlog */ $alertsystemlog_type = ""; if ($snortcfg['alertsystemlog'] == "on") { @@ -107,7 +113,7 @@ if ($snortcfg['barnyard_enable'] == "on") { if (isset($snortcfg['unified2_log_limit'])) $u2_log_limit = "limit {$snortcfg['unified2_log_limit']}"; else - $u2_log_limit = "limit 128"; + $u2_log_limit = "limit 128K"; $snortunifiedlog_type = "output unified2: filename snort_{$snort_uuid}_{$if_real}.u2, {$u2_log_limit}"; if ($snortcfg['barnyard_log_vlan_events'] == 'on') @@ -201,9 +207,13 @@ $stream5_ports_both .= "\t 55555 56712"; /* def perform_stat */ +if (!empty($config['installedpackages']['snortglobal']['stats_log_limit_size']) && $config['installedpackages']['snortglobal']['stats_log_limit_size'] != "0") + $stats_log_limit = "max_file_size " . $config['installedpackages']['snortglobal']['stats_log_limit_size'] * 1000; +else + $stats_log_limit = ""; $perform_stat = <<<EOD # Performance Statistics # -preprocessor perfmonitor: time 300 file {$snortlogdir}/snort_{$if_real}{$snort_uuid}/{$if_real}.stats pktcnt 10000 +preprocessor perfmonitor: time 300 file {$snortlogdir}/snort_{$if_real}{$snort_uuid}/{$if_real}.stats pktcnt 10000 {$stats_log_limit} EOD; diff --git a/config/snort/snort_log_mgmt.php b/config/snort/snort_log_mgmt.php index aee98a99..4415863b 100644 --- a/config/snort/snort_log_mgmt.php +++ b/config/snort/snort_log_mgmt.php @@ -55,6 +55,8 @@ $pconfig['stats_log_limit_size'] = $config['installedpackages']['snortglobal'][' $pconfig['stats_log_retention'] = $config['installedpackages']['snortglobal']['stats_log_retention']; $pconfig['sid_changes_log_limit_size'] = $config['installedpackages']['snortglobal']['sid_changes_log_limit_size']; $pconfig['sid_changes_log_retention'] = $config['installedpackages']['snortglobal']['sid_changes_log_retention']; +$pconfig['event_pkts_log_limit_size'] = '0'; +$pconfig['event_pkts_log_retention'] = $config['installedpackages']['snortglobal']['event_pkts_log_retention']; // Load up some arrays with selection values (we use these later). // The keys in the $retentions array are the retention period @@ -80,18 +82,16 @@ if (!isset($pconfig['alert_log_retention'])) $pconfig['alert_log_retention'] = "336"; if (!isset($pconfig['stats_log_retention'])) $pconfig['stats_log_retention'] = "168"; -if (!isset($pconfig['u2_archive_log_retention'])) - $pconfig['u2_archive_log_retention'] = "168"; if (!isset($pconfig['sid_changes_log_retention'])) $pconfig['sid_changes_log_retention'] = "336"; +if (!isset($pconfig['event_pkts_log_retention'])) + $pconfig['event_pkts_log_retention'] = "336"; // Set default log file size limits if (!isset($pconfig['alert_log_limit_size'])) $pconfig['alert_log_limit_size'] = "500"; if (!isset($pconfig['stats_log_limit_size'])) $pconfig['stats_log_limit_size'] = "500"; -if (!isset($pconfig['unified2_log_limit'])) - $pconfig['unified2_log_limit'] = "32"; if (!isset($pconfig['sid_changes_log_limit_size'])) $pconfig['sid_changes_log_limit_size'] = "250"; @@ -101,10 +101,12 @@ if ($_POST['ResetAll']) { $pconfig['alert_log_retention'] = "336"; $pconfig['stats_log_retention'] = "168"; $pconfig['sid_changes_log_retention'] = "336"; + $pconfig['event_pkts_log_retention'] = "336"; $pconfig['alert_log_limit_size'] = "500"; $pconfig['stats_log_limit_size'] = "500"; $pconfig['sid_changes_log_limit_size'] = "250"; + $pconfig['event_pkts_log_limit_size'] = "0"; /* Log a message at the top of the page to inform the user */ $savemsg = gettext("All log management settings on this page have been reset to their defaults. Click APPLY if you wish to keep these new settings."); @@ -142,6 +144,8 @@ if ($_POST["save"] || $_POST['apply']) { $config['installedpackages']['snortglobal']['stats_log_retention'] = $_POST['stats_log_retention']; $config['installedpackages']['snortglobal']['sid_changes_log_limit_size'] = $_POST['sid_changes_log_limit_size']; $config['installedpackages']['snortglobal']['sid_changes_log_retention'] = $_POST['sid_changes_log_retention']; + $config['installedpackages']['snortglobal']['event_pkts_log_limit_size'] = $_POST['event_pkts_log_limit_size']; + $config['installedpackages']['snortglobal']['event_pkts_log_retention'] = $_POST['event_pkts_log_retention']; write_config("Snort pkg: saved updated configuration for LOGS MGMT."); sync_snort_package_config(); @@ -194,7 +198,7 @@ if ($savemsg) { $tab_array[6] = array(gettext("Suppress"), false, "/snort/snort_interfaces_suppress.php"); $tab_array[7] = array(gettext("IP Lists"), false, "/snort/snort_ip_list_mgmt.php"); $tab_array[8] = array(gettext("SID Mgmt"), false, "/snort/snort_sid_mgmt.php"); - $tab_array[9] = array(gettext("Log Mgmt"), true, "/snort/snort_logs_mgmt.php"); + $tab_array[9] = array(gettext("Log Mgmt"), true, "/snort/snort_log_mgmt.php"); $tab_array[10] = array(gettext("Sync"), false, "/pkg_edit.php?xml=snort/snort_sync.xml"); display_top_tabs($tab_array, true); ?> @@ -284,7 +288,7 @@ if ($savemsg) { <td class="listr" align="center"><select name="alert_log_limit_size" class="formselect" id="alert_log_limit_size"> <?php foreach ($log_sizes as $k => $l): ?> <option value="<?=$k;?>" - <?php if ($k == $pconfig['alert_log_limit_size']) echo "selected"; ?>> + <?php if ($k == $pconfig['alert_log_limit_size']) echo " selected"; ?>> <?=htmlspecialchars($l);?></option> <?php endforeach; ?> </select> @@ -292,13 +296,31 @@ if ($savemsg) { <td class="listr" align="center"><select name="alert_log_retention" class="formselect" id="alert_log_retention"> <?php foreach ($retentions as $k => $p): ?> <option value="<?=$k;?>" - <?php if ($k == $pconfig['alert_log_retention']) echo "selected"; ?>> + <?php if ($k == $pconfig['alert_log_retention']) echo " selected"; ?>> <?=htmlspecialchars($p);?></option> <?php endforeach; ?> </select> </td> <td class="listbg"><?=gettext("Snort alerts and event details");?></td> </tr> + + <tr> + <td class="listbg">event pcaps</td> + <td class="listr" align="center"><select name="event_pkts_log_limit_size" class="formselect" id="event_pkts_log_limit_size"> + <option value="0" selected>NO LIMIT</option> + </select> + </td> + <td class="listr" align="center"><select name="event_pkts_log_retention" class="formselect" id="event_pkts_log_retention"> + <?php foreach ($retentions as $k => $p): ?> + <option value="<?=$k;?>" + <?php if ($k == $pconfig['event_pkts_log_retention']) echo " selected"; ?>> + <?=htmlspecialchars($p);?></option> + <?php endforeach; ?> + </select> + </td> + <td class="listbg"><?=gettext("Snort alert related packet captures");?></td> + </tr> + <tr> <td class="listbg">sid_changes</td> <td class="listr" align="center"><select name="sid_changes_log_limit_size" class="formselect" id="sid_changes_log_limit_size"> @@ -312,7 +334,7 @@ if ($savemsg) { <td class="listr" align="center"><select name="sid_changes_log_retention" class="formselect" id="sid_changes_log_retention"> <?php foreach ($retentions as $k => $p): ?> <option value="<?=$k;?>" - <?php if ($k == $pconfig['sid_changes_log_retention']) echo "selected"; ?>> + <?php if ($k == $pconfig['sid_changes_log_retention']) echo " selected"; ?>> <?=htmlspecialchars($p);?></option> <?php endforeach; ?> </select> @@ -324,7 +346,7 @@ if ($savemsg) { <td class="listr" align="center"><select name="stats_log_limit_size" class="formselect" id="stats_log_limit_size"> <?php foreach ($log_sizes as $k => $l): ?