aboutsummaryrefslogtreecommitdiffstats
path: root/config/snort
diff options
context:
space:
mode:
authorErmal <eri@pfsense.org>2012-07-09 09:35:24 +0000
committerErmal <eri@pfsense.org>2012-07-09 09:35:24 +0000
commit40cace16a452cd841a6b3626c44ff0d0b655956f (patch)
tree0e9dbda2d0ad6c3996ca575a788c0c82adb872e7 /config/snort
parent27069169f67967c21cdcf38cef20fe81cfff9073 (diff)
downloadpfsense-packages-40cace16a452cd841a6b3626c44ff0d0b655956f.tar.gz
pfsense-packages-40cace16a452cd841a6b3626c44ff0d0b655956f.tar.bz2
pfsense-packages-40cace16a452cd841a6b3626c44ff0d0b655956f.zip
s//usr/local/etc/snort/snortdir/ to unify its reference and location. Trim some unused functions in the way
Diffstat (limited to 'config/snort')
-rw-r--r--config/snort/snort.inc222
-rw-r--r--config/snort/snort_check_for_rule_updates.php21
-rw-r--r--config/snort/snort_download_rules.php2
-rw-r--r--config/snort/snort_download_updates.php20
-rw-r--r--config/snort/snort_interfaces.php4
-rw-r--r--config/snort/snort_interfaces_global.php6
-rw-r--r--config/snort/snort_rules.php15
-rw-r--r--config/snort/snort_rulesets.php41
8 files changed, 138 insertions, 193 deletions
diff --git a/config/snort/snort.inc b/config/snort/snort.inc
index 169796c0..149b6abb 100644
--- a/config/snort/snort.inc
+++ b/config/snort/snort.inc
@@ -42,6 +42,7 @@ $pfSense_snort_version = "2.2.4";
$snort_package_version = "Snort {$snort_version} pkg v. {$pfSense_snort_version}";
$snort_rules_file = "snortrules-snapshot-2923.tar.gz";
$emerging_threats_version = "2.9.0";
+$snortdir = "/usr/local/etc/snort";
/* Allow additional execution time 0 = no limit. */
ini_set('max_execution_time', '9999');
@@ -57,7 +58,7 @@ else
$snort_pfsense_basever = 'yes';
/* find out what arch where in x86 , x64 */
-global $snort_arch;
+global $snortdir, $snort_arch;
$snort_arch = 'x86';
$snort_arch_ck = php_uname("m");
if ($snort_arch_ck == 'i386')
@@ -278,11 +279,11 @@ function Running_Stop($snort_uuid, $if_real, $id) {
}
function Running_Start($snort_uuid, $if_real, $id) {
- global $config, $g;
+ global $snortdir, $config, $g;
$snort_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['enable'];
if ($snort_info_chk == 'on')
- exec("/usr/local/bin/snort -R {$snort_uuid} -D -q -l /var/log/snort/snort_{$if_real}{$snort_uuid} --pid-path {$g['varrun_path']} --nolock-pidfile -G {$snort_uuid} -c /usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/snort.conf -i {$if_real}");
+ exec("/usr/local/bin/snort -R {$snort_uuid} -D -q -l /var/log/snort/snort_{$if_real}{$snort_uuid} --pid-path {$g['varrun_path']} --nolock-pidfile -G {$snort_uuid} -c {$snortdir}/snort_{$snort_uuid}_{$if_real}/snort.conf -i {$if_real}");
else
return;
@@ -291,7 +292,7 @@ function Running_Start($snort_uuid, $if_real, $id) {
$snortbarnyardlog_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['barnyard_enable'];
$snortbarnyardlog_mysql_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['barnyard_mysql'];
if ($snortbarnyardlog_info_chk == 'on' && $snortbarnyardlog_mysql_info_chk != '')
- exec("/usr/local/bin/barnyard2 -r {$snort_uuid} -f \"snort_{$snort_uuid}_{$if_real}.u2\" --pid-path {$g['varrun_path']} --nolock-pidfile -c /usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/barnyard2.conf -d /var/log/snort/snort_{$if_real}{$snort_uuid} -D -q");
+ exec("/usr/local/bin/barnyard2 -r {$snort_uuid} -f \"snort_{$snort_uuid}_{$if_real}.u2\" --pid-path {$g['varrun_path']} --nolock-pidfile -c {$snortdir}/snort_{$snort_uuid}_{$if_real}/barnyard2.conf -d /var/log/snort/snort_{$if_real}{$snort_uuid} -D -q");
/* Log Iface stop */
exec("/usr/bin/logger -p daemon.info -i -t SnortStartup 'Interface Rule START for {$id}_{$snort_uuid}_{$if_real}...'");
@@ -385,9 +386,8 @@ function post_delete_logs()
}
}
-function snort_postinstall()
-{
- global $config, $g, $snort_pfsense_basever, $snort_arch;
+function snort_postinstall() {
+ global $snortdir, $config, $g, $snort_pfsense_basever, $snort_arch;
/* snort -> advanced features */
if (is_array($config['installedpackages']['snortglobal'])) {
@@ -397,17 +397,17 @@ function snort_postinstall()
}
/* cleanup default files */
- @rename('/usr/local/etc/snort/snort.conf-sample', '/usr/local/etc/snort/snort.conf');
- @rename('/usr/local/etc/snort/threshold.conf-sample', '/usr/local/etc/snort/threshold.conf');
- @rename('/usr/local/etc/snort/sid-msg.map-sample', '/usr/local/etc/snort/sid-msg.map');
- @rename('/usr/local/etc/snort/unicode.map-sample', '/usr/local/etc/snort/unicode.map');
- @rename('/usr/local/etc/snort/classification.config-sample', '/usr/local/etc/snort/classification.config');
- @rename('/usr/local/etc/snort/generators-sample', '/usr/local/etc/snort/generators');
- @rename('/usr/local/etc/snort/reference.config-sample', '/usr/local/etc/snort/reference.config');
- @rename('/usr/local/etc/snort/gen-msg.map-sample', '/usr/local/etc/snort/gen-msg.map');
- @unlink('/usr/local/etc/snort/sid');
- @unlink('/usr/local/etc/rc.d/snort');
- @unlink('/usr/local/etc/rc.d/barnyard2');
+ @rename("{$snortdir}/snort.conf-sample", "{$snortdir}/snort.conf");
+ @rename("{$snortdir}/threshold.conf-sample", "{$snortdir}/threshold.conf");
+ @rename("{$snortdir}/sid-msg.map-sample", "{$snortdir}/sid-msg.map");
