aboutsummaryrefslogtreecommitdiffstats
path: root/config/snort
diff options
context:
space:
mode:
authorbmeeks8 <bmeeks8@bellsouth.net>2013-10-08 16:31:18 -0400
committerbmeeks8 <bmeeks8@bellsouth.net>2013-10-08 16:31:18 -0400
commit38568b846709678742d736aee55483b32e9ab677 (patch)
tree5fd59a1590b17b07700919eb773fd814c43662e4 /config/snort
parent8ea4a9aaf0c8ae4df6679113a5c67b9af51719df (diff)
downloadpfsense-packages-38568b846709678742d736aee55483b32e9ab677.tar.gz
pfsense-packages-38568b846709678742d736aee55483b32e9ab677.tar.bz2
pfsense-packages-38568b846709678742d736aee55483b32e9ab677.zip
Add support for Emerging Threats Pro ruleset
Diffstat (limited to 'config/snort')
-rwxr-xr-xconfig/snort/snort.inc5
-rwxr-xr-xconfig/snort/snort_check_for_rule_updates.php135
-rwxr-xr-xconfig/snort/snort_download_updates.php26
-rw-r--r--config/snort/snort_interfaces_global.php98
-rwxr-xr-xconfig/snort/snort_rulesets.php25
5 files changed, 200 insertions, 89 deletions
diff --git a/config/snort/snort.inc b/config/snort/snort.inc
index bce9c2a3..e6039510 100755
--- a/config/snort/snort.inc
+++ b/config/snort/snort.inc
@@ -67,12 +67,9 @@ else {
/* Define some useful constants for Snort */
define("SNORTLOGDIR", "/var/log/snort");
-define("VRT_DNLD_FILENAME", "snortrules-snapshot-2946.tar.gz");
-define("VRT_DNLD_URL", "https://www.snort.org/reg-rules/");
-define("ET_VERSION", "2.9.0");
define("ET_DNLD_FILENAME", "emerging.rules.tar.gz");
+define("ETPRO_DNLD_FILENAME", "etpro.rules.tar.gz");
define("GPLV2_DNLD_FILENAME", "community-rules.tar.gz");
-define("GPLV2_DNLD_URL", "https://s3.amazonaws.com/snort-org/www/rules/community/");
define("FLOWBITS_FILENAME", "flowbit-required.rules");
define("ENFORCING_RULES_FILENAME", "snort.rules");
define("RULES_UPD_LOGFILE", SNORTLOGDIR . "/snort_rules_update.log");
diff --git a/config/snort/snort_check_for_rule_updates.php b/config/snort/snort_check_for_rule_updates.php
index 30da4b74..21eb7bd2 100755
--- a/config/snort/snort_check_for_rule_updates.php
+++ b/config/snort/snort_check_for_rule_updates.php
@@ -35,29 +35,25 @@ require_once "/usr/local/pkg/snort/snort.inc";
global $g, $pkg_interface, $snort_gui_include, $rebuild_rules;
-
-if (!defined("VRT_DNLD_FILENAME"))
- define("VRT_DNLD_FILENAME", "snortrules-snapshot-2946.tar.gz");
if (!defined("VRT_DNLD_URL"))
define("VRT_DNLD_URL", "https://www.snort.org/reg-rules/");
if (!defined("ET_VERSION"))
define("ET_VERSION", "2.9.0");
if (!defined("ET_BASE_DNLD_URL"))
define("ET_BASE_DNLD_URL", "http://rules.emergingthreats.net/");
+if (!defined("ETPRO_BASE_DNLD_URL"))
+ define("ETPRO_BASE_DNLD_URL", "https://rules.emergingthreatspro.com/");
if (!defined("ET_DNLD_FILENAME"))
define("ET_DNLD_FILENAME", "emerging.rules.tar.gz");
+if (!defined("ETPRO_DNLD_FILENAME"))
+ define("ETPRO_DNLD_FILENAME", "etpro.rules.tar.gz");
if (!defined("GPLV2_DNLD_FILENAME"))
define("GPLV2_DNLD_FILENAME", "community-rules.tar.gz");
if (!defined("GPLV2_DNLD_URL"))
define("GPLV2_DNLD_URL", "https://s3.amazonaws.com/snort-org/www/rules/community/");
-if (!defined("FLOWBITS_FILENAME"))
- define("FLOWBITS_FILENAME", "flowbit-required.rules");
-if (!defined("ENFORCING_RULES_FILENAME"))
- define("ENFORCING_RULES_FILENAME", "snort.rules");
if (!defined("RULES_UPD_LOGFILE"))
define("RULES_UPD_LOGFILE", SNORTLOGDIR . "/snort_rules_update.log");
-
$snortdir = SNORTDIR;
$snortlibdir = SNORTLIBDIR;
$snortlogdir = SNORTLOGDIR;
@@ -72,8 +68,10 @@ else
/* define checks */
$oinkid = $config['installedpackages']['snortglobal']['oinkmastercode'];
+$etproid = $config['installedpackages']['snortglobal']['etpro_code'];
$snortdownload = $config['installedpackages']['snortglobal']['snortdownload'];
$emergingthreats = $config['installedpackages']['snortglobal']['emergingthreats'];
+$etpro = $config['installedpackages']['snortglobal']['emergingthreats_pro'];
$snortcommunityrules = $config['installedpackages']['snortglobal']['snortcommunityrules'];
$vrt_enabled = $config['installedpackages']['snortglobal']['snortdownload'];
$et_enabled = $config['installedpackages']['snortglobal']['emergingthreats'];