> <option value="<?=$k;?>" - <?php if ($k == $pconfig['stats_log_limit_size']) echo "selected"; ?>> + <?php if ($k == $pconfig['stats_log_limit_size']) echo " selected"; ?>> <?=htmlspecialchars($l);?></option> <?php endforeach; ?> </select> @@ -332,7 +354,7 @@ if ($savemsg) { <td class="listr" align="center"><select name="stats_log_retention" class="formselect" id="stats_log_retention"> <?php foreach ($retentions as $k => $p): ?> <option value="<?=$k;?>" - <?php if ($k == $pconfig['stats_log_retention']) echo "selected"; ?>> + <?php if ($k == $pconfig['stats_log_retention']) echo " selected"; ?>> <?=htmlspecialchars($p);?></option> <?php endforeach; ?> </select> @@ -371,6 +393,8 @@ function enable_change() { document.iform.stats_log_retention.disabled = endis; document.iform.sid_changes_log_retention.disabled = endis; document.iform.sid_changes_log_limit_size.disabled = endis; + document.iform.event_pkts_log_limit_size.disabled = endis; + document.iform.event_pkts_log_retention.disabled = endis; } function enable_change_dirSize() { diff --git a/config/snort/snort_migrate_config.php b/config/snort/snort_migrate_config.php index af02261f..2cef217a 100644 --- a/config/snort/snort_migrate_config.php +++ b/config/snort/snort_migrate_config.php @@ -70,6 +70,30 @@ if (empty($config['installedpackages']['snortglobal']['snort_config_ver']) && $updated_cfg = true; } +/**********************************************************/ +/* Create new Auto SID Mgmt settings if not set */ +/**********************************************************/ + if (empty($config['installedpackages']['snortglobal']['auto_manage_sids'])) { + $config['installedpackages']['snortglobal']['auto_manage_sids'] = "off"; + $config['installedpackages']['snortglobal']['sid_changes_log_limit_size'] = "250"; + $config['installedpackages']['snortglobal']['sid_changes_log_retention'] = "336"; + $updated_cfg = true; + } + +/**********************************************************/ +/* Create new LOG MGMT settings if not set */ +/**********************************************************/ + if (empty($config['installedpackages']['snortglobal']['enable_log_mgmt'])) { + $config['installedpackages']['snortglobal']['enable_log_mgmt'] = "on"; + $config['installedpackages']['snortglobal']['alert_log_limit_size'] = "500"; + $config['installedpackages']['snortglobal']['alert_log_retention'] = "336"; + $config['installedpackages']['snortglobal']['stats_log_limit_size'] = "500"; + $config['installedpackages']['snortglobal']['stats_log_retention'] = "168"; + $config['installedpackages']['snortglobal']['event_pkts_log_limit_size'] = "0"; + $config['installedpackages']['snortglobal']['event_pkts_log_retention'] = "336"; + $updated_cfg = true; +} + foreach ($rule as &$r) { // Initialize arrays for supported preprocessors if necessary if (!is_array($r['frag3_engine']['item'])) @@ -344,7 +368,7 @@ foreach ($rule as &$r) { // Since Barnyard2 was enabled, configure the new archived log settings $pconfig['u2_archived_log_retention'] = '168'; $pconfig['barnyard_archive_enable'] = 'on'; - $pconfig['unified2_log_limit'] = '32'; + $pconfig['unified2_log_limit'] = '32M'; $updated_cfg = true; } @@ -451,6 +475,14 @@ foreach ($rule as &$r) { $updated_cfg = true; } + + // Migrate any BY2 limit for unified2 logs to new format + if (!empty($pconfig['unified2_log_limit']) && + !preg_match('/^\d+[g|k|m|G|K|M]/', $pconfig['unified2_log_limit'])) { + $pconfig['unified2_log_limit'] .