+ @rename("{$snortdir}/unicode.map-sample", "{$snortdir}/unicode.map");
+ @rename("{$snortdir}/classification.config-sample", "{$snortdir}/classification.config");
+ @rename("{$snortdir}/generators-sample", "{$snortdir}/generators");
+ @rename("{$snortdir}/reference.config-sample", "{$snortdir}/reference.config");
+ @rename("{$snortdir}/gen-msg.map-sample", "{$snortdir}/gen-msg.map");
+ @unlink("{$snortdir}/sid");
+ @unlink("/usr/local/etc/rc.d/snort");
+ @unlink("/usr/local/etc/rc.d/barnyard2");
/* remove example files */
if (file_exists('/usr/local/lib/snort/dynamicrules/lib_sfdynamic_example_rule.so.0'))
@@ -416,8 +416,8 @@ function snort_postinstall()
if (file_exists('/usr/local/lib/snort/dynamicpreprocessor/lib_sfdynamic_preprocessor_example.so'))
exec('/bin/rm /usr/local/lib/snort/dynamicpreprocessor/lib_sfdynamic_preprocessor_example*');
- mwexec('/usr/sbin/chown -R snort:snort /var/log/snort', true);
- mwexec('/usr/sbin/chown -R snort:snort /usr/local/etc/snort', true);
+ mwexec("/usr/sbin/chown -R snort:snort /var/log/snort", true);
+ mwexec("/usr/sbin/chown -R snort:snort {$snortdir}", true);
mwexec('/usr/sbin/chown -R snort:snort /usr/local/lib/snort', true);
mwexec('/usr/sbin/chown snort:snort /tmp/snort*', true);
mwexec('/usr/sbin/chown snort:snort /var/db/whitelist', true);
@@ -746,11 +746,11 @@ function sync_snort_package_config()
/* create threshold file */
function create_snort_suppress($id, $if_real) {
- global $config, $g;
+ global $snortdir, $config, $g;
/* make sure dir is there */
- if (!is_dir('/usr/local/etc/snort/suppress'))
- exec('/bin/mkdir -p /usr/local/etc/snort/suppress');
+ if (!is_dir("{$snortdir}/suppress"))
+ exec("/bin/mkdir -p {$snortdir}/suppress");
if (!is_array($config['installedpackages']['snortglobal']['rule']))
return;
@@ -768,23 +768,23 @@ function create_snort_suppress($id, $if_real) {
$s_data .= str_replace("\r", "", base64_decode($config['installedpackages']['snortglobal']['suppress']['item'][$whitelist_key_s]['suppresspassthru']));
/* open snort's whitelist for writing */
- @file_put_contents("/usr/local/etc/snort/suppress/$suppress_file_name", $s_data);
+ @file_put_contents("{$snortdir}/suppress/$suppress_file_name", $s_data);
}
}
function create_snort_whitelist($id, $if_real) {
- global $config, $g;
+ global $snortdir, $config, $g;
/* make sure dir is there */
- if (!is_dir('/usr/local/etc/snort/whitelist'))
- exec('/bin/mkdir -p /usr/local/etc/snort/whitelist');
+ if (!is_dir("{$snortdir}/whitelist"))
+ exec("/bin/mkdir -p {$snortdir}/whitelist");
if ($config['installedpackages']['snortglobal']['rule'][$id]['whitelistname'] == 'default') {
$w_data = build_base_whitelist('whitelist', 'yes', 'yes', 'yes', 'yes', 'yes', 'no');
/* open snort's whitelist for writing */
- @file_put_contents("/usr/local/etc/snort/whitelist/defaultwlist", $w_data);
+ @file_put_contents("{$snortdir}/whitelist/defaultwlist", $w_data);
} else if (!empty($config['installedpackages']['snortglobal']['rule'][$id]['whitelistname'])) {
$whitelist_key_w = find_whitelist_key($config['installedpackages']['snortglobal']['rule'][$id]['whitelistname']);
@@ -797,7 +797,7 @@ function create_snort_whitelist($id, $if_real) {
$whitelist['wandnsips'], $whitelist['vips'], $whitelist['vpnips'], $whitelist_key_w);
/* open snort's whitelist for writing */
- @file_put_contents("/usr/local/etc/snort/whitelist/" . $config['installedpackages']['snortglobal']['rule'][$id]['whitelistname'], $w_data);
+ @file_put_contents("{$snortdir}/whitelist/" . $config['installedpackages']['snortglobal']['rule'][$id]['whitelistname'], $w_data);
}
}
@@ -845,7 +845,7 @@ function create_snort_externalnet($id, $if_real) {
/* open snort.sh for writing" */
function create_snort_sh() {
- global $config, $g;
+ global $snortdir, $config, $g;
if (!is_array($config['installedpackages']['snortglobal']['rule']))
return;
@@ -864,13 +864,13 @@ function create_snort_sh() {
$start_barnyard = <<<EOE
if [ ! -f {$g['varrun_path']}/barnyard2_{$if_real}{$snort_uuid}.pid ]; then
- /bin/pgrep -xf '/usr/local/bin/barnyard2 -r {$snort_uuid} -f snort_{$snort_uuid}_{$if_real}.u2 --pid-path {$g['varrun_path']} --nolock-pidfile -c /usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/barnyard2.conf -d /var/log/snort/snort_{$if_real}{$snort_uuid} -D -q' > {$g['varrun_path']}/barnyard2_{$if_real}{$snort_uuid}.pid
+ /bin/pgrep -xf '/usr/local/bin/barnyard2 -r {$snort_uuid} -f snort_{$snort_uuid}_{$if_real}.u2 --pid-path {$g['varrun_path']} --nolock-pidfile -c {$snortdir}/snort_{$snort_uuid}_{$if_real}/barnyard2.conf -d /var/log/snort/snort_{$if_real}{$snort_uuid} -D -q' > {$g['varrun_path']}/barnyard2_{$if_real}{$snort_uuid}.pid
fi
/bin/pgrep -F {$g['varrun_path']}/barnyard2_{$if_real}{$snort_uuid}.pid
if [ $? = 0 ]; then
/bin/pkill -HUP -F {$g['varrun_path']}/barnyard2_{$if_real}{$snort_uuid}.pid -a
else
- /usr/local/bin/barnyard2 -r {$snort_uuid} -f snort_{$snort_uuid}_{$if_real}.u2 --pid-path {$g['varrun_path']} --nolock-pidfile -c /usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/barnyard2.conf -d /var/log/snort/snort_{$if_real}{$snort_uuid} -D -q
+ /usr/local/bin/barnyard2 -r {$snort_uuid} -f snort_{$snort_uuid}_{$if_real}.u2 --pid-path {$g['varrun_path']} --nolock-pidfile -c {$snortdir}/snort_{$snort_uuid}_{$if_real}/barnyard2.conf -d /var/log/snort/snort_{$if_real}{$snort_uuid} -D -q
