aboutsummaryrefslogtreecommitdiffstats
path: root/config/snort
diff options
context:
space:
mode:
authorbmeeks8 <bmeeks8@bellsouth.net>2014-09-17 14:37:13 -0400
committerbmeeks8 <bmeeks8@bellsouth.net>2014-09-17 14:37:13 -0400
commit834c580f3bcfea9b8c23e61fc00a8250cfa0dabf (patch)
treebd9edf829454e0cd969d23bd049949d0bd38ae65 /config/snort
parentb386e2d9ed7bf07807acde9cd68a467a6330fa1b (diff)
downloadpfsense-packages-834c580f3bcfea9b8c23e61fc00a8250cfa0dabf.tar.gz
pfsense-packages-834c580f3bcfea9b8c23e61fc00a8250cfa0dabf.tar.bz2
pfsense-packages-834c580f3bcfea9b8c23e61fc00a8250cfa0dabf.zip
Report each enabled Snort/BY2 interface as a separate service entry.
Diffstat (limited to 'config/snort')
-rwxr-xr-xconfig/snort/snort.inc217
-rw-r--r--config/snort/snort.priv.inc1
-rwxr-xr-xconfig/snort/snort.xml9
-rwxr-xr-xconfig/snort/snort_interfaces.php33
-rwxr-xr-xconfig/snort/snort_interfaces_edit.php5
-rw-r--r--config/snort/snort_post_install.php58
-rw-r--r--config/snort/snort_service_utils.php121
7 files changed, 380 insertions, 64 deletions
diff --git a/config/snort/snort.inc b/config/snort/snort.inc
index fbeea89f..466efac1 100755
--- a/config/snort/snort.inc
+++ b/config/snort/snort.inc
@@ -551,7 +551,7 @@ function snort_barnyard_stop($snortcfg, $if_real) {
$snort_uuid = $snortcfg['uuid'];
if (isvalidpid("{$g['varrun_path']}/barnyard2_{$if_real}{$snort_uuid}.pid")) {
- log_error("[Snort] Barnyard2 STOP for {$snortcfg['descr']}({$if_real})...");
+ log_error("[Snort] Barnyard2 STOP for " . convert_real_interface_to_friendly_descr($if_real) . "({$if_real})...");
killbypid("{$g['varrun_path']}/barnyard2_{$if_real}{$snort_uuid}.pid");
}
}
@@ -561,28 +561,35 @@ function snort_stop($snortcfg, $if_real) {
$snort_uuid = $snortcfg['uuid'];
if (isvalidpid("{$g['varrun_path']}/snort_{$if_real}{$snort_uuid}.pid")) {
- log_error("[Snort] Snort STOP for {$snortcfg['descr']}({$if_real})...");
+ log_error("[Snort] Snort STOP for " . convert_real_interface_to_friendly_descr($if_real) . "({$if_real})...");
killbypid("{$g['varrun_path']}/snort_{$if_real}{$snort_uuid}.pid");
}
snort_barnyard_stop($snortcfg, $if_real);
}
-function snort_barnyard_start($snortcfg, $if_real) {
+function snort_barnyard_start($snortcfg, $if_real, $background=FALSE) {
global $config, $g;
$snortdir = SNORTDIR;
$snortlogdir = SNORTLOGDIR;
$snort_uuid = $snortcfg['uuid'];
- /* define snortbarnyardlog_chk */
if ($snortcfg['barnyard_enable'] == 'on') {
- log_error("[Snort] Barnyard2 START for {$snortcfg['descr']}({$if_real})...");
- mwexec("/usr/local/bin/barnyard2 -r {$snort_uuid} -f \"snort_{$snort_uuid}_{$if_real}.u2\" --pid-path {$g['varrun_path']} --nolock-pidfile -c {$snortdir}/snort_{$snort_uuid}_{$if_real}/barnyard2.conf -d {$snortlogdir}/snort_{$if_real}{$snort_uuid} -D -q");
+ if (isvalidpid("{$g['varrun_path']}/barnyard2_{$if_real}{$snort_uuid}.pid")) {
+ snort_barnyard_reload_config($snortcfg, "HUP");
+ }
+ else {
+ log_error("[Snort] Barnyard2 START for " . convert_real_interface_to_friendly_descr($if_real) . "({$if_real})...");
+ if ($background)
+ mwexec_bg("/usr/local/bin/barnyard2 -r {$snort_uuid} -f \"snort_{$snort_uuid}_{$if_real}.u2\" --pid-path {$g['varrun_path']} --nolock-pidfile -c {$snortdir}/snort_{$snort_uuid}_{$if_real}/barnyard2.conf -d {$snortlogdir}/snort_{$if_real}{$snort_uuid} -D -q");
+ else
+ mwexec("/usr/local/bin/barnyard2 -r {$snort_uuid} -f \"snort_{$snort_uuid}_{$if_real}.u2\" --pid-path {$g['varrun_path']} --nolock-pidfile -c {$snortdir}/snort_{$snort_uuid}_{$if_real}/barnyard2.conf -d {$snortlogdir}/snort_{$if_real}{$snort_uuid} -D -q");
+ }
}
}
-function snort_start($snortcfg, $if_real) {
+function snort_start($snortcfg, $if_real, $background=FALSE) {
global $config, $g;
$snortdir = SNORTDIR;
@@ -590,27 +597,56 @@ function snort_start($snortcfg, $if_real) {
$snort_uuid = $snortcfg['uuid'];
if ($snortcfg['enable'] == 'on') {
- log_error("[Snort] Snort START for {$snortcfg['descr']}({$if_real})...");