= "M"; + $updated_cfg = true; + } + // Save the new configuration data into the $config array pointer $r = $pconfig; } diff --git a/config/snort/snort_post_install.php b/config/snort/snort_post_install.php index 0650d187..addb6329 100644 --- a/config/snort/snort_post_install.php +++ b/config/snort/snort_post_install.php @@ -44,10 +44,32 @@ require_once("/usr/local/pkg/snort/snort.inc"); global $config, $g, $rebuild_rules, $pkg_interface, $snort_gui_include; +/**************************************** + * Define any new constants here that * + * may not be yet defined in the old * + * "snort.inc" include file that might * + * be cached and used by the package * + * manager installation code. * + * * + * This is a hack to work around the * + * fact the old version of suricata.inc * + * is cached and used instead of the * + * updated version icluded with the * + * updated GUI package. * + ****************************************/ +if (!defined('SID_MODS_PATH')) + define('SID_MODS_PATH', '/var/db/snort/sidmods/'); + +/**************************************** + * End of PHP caching workaround * + ****************************************/ + $snortdir = SNORTDIR; $snortlogdir = SNORTLOGDIR; $snortlibdir = SNORTLIBDIR; $rcdir = RCFILEPREFIX; +$flowbit_rules_file = FLOWBITS_FILENAME; +$snort_enforcing_rules_file = ENFORCING_RULES_FILENAME; /* Hard kill any running Snort processes that may have been started by any */ /* of the pfSense scripts such as check_reload_status() or rc.start_packages */ @@ -97,6 +119,7 @@ foreach ($preproc_rules as $file) { /* Create required log and db directories in /var */ safe_mkdir(SNORTLOGDIR); safe_mkdir(IPREP_PATH); +safe_mkdir(SID_MODS_PATH); /* If installed, absorb the Snort Dashboard Widget into this package */ /* by removing it as a separately installed package. */ @@ -164,15 +187,35 @@ if ($config['installedpackages']['snortglobal']['forcekeepsettings'] == 'on') { /* Create the snort.conf files for each enabled interface */ $snortconf = $config['installedpackages']['snortglobal']['rule']; - foreach ($snortconf as $value) { - $if_real = get_real_interface($value['interface']); + foreach ($snortconf as $snortcfg) { + $if_real = get_real_interface($snortcfg['interface']); + $snort_uuid = $snortcfg['uuid']; + $snortcfgdir = "{$snortdir}/snort_{$snort_uuid}_{$if_real}"; + + // Pull in the PHP code that generates the snort.conf file + // variables that will be substituted further down below. + include("/usr/local/pkg/snort/snort_generate_conf.php"); + + // Pull in the boilerplate template for the snort.conf + // configuration file. The contents of the template along + // with substituted variables are stored in $snort_conf_text + // (which is defined in the included file). + include("/usr/local/pkg/snort/snort_conf_template.inc"); + + // Now write out the conf file using $snort_conf_text contents + @file_put_contents("{$snortcfgdir}/snort.conf", $snort_conf_text); + unset($snort_conf_text); + + // Create the actual rules files and save them in the interface directory + snort_prepare_rule_files($snortcfg, $snortcfgdir); - /* create a snort.conf file for interface */ - snort_generate_conf($value); + // Clean up variables we no longer need and free memory + unset($snort_conf_text, $selected_rules_sections, $suppress_file_name, $snort_misc_include_rules, $spoink_type, $snortunifiedlog_type, $alertsystemlog_type); + unset($home_net, $external_net, $ipvardef, $portvardef); - /* create barnyard2.conf file for interface */ - if ($value['barnyard_enable'] == 'on') - snort_generate_barnyard2_conf($value, $if_real); + // create barnyard2.conf file for interface + if ($snortcfg['barnyard_enable'] == 'on') + snort_generate_barnyard2_conf($snortcfg, $if_real); } /* create snort bootup file snort.sh */ |