fi
EOE;
@@ -880,7 +880,7 @@ EOE;
/bin/pkill -F {$g['varrun_path']}/barnyard2_{$if_real}{$snort_uuid}.pid -a
/bin/rm /var/run/barnyard2_{$if_real}{$snort_uuid}.pid
else
- /bin/pkill -xf '/usr/local/bin/barnyard2 -r {$snort_uuid} -f snort_{$snort_uuid}_{$if_real}.u2 --pid-path {$g['varrun_path']} --nolock-pidfile -c /usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/barnyard2.conf -d /var/log/snort/snort_{$if_real}{$snort_uuid} -D -q'
+ /bin/pkill -xf '/usr/local/bin/barnyard2 -r {$snort_uuid} -f snort_{$snort_uuid}_{$if_real}.u2 --pid-path {$g['varrun_path']} --nolock-pidfile -c {$snortdir}/snort_{$snort_uuid}_{$if_real}/barnyard2.conf -d /var/log/snort/snort_{$if_real}{$snort_uuid} -D -q'
fi
EOE;
@@ -894,7 +894,7 @@ EOE;
###### For Each Iface
#### Only try to restart if snort is running on Iface
if [ ! -f {$g['varrun_path']}/snort_{$if_real}{$snort_uuid}.pid ]; then
- /bin/pgrep -xf '/usr/local/bin/snort -R {$snort_uuid} -D -q -l /var/log/snort/snort_{$if_real}{$snort_uuid} --pid-path {$g['varrun_path']} --nolock-pidfile -G {$snort_uuid} -c /usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/snort.conf -i {$if_real}' > {$g['varrun_path']}/snort_{$if_real}{$snort_uuid}.pid
+ /bin/pgrep -xf '/usr/local/bin/snort -R {$snort_uuid} -D -q -l /var/log/snort/snort_{$if_real}{$snort_uuid} --pid-path {$g['varrun_path']} --nolock-pidfile -G {$snort_uuid} -c {$snortdir}/snort_{$snort_uuid}_{$if_real}/snort.conf -i {$if_real}' > {$g['varrun_path']}/snort_{$if_real}{$snort_uuid}.pid
fi
/bin/pgrep -nF {$g['varrun_path']}/snort_{$if_real}{$snort_uuid}.pid
if [ $? = 0 ]; then
@@ -903,7 +903,7 @@ EOE;
else
# Start snort and barnyard2
/bin/rm {$g['varrun_path']}/snort_{$if_real}{$snort_uuid}.pid
- /usr/local/bin/snort -R {$snort_uuid} -D -q -l /var/log/snort/snort_{$if_real}{$snort_uuid} --pid-path {$g['varrun_path']} --nolock-pidfile -G {$snort_uuid} -c /usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/snort.conf -i {$if_real}
+ /usr/local/bin/snort -R {$snort_uuid} -D -q -l /var/log/snort/snort_{$if_real}{$snort_uuid} --pid-path {$g['varrun_path']} --nolock-pidfile -G {$snort_uuid} -c {$snortdir}/snort_{$snort_uuid}_{$if_real}/snort.conf -i {$if_real}
/usr/bin/logger -p daemon.info -i -t SnortStartup "Snort START For {$value['descr']}({$snort_uuid}_{$if_real})..."
fi
@@ -919,7 +919,7 @@ EOE;
/bin/pkill -F {$g['varrun_path']}/snort_{$if_real}{$snort_uuid}.pid -a
/bin/rm /var/run/snort_{$if_real}{$snort_uuid}.pid
else
- /bin/pkill -xf '/usr/local/bin/snort -R {$snort_uuid} -D -q -l /var/log/snort/snort_{$if_real}{$snort_uuid} --pid-path {$g['varrun_path']} --nolock-pidfile -G {$snort_uuid} -c /usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/snort.conf -i {$if_real}'
+ /bin/pkill -xf '/usr/local/bin/snort -R {$snort_uuid} -D -q -l /var/log/snort/snort_{$if_real}{$snort_uuid} --pid-path {$g['varrun_path']} --nolock-pidfile -G {$snort_uuid} -c {$snortdir}/snort_{$snort_uuid}_{$if_real}/snort.conf -i {$if_real}'
fi
sleep 2
@@ -970,28 +970,27 @@ EOD;
}
/* if rules exist copy to new interfaces */
-function create_rules_iface($id, $if_real, $snort_uuid)
-{
- global $config, $g;
+function create_rules_iface($id, $if_real, $snort_uuid) {
+ global $snortdir, $config, $g;
- $if_rule_dir = "/usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}";
+ $if_rule_dir = "{$snortdir}/snort_{$snort_uuid}_{$if_real}";
$folder_chk = (count(glob("{$if_rule_dir}/rules/*")) === 0) ? 'empty' : 'full';
if ($folder_chk == "empty") {
if (!is_dir("{$if_rule_dir}/rules"))
exec("/bin/mkdir -p {$if_rule_dir}/rules");
- exec("/bin/cp /usr/local/etc/snort/rules/* {$if_rule_dir}/rules");
- if (file_exists("/usr/local/etc/snort/custom_rules/local_{$snort_uuid}_{$if_real}.rules"))
- exec("/bin/cp /usr/local/etc/snort/custom_rules/local_{$snort_uuid}_{$if_real}.rules {$if_rule_dir}/local_{$snort_uuid}_{$if_real}.rules");
+ exec("/bin/cp {$snortdir}/rules/* {$if_rule_dir}/rules");
+ if (file_exists("{$snortdir}/custom_rules/local_{$snort_uuid}_{$if_real}.rules"))
+ exec("/bin/cp {$snortdir}/custom_rules/local_{$snort_uuid}_{$if_real}.rules {$if_rule_dir}/local_{$snort_uuid}_{$if_real}.rules");
}
}
/* open barnyard2.conf for writing */
function create_barnyard2_conf($id, $if_real, $snort_uuid) {
- global $config, $g;
+ global $snortdir, $config, $g;
- if (!file_exists("/usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/barnyard2.conf"))
- exec("/usr/bin/touch /usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/barnyard2.conf");
+ if (!file_exists("{$snortdir}/snort_{$snort_uuid}_{$if_real}/barnyard2.conf"))
+ exec("/usr/bin/touch {$snortdir}/snort_{$snort_uuid}_{$if_real}/barnyard2.conf");
if (!file_exists("/var/log/snort/snort_{$if_real}{$snort_uuid}/barnyard2/{$snort_uuid}_{$if_real}.waldo")) {
@touch("/var/log/snort/snort_{$if_real}{$snort_uuid}/barnyard2/{$snort_uuid}_{$if_real}.waldo");
@@ -1001,12 +1000,12 @@ function create_barnyard2_conf($id, $if_real, $snort_uuid) {
$barnyard2_conf_text = generate_barnyard2_conf($id, $if_real, $snort_uuid);
/* write out barnyard2_conf */
- @file_put_contents("/usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/barnyard2.conf", $barnyard2_conf_text);