@@ -81,19 +79,39 @@ $et_enabled = $config['installedpackages']['snortglobal']['emergingthreats'];
/* Working directory for downloaded rules tarballs */
$tmpfname = "{$snortdir}/tmp/snort_rules_up";
-/* Snort VRT rules filenames and URL */
-$snort_filename = VRT_DNLD_FILENAME;
-$snort_filename_md5 = VRT_DNLD_FILENAME . ".md5";
+/* Grab the Snort binary version programmatically and use it to construct */
+/* the proper Snort VRT rules tarball and md5 filenames. */
+exec("/usr/local/bin/snort -V 2>&1 |/usr/bin/grep Version | /usr/bin/cut -c20-26", $snortver);
+// Save the version with decimal delimiters for use in extracting the rules
+$snort_version = $snortver[0];
+// Create a collapsed version string for use in the tarball filename
+$snortver[0] = str_replace(".", "", $snortver[0]);
+$snort_filename = "snortrules-snapshot-{$snortver[0]}.tar.gz";
+$snort_filename_md5 = "{$snort_filename}.md5";
$snort_rule_url = VRT_DNLD_URL;
-/* Emerging Threats rules filenames and URL */
-$emergingthreats_filename = ET_DNLD_FILENAME;
-$emergingthreats_filename_md5 = ET_DNLD_FILENAME . ".md5";
-$emerging_threats_version = ET_VERSION;
-$emergingthreats_url = ET_BASE_DNLD_URL;
-// If using Sourcefire VRT rules with ET, then we should use the open-nogpl ET rules
-$emergingthreats_url .= $vrt_enabled == "on" ? "open-nogpl/" : "open/";
-$emergingthreats_url .= "snort-" . ET_VERSION . "/";
+/* Set up Emerging Threats rules filenames and URL */
+if ($etpro == "on") {
+ $emergingthreats_filename = ETPRO_DNLD_FILENAME;
+ $emergingthreats_filename_md5 = ETPRO_DNLD_FILENAME . ".md5";
+ $emergingthreats_url = ETPRO_BASE_DNLD_URL;
+ $emergingthreats_url .= "{$etproid}/snort-" . ET_VERSION . "/";
+ $emergingthreats = "on";
+ $et_name = "Emerging Threats Pro";
+ $et_md5_remove = ET_DNLD_FILENAME . ".md5";
+ @unlink("{$snortdir}/{$et_md5_remove}");
+}
+else {
+ $emergingthreats_filename = ET_DNLD_FILENAME;
+ $emergingthreats_filename_md5 = ET_DNLD_FILENAME . ".md5";
+ $emergingthreats_url = ET_BASE_DNLD_URL;
+ // If using Sourcefire VRT rules with ET, then we should use the open-nogpl ET rules
+ $emergingthreats_url .= $vrt_enabled == "on" ? "open-nogpl/" : "open/";
+ $emergingthreats_url .= "snort-" . ET_VERSION . "/";
+ $et_name = "Emerging Threats Open";
+ $et_md5_remove = ETPRO_DNLD_FILENAME . ".md5";
+ @unlink("{$snortdir}/{$et_md5_remove}");
+}
/* Snort GPLv2 Community Rules filenames and URL */
$snort_community_rules_filename = GPLV2_DNLD_FILENAME;
@@ -418,34 +436,34 @@ if ($snortcommunityrules == 'on') {
/* download md5 sig from emergingthreats.net */
if ($emergingthreats == 'on') {
if ($pkg_interface <> "console")
- update_status(gettext("Downloading EmergingThreats md5 file..."));
- error_log(gettext("\tDownloading EmergingThreats md5 file '{$emergingthreats_filename_md5}'...\n"), 3, $snort_rules_upd_log);
+ update_status(gettext("Downloading {$et_name} md5 file..."));
+ error_log(gettext("\tDownloading {$et_name} md5 file '{$emergingthreats_filename_md5}'...\n"), 3, $snort_rules_upd_log);
$rc = snort_download_file_url("{$emergingthreats_url}{$emergingthreats_filename_md5}", "{$tmpfname}/{$emergingthreats_filename_md5}");
if ($rc === true) {
if ($pkg_interface <> "console")
- update_status(gettext("Done downloading EmergingThreats md5 file {$emergingthreats_filename_md5}"));
- error_log(gettext("\tChecking EmergingThreats md5.\n"), 3, $snort_rules_upd_log);
+ update_status(gettext("Done downloading {$et_name} md5 file {$emergingthreats_filename_md5}"));
+ error_log(gettext("\tChecking {$et_name} md5.\n"), 3, $snort_rules_upd_log);
if (file_exists("{$snortdir}/{$emergingthreats_filename_md5}") && $emergingthreats == "on") {
/* Check if were up to date emergingthreats.net */
$emerg_md5_check_new = file_get_contents("{$tmpfname}/{$emergingthreats_filename_md5}");
$emerg_md5_check_old = file_get_contents("{$snortdir}/{$emergingthreats_filename_md5}");
if ($emerg_md5_check_new == $emerg_md5_check_old) {
if ($pkg_interface <> "console")
- update_status(gettext("Emerging Threats rules are up to date..."));
- log_error(gettext("[Snort] Emerging Threat rules are up to date..."));
