diff options
author | Bill Meeks <bmeeks8@bellsouth.net> | 2013-01-23 21:31:29 -0500 |
---|---|---|
committer | Bill Meeks <bmeeks8@bellsouth.net> | 2013-01-23 21:31:29 -0500 |
commit | cce940b798278b2f4a8a9093478edbdedeba30ef (patch) | |
tree | 59c7d69db5fe7e23b4f691ea03d921fc12165c6c /config/snort | |
parent | 0fc8894da8c5cc072636cf8514b79c173f6d7b52 (diff) | |
download | pfsense-packages-cce940b798278b2f4a8a9093478edbdedeba30ef.tar.gz pfsense-packages-cce940b798278b2f4a8a9093478edbdedeba30ef.tar.bz2 pfsense-packages-cce940b798278b2f4a8a9093478edbdedeba30ef.zip |
Add checks to fix initial startup errors and include flowbits file in snort.conf
Diffstat (limited to 'config/snort')
-rwxr-xr-x | config/snort/snort.inc | 21 | ||||
-rwxr-xr-x | config/snort/snort_check_for_rule_updates.php | 11 | ||||
-rwxr-xr-x | config/snort/snort_rules.php | 2 | ||||
-rwxr-xr-x | config/snort/snort_rulesets.php | 4 |
4 files changed, 26 insertions, 12 deletions
diff --git a/config/snort/snort.inc b/config/snort/snort.inc index afc9c861..47af4faf 100755 --- a/config/snort/snort.inc +++ b/config/snort/snort.inc @@ -755,9 +755,10 @@ function snort_build_sid_msg_map($rules_path, $sid_file) { if (stristr($file, "deleted")) continue; - /* Read the file into an array, skipping empty lines. */ + /* Read the file into an array, skipping missing files. */ if (!file_exists($file)) continue; + $rules_array = file($file, FILE_SKIP_EMPTY_LINES); $record = ""; $b_Multiline = false; @@ -948,13 +949,11 @@ function snort_load_rules_map($rules_path) { if (stristr($file, "deleted")) continue; - /* Read the file contents into an array, skipping */ - /* empty lines. */ + /* Read the file contents into an array, skipping */ + /* missing files. */ if (!file_exists($file)) continue; - if (!file_exists($file)) - continue; $rules_array = file($file, FILE_SKIP_EMPTY_LINES); $record = ""; $b_Multiline = false; @@ -1331,7 +1330,7 @@ function snort_load_vrt_policy($policy) { /* Release memory we no longer need. */ unset($all_rules_map, $arulem, $arulem2); - + /* Return all the rules that match the policy. */ return $vrt_policy_rules; } @@ -1348,6 +1347,10 @@ function snort_write_enforcing_rules_file(&$rule_map, $rule_path) { $rule_file = "/snort.rules"; + /* If the $rule_map array is empty, then exit. */ + if (empty($rule_map)) + return; + /* See if we were passed a directory or full */ /* filename to write the rules to, and adjust */ /* the destination argument accordingly. */ @@ -2153,8 +2156,10 @@ EOD; /* Create an array with the full path filenames of the enabled */ /* rule category files if we have any. */ if (!empty($snortcfg['rulesets'])) { - foreach (explode("||", $snortcfg['rulesets']) as $file) - $enabled_files[] = "{$snortdir}/rules/" . $file; + foreach (explode("||", $snortcfg['rulesets']) as $file) { + if (file_exists("{$snortdir}/rules/" . $file)) + $enabled_files[] = "{$snortdir}/rules/" . $file; + } /* Load our rules map in preparation for writing the enforcing rules file. */ $enabled_rules = snort_load_rules_map($enabled_files); diff --git a/config/snort/snort_check_for_rule_updates.php b/config/snort/snort_check_for_rule_updates.php index cfa7017d..a3e45b5d 100755 --- a/config/snort/snort_check_for_rule_updates.php +++ b/config/snort/snort_check_for_rule_updates.php @@ -335,8 +335,10 @@ function snort_apply_customizations($snortcfg, $if_real) { /* Create an array with the full path filenames of the enabled */ /* rule category files if we have any. */ if (!empty($snortcfg['rulesets'])) { - foreach (explode("||", $snortcfg['rulesets']) as $file) - $enabled_files[] = "{$snortdir}/rules/" . $file; + foreach (explode("||", $snortcfg['rulesets']) as $file) { + if (file_exists()) + $enabled_files[] = "{$snortdir}/rules/" . $file; + } /* Load our rules map in preparation for writing the enforcing rules file. */ $enabled_rules = snort_load_rules_map($enabled_files); @@ -369,6 +371,11 @@ function snort_apply_customizations($snortcfg, $if_real) { log_error('Resolving and auto-enabling flowbit required rules for ' . snort_get_friendly_interface($snortcfg['interface']) . '...'); $enabled_files[] = "{$snortdir}/snort_{$snortcfg['uuid']}_{$if_real}/rules/{$snort_enforcing_rules_file}"; snort_write_flowbit_rules_file(snort_resolve_flowbits($enabled_files), "{$snortdir}/snort_{$snortcfg['uuid']}_{$if_real}/rules/{$flowbit_rules_file}"); + if (file_exists("{$snortdir}/snort_{$snortcfg['uuid']}_{$if_real}/rules/{$flowbit_rules_file}")) { + exec("/usr/bin/grep 'include \$RULE_PATH/{$flowbit_rules_file}' {$snortdir}/snort_{$snortcfg['uuid']}_{$if_real}/snort.conf", $out, $rval); + if (empty($out)) + file_put_contents("{$snortdir}/snort_{$snortcfg['uuid']}_{$if_real}/snort.conf", "include \$RULE_PATH/{$flowbit_rules_file}\n", FILE_APPEND); + } } /* Build a new sid-msg.map file from the enabled rules. */ diff --git a/config/snort/snort_rules.php b/config/snort/snort_rules.php index f332a96d..83e1ea8b 100755 --- a/config/snort/snort_rules.php +++ b/config/snort/snort_rules.php @@ -100,7 +100,7 @@ if ($currentruleset != 'custom.rules') { if (substr($currentruleset, 0, 10) == "IPS Policy") $rules_map = snort_load_vrt_policy($a_rule[$id]['ips_policy']); elseif (!file_exists($rulefile)) - $input_errors[] = "{$currentruleset} seems to be missing!!! Please go to the Category tab and save again the rule to regenerate it."; + $input_errors[] = "{$currentruleset} seems to be missing!!! Please go to the Category tab and save the rule set again to regenerate it."; else $rules_map = snort_load_rules_map($rulefile); } diff --git a/config/snort/snort_rulesets.php b/config/snort/snort_rulesets.php index 9c562d31..23a24bea 100755 --- a/config/snort/snort_rulesets.php +++ b/config/snort/snort_rulesets.php @@ -230,7 +230,9 @@ function enable_change() <table id="maintable" class="tabcont" width="100%" border="0" cellpadding="0" cellspacing="0"> <?php $isrulesfolderempty = glob("{$snortdir}/rules/*.rules"); - $iscfgdirempty = glob("{$snortdir}/snort_{$snort_uuid}_{$if_real}/rules/*.rules"); + $iscfgdirempty = array(); + if (file_exists("{$snortdir}/snort_{$snort_uuid}_{$if_real}/rules/custom.rules")) + $iscfgdirempty = (array)("{$snortdir}/snort_{$snort_uuid}_{$if_real}/rules/custom.rules"); if (empty($isrulesfolderempty) && empty($iscfgdirempty)): ?> <tr> |