+ @file_put_contents("{$snortdir}/snort_{$snort_uuid}_{$if_real}/barnyard2.conf", $barnyard2_conf_text);
}
/* open barnyard2.conf for writing" */
function generate_barnyard2_conf($id, $if_real, $snort_uuid) {
- global $config, $g;
+ global $snortdir, $config, $g;
/* define snortbarnyardlog */
/* TODO: add support for the other 5 output plugins */
@@ -1023,10 +1022,10 @@ function generate_barnyard2_conf($id, $if_real, $snort_uuid) {
#
# set the appropriate paths to the file(s) your Snort process is using
-config reference_file: /usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/reference.config
-config classification_file: /usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/classification.config
-config gen_file: /usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/gen-msg.map
-config sid_file: /usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/sid-msg.map
+config reference_file: {$snortdir}/snort_{$snort_uuid}_{$if_real}/reference.config
+config classification_file: {$snortdir}/snort_{$snort_uuid}_{$if_real}/classification.config
+config gen_file: {$snortdir}/snort_{$snort_uuid}_{$if_real}/gen-msg.map
+config sid_file: {$snortdir}/snort_{$snort_uuid}_{$if_real}/sid-msg.map
config hostname: $snortbarnyardlog_hostname_info_chk
config interface: {$snort_uuid}_{$if_real}
@@ -1054,14 +1053,13 @@ EOD;
return $barnyard2_conf_text;
}
-function create_snort_conf($id, $if_real, $snort_uuid)
-{
- global $config, $g;
+function create_snort_conf($id, $if_real, $snort_uuid) {
+ global $snortdir, $config, $g;
if (!empty($if_real) && !empty($snort_uuid)) {
- if (!is_dir("/usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}")) {
- exec("/bin/mkdir -p /usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}");
- @touch("/usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/snort.conf");
+ if (!is_dir("{$snortdir}/snort_{$snort_uuid}_{$if_real}")) {
+ exec("/bin/mkdir -p {$snortdir}/snort_{$snort_uuid}_{$if_real}");
+ @touch("{$snortdir}/snort_{$snort_uuid}_{$if_real}/snort.conf");
}
$snort_conf_text = generate_snort_conf($id, $if_real, $snort_uuid);
@@ -1069,9 +1067,9 @@ function create_snort_conf($id, $if_real, $snort_uuid)
return;
/* write out snort.conf */
- $conf = fopen("/usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/snort.conf", "w");
+ $conf = fopen("{$snortdir}/snort_{$snort_uuid}_{$if_real}/snort.conf", "w");
if(!$conf) {
- log_error("Could not open /usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/snort.conf for writing.");
+ log_error("Could not open {$snortdir}/snort_{$snort_uuid}_{$if_real}/snort.conf for writing.");
return -1;
}
fwrite($conf, $snort_conf_text);
@@ -1080,7 +1078,7 @@ function create_snort_conf($id, $if_real, $snort_uuid)
}
function snort_deinstall() {
- global $config, $g;
+ global $snortdir, $config, $g;
/* remove custom sysctl */
remove_text_from_file("/etc/sysctl.conf", "sysctl net.bpf.bufsize=20480");
@@ -1096,7 +1094,7 @@ function snort_deinstall() {
mwexec('/usr/bin/killall -9 barnyard2', true);
sleep(2);
mwexec('/usr/sbin/pw userdel snort; /usr/sbin/pw groupdel snort', true);
- mwexec('/bin/rm -rf /usr/local/etc/snort*; /bin/rm -rf /usr/local/pkg/snort*', true);
+ mwexec("/bin/rm -rf {$snortdir}*; /bin/rm -rf /usr/local/pkg/snort*", true);
mwexec('/bin/rm -rf /usr/local/www/snort; /bin/rm -rf /var/log/snort', true);
/* Remove snort cron entries Ugly code needs smoothness*/
@@ -1132,9 +1130,8 @@ function snort_deinstall() {
unset($config['installedpackages']['snortglobal']);
}
-function generate_snort_conf($id, $if_real, $snort_uuid)
-{
- global $config, $g, $snort_pfsense_basever;
+function generate_snort_conf($id, $if_real, $snort_uuid) {
+ global $snortdir, $config, $g, $snort_pfsense_basever;
if (!is_array($config['installedpackages']['snortglobal']['rule']))
return;
@@ -1156,14 +1153,14 @@ function generate_snort_conf($id, $if_real, $snort_uuid)
$snort_config_pass_thru = str_replace("\r", "", base64_decode($snortcfg['configpassthru']));
/* create a few directories and ensure the sample files are in place */
- if (!is_dir('/usr/local/etc/snort'))
- exec('/bin/mkdir -p /usr/local/etc/snort/custom_rules');
- if (!is_dir("/usr/local/etc/snort/snort/snort_{$snort_uuid}_{$if_real}"))
- exec("/bin/mkdir -p /usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}");
- if (!is_dir("/usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/rules"))
- exec("/bin/mkdir -p /usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/rules");
- if (!is_dir('/usr/local/etc/snort/whitelist'))
- exec('/bin/mkdir -p /usr/local/etc/snort/whitelist/');
+ if (!is_dir("{$snortdir}"))
+ exec("/bin/mkdir -p {$snortdir}/custom_rules");
+ if (!is_dir("{$snortdir}/snort/snort_{$snort_uuid}_{$if_real}"))
+ exec("/bin/mkdir -p {$snortdir}/snort_{$snort_uuid}_{$if_real}");
+ if (!is_dir("{$snortdir}/snort_{$snort_uuid}_{$if_real}/rules"))
+ exec("/bin/mkdir -p {$snortdir}/snort_{$snort_uuid}_{$if_real}/rules");
+ if (!is_dir("{$snortdir}/whitelist"))
+ exec("/bin/mkdir -p {$snortdir}/whitelist/");
if (!is_dir("/var/log/snort/snort_{$if_real}{$snort_uuid}"))
exec("/bin/mkdir -p /var/log/snort/snort_{$if_real}{$snort_uuid}");
if (!is_dir("/var/log/snort/snort_{$if_real}{$snort_uuid}/barnyard2"))