- error_log(gettext("\tEmerging Threats rules are up to date.\n"), 3, $snort_rules_upd_log);
+ update_status(gettext("{$et_name} rules are up to date..."));
+ log_error(gettext("[Snort] {$et_name} rules are up to date..."));
+ error_log(gettext("\t{$et_name} rules are up to date.\n"), 3, $snort_rules_upd_log);
$emergingthreats = 'off';
}
}
}
else {
if ($pkg_interface <> "console")
- update_output_window(gettext("EmergingThreats md5 file download failed. EmergingThreats rules will not be updated."));
- log_error(gettext("[Snort] EmergingThreats md5 file download failed. Server returned error code '{$rc}'."));
- error_log(gettext("\tEmergingThreats md5 file download failed. Server returned error code '{$rc}'.\n"), 3, $snort_rules_upd_log);
+ update_output_window(gettext("{$et_name} md5 file download failed. {$et_name} rules will not be updated."));
+ log_error(gettext("[Snort] {$et_name} md5 file download failed. Server returned error code '{$rc}'."));
+ error_log(gettext("\t{$et_name} md5 file download failed. Server returned error code '{$rc}'.\n"), 3, $snort_rules_upd_log);
if ($pkg_interface == "console")
error_log(gettext("\tThe error text is '{$last_curl_error}'\n"), 3, $snort_rules_upd_log);
- error_log(gettext("\tEmergingThreats rules will not be updated.\n"), 3, $snort_rules_upd_log);
+ error_log(gettext("\t{$et_name} rules will not be updated.\n"), 3, $snort_rules_upd_log);
$emergingthreats = 'off';
}
}
@@ -453,9 +471,9 @@ if ($emergingthreats == 'on') {
/* download emergingthreats rules file */
if ($emergingthreats == "on") {
if ($pkg_interface <> "console")
- update_status(gettext("There is a new set of EmergingThreats rules posted. Downloading {$emergingthreats_filename}..."));
- log_error(gettext("[Snort] There is a new set of EmergingThreats rules posted. Downloading..."));
- error_log(gettext("\tThere is a new set of EmergingThreats rules posted.\n"), 3, $snort_rules_upd_log);
+ update_status(gettext("There is a new set of {$et_name} rules posted. Downloading {$emergingthreats_filename}..."));
+ log_error(gettext("[Snort] There is a new set of {$et_name} rules posted. Downloading..."));
+ error_log(gettext("\tThere is a new set of {$et_name} rules posted.\n"), 3, $snort_rules_upd_log);
error_log(gettext("\tDownloading file '{$emergingthreats_filename}'...\n"), 3, $snort_rules_upd_log);
$rc = snort_download_file_url("{$emergingthreats_url}{$emergingthreats_filename}", "{$tmpfname}/{$emergingthreats_filename}");
@@ -463,29 +481,29 @@ if ($emergingthreats == "on") {
if ($rc === true) {
if (trim(file_get_contents("{$tmpfname}/{$emergingthreats_filename_md5}")) != trim(md5_file("{$tmpfname}/{$emergingthreats_filename}"))){
if ($pkg_interface <> "console")
- update_output_window(gettext("EmergingThreats rules file MD5 checksum failed..."));
- log_error(gettext("[Snort] EmergingThreats rules file download failed. Bad MD5 checksum..."));
+ update_output_window(gettext("{$et_name} rules file MD5 checksum failed..."));
+ log_error(gettext("[Snort] {$et_name} rules file download failed. Bad MD5 checksum..."));
log_error(gettext("[Snort] Failed File MD5: " . md5_file("{$tmpfname}/{$emergingthreats_filename}")));
log_error(gettext("[Snort] Expected File MD5: " . file_get_contents("{$tmpfname}/{$emergingthreats_filename_md5}")));
- error_log(gettext("\tEmergingThreats rules file download failed. EmergingThreats rules will not be updated.\n"), 3, $snort_rules_upd_log);
+ error_log(gettext("\t{$et_name} rules file download failed. {$et_name} rules will not be updated.\n"), 3, $snort_rules_upd_log);
error_log(gettext("\tDownloaded ET file MD5: " . md5_file("{$tmpfname}/{$emergingthreats_filename}") . "\n"), 3, $snort_rules_upd_log);
error_log(gettext("\tExpected ET file MD5: " . file_get_contents("{$tmpfname}/{$emergingthreats_filename_md5}") . "\n"), 3, $snort_rules_upd_log);
$emergingthreats = 'off';
}
else {
if ($pkg_interface <> "console")
- update_status(gettext('Done downloading EmergingThreats rules file.'));
- log_error("[Snort] EmergingThreats rules file update downloaded successfully");
- error_log(gettext("\tDone downloading EmergingThreats rules file.\n"), 3, $snort_rules_upd_log);