- mwexec("/usr/local/bin/snort -R {$snort_uuid} -D -q -l {$snortlogdir}/snort_{$if_real}{$snort_uuid} --pid-path {$g['varrun_path']} --nolock-pidfile -G {$snort_uuid} -c {$snortdir}/snort_{$snort_uuid}_{$if_real}/snort.conf -i {$if_real}");
+ if (isvalidpid("{$g['varrun_path']}/snort_{$if_real}{$snort_uuid}.pid")) {
+ snort_reload_config($snortcfg, "SIGHUP");
+ snort_barnyard_start($snortcfg, $if_real, $background);
+ }
+ else {
+ log_error("[Snort] Snort START for " . convert_real_interface_to_friendly_descr($if_real) . "({$if_real})...");
+ if ($background)
+ mwexec_bg("/usr/local/bin/snort -R {$snort_uuid} -D -q -l {$snortlogdir}/snort_{$if_real}{$snort_uuid} --pid-path {$g['varrun_path']} --nolock-pidfile -G {$snort_uuid} -c {$snortdir}/snort_{$snort_uuid}_{$if_real}/snort.conf -i {$if_real}");
+ else
+ mwexec("/usr/local/bin/snort -R {$snort_uuid} -D -q -l {$snortlogdir}/snort_{$if_real}{$snort_uuid} --pid-path {$g['varrun_path']} --nolock-pidfile -G {$snort_uuid} -c {$snortdir}/snort_{$snort_uuid}_{$if_real}/snort.conf -i {$if_real}");
+ snort_barnyard_start($snortcfg, $if_real, $background);
+ }
}
else
return;
+}
+
+function snort_start_all_interfaces($background=FALSE) {
+
+ /*************************************************************/
+ /* This function starts all configured and enabled Snort */
+ /* interfaces. */
+ /*************************************************************/
+
+ global $g, $config;
+
+ /* do nothing if no Snort interfaces active */
+ if (!is_array($config['installedpackages']['snortglobal']['rule']))
+ return;
- snort_barnyard_start($snortcfg, $if_real);
+ foreach ($config['installedpackages']['snortglobal']['rule'] as $snortcfg) {
+ if ($snortcfg['enable'] != 'on')
+ continue;
+ snort_start($snortcfg, get_real_interface($snortcfg['interface']), $background);
+ }
}
-/**************************************************************/
-/* This function sends the passed SIGNAL to the Snort */
-/* instance on the passed interface to cause Snort to reload */
-/* and parse the running configuration without stopping */
-/* packet processing. It also executes the reload as a */
-/* background process and returns control immediately to the */
-/* caller. */
-/* */
-/* $signal = SIGHUP (default) parses and reloads config. */
-/* SIGURG updates Host Attribute Table. */
-/**************************************************************/
function snort_reload_config($snortcfg, $signal="SIGHUP") {
+
+ /*************************************************************/
+ /* This function sends the passed SIGNAL to the Snort */
+ /* instance on the passed interface to cause Snort to */
+ /* reload and parse the running configuration without */
+ /* stopping packet processing. It also executes the */
+ /* the reload as a background process and returns control */
+ /* immediately to the caller. */
+ /* */
+ /* $signal = SIGHUP (default) parses and reloads config. */
+ /* SIGURG updates Host Attribute Table. */
+ /*************************************************************/
global $config, $g;
$snortdir = SNORTDIR;
@@ -622,23 +658,23 @@ function snort_reload_config($snortcfg, $signal="SIGHUP") {
/* can find a valid PID for the process. */
/******************************************************/
if (isvalidpid("{$g['varrun_path']}/snort_{$if_real}{$snort_uuid}.pid")) {
- log_error("[Snort] Snort RELOAD CONFIG for {$snortcfg['descr']} ({$if_real})...");
+ log_error("[Snort] Snort RELOAD CONFIG for " . convert_real_interface_to_friendly_descr($if_real) . "({$if_real})...");
mwexec_bg("/bin/pkill -{$signal} -F {$g['varrun_path']}/snort_{$if_real}{$snort_uuid}.pid");
}
}
function snort_barnyard_reload_config($snortcfg, $signal="HUP") {
- /**************************************************************/
- /* This function sends the passed SIGNAL to the Barnyard2 */
- /* instance on the passed interface to cause Barnyard to */
- /* reload and parse the running configuration without */