@@ -1177,13 +1174,13 @@ function generate_snort_conf($id, $if_real, $snort_uuid)
if (!file_exists('/var/db/whitelist'))
@touch('/var/db/whitelist');
- @copy("/usr/local/etc/snort/gen-msg.map", "/usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/gen-msg.map");
- @copy("/usr/local/etc/snort/classification.config", "/usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/classification.config");
- @copy("/usr/local/etc/snort/reference.config", "/usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/reference.config");
- @copy("/usr/local/etc/snort/sid-msg.map", "/usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/sid-msg.map");
- @copy("/usr/local/etc/snort/unicode.map", "/usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/unicode.map");
- @copy("/usr/local/etc/snort/threshold.conf", "/usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/threshold.conf");
- @touch("/usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/barnyard2.conf");
+ @copy("{$snortdir}/gen-msg.map", "{$snortdir}/snort_{$snort_uuid}_{$if_real}/gen-msg.map");
+ @copy("{$snortdir}/classification.config", "{$snortdir}/snort_{$snort_uuid}_{$if_real}/classification.config");
+ @copy("{$snortdir}/reference.config", "{$snortdir}/snort_{$snort_uuid}_{$if_real}/reference.config");
+ @copy("{$snortdir}/sid-msg.map", "{$snortdir}/snort_{$snort_uuid}_{$if_real}/sid-msg.map");
+ @copy("{$snortdir}/unicode.map", "{$snortdir}/snort_{$snort_uuid}_{$if_real}/unicode.map");
+ @copy("{$snortdir}/threshold.conf", "{$snortdir}/snort_{$snort_uuid}_{$if_real}/threshold.conf");
+ @touch("{$snortdir}/snort_{$snort_uuid}_{$if_real}/barnyard2.conf");
/* define basic log filename */
$snortunifiedlogbasic_type = "output unified: filename snort_{$snort_uuid}_{$if_real}.log, limit 128";
@@ -1214,21 +1211,21 @@ function generate_snort_conf($id, $if_real, $snort_uuid)
if ($snortcfg['blockoffenders7'] == "on") {
if ($snortcfg['whitelistname'] == "default")
$spoink_whitelist_name = 'defaultwlist';
- else if (file_exists("/usr/local/etc/snort/whitelist/{$snortcfg['whitelistname']}"))
+ else if (file_exists("{$snortdir}/whitelist/{$snortcfg['whitelistname']}"))
$spoink_whitelist_name = $snortcfg['whitelistname'];
$pfkill = "";
if ($snortcfg['blockoffenderskill'] == "on")
$pfkill = "kill";
- $spoink_type = "output alert_pf: /usr/local/etc/snort/whitelist/{$spoink_whitelist_name},snort2c,{$snortcfg['blockoffendersip']},{$pfkill}";
+ $spoink_type = "output alert_pf: {$snortdir}/whitelist/{$spoink_whitelist_name},snort2c,{$snortcfg['blockoffendersip']},{$pfkill}";
}
/* define threshold file */
$threshold_file_name = "";
if ($snortcfg['suppresslistname'] != 'default') {
- if (file_exists("/usr/local/etc/snort/suppress/{$snortcfg['suppresslistname']}"))
- $threshold_file_name = "include /usr/local/etc/snort/suppress/{$snortcfg['suppresslistname']}";
+ if (file_exists("{$snortdir}/suppress/{$snortcfg['suppresslistname']}"))
+ $threshold_file_name = "include {$snortdir}/suppress/{$snortcfg['suppresslistname']}";
}
/* define servers and ports snortdefservers */
@@ -1498,9 +1495,11 @@ function generate_snort_conf($id, $if_real, $snort_uuid)
$enabled_rulesets = $snortcfg['rulesets'];
$selected_rules_sections = "";
if (!empty($enabled_rulesets)) {
- $enabled_rulesets_array = split("\|\|", $enabled_rulesets);
- foreach($enabled_rulesets_array as $enabled_item)
- $selected_rules_sections .= "include \$RULE_PATH/{$enabled_item}\n";
+ $enabled_rulesets_array = explode("||", $enabled_rulesets);
+ foreach($enabled_rulesets_array as $enabled_item) {
+ if (file_exists("{$snortdir}/snort_{$snort_uuid}_{$if_real}/rules/{$enabled_item}"))
+ $selected_rules_sections .= "include \$RULE_PATH/{$enabled_item}\n";
+ }
}
/////////////////////////////
@@ -1540,7 +1539,7 @@ EOD;
#
#################
-preprocessor http_inspect: global iis_unicode_map unicode.map 1252 compress_depth 65535 decompress_depth 65535
+preprocessor http_inspect: global {$snortdir}, iis_unicode_map unicode.map 1252 compress_depth 65535 decompress_depth 65535
preprocessor http_inspect_server: server default \
ports { 80 8080 } \
@@ -1599,7 +1598,7 @@ EOD;
#
#####################
-preprocessor ftp_telnet: global \
+preprocessor ftp_telnet: global {$snortdir}, \
inspection_type stateless
preprocessor ftp_telnet_protocol: telnet \
@@ -1773,9 +1772,9 @@ EOD;
$def_max_queued_segs_type = ' max_queued_segs ' . $snortcfg['max_queued_segs'] . ',';
$snort_preprocessor_decoder_rules = "";
- if (file_exists("/usr/local/etc/snort/preproc_rules/preprocessor.rules"))
+ if (file_exists("{$snortdir}/preproc_rules/preprocessor.rules"))
$snort_preprocessor_decoder_rules .= "include \$PREPROC_RULE_PATH/preprocessor.rules\n";
- if (file_exists("/usr/local/etc/snort/preproc_rules/decoder.rules"))
+ if (file_exists("{$snortdir}/preproc_rules/decoder.rules"))
$snort_preprocessor_decoder_rules .= "include \$PREPROC_RULE_PATH/decoder.rules\n";
/* build snort configuration file */
@@ -1869,8 +1868,8 @@ portvar DCERPC_BRIGHTSTORE [6503,6504]
#
#####################
-var RULE_PATH /usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/rules
-var PREPROC_RULE_PATH /usr/local/etc/snort/preproc_rules
+var RULE_PATH {$snortdir}/snort_{$snort_uuid}_{$if_real}/rules
