aboutsummaryrefslogtreecommitdiffstats
path: root/config/snort
diff options
context:
space:
mode:
authorBill Meeks <bmeeks8@bellsouth.net>2013-01-23 21:31:29 -0500
committerBill Meeks <bmeeks8@bellsouth.net>2013-01-23 21:31:29 -0500
commitcce940b798278b2f4a8a9093478edbdedeba30ef (patch)
tree59c7d69db5fe7e23b4f691ea03d921fc12165c6c /config/snort
parent0fc8894da8c5cc072636cf8514b79c173f6d7b52 (diff)
downloadpfsense-packages-cce940b798278b2f4a8a9093478edbdedeba30ef.tar.gz
pfsense-packages-cce940b798278b2f4a8a9093478edbdedeba30ef.tar.bz2
pfsense-packages-cce940b798278b2f4a8a9093478edbdedeba30ef.zip
Add checks to fix initial startup errors and include flowbits file in snort.conf
Diffstat (limited to 'config/snort')
-rwxr-xr-xconfig/snort/snort.inc21
-rwxr-xr-xconfig/snort/snort_check_for_rule_updates.php11
-rwxr-xr-xconfig/snort/snort_rules.php2
-rwxr-xr-xconfig/snort/snort_rulesets.php4
4 files changed, 26 insertions, 12 deletions
diff --git a/config/snort/snort.inc b/config/snort/snort.inc
index afc9c861..47af4faf 100755
--- a/config/snort/snort.inc
+++ b/config/snort/snort.inc
@@ -755,9 +755,10 @@ function snort_build_sid_msg_map($rules_path, $sid_file) {
if (stristr($file, "deleted"))
continue;
- /* Read the file into an array, skipping empty lines. */
+ /* Read the file into an array, skipping missing files. */
if (!file_exists($file))
continue;
+
$rules_array = file($file, FILE_SKIP_EMPTY_LINES);
$record = "";
$b_Multiline = false;
@@ -948,13 +949,11 @@ function snort_load_rules_map($rules_path) {
if (stristr($file, "deleted"))
continue;
- /* Read the file contents into an array, skipping */
- /* empty lines. */
+ /* Read the file contents into an array, skipping */
+ /* missing files. */
if (!file_exists($file))
continue;
- if (!file_exists($file))
- continue;
$rules_array = file($file, FILE_SKIP_EMPTY_LINES);
$record = "";
$b_Multiline = false;
@@ -1331,7 +1330,7 @@ function snort_load_vrt_policy($policy) {
/* Release memory we no longer need. */
unset($all_rules_map, $arulem, $arulem2);
-
+
/* Return all the rules that match the policy. */
return $vrt_policy_rules;
}
@@ -1348,6 +1347,10 @@ function snort_write_enforcing_rules_file(&$rule_map, $rule_path) {
$rule_file = "/snort.rules";
+ /* If the $rule_map array is empty, then exit. */
+ if (empty($rule_map))
+ return;
+
/* See if we were passed a directory or full */
/* filename to write the rules to, and adjust */
/* the destination argument accordingly. */
@@ -2153,8 +2156,10 @@ EOD;
/* Create an array with the full path filenames of the enabled */
/* rule category files if we have any. */
if (!empty($snortcfg['rulesets'])) {
- foreach (explode("||", $snortcfg['rulesets']) as $file)
- $enabled_files[] = "{$snortdir}/rules/" . $file;
+ foreach (explode("||", $snortcfg['rulesets']) as $file) {
+ if (file_exists("{$snortdir}/rules/" . $file))
+ $enabled_files[] = "{$snortdir}/rules/" . $file;
+ }
/* Load our rules map in preparation for writing the enforcing rules file. */
$enabled_rules = snort_load_rules_map($enabled_files);
diff --git a/config/snort/snort_check_for_rule_updates.php b/config/snort/snort_check_for_rule_updates.php