- /* impacting packet processing. It also executes the reload */
- /* as a background process and returns control immediately */
- /* to the caller. */
- /* */
- /* $signal = HUP (default) parses and reloads config. */
- /**************************************************************/
+ /*************************************************************/
+ /* This function sends the passed SIGNAL to the Barnyard2 */
+ /* instance on the passed interface to cause Barnyard to */
+ /* reload and parse the running configuration without */
+ /* impacting packet processing. It also executes the reload */
+ /* as a background process and returns control immediately */
+ /* to the caller. */
+ /* */
+ /* $signal = HUP (default) parses and reloads config. */
+ /*************************************************************/
global $g;
$snortdir = SNORTDIR;
@@ -650,7 +686,7 @@ function snort_barnyard_reload_config($snortcfg, $signal="HUP") {
/* we can find a valid PID for the process. */
/******************************************************/
if (isvalidpid("{$g['varrun_path']}/barnyard2_{$if_real}{$snort_uuid}.pid")) {
- log_error("[Snort] Barnyard2 CONFIG RELOAD initiated for {$snortcfg['descr']} ({$if_real})...");
+ log_error("[Snort] Barnyard2 CONFIG RELOAD initiated for " . convert_real_interface_to_friendly_descr($if_real) . "({$if_real})...");
mwexec_bg("/bin/pkill -{$signal} -F {$g['varrun_path']}/barnyard2_{$if_real}{$snort_uuid}.pid");
}
}
@@ -971,25 +1007,104 @@ function sync_snort_package_config() {
/* do not start config build if rules is empty or there are no Snort settings */
if (!is_array($config['installedpackages']['snortglobal']) || !is_array($config['installedpackages']['snortglobal']['rule'])) {
- @unlink("{$rcdir}snort.sh");
conf_mount_ro();
+
+ // Make sure no lingering <service> entries exist for Snort interfaces
+ $is_dirty = FALSE;
+ if (!is_array($config['installedpackges']['service']))
+ $config['installedpackages']['service'] = array();
+ foreach ($config['installedpackages']['service'] as $key => $service) {
+ if (strpos($service['name'], "snort_") !== FALSE) {
+ unset($config['installedpackages']['service'][$key]);
+ $is_dirty = TRUE;
+ }
+ if (strpos($service['name'], "barnyard2_") !== FALSE) {
+ unset($config['installedpackages']['service'][$key]);
+ $is_dirty = TRUE;
+ }
+ }
+ if ($is_dirty)
+ write_config("Snort pkg: removed snort interface service entry.");
return;
}
$snortconf = $config['installedpackages']['snortglobal']['rule'];
+ $is_dirty = FALSE;
foreach ($snortconf as $value) {
+ /* Skip configuration of any disabled interface */
+ /* after removing its custom service entry. */
+ if ($value['enable'] != 'on') {
+ foreach ($config['installedpackages']['service'] as $key => $service) {
+ if (isset($service['uuid']) && $service['uuid'] == $value['uuid'] &&
+ $service['name'] == "snort_" . strtolower(convert_friendly_interface_to_friendly_descr($value['interface']))) {
+ unset($config['installedpackages']['service'][$key]);
+ unlink_if_exists("{$g['varrun_path']}/snort_{$uuid}.disabled");
+ $is_dirty = TRUE;
+ }
+ if (isset($service['uuid']) && $service['uuid'] == $value['uuid'] &&
+ $service['name'] == "barnyard2_" . strtolower(convert_friendly_interface_to_friendly_descr($value['interface']))) {
+ unset($config['installedpackages']['service'][$key]);
+ unlink_if_exists("{$g['varrun_path']}/barnyard2_{$uuid}.disabled");
+ $is_dirty = TRUE;
+ }
+ }
+ continue;
+ }
+
$if_real = get_real_interface($value['interface']);
- /* create a snort.conf file for interface */
+ /* create a snort.conf file for interface */
snort_generate_conf($value);
- /* create barnyard2.conf file for interface */
+ /* create barnyard2.conf file for interface */
if ($value['barnyard_enable'] == 'on')
snort_generate_barnyard2_conf($value, $if_real);
+
+ /* create a <service> entry for interface */
+ $snort_found = FALSE;
+ $barnyard_found = FALSE;