+var PREPROC_RULE_PATH {$snortdir}/preproc_rules
################################
#
@@ -1908,10 +1907,10 @@ dynamicdetection directory /usr/local/lib/snort/dynamicrules
#
###################
-preprocessor frag3_global: max_frags 8192
+preprocessor frag3_global {$snortdir}: max_frags 8192
preprocessor frag3_engine: policy bsd detect_anomalies
-preprocessor stream5_global: track_tcp yes, track_udp yes, track_icmp yes
+preprocessor stream5_global {$snortdir}: track_tcp yes, track_udp yes, track_icmp yes
preprocessor stream5_tcp: policy BSD, ports both all, {$def_max_queued_bytes_type}{$def_max_queued_segs_type}
preprocessor stream5_udp:
@@ -1962,8 +1961,8 @@ preprocessor ssl: ports { {$def_ssl_ports_ignore_type} }, trustservers, noinspec
#
#################
-include /usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/reference.config
-include /usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/classification.config
+include {$snortdir}/snort_{$snort_uuid}_{$if_real}/reference.config
+include {$snortdir}/snort_{$snort_uuid}_{$if_real}/classification.config
{$snort_preprocessor_decoder_rules}
$threshold_file_name
@@ -1984,33 +1983,4 @@ EOD;
return $snort_conf_text;
}
-/* hide progress bar */
-function hide_progress_bar_status() {
- global $snort_filename, $snort_filename_md5, $console_mode;
-
- ob_flush();
- if(!$console_mode)
- echo "\n<script type=\"text/javascript\">document.progressbar.style.visibility='hidden';\n</script>";
-}
-
-/* unhide progress bar */
-function unhide_progress_bar_status() {
- global $snort_filename, $snort_filename_md5, $console_mode;
-
- ob_flush();
- if(!$console_mode)
- echo "\n<script type=\"text/javascript\">document.progressbar.style.visibility='visible';\n</script>";
-}
-
-/* update both top and bottom text box during an operation */
-function update_all_status($status) {
- global $snort_filename, $snort_filename_md5, $console_mode;
-
- ob_flush();
- if(!$console_mode) {
- update_status($status);
- update_output_window($status);
- }
-}
-
?>
diff --git a/config/snort/snort_check_for_rule_updates.php b/config/snort/snort_check_for_rule_updates.php
index b8d86ff8..00a93ad5 100644
--- a/config/snort/snort_check_for_rule_updates.php
+++ b/config/snort/snort_check_for_rule_updates.php
@@ -32,13 +32,12 @@ require_once("functions.inc");
require_once("service-utils.inc");
require_once("/usr/local/pkg/snort/snort.inc");
-global $snort_gui_include;
+global $snort_gui_include, $snortdir;
if (!isset($snort_gui_include))
$pkg_interface = "console";
-$tmpfname = "/usr/local/etc/snort/tmp/snort_rules_up";
-$snortdir = "/usr/local/etc/snort";
+$tmpfname = "{$snortdir}/tmp/snort_rules_up";
$snort_filename_md5 = "{$snort_rules_file}.md5";
$snort_filename = "{$snort_rules_file}";
$emergingthreats_filename_md5 = "emerging.rules.tar.gz.md5";
@@ -52,8 +51,8 @@ $emergingthreats = $config['installedpackages']['snortglobal']['emergingthreats'
/* Start of code */
conf_mount_rw();
-if (!is_dir('/usr/local/etc/snort/tmp'))
- exec('/bin/mkdir -p /usr/local/etc/snort/tmp');
+if (!is_dir($tmpfname))
+ exec("/bin/mkdir -p {$tmpfname}");
/* Set user agent to Mozilla */
ini_set('user_agent','Mozilla/4.0 (compatible; MSIE 6.0)');
@@ -159,7 +158,7 @@ if ($snortdownload == 'on') {
/* extract snort.org rules and add prefix to all snort.org files*/
exec("/bin/rm -r {$snortdir}/rules/*");
exec("/usr/bin/tar xzf {$tmpfname}/{$snort_filename} -C {$snortdir} rules/");
- chdir ("/usr/local/etc/snort/rules");
+ chdir ("{$snortdir}/rules");
exec('/usr/local/bin/perl /usr/local/bin/snort_rename.pl s/^/snort_/ *.rules');
/* extract so rules */
@@ -241,15 +240,15 @@ if ($snortdownload == 'on') {
/* XXX: Convert this to sed? */
/* make shure default rules are in the right format */
- exec("/usr/local/bin/perl -pi -e 's/#alert/# alert/g' /usr/local/etc/snort/rules/*.rules");
- exec("/usr/local/bin/perl -pi -e 's/##alert/# alert/g' /usr/local/etc/snort/rules/*.rules");
- exec("/usr/local/bin/perl -pi -e 's/## alert/# alert/g' /usr/local/etc/snort/rules/*.rules");
+ exec("/usr/local/bin/perl -pi -e 's/#alert/# alert/g' {$snortdir}/rules/*.rules");
+ exec("/usr/local/bin/perl -pi -e 's/##alert/# alert/g' {$snortdir}/rules/*.rules");
+ exec("/usr/local/bin/perl -pi -e 's/## alert/# alert/g' {$snortdir}/rules/*.rules");
/* create a msg-map for snort */
update_status(gettext("Updating Alert Messages..."));
exec("/usr/local/bin/perl /usr/local/bin/create-sidmap.pl {$snortdir}/rules > {$snortdir}/sid-msg.map");
- if (file_exists("{$tmpfname}/$snort_filename_md5")) {
+ if (file_exists("{$tmpfname}/{$snort_filename_md5}")) {
update_status(gettext("Copying md5 sig to snort directory..."));
exec("/bin/cp {$tmpfname}/$snort_filename_md5 {$snortdir}/$snort_filename_md5");
}
@@ -314,7 +313,7 @@ path = /bin:/usr/bin:/usr/local/bin
update_files = \.rules$|\.config$|\.conf$|\.txt$|\.map$
-url = dir:///usr/local/etc/snort/rules
+url = dir://{$snortdir}/rules
{$selected_sid_on_sections}
diff --git a/config/snort/snort_download_rules.php b/config/snort/snort_download_rules.php
index 56bc2ebd..d5a0ae8f 100644
--- a/config/snort/snort_download_rules.php
+++ b/config/snort/snort_download_rules.php
@@ -82,6 +82,6 @@ $snort_gui_include = true;