+ update_status(gettext('Done downloading {$et_name} rules file.'));
+ log_error("[Snort] {$et_name} rules file update downloaded successfully");
+ error_log(gettext("\tDone downloading {$et_name} rules file.\n"), 3, $snort_rules_upd_log);
}
}
else {
if ($pkg_interface <> "console") {
- update_status(gettext("The server returned error code {$rc} ... skipping EmergingThreats update..."));
- update_output_window(gettext("EmergingThreats rules file download failed..."));
+ update_status(gettext("The server returned error code {$rc} ... skipping {$et_name} update..."));
+ update_output_window(gettext("{$et_name} rules file download failed..."));
}
- log_error(gettext("[Snort] EmergingThreats rules file download failed. Server returned error '{$rc}'..."));
- error_log(gettext("\tEmergingThreats rules file download failed. Server returned error '{$rc}'...\n"), 3, $snort_rules_upd_log);
+ log_error(gettext("[Snort] {$et_name} rules file download failed. Server returned error '{$rc}'..."));
+ error_log(gettext("\t{$et_name} rules file download failed. Server returned error '{$rc}'...\n"), 3, $snort_rules_upd_log);
if ($pkg_interface == "console")
error_log(gettext("\tThe error text is '{$last_curl_error}'\n"), 3, $snort_rules_upd_log);
$emergingthreats = 'off';
@@ -497,22 +515,34 @@ if ($emergingthreats == 'on') {
safe_mkdir("{$snortdir}/tmp/emerging");
if (file_exists("{$tmpfname}/{$emergingthreats_filename}")) {
if ($pkg_interface <> "console") {
- update_status(gettext("Extracting EmergingThreats.org rules..."));
- update_output_window(gettext("Installing EmergingThreats rules..."));
+ update_status(gettext("Extracting {$et_name} rules..."));
+ update_output_window(gettext("Installing {$et_name} rules..."));
}
- error_log(gettext("\tExtracting and installing EmergingThreats.org rules...\n"), 3, $snort_rules_upd_log);
+ error_log(gettext("\tExtracting and installing {$et_name} rules...\n"), 3, $snort_rules_upd_log);
exec("/usr/bin/tar xzf {$tmpfname}/{$emergingthreats_filename} -C {$snortdir}/tmp/emerging rules/");
+ /* Remove the old Emerging Threats rules files */
+ array_map('unlink', glob("{$snortdir}/rules/emerging-*.rules"));
+ array_map('unlink', glob("{$snortdir}/rules/etpro-*.rules"));
+ array_map('unlink', glob("{$snortdir}/rules/emerging-*ips.txt"));
+ array_map('unlink', glob("{$snortdir}/rules/etpro-*ips.txt"));
+
$files = glob("{$snortdir}/tmp/emerging/rules/*.rules");
foreach ($files as $file) {
$newfile = basename($file);
- @copy($file, "{$snortdir}/rules/{$newfile}");
+ if ($etpro == "on")
+ @copy($file, "{$snortdir}/rules/etpro-{$newfile}");
+ else
+ @copy($file, "{$snortdir}/rules/{$newfile}");
}
/* IP lists for Emerging Threats rules */
$files = glob("{$snortdir}/tmp/emerging/rules/*ips.txt");
foreach ($files as $file) {
$newfile = basename($file);
- @copy($file, "{$snortdir}/rules/{$newfile}");
+ if ($etpro == "on")
+ @copy($file, "{$snortdir}/rules/etpro-{$newfile}");
+ else
+ @copy($file, "{$snortdir}/rules/emerging-{$newfile}");
}
/* base etc files for Emerging Threats rules */
foreach (array("classification.config", "reference.config", "gen-msg.map", "unicode.map") as $file) {
@@ -527,10 +557,10 @@ if ($emergingthreats == 'on') {
@copy("{$tmpfname}/{$emergingthreats_filename_md5}", "{$snortdir}/{$emergingthreats_filename_md5}");
}
if ($pkg_interface <> "console") {
- update_status(gettext("Extraction of EmergingThreats.org rules completed..."));
- update_output_window(gettext("Installation of EmergingThreats rules completed..."));
+ update_status(gettext("Extraction of {$et_name} rules completed..."));
+ update_output_window(gettext("Installation of {$et_name} rules completed..."));
}
- error_log(gettext("\tInstallation of EmergingThreats.org rules completed.\n"), 3, $snort_rules_upd_log);
+ error_log(gettext("\tInstallation of {$et_name} rules completed.\n"), 3, $snort_rules_upd_log);
exec("rm -r {$snortdir}/tmp/emerging");
}
}
@@ -544,6 +574,9 @@ if ($snortdownload == 'on') {
if (substr(php_uname("r"), 0, 1) == '9')
$freebsd_version_so = 'FreeBSD-9-0';
+ /* Remove the old Snort rules files */