+ foreach ($config['installedpackages']['service'] as $service) {
+ if (isset($service['uuid']) && $service['uuid'] == $value['uuid'] &&
+ $service['name'] == "snort_" . strtolower(convert_friendly_interface_to_friendly_descr($value['interface']))) {
+ $snort_found = TRUE;
+ }
+ if (isset($service['uuid']) && $service['uuid'] == $value['uuid'] &&
+ $service['name'] == "barnyard2_" . strtolower(convert_friendly_interface_to_friendly_descr($value['interface']))) {
+ $barnyard_found = TRUE;
+ }
+ }
+ if (!$snort_found) {
+ $service = array();
+ $service['name'] = "snort_" . strtolower(convert_friendly_interface_to_friendly_descr($value['interface']));
+ $service['description'] = "Snort IDS/IPS - " . convert_friendly_interface_to_friendly_descr($value['interface']);
+ $service['uuid'] = $value['uuid'];
+ $service['startcmd'] = "\$action='start';\$service='snort';\$uuid={$value['uuid']};\$rc = include '/usr/local/pkg/snort/snort_service_utils.php';";
+ $service['stopcmd'] = "\$action='stop';\$service='snort';\$uuid={$value['uuid']};\$rc = include '/usr/local/pkg/snort/snort_service_utils.php';";
+ $service['restartcmd'] = "\$action='restart';\$service='snort';\$uuid={$value['uuid']};\$rc = include '/usr/local/pkg/snort/snort_service_utils.php';";
+ $service['custom_php_service_status_command'] = "\$action='status';\$service='snort';\$uuid={$value['uuid']};\$rc = include '/usr/local/pkg/snort/snort_service_utils.php';";
+ $config['installedpackages']['service'][] = $service;
+ $is_dirty = TRUE;
+ }
+ if (!$barnyard_found && $value['barnyard_enable'] == 'on') {
+ $service = array();
+ $service['name'] = "barnyard2_" . strtolower(convert_friendly_interface_to_friendly_descr($value['interface']));
+ $service['description'] = "Barnyard2 Logging - " . convert_friendly_interface_to_friendly_descr($value['interface']);
+ $service['uuid'] = $value['uuid'];
+ $service['startcmd'] = "\$action='start';\$service='barnyard2';\$uuid={$value['uuid']};\$rc = include '/usr/local/pkg/snort/snort_service_utils.php';";
+ $service['stopcmd'] = "\$action='stop';\$service='barnyard2';\$uuid={$value['uuid']};\$rc = include '/usr/local/pkg/snort/snort_service_utils.php';";
+ $service['restartcmd'] = "\$action='restart';\$service='barnyard2';\$uuid={$value['uuid']};\$rc = include '/usr/local/pkg/snort/snort_service_utils.php';";
+ $service['custom_php_service_status_command'] = "\$action='status';\$service='barnyard2';\$uuid={$value['uuid']};\$rc = include '/usr/local/pkg/snort/snort_service_utils.php';";
+ $config['installedpackages']['service'][] = $service;
+ $is_dirty = TRUE;
+ }
}
+ // Call write_config() if we made any updates up above
+ if ($is_dirty)
+ write_config("Snort pkg: updated snort service entry configuration.");
+
/* create snort bootup file snort.sh only create once */
- snort_create_rc();
+// snort_create_rc();
$snortglob = $config['installedpackages']['snortglobal'];
@@ -3067,6 +3182,26 @@ function snort_deinstall() {
/* Remove the snort user and group */
mwexec('/usr/sbin/pw userdel snort; /usr/sbin/pw groupdel snort', true);
+ /* Remove our custom <service> entries from config */
+ $is_dirty = FALSE;
+ if (!is_array($config['installedpackges']['service']))
+ $config['installedpackages']['service'] = array();
+ foreach ($config['installedpackages']['service'] as $key => $service) {
+ if (strpos($service['name'], "snort_") !== FALSE) {
+ unset($config['installedpackages']['service'][$key]);
+ unlink_if_exists("{$g['varrun_path']}/snort_{$service['uuid']}.disabled");
+ $is_dirty = TRUE;
+ continue;
+ }
+ if (strpos($service['name'], "barnyard2_") !== FALSE) {
+ unset($config['installedpackages']['service'][$key]);
+ unlink_if_exists("{$g['varrun_path']}/barnyard2_{$service['uuid']}.disabled");
+ $is_dirty = TRUE;
+ }
+ }
+ if ($is_dirty)
+ write_config("Snort pkg: removed all snort interface services.");
+
/* Remove all the existing Snort cron jobs. */
if (snort_cron_job_exists("snort2c", FALSE))