include("/usr/local/pkg/snort/snort_check_for_rule_updates.php");
/* hide progress bar and lets end this party */
-hide_progress_bar_status();
+echo "\n<script type=\"text/javascript\">document.progressbar.style.visibility='hidden';\n</script>";
?>
diff --git a/config/snort/snort_download_updates.php b/config/snort/snort_download_updates.php
index b96b2cae..f2e521c0 100644
--- a/config/snort/snort_download_updates.php
+++ b/config/snort/snort_download_updates.php
@@ -36,7 +36,7 @@ require_once("guiconfig.inc");
require_once("/usr/local/pkg/snort/snort_gui.inc");
require_once("/usr/local/pkg/snort/snort.inc");
-global $g;
+global $g, $snortdir;
/* load only javascript that is needed */
$snort_load_jquery = 'yes';
@@ -46,16 +46,16 @@ $emergingthreats = $config['installedpackages']['snortglobal']['emergingthreats'
/* quick md5s chk */
$snort_org_sig_chk_local = 'N/A';
-if (file_exists("/usr/local/etc/snort/{$snort_rules_file}.md5"))
- $snort_org_sig_chk_local = file_get_contents("/usr/local/etc/snort/{$snort_rules_file}.md5");
+if (file_exists("{$snortdir}/{$snort_rules_file}.md5"))
+ $snort_org_sig_chk_local = file_get_contents("{$snortdir}/{$snort_rules_file}.md5");
$emergingt_net_sig_chk_local = 'N/A';
-if (file_exists('/usr/local/etc/snort/emerging.rules.tar.gz.md5'))
- $emergingt_net_sig_chk_local = file_get_contents("/usr/local/etc/snort/emerging.rules.tar.gz.md5");
+if (file_exists("{$snortdir}/emerging.rules.tar.gz.md5"))
+ $emergingt_net_sig_chk_local = file_get_contents("{$snortdir}/emerging.rules.tar.gz.md5");
/* check for logfile */
$update_logfile_chk = 'no';
-if (file_exists('/usr/local/etc/snort/snort_update.log'))
+if (file_exists("{$snortdir}/snort_update.log"))
$update_logfile_chk = 'yes';
$pgtitle = "Services: Snort: Updates";
@@ -154,11 +154,11 @@ include_once("head.inc");
<?php
if ($update_logfile_chk == 'yes') {
- echo '
- <button class="sexybutton sexysimple example9" href="/snort/snort_rules_edit.php?openruleset=/usr/local/etc/snort/snort_update.log"><span class="pwhitetxt">Update Log&nbsp;&nbsp;&nbsp;&nbsp;</span></button>' . "\n";
+ echo "
+ <button class='sexybutton sexysimple example9' href='/snort/snort_rules_edit.php?openruleset={$snortdir}/snort_update.log'><span class='pwhitetxt'>Update Log&nbsp;&nbsp;&nbsp;&nbsp;</span></button>\n";
}else{
- echo '
- <button class="sexybutton disabled" disabled="disabled" href="/snort/snort_rules_edit.php?openruleset=/usr/local/etc/snort/snort_update.log"><span class="pwhitetxt">Update Log&nbsp;&nbsp;&nbsp;&nbsp;</span></button>' . "\n";
+ echo "
+ <button class='sexybutton disabled' disabled='disabled' href='/snort/snort_rules_edit.php?openruleset={$snortdir}/snort_update.log'><span class='pwhitetxt'>Update Log&nbsp;&nbsp;&nbsp;&nbsp;</span></button>\n";
}
?>
diff --git a/config/snort/snort_interfaces.php b/config/snort/snort_interfaces.php
index 93b0050d..0d3ee8c1 100644
--- a/config/snort/snort_interfaces.php
+++ b/config/snort/snort_interfaces.php
@@ -35,7 +35,7 @@ require_once("guiconfig.inc");
require_once("/usr/local/pkg/snort/snort_gui.inc");
require_once("/usr/local/pkg/snort/snort.inc");
-global $g;
+global $g, $snortdir;
$id = $_GET['id'];
if (isset($_POST['id']))
@@ -58,7 +58,7 @@ if (isset($_POST['del_x'])) {
Running_Stop($snort_uuid,$if_real, $rulei);
exec("/bin/rm -r /var/log/snort/snort_{$if_real}{$snort_uuid}");
- exec("/bin/rm -r /usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}");
+ exec("/bin/rm -r {$snortdir}/snort_{$snort_uuid}_{$if_real}");
unset($a_nat[$rulei]);
}
diff --git a/config/snort/snort_interfaces_global.php b/config/snort/snort_interfaces_global.php
index a650646c..c49390a1 100644
--- a/config/snort/snort_interfaces_global.php
+++ b/config/snort/snort_interfaces_global.php
@@ -38,7 +38,7 @@ require_once("guiconfig.inc");
require_once("/usr/local/pkg/snort/snort_gui.inc");
require_once("/usr/local/pkg/snort/snort.inc");
-global $g;
+global $g, $snortdir;
$d_snort_global_dirty_path = '/var/run/snort_global.dirty';
@@ -120,7 +120,7 @@ if (!$input_errors) {
if ($_POST["Reset"]) {
function snort_deinstall_settings() {
- global $config, $g, $id, $if_real;
+ global $config, $g, $id, $if_real, $snortdir;
exec("/usr/usr/bin/killall snort");
sleep(2);
@@ -165,7 +165,7 @@ if ($_POST["Reset"]) {
unset($config['installedpackages']['snortglobal']);
/* remove all snort iface dir */
- exec('rm -r /usr/local/etc/snort/snort_*');
+ exec("rm -r {$snortdir}/snort_*");
exec('rm /var/log/snort/*');
}
diff --git a/config/snort/snort_rules.php b/config/snort/snort_rules.php
index 871eb39e..d04e1b41 100644
--- a/config/snort/snort_rules.php
+++ b/config/snort/snort_rules.php
@@ -33,7 +33,7 @@ require_once("guiconfig.inc");
require_once("/usr/local/pkg/snort/snort_gui.inc");
require_once("/usr/local/pkg/snort/snort.inc");
-global $g;
+global $g, $snortdir;
if (!is_array($config['installedpackages']['snortglobal']['rule']))
$config['installedpackages']['snortglobal']['rule'] = array();
@@ -59,12 +59,12 @@ $iface_uuid = $a_nat[$id]['uuid'];
/* Check if the rules dir is empy if so warn the user */
/* TODO give the user the option to delete the installed rules rules */
-if (!is_dir("/usr/local/etc/snort/snort_{$iface_uuid}_{$if_real}/rules"))