+ array_map('unlink', glob("{$snortdir}/rules/snort_*.rules"));
+
if ($pkg_interface <> "console") {
update_status(gettext("Extracting Snort VRT rules..."));
update_output_window(gettext("Installing Sourcefire VRT rules..."));
diff --git a/config/snort/snort_download_updates.php b/config/snort/snort_download_updates.php
index 1f87fbbc..09ab646a 100755
--- a/config/snort/snort_download_updates.php
+++ b/config/snort/snort_download_updates.php
@@ -40,8 +40,14 @@ require_once("/usr/local/pkg/snort/snort.inc");
$snortdir = SNORTDIR;
$snort_rules_upd_log = RULES_UPD_LOGFILE;
$log = $snort_rules_upd_log;
-$snort_rules_file = VRT_DNLD_FILENAME;
-$emergingthreats_filename = ET_DNLD_FILENAME;
+
+/* Grab the Snort binary version programmatically and */
+/* use it to construct the proper Snort VRT rules */
+/* tarball filename. */
+exec("/usr/local/bin/snort -V 2>&1 |/usr/bin/grep Version | /usr/bin/cut -c20-26", $snortver);
+$snortver[0] = str_replace(".", "", $snortver[0]);
+$snort_rules_file = "snortrules-snapshot-{$snortver[0]}.tar.gz";
+//$snort_rules_file = VRT_DNLD_FILENAME;
$snort_community_rules_filename = GPLV2_DNLD_FILENAME;
/* load only javascript that is needed */
@@ -49,8 +55,18 @@ $snort_load_jquery = 'yes';
$snort_load_jquery_colorbox = 'yes';
$snortdownload = $config['installedpackages']['snortglobal']['snortdownload'];
$emergingthreats = $config['installedpackages']['snortglobal']['emergingthreats'];
+$etpro = $config['installedpackages']['snortglobal']['emergingthreats_pro'];
$snortcommunityrules = $config['installedpackages']['snortglobal']['snortcommunityrules'];
+if ($etpro == "on") {
+ $emergingthreats_filename = ETPRO_DNLD_FILENAME;
+ $et_name = "EMERGING THREATS PRO RULES";
+}
+else {
+ $emergingthreats_filename = ET_DNLD_FILENAME;
+ $et_name = "EMERGING THREATS RULES";
+}
+
/* quick md5s chk */
$snort_org_sig_chk_local = 'N/A';
if (file_exists("{$snortdir}/{$snort_rules_file}.md5"))
@@ -138,9 +154,9 @@ h += 96;
<p style="text-align: left; margin-left: 225px;">
<font color="#777777" size="2.5px">
<b><?php echo gettext("INSTALLED RULESET SIGNATURES"); ?></b></font><br/><br/>
- <font color="#FF850A" size="1px"><b>SNORT.ORG&nbsp;&nbsp;--></b></font>
+ <font color="#FF850A" size="1px"><b>SNORT VRT RULES&nbsp;&nbsp;--></b></font>
<font size="1px" color="#000000">&nbsp;&nbsp;<? echo $snort_org_sig_chk_local; ?></font><br/>
- <font color="#FF850A" size="1px"><b>EMERGINGTHREATS.NET&nbsp;&nbsp;--></b></font>
+ <font color="#FF850A" size="1px"><b><?=$et_name;?>&nbsp;&nbsp;--></b></font>
<font size="1px" color="#000000">&nbsp;&nbsp;<? echo $emergingt_net_sig_chk_local; ?></font><br/>
<font color="#FF850A" size="1px"><b>SNORT GPLv2 COMMUNITY RULES&nbsp;&nbsp;--></b></font>
<font size="1px" color="#000000">&nbsp;&nbsp;<? echo $snort_community_sig_chk_local; ?></font><br/>
@@ -160,7 +176,7 @@ h += 96;
<?php
- if ($snortdownload != 'on' && $emergingthreats != 'on') {
+ if ($snortdownload != 'on' && $emergingthreats != 'on' && $etpro != 'on') {
echo '
<button disabled="disabled"><span class="download">' . gettext("Update Rules") . '</span></button><br/>
<p style="text-align:left; margin-left:150px;">
diff --git a/config/snort/snort_interfaces_global.php b/config/snort/snort_interfaces_global.php
index d28ec2b4..089255b6 100644
--- a/config/snort/snort_interfaces_global.php
+++ b/config/snort/snort_interfaces_global.php
@@ -44,7 +44,9 @@ $snortdir = SNORTDIR;
/* make things short */
$pconfig['snortdownload'] = $config['installedpackages']['snortglobal']['snortdownload'];
$pconfig['oinkmastercode'] = $config['installedpackages']['snortglobal']['oinkmastercode'];
+$pconfig['etpro_code'] = $config['installedpackages']['snortglobal']['etpro_code'];
$pconfig['emergingthreats'] = $config['installedpackages']['snortglobal']['emergingthreats'];
+$pconfig['emergingthreats_pro'] = $config['installedpackages']['snortglobal']['emergingthreats_pro'];
$pconfig['rm_blocked'] = $config['installedpackages']['snortglobal']['rm_blocked'];
$pconfig['snortloglimit'] = $config['installedpackages']['snortglobal']['snortloglimit'];
$pconfig['snortloglimitsize'] = $config['installedpackages']['snortglobal']['snortloglimitsize'];