install_cron_job("snort2c", false);
@@ -3765,12 +3900,8 @@ function snort_do_xmlrpc_sync($syncdownloadrules, $sync_to_ip, $port, $username,
}
$snortstart = "";
if ($syncstartsnort == "ON") {
- $snortstart = "log_error(gettext(\"[snort] XMLRPC pkg sync: Checking Snort status...\"));\n";
- $snortstart .= "\tif (!is_process_running(\"snort\")) {\n";
- $snortstart .= "\t\tlog_error(gettext(\"[snort] XMLRPC pkg sync: Snort not running. Sending a start command...\"));\n";
- $snortstart .= "\t\t\$sh_script = RCFILEPREFIX . \"snort.sh\";\n";
- $snortstart .= "\t\tmwexec_bg(\"{\$sh_script} start\");\n\t}\n";
- $snortstart .= "\telse {\n\t\tlog_error(gettext(\"[snort] XMLRPC pkg CARP sync: Snort is running...\"));\n\t}\n";
+ $snortstart = "log_error(gettext(\"[snort] XMLRPC pkg sync: Starting Snort if not running...\"));\n";
+ $snortstart .= "\tsnort_start_all_interfaces(TRUE);\n";
}
/*************************************************/
diff --git a/config/snort/snort.priv.inc b/config/snort/snort.priv.inc
index 1af0e783..7376a1b2 100644
--- a/config/snort/snort.priv.inc
+++ b/config/snort/snort.priv.inc
@@ -43,6 +43,7 @@ $priv_list['page-services-snort']['match'][] = "snort/snort_iprep_list_browser.p
$priv_list['page-services-snort']['match'][] = "snort/snort_generate_conf.php*";
$priv_list['page-services-snort']['match'][] = "snort/snort_interface_logs.php*";
$priv_list['page-services-snort']['match'][] = "snort/snort_log_mgmt.php*";
+$priv_list['page-services-snort']['match'][] = "snort/snort_service_utils.php*";
$priv_list['page-services-snort']['match'][] = "widgets/javascript/snort_alerts.js*";
$priv_list['page-services-snort']['match'][] = "widgets/include/widget-snort.inc*";
$priv_list['page-services-snort']['match'][] = "widgets/widgets/snort_alerts.widget.php*";
diff --git a/config/snort/snort.xml b/config/snort/snort.xml
index b52a1b7e..573f8914 100755
--- a/config/snort/snort.xml
+++ b/config/snort/snort.xml
@@ -56,10 +56,6 @@
<url>/snort/snort_interfaces.php</url>
</menu>
<service>
- <name>snort</name>
- <rcfile>snort.sh</rcfile>
- <executable>snort</executable>
- <description>Snort IDS/IPS Daemon</description>
</service>
<tabs>
</tabs>
@@ -91,6 +87,11 @@
<additional_files_needed>
<prefix>/usr/local/pkg/snort/</prefix>
<chmod>077</chmod>
+ <item>https://packages.pfsense.org/packages/config/snort/snort_service_utils.php</item>
+ </additional_files_needed>
+ <additional_files_needed>
+ <prefix>/usr/local/pkg/snort/</prefix>
+ <chmod>077</chmod>
<item>https://packages.pfsense.org/packages/config/snort/snort_sync.xml</item>
</additional_files_needed>
<additional_files_needed>
diff --git a/config/snort/snort_interfaces.php b/config/snort/snort_interfaces.php
index 697e611e..7903eba7 100755
--- a/config/snort/snort_interfaces.php
+++ b/config/snort/snort_interfaces.php
@@ -55,6 +55,18 @@ if (isset($_POST['del_x'])) {
foreach ($_POST['rule'] as $rulei) {
$if_real = get_real_interface($a_nat[$rulei]['interface']);
$snort_uuid = $a_nat[$rulei]['uuid'];
+ foreach ($config['installedpackages']['service'] as $key => $service) {
+ if (isset($service['uuid']) && $service['uuid'] == $snort_uuid &&
+ $service['name'] == "snort_" . strtolower(convert_friendly_interface_to_friendly_descr($a_nat[$rulei]['interface']))) {
+ unset($config['installedpackages']['service'][$key]);
+ unlink_if_exists("{$g['varrun_path']}/snort_{$snort_uuid}.disabled");
+ }
+ if (isset($service['uuid']) && $service['uuid'] == $snort_uuid &&
+ $service['name'] == "barnyard2_" . strtolower(convert_friendly_interface_to_friendly_descr($a_nat[$rulei]['interface']))) {
+ unset($config['installedpackages']['service'][$key]);
+ unlink_if_exists("{$g['varrun_path']}/barnyard2_{$snort_uuid}.disabled");
+ }
+ }
snort_stop($a_nat[$rulei], $if_real);
exec("/bin/rm -r {$snortlogdir}/snort_{$if_real}{$snort_uuid}");
exec("/bin/rm -r {$snortdir}/snort_{$snort_uuid}_{$if_real}");
@@ -71,15 +83,6 @@ if (isset($_POST['del_x'])) {
