aboutsummaryrefslogtreecommitdiffstats
path: root/config/snort
diff options
context:
space:
mode:
authorErmal Luçi <eri@pfsense.org>2014-01-13 03:41:15 -0800
committerErmal Luçi <eri@pfsense.org>2014-01-13 03:41:15 -0800
commit13d9babd775498cf1e3b796e07030e946e1cb12a (patch)
treed21f85d6fcbee014b0221e546927548eced3a340 /config/snort
parent141c1dc4774370210c41580da5ba897bc54c8e12 (diff)
parent8e3a6c43552fa36df9dd19a0dd0db312add43d11 (diff)
downloadpfsense-packages-13d9babd775498cf1e3b796e07030e946e1cb12a.tar.gz
pfsense-packages-13d9babd775498cf1e3b796e07030e946e1cb12a.tar.bz2
pfsense-packages-13d9babd775498cf1e3b796e07030e946e1cb12a.zip
Merge pull request #571 from bmeeks8/master
Snort 2.9.5.5 pkg v3.0.2 Update -- Bug Fixes
Diffstat (limited to 'config/snort')
-rwxr-xr-xconfig/snort/snort.inc22
-rwxr-xr-xconfig/snort/snort.xml4
-rwxr-xr-xconfig/snort/snort_alerts.php5
-rw-r--r--config/snort/snort_blocked.php3
-rw-r--r--config/snort/snort_check_cron_misc.inc51
-rwxr-xr-xconfig/snort/snort_define_servers.php2
-rwxr-xr-xconfig/snort/snort_download_updates.php2
-rw-r--r--config/snort/snort_edit_hat_data.php4
-rwxr-xr-xconfig/snort/snort_interfaces.php2
-rwxr-xr-xconfig/snort/snort_interfaces_edit.php2
-rw-r--r--config/snort/snort_interfaces_whitelist_edit.php2
-rw-r--r--config/snort/snort_migrate_config.php2
-rw-r--r--config/snort/snort_post_install.php5
-rwxr-xr-xconfig/snort/snort_preprocessors.php14
-rwxr-xr-xconfig/snort/snort_rules.php10
-rwxr-xr-xconfig/snort