@@ -63,14 +65,22 @@ if ($_POST['rule_update_starttime']) {
$input_errors[] = "Invalid Rule Update Start Time! Please supply a value in 24-hour format as 'HH:MM'.";
}
+if ($_POST['snortdownload'] == "on" && empty($_POST['oinkmastercode']))
+ $input_errors[] = "You must supply an Oinkmaster code in the box provided in order to enable Snort VRT rules!";
+
+if ($_POST['emergingthreats_pro'] == "on" && empty($_POST['etpro_code']))
+ $input_errors[] = "You must supply a subscription code in the box provided in order to enable Emerging Threats Pro rules!";
+
/* if no errors move foward */
if (!$input_errors) {
if ($_POST["Submit"]) {
- $config['installedpackages']['snortglobal']['snortdownload'] = $_POST['snortdownload'];
+ $config['installedpackages']['snortglobal']['snortdownload'] = $_POST['snortdownload'] ? 'on' : 'off';
$config['installedpackages']['snortglobal']['oinkmastercode'] = $_POST['oinkmastercode'];
$config['installedpackages']['snortglobal']['snortcommunityrules'] = $_POST['snortcommunityrules'] ? 'on' : 'off';
$config['installedpackages']['snortglobal']['emergingthreats'] = $_POST['emergingthreats'] ? 'on' : 'off';
+ $config['installedpackages']['snortglobal']['emergingthreats_pro'] = $_POST['emergingthreats_pro'] ? 'on' : 'off';
+ $config['installedpackages']['snortglobal']['etpro_code'] = $_POST['etpro_code'];
$config['installedpackages']['snortglobal']['rm_blocked'] = $_POST['rm_blocked'];
if ($_POST['snortloglimitsize']) {
@@ -160,19 +170,14 @@ if ($input_errors)
<td width="78%" class="vtable">
<table width="100%" border="0" cellpadding="2" cellspacing="0">
<tr>
- <td><input name="snortdownload" type="radio" id="snortdownload" value="off" onclick="enable_snort_vrt('off')"
- <?php if($pconfig['snortdownload']=='off' || $pconfig['snortdownload']=='') echo 'checked'; ?> >&nbsp;&nbsp;</td>
- <td><span class="vexpl"><?php printf(gettext("Do %sNOT%s Install"), '<strong>', '</strong>'); ?></span></td>
- </tr>
- <tr>
- <td><input name="snortdownload" type="radio" id="snortdownload" value="on" onclick="enable_snort_vrt('on')"
+ <td><input name="snortdownload" type="checkbox" id="snortdownload" value="on" onclick="enable_snort_vrt();"
<?php if($pconfig['snortdownload']=='on') echo 'checked'; ?>></td>
- <td><span class="vexpl"><?php echo gettext("Install Basic Rules or Premium rules"); ?></span></td>
+ <td><span class="vexpl"><?php echo gettext("Snort VRT free Registered User or paid Subscriber rules"); ?></span></td>
<tr>
<td>&nbsp;</td>
- <td><a href="https://www.snort.org/signup" target="_blank"><?php echo gettext("Sign Up for a Basic Rule Account"); ?> </a><br>
+ <td><a href="https://www.snort.org/signup" target="_blank"><?php echo gettext("Sign Up for a free Registered User Rule Account"); ?> </a><br>
<a href="http://www.snort.org/vrt/buy-a-subscription" target="_blank">
- <?php echo gettext("Sign Up for Sourcefire VRT Certified Premium Rules. This Is Highly Recommended"); ?></a></td>
+ <?php echo gettext("Sign Up for paid Sourcefire VRT Certified Subscriber Rules"); ?></a></td>
</tr>
<tr>
<td colspan="2">&nbsp;</td>
@@ -180,17 +185,17 @@ if ($input_errors)
</table>
<table width="100%" border="0" cellpadding="2" cellspacing="0">
<tr>
- <td colspan="2" valign="top"><b><span class="vexpl"><?php echo gettext("Oinkmaster Configuration"); ?></span></b></td>
+ <td colspan="2" valign="top"><b><span class="vexpl"><?php echo gettext("Snort VRT Oinkmaster Configuration"); ?></span></b></td>
</tr>
<tr>
- <td valign="top"><span class="vexpl"><strong><?php echo gettext("Code"); ?></strong></span></td>
+ <td valign="top"><span class="vexpl"><strong><?php echo gettext("Code:"); ?></strong></span></td>
<td><input name="oinkmastercode" type="text"
class="formfld" id="oinkmastercode" size="52"
value="<?=htmlspecialchars($pconfig['oinkmastercode']);?>"
<?php if($pconfig['snortdownload']<>'on') echo 'disabled'; ?>><br>
<?php echo gettext("Obtain a snort.org Oinkmaster code and paste it here."); ?></td>
</tr>
- </table>
+ </table>
</tr>
<tr>
<td width="22%" valign="top" class="vncell"><?php printf(gettext("Install %sSnort Community%s " .