- exec("/bin/mkdir -p /usr/local/etc/snort/snort_{$iface_uuid}_{$if_real}/rules");
+if (!is_dir("{$snortdir}/snort_{$iface_uuid}_{$if_real}/rules"))
+ exec("/bin/mkdir -p {$snortdir}/snort_{$iface_uuid}_{$if_real}/rules");
-$isrulesfolderempty = exec("ls -A /usr/local/etc/snort/snort_{$iface_uuid}_{$if_real}/rules/*.rules");
+$isrulesfolderempty = exec("ls -A {$snortdir}/snort_{$iface_uuid}_{$if_real}/rules/*.rules");
if ($isrulesfolderempty == "") {
- $isrulesfolderempty = exec("ls -A /usr/local/etc/snort/rules/*.rules");
+ $isrulesfolderempty = exec("ls -A {$snortdir}/rules/*.rules");
if ($isrulesfolderempty == "") {
include_once("head.inc");
include_once("fbegin.inc");
@@ -123,7 +123,7 @@ if ($isrulesfolderempty == "") {
exit(0);
} else {
/* Make sure that we have the rules */
- mwexec("/bin/cp /usr/local/etc/snort/rules/*.rules /usr/local/etc/snort/snort_{$iface_uuid}_{$if_real}/rules", true);
+ mwexec("/bin/cp {$snortdir}/rules/*.rules {$snortdir}/snort_{$iface_uuid}_{$if_real}/rules", true);
}
}
@@ -149,8 +149,7 @@ function load_rule_file($incoming_file)
return explode("\n", $contents);
}
-$ruledir = "/usr/local/etc/snort/snort_{$iface_uuid}_{$if_real}/rules/";
-//$ruledir = "/usr/local/etc/snort/rules/";
+$ruledir = "{$snortdir}/snort_{$iface_uuid}_{$if_real}/rules/";
$dh = opendir($ruledir);
while (false !== ($filename = readdir($dh)))
{
diff --git a/config/snort/snort_rulesets.php b/config/snort/snort_rulesets.php
index 313daea2..ee700a88 100644
--- a/config/snort/snort_rulesets.php
+++ b/config/snort/snort_rulesets.php
@@ -33,7 +33,7 @@ require_once("guiconfig.inc");
require_once("/usr/local/pkg/snort/snort_gui.inc");
require_once("/usr/local/pkg/snort/snort.inc");
-global $g;
+global $g, $snortdir;
if (!is_array($config['installedpackages']['snortglobal']['rule'])) {
$config['installedpackages']['snortglobal']['rule'] = array();
@@ -64,9 +64,9 @@ $pgtitle = "Snort: Interface $id $iface_uuid $if_real Categories";
/* Check if the rules dir is empy if so warn the user */
/* TODO give the user the option to delete the installed rules rules */
-$isrulesfolderempty = exec("ls -A /usr/local/etc/snort/snort_{$iface_uuid}_{$if_real}/rules/*.rules");
+$isrulesfolderempty = exec("ls -A {$snortdir}/snort_{$iface_uuid}_{$if_real}/rules/*.rules");
if ($isrulesfolderempty == "") {
- $isrulesfolderempty = exec("ls -A /usr/local/etc/snort/rules/*.rules");
+ $isrulesfolderempty = exec("ls -A {$snortdir}/rules/*.rules");
if ($isrulesfolderempty == "") {
include_once("head.inc");
include("fbegin.inc");
@@ -105,7 +105,7 @@ if ($isrulesfolderempty == "") {
<table id=\"maintable\" class=\"tabcont\" width=\"100%\" border=\"0\" cellpadding=\"0\" cellspacing=\"0\">\n
<tr>\n
<td>\n
- # The rules directory is empty. /usr/local/etc/snort/snort_{$iface_uuid}_{$if_real}/rules \n
+ # The rules directory is empty. {$snortdir}/snort_{$iface_uuid}_{$if_real}/rules \n
</td>\n
</tr>\n
</table>\n
@@ -127,7 +127,7 @@ if ($isrulesfolderempty == "") {
exit(0);
} else {
/* Make sure that we have the rules */
- mwexec("/bin/cp /usr/local/etc/snort/rules/*.rules /usr/local/etc/snort/snort_{$iface_uuid}_{$if_real}/rules", true);
+ mwexec("/bin/cp {$snortdir}/rules/*.rules {$snortdir}/snort_{$iface_uuid}_{$if_real}/rules", true);
}
}
@@ -167,19 +167,7 @@ include_once("head.inc");
<?php include("fbegin.inc"); ?>
<?if($pfsense_stable == 'yes'){echo '<p class="pgtitle">' . $pgtitle . '</p>';}?>
-<?php
-echo "{$snort_general_css}\n";
-?>
-
<div class="body2">
-
-<noscript>
-<div class="alert" ALIGN=CENTER><img
- src="../themes/<?php echo $g['theme']; ?>/images/icons/icon_alert.gif" /><strong>Please
-enable JavaScript to view this content
-</CENTER></div>
-</noscript>
-
<?php
echo "<form action=\"snort_rulesets.php?id={$id}\" method=\"post\" name=\"iform\" id=\"iform\">";
@@ -246,9 +234,8 @@ if (file_exists($d_snortconfdirty_path)) {
<td class="listhdrr"><?php if($snort_arch == 'x86'){echo 'Ruleset: Rules that end with "so.rules" are shared object rules.';}else{echo 'Shared object rules are "so.rules" and not available on 64 bit architectures.';}?></td>
<!-- <td class="listhdrr">Description</td> -->
</tr>
- <?php
- $dir = "/usr/local/etc/snort/snort_{$iface_uuid}_{$if_real}/rules/";
- $dh = opendir($dir);
+ <?php
+ $dh = opendir("{$snortdir}/snort_{$iface_uuid}_{$if_real}/rules/");
while (false !== ($filename = readdir($dh))) {
$files[] = basename($filename);
}
@@ -269,14 +256,10 @@ if (file_exists($d_snortconfdirty_path)) {
echo " \n<input type='checkbox' name='toenable[]' value='$file' {$CHECKED} />\n";
echo "</td>\n";
echo "<td>\n";
- echo "<a href='snort_rules.php?id={$id}&openruleset=/usr/local/etc/snort/snort_{$iface_uuid}_{$if_real}/rules/" . urlencode($file) . "'>{$file}</a>\n";
+ echo "<a href='snort_rules.php?id={$id}&openruleset={$snortdir}/snort_{$iface_uuid}_{$if_real}/rules/" . urlencode($file) . "'>{$file}</a>\n";
echo "</td>\n</tr>\n\n";
- //echo "<td>";
- //echo "description";
- //echo "</td>";
}
-
- ?>
+ ?>
</table>
</td>
</tr>
@@ -297,17 +280,11 @@ if (file_exists($d_snortconfdirty_path)) {
</td>
</tr>
</table>
-
</form>
-
<p><b>NOTE:</b> You can click on a ruleset name to edit the ruleset.</p>
-
</div>
-
<?php
include("fend.inc");
-echo $snort_custom_rnd_box;
?>
-
</body>
</html>