index cfa7017d..a3e45b5d 100755
--- a/config/snort/snort_check_for_rule_updates.php
+++ b/config/snort/snort_check_for_rule_updates.php
@@ -335,8 +335,10 @@ function snort_apply_customizations($snortcfg, $if_real) {
/* Create an array with the full path filenames of the enabled */
/* rule category files if we have any. */
if (!empty($snortcfg['rulesets'])) {
- foreach (explode("||", $snortcfg['rulesets']) as $file)
- $enabled_files[] = "{$snortdir}/rules/" . $file;
+ foreach (explode("||", $snortcfg['rulesets']) as $file) {
+ if (file_exists())
+ $enabled_files[] = "{$snortdir}/rules/" . $file;
+ }
/* Load our rules map in preparation for writing the enforcing rules file. */
$enabled_rules = snort_load_rules_map($enabled_files);
@@ -369,6 +371,11 @@ function snort_apply_customizations($snortcfg, $if_real) {
log_error('Resolving and auto-enabling flowbit required rules for ' . snort_get_friendly_interface($snortcfg['interface']) . '...');
$enabled_files[] = "{$snortdir}/snort_{$snortcfg['uuid']}_{$if_real}/rules/{$snort_enforcing_rules_file}";
snort_write_flowbit_rules_file(snort_resolve_flowbits($enabled_files), "{$snortdir}/snort_{$snortcfg['uuid']}_{$if_real}/rules/{$flowbit_rules_file}");
+ if (file_exists("{$snortdir}/snort_{$snortcfg['uuid']}_{$if_real}/rules/{$flowbit_rules_file}")) {
+ exec("/usr/bin/grep 'include \$RULE_PATH/{$flowbit_rules_file}' {$snortdir}/snort_{$snortcfg['uuid']}_{$if_real}/snort.conf", $out, $rval);
+ if (empty($out))
+ file_put_contents("{$snortdir}/snort_{$snortcfg['uuid']}_{$if_real}/snort.conf", "include \$RULE_PATH/{$flowbit_rules_file}\n", FILE_APPEND);
+ }
}
/* Build a new sid-msg.map file from the enabled rules. */
diff --git a/config/snort/snort_rules.php b/config/snort/snort_rules.php
index f332a96d..83e1ea8b 100755
--- a/config/snort/snort_rules.php
+++ b/config/snort/snort_rules.php
@@ -100,7 +100,7 @@ if ($currentruleset != 'custom.rules') {
if (substr($currentruleset, 0, 10) == "IPS Policy")
$rules_map = snort_load_vrt_policy($a_rule[$id]['ips_policy']);
elseif (!file_exists($rulefile))
- $input_errors[] = "{$currentruleset} seems to be missing!!! Please go to the Category tab and save again the rule to regenerate it.";
+ $input_errors[] = "{$currentruleset} seems to be missing!!! Please go to the Category tab and save the rule set again to regenerate it.";
else
$rules_map = snort_load_rules_map($rulefile);
}
diff --git a/config/snort/snort_rulesets.php b/config/snort/snort_rulesets.php
index 9c562d31..23a24bea 100755
--- a/config/snort/snort_rulesets.php
+++ b/config/snort/snort_rulesets.php
@@ -230,7 +230,9 @@ function enable_change()
<table id="maintable" class="tabcont" width="100%" border="0" cellpadding="0" cellspacing="0">
<?php
$isrulesfolderempty = glob("{$snortdir}/rules/*.rules");
- $iscfgdirempty = glob("{$snortdir}/snort_{$snort_uuid}_{$if_real}/rules/*.rules");
+ $iscfgdirempty = array();
+ if (file_exists("{$snortdir}/snort_{$snort_uuid}_{$if_real}/rules/custom.rules"))
+ $iscfgdirempty = (array)("{$snortdir}/snort_{$snort_uuid}_{$if_real}/rules/custom.rules");
if (empty($isrulesfolderempty) && empty($iscfgdirempty)):
?>
<tr>