@@ -198,7 +203,7 @@ if ($input_errors)
<td width="78%" class="vtable">
<table width="100%" border="0" cellpadding="2" cellspacing="0">
<tr>
- <td valign="top" width="8%"><input name="snortcommunityrules" type="checkbox" value="yes"
+ <td valign="top" width="8%"><input name="snortcommunityrules" type="checkbox" value="on"
<?php if ($config['installedpackages']['snortglobal']['snortcommunityrules']=="on") echo "checked"; ?> ></td>
<td><span class="vexpl"><?php echo gettext("The Snort Community Ruleset is a GPLv2 VRT certified ruleset that is distributed free of charge " .
"without any VRT License restrictions. This ruleset is updated daily and is a subset of the subscriber ruleset."); ?>
@@ -212,11 +217,41 @@ if ($input_errors)
<td width="78%" class="vtable">
<table width="100%" border="0" cellpadding="2" cellspacing="0">
<tr>
- <td valign="top" width="8%"><input name="emergingthreats" type="checkbox" value="yes"
- <?php if ($config['installedpackages']['snortglobal']['emergingthreats']=="on") echo "checked"; ?>>
- <td><span class="vexpl"><?php echo gettext("Emerging Threats is an open source community that produces fast " .
- "moving and diverse Snort Rules."); ?></span></td>
+ <td valign="top" width="8%"><input name="emergingthreats" type="checkbox" value="on" onclick="enable_et_rules();"
+ <?php if ($config['installedpackages']['snortglobal']['emergingthreats']=="on") echo "checked"; ?>></td>
+ <td><span class="vexpl"><?php echo gettext("ETOpen is an open source set of Snort rules whose coverage " .
+ "is more limited than ETPro."); ?></span></td>
+ </tr>
+ <tr>
+ <td valign="top" width="8%"><input name="emergingthreats_pro" type="checkbox" value="on" onclick="enable_etpro_rules();"
+ <?php if ($config['installedpackages']['snortglobal']['emergingthreats_pro']=="on") echo "checked"; ?>></td>
+ <td><span class="vexpl"><?php echo gettext("ETPro for Snort offers daily updates and extensive coverage of current malware threats."); ?></span></td>
</tr>
+ <tr>
+ <td>&nbsp;</td>
+ <td><a href="http://www.emergingthreats.net/solutions/etpro-ruleset/" target="_blank"><?php echo gettext("Sign Up for an ETPro Account"); ?> </a></td>
+ </tr>
+ <tr>
+ <td>&nbsp;</td>
+ <td class="vexpl"><?php echo "<span class='red'><strong>" . gettext("Note:") . "</strong></span>" . "&nbsp;" .