write_config("Snort pkg: deleted one or more Snort interfaces.");
sleep(2);
- /* if there are no ifaces remaining do not create snort.sh */
- if (!empty($config['installedpackages']['snortglobal']['rule']))
- snort_create_rc();
- else {
- conf_mount_rw();
- @unlink("{$rcdir}snort.sh");
- conf_mount_ro();
- }
-
sync_snort_package_config();
header( 'Expires: Sat, 26 Jul 1997 05:00:00 GMT' );
@@ -100,11 +103,13 @@ if ($_POST['bartoggle'] && is_numericint($_POST['id'])) {
$if_friendly = convert_friendly_interface_to_friendly_descr($snortcfg['interface']);
if (!snort_is_running($snortcfg['uuid'], $if_real, 'barnyard2')) {
- log_error("Toggle (barnyard starting) for {$if_friendly}({$snortcfg['descr']})...");
+ log_error("Toggle (barnyard starting) for {$if_friendly}({$if_real})...");
sync_snort_package_config();
snort_barnyard_start($snortcfg, $if_real);
+ unlink_if_exists("{$g['varrun_path']}/barnyard2_{$snortcfg['uuid']}.disabled");
} else {
- log_error("Toggle (barnyard stopping) for {$if_friendly}({$snortcfg['descr']})...");
+ log_error("Toggle (barnyard stopping) for {$if_friendly}({$if_real})...");
+ touch("{$g['varrun_path']}/barnyard2_{$snortcfg['uuid']}.disabled");
snort_barnyard_stop($snortcfg, $if_real);
}
sleep(3); // So the GUI reports correctly
@@ -117,16 +122,18 @@ if ($_POST['toggle'] && is_numericint($_POST['id'])) {
$if_friendly = convert_friendly_interface_to_friendly_descr($snortcfg['interface']);
if (snort_is_running($snortcfg['uuid'], $if_real)) {
- log_error("Toggle (snort stopping) for {$if_friendly}({$snortcfg['descr']})...");
+ log_error("Toggle (snort stopping) for {$if_friendly}({$if_real})...");
+ touch("{$g['varrun_path']}/snort_{$snortcfg['uuid']}.disabled");
snort_stop($snortcfg, $if_real);
} else {
- log_error("Toggle (snort starting) for {$if_friendly}({$snortcfg['descr']})...");
+ log_error("Toggle (snort starting) for {$if_friendly}({$if_real})...");
/* set flag to rebuild interface rules before starting Snort */
$rebuild_rules = true;
sync_snort_package_config();
$rebuild_rules = false;
snort_start($snortcfg, $if_real);
+ unlink_if_exists("{$g['varrun_path']}/snort_{$snortcfg['uuid']}.disabled");
}
sleep(3); // So the GUI reports correctly
}
diff --git a/config/snort/snort_interfaces_edit.php b/config/snort/snort_interfaces_edit.php
index a49d6198..aff9b4f7 100755
--- a/config/snort/snort_interfaces_edit.php
+++ b/config/snort/snort_interfaces_edit.php
@@ -224,6 +224,7 @@ if ($_POST["save"] && !$input_errors) {
if ($natent['interface'] != $a_rule[$id]['interface']) {
$oif_real = get_real_interface($a_rule[$id]['interface']);
if (snort_is_running($a_rule[$id]['uuid'], $oif_real)) {
+ touch("{$g['varrun_path']}/snort_{$a_rule[$id]['uuid']}.disabled");
snort_stop($a_rule[$id], $oif_real);
$snort_start = true;
}
@@ -378,8 +379,10 @@ if ($_POST["save"] && !$input_errors) {
sync_snort_package_config();
/* See if we need to restart Snort after an interface re-assignment */
- if ($snort_start == true)
+ if ($snort_start == true) {
snort_start($natent, $if_real);
+ unlink_if_exists("{$g['varrun_path']}/snort_{$natent['uuid']}.disabled");
+ }
/*******************************************************/
/* Signal Snort to reload configuration if we changed */
diff --git a/config/snort/snort_post_install.php b/config/snort/snort_post_install.php
index 715adae2..5c47e151 100644
--- a/config/snort/snort_post_install.php
+++ b/config/snort/snort_post_install.php
@@ -220,10 +220,51 @@ if ($config['installedpackages']['snortglobal']['forcekeepsettings'] == 'on') {
// create barnyard2.conf file for interface
if ($snortcfg['barnyard_enable'] == 'on')
snort_generate_barnyard2_conf($snortcfg, $if_real);
+
+ if ($snortcfg['enable'] != 'on')
+ continue;
+
+ // Create a custom <service> entry for each enabled interface
+ $snort_found = FALSE;
+ $barnyard_found = FALSE;
+ foreach ($config['installedpackages']['service'] as $service) {
+ if (isset($service['uuid']) && $service['uuid'] == $snortcfg['uuid'] &&