+ gettext("The ETPro rules contain all of the ETOpen rules, so the ETOpen rules are not required and are disabled when the ETPro rules are selected."); ?></td>
+ </tr>
+ <tr>
+ <td colspan="2">&nbsp;</td>
+ </tr>
+ </table>
+ <table width="100%" border="0" cellpadding="2" cellspacing="0">
+ <tr>
+ <td colspan="2" valign="top"><b><span class="vexpl"><?php echo gettext("ETPro Subscription Configuration"); ?></span></b></td>
+ </tr>
+ <tr>
+ <td valign="top"><span class="vexpl"><strong><?php echo gettext("Code:"); ?></strong></span></td>
+ <td><input name="etpro_code" type="text"
+ class="formfld" id="etpro_code" size="52"
+ value="<?=htmlspecialchars($pconfig['etpro_code']);?>"
+ <?php if($pconfig['emergingthreats_pro']<>'on') echo 'disabled'; ?>><br>
+ <?php echo gettext("Obtain an ETPro subscription code and paste it here."); ?></td>
+ </tr>
</table>
</td>
</tr>
@@ -330,13 +365,28 @@ if ($input_errors)
<script language="JavaScript">
<!--
-function enable_snort_vrt(btn) {
- if (btn == 'off') {
- document.iform.oinkmastercode.disabled = "true";
+function enable_snort_vrt() {
+ var endis = !(document.iform.snortdownload.checked);
+ document.iform.oinkmastercode.disabled = endis;
+ document.iform.etpro_code.disabled = endis;
+}
+
+function enable_et_rules() {
+ var endis = document.iform.emergingthreats.checked;
+ if (endis) {
+ document.iform.emergingthreats_pro.checked = !(endis);
+ document.iform.etpro_code.disabled = "true";
}
- if (btn == 'on') {
- document.iform.oinkmastercode.disabled = "";
- }
+}
+
+function enable_etpro_rules() {
+ var endis = document.iform.emergingthreats_pro.checked;
+ if (endis) {
+ document.iform.emergingthreats.checked = !(endis);
+ document.iform.etpro_code.disabled = "";
+ }
+ else
+ document.iform.etpro_code.disabled = "true";
}
function enable_change_rules_upd() {
diff --git a/config/snort/snort_rulesets.php b/config/snort/snort_rulesets.php
index 7ec0edbd..3c613f84 100755
--- a/config/snort/snort_rulesets.php
+++ b/config/snort/snort_rulesets.php
@@ -63,6 +63,7 @@ $if_real = snort_get_real_interface($pconfig['interface']);
$snort_uuid = $a_nat[$id]['uuid'];
$snortdownload = $config['installedpackages']['snortglobal']['snortdownload'];
$emergingdownload = $config['installedpackages']['snortglobal']['emergingthreats'];
+$etpro = $config['installedpackages']['snortglobal']['emergingthreats_pro'];
$snortcommunitydownload = $config['installedpackages']['snortglobal']['snortcommunityrules'];
$no_emerging_files = false;
@@ -70,10 +71,13 @@ $no_snort_files = false;
$no_community_files = false;
/* Test rule categories currently downloaded to $SNORTDIR/rules and set appropriate flags */
-$test = glob("{$snortdir}/rules/emerging-*.rules");
+if (($etpro == 'off' || empty($etpro)) && $emergingdownload == 'on')
+ $test = glob("{$snortdir}/rules/emerging-*.rules");
+elseif ($etpro == 'on' && ($emergingdownload == 'off' || empty($emergingdownload)))
+ $test = glob("{$snortdir}/rules/etpro-*.rules");
if (empty($test))
$no_emerging_files = true;
-$test = glob("{$snortdir}/rules/snort_*.rules");
+$test = glob("{$snortdir}/rules/snort*.rules");
if (empty($test))
$no_snort_files = true;
if (!file_exists("{$snortdir}/rules/GPLv2_community.rules"))
@@ -184,10 +188,16 @@ if ($_POST['selectall']) {
}
if ($emergingdownload == 'on') {
- $files = glob("{$snortdir}/rules/emerging*.rules");
+ $files = glob("{$snortdir}/rules/emerging-*.rules");
foreach ($files as $file)
$rulesets[] = basename($file);
}
+ elseif ($etpro == 'on') {
+ $files = glob("{$snortdir}/rules/etpro-*.rules");
+ foreach ($files as $file)
+ $rulesets[] = basename($file);
+ }
+
if ($snortcommunitydownload == 'on') {
$files = glob("{$snortdir}/rules/*_community.rules");
foreach ($files as $file)
@@ -421,7 +431,10 @@ if ($savemsg) {
<tr id="frheader">
<?php if ($emergingdownload == 'on' && !$no_emerging_files): ?>
<td width="5%" class="listhdrr" align="center"><?php echo gettext("Enabled"); ?></td>
- <td width="25%" class="listhdrr"><?php echo gettext('Ruleset: Emerging Threats');?></td>
+ <td width="25%" class="listhdrr"><?php echo gettext('Ruleset: ET Open Rules');?></td>
+ <?php elseif ($etpro == 'on' && !$no_emerging_files): ?>
+ <td width="5%" class="listhdrr" align="center"><?php echo gettext("Enabled"); ?></td>
+ <td width="25%" class="listhdrr"><?php echo gettext('Ruleset: ET Pro Rules');?></td>
<?php else: ?>
<td colspan="2" align="center" width="30%" class="listhdrr"><?php echo gettext("Emerging Threats rules not {$msg_emerging}"); ?></td>
<?php endif; ?>
@@ -446,7 +459,9 @@ if ($savemsg) {
$filename = basename($filename);
if (substr($filename, -5) != "rules")
continue;
- if (strstr($filename, "emerging") && $emergingdownload == 'on')
+ if (strstr($filename, "emerging-") && $emergingdownload == 'on')
+ $emergingrules[] = $filename;
+ else if (strstr($filename, "etpro-") && $etpro == 'on')
$emergingrules[] = $filename;
else if (strstr($filename, "snort") && $snortdownload == 'on') {
if (strstr($filename, ".so.rules"))