+ $service['name'] == "snort_" . strtolower(convert_friendly_interface_to_friendly_descr($snortcfg['interface']))) {
+ $snort_found = TRUE;
+ }
+ if (isset($service['uuid']) && $service['uuid'] == $snortcfg['uuid'] &&
+ $service['name'] == "barnyard2_" . strtolower(convert_friendly_interface_to_friendly_descr($snortcfg['interface']))) {
+ $barnyard_found = TRUE;
+ }
+ }
+ if (!$snort_found) {
+ $service = array();
+ $service['name'] = "snort_" . strtolower(convert_friendly_interface_to_friendly_descr($snortcfg['interface']));
+ $service['description'] = "Snort IDS/IPS - " . convert_friendly_interface_to_friendly_descr($snortcfg['interface']);
+ $service['uuid'] = $snortcfg['uuid'];
+ $service['startcmd'] = "\$action='start';\$service='snort';\$uuid={$snortcfg['uuid']};\$rc = include '/usr/local/pkg/snort/snort_service_utils.php';";
+ $service['stopcmd'] = "\$action='stop';\$service='snort';\$uuid={$snortcfg['uuid']};\$rc = include '/usr/local/pkg/snort/snort_service_utils.php';";
+ $service['restartcmd'] = "\$action='restart';\$service='snort';\$uuid={$snortcfg['uuid']};\$rc = include '/usr/local/pkg/snort/snort_service_utils.php';";
+ $service['custom_php_service_status_command'] = "\$action='status';\$service='snort';\$uuid={$snortcfg['uuid']};\$rc = include '/usr/local/pkg/snort/snort_service_utils.php';";
+ $config['installedpackages']['service'][] = $service;
+ $is_dirty = TRUE;
+ }
+ if (!$barnyard_found && $snortcfg['barnyard_enable'] == 'on') {
+ $service = array();
+ $service['name'] = "barnyard2_" . strtolower(convert_friendly_interface_to_friendly_descr($snortcfg['interface']));
+ $service['description'] = "Barnyard2 Logging - " . convert_friendly_interface_to_friendly_descr($snortcfg['interface']);
+ $service['uuid'] = $snortcfg['uuid'];
+ $service['startcmd'] = "\$action='start';\$service='barnyard2';\$uuid={$snortcfg['uuid']};\$rc = include '/usr/local/pkg/snort/snort_service_utils.php';";
+ $service['stopcmd'] = "\$action='stop';\$service='barnyard2';\$uuid={$snortcfg['uuid']};\$rc = include '/usr/local/pkg/snort/snort_service_utils.php';";
+ $service['restartcmd'] = "\$action='restart';\$service='barnyard2';\$uuid={$snortcfg['uuid']};\$rc = include '/usr/local/pkg/snort/snort_service_utils.php';";
+ $service['custom_php_service_status_command'] = "\$action='status';\$service='barnyard2';\$uuid={$snortcfg['uuid']};\$rc = include '/usr/local/pkg/snort/snort_service_utils.php';";
+ $config['installedpackages']['service'][] = $service;
+ $is_dirty = TRUE;
+ }
}
/* create snort bootup file snort.sh */
- snort_create_rc();
+// snort_create_rc();
/* Set Log Limit, Block Hosts Time and Rules Update Time */
snort_snortloglimit_install_cron(true);
@@ -244,8 +285,19 @@ if ($config['installedpackages']['snortglobal']['forcekeepsettings'] == 'on') {
update_status(gettext("Starting Snort using rebuilt configuration..."));
update_output_window(gettext("Please wait... while Snort is started..."));
log_error(gettext("[Snort] Starting Snort using rebuilt configuration..."));
- mwexec_bg("{$rcdir}snort.sh start");
- update_output_window(gettext("Snort is starting using the rebuilt configuration..."));
+// mwexec_bg("{$rcdir}snort.sh start");
+ foreach ($config['installedpackages']['snortglobal']['rule'] as $snortcfg) {
+ if ($snortcfg['enable'] != 'on')
+ continue;
+ $if_real = get_real_interface($snortcfg['interface']);
+ $snort_uuid = $snortcfg['uuid'];
+ update_output_window(gettext("Snort starting on " . convert_friendly_interface_to_friendly_descr($snortcfg['interface'])));
+ log_error("[Snort] Snort START for " . convert_friendly_interface_to_friendly_descr($snortcfg['interface']) . "({$if_real})...");
+ mwexec_bg("/usr/local/bin/snort -R {$snort_uuid} -D -q -l {$snortlogdir}/snort_{$if_real}{$snort_uuid} --pid-path {$g['varrun_path']} --nolock-pidfile -G {$snort_uuid} -c {$snortdir}/snort_{$snort_uuid}_{$if_real}/snort.conf -i {$if_real}");
+ if ($snortcfg['barnyard_enable'] == 'on')
+ mwexec_bg("/usr/local/bin/barnyard2 -r {$snort_uuid} -f \"snort_{$snort_uuid}_{$if_real}.u2\" --pid-path {$g['varrun_path']} --nolock-pidfile -c {$snortdir}/snort_{$snort_uuid}_{$if_real}/barnyard2.conf -d {$snortlogdir}/snort_{$if_real}{$snort_uuid} -D -q");
+ }
+ update_output_window(gettext("Snort has started using the rebuilt configuration..."));
}
}
diff --git a/config/snort/snort_service_utils.php b/config/snort/snort_service_utils.php
new file mode 100644
index 00000000..f04987b2
--- /dev/null
+++ b/config/snort/snort_service_utils.php
@@ -0,0 +1,121 @@
+<?php
+/*
+ * snort_service_utils.php
+ *
+ * Copyright (C) 2006 Scott Ullrich
+ * Copyright (C) 2009-2010 Robert Zelaya
+ * Copyright (C) 2011-2012 Ermal Luci
+ * Copyright (C) 2013,2014 Bill Meeks
+ * part of pfSense
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright notice,
+ * this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
+ * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+ * AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ * AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
+ * OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ * POSSIBILITY OF SUCH DAMAGE.
+ */
+
+/*****************************************************************************
+ * This file is called by the custom service start, stop and status handlers *
+ * created for each enabled Snort and Barnyard interface. The calling code *
+ * is expected to set the following varibles to indicate the action desired. *
+ * *
+ * $action = start, stop, restart or status *
+ * $service = executable to act upon (snort or barnyard2) *
+ * $uuid = Unique Identifier ID for the rule interface *
+ * *
+ *****************************************************************************/
+
+require_once("/usr/local/pkg/snort/snort.inc");
+
+global $g, $config;
+
+if (empty($uuid)) {
+ log_error(gettext("[Snort] error in snort_service_utils.php ... no UUID provided."));
+ return FALSE;
+}
+if (strtolower($service) != "snort" && strtolower($service) != "barnyard2") {
+ log_error(gettext("[Snort] error in snort_service_utils.php ... unrecognized service '{$service}' provided."));
+ return FALSE;
+}
+
+$service = strtolower($service);
+$action = strtolower($action);
+
+// First find the correct [rule] index in our config using the UUID
+if (!is_array($config['installedpackages']['snortglobal']['rule']))
+ return FALSE;
+foreach ($config['installedpackages']['snortglobal']['rule'] as $rule) {
+ if ($rule['uuid'] == $uuid) {
+ $if_real = get_real_interface($rule['interface']);
+
+ // If interface is manually stopped, then don't try to start it
+ if (($action == 'start' || $action == 'restart') && file_exists("{$g['varrun_path']}/{$service}_{$uuid}.disabled")) {
+ log_error(gettext("[Snort] auto-start locked out by previous manual shutdown...must be started using Snort INTERFACES tab."));
+ return FALSE;
+ }
+
+ switch ($action) {
+ case 'start':
+ if ($service == "snort")
+ snort_start($rule, $if_real, TRUE);
+ elseif ($service == "barnyard2")
+ snort_barnyard_start($rule, $if_real, TRUE);
+ else
+ return FALSE;
+ return TRUE;
+
+ case 'stop':
+ if ($service == "snort")
+ snort_stop($rule, $if_real);
+ elseif ($service == "barnyard2")
+ snort_barnyard_stop($rule, $if_real);
+ else
+ return FALSE;
+ return TRUE;
+
+ case 'restart':
+ if ($service == "snort") {
+ snort_stop($rule, $if_real);
+ sleep(1);
+ snort_start($rule, $if_real, TRUE);
+ }
+ elseif ($service == "barnyard2") {
+ snort_barnyard_stop($rule, $if_real);
+ sleep(1);
+ snort_barnyard_start($rule, $if_real, TRUE);
+ }
+ else
+ return FALSE;
+ return TRUE;
+
+ case 'status':
+ if (isvalidpid("{$g['varrun_path']}/{$service}_{$if_real}{$uuid}.pid"))
+ return TRUE;
+ else
+ return FALSE;
+
+ default:
+ log_error(gettext("[Snort] error in snort_service_utils.php ... unrecognized action '{$action}' provided."));
+ return FALSE;
+ }
+ }
+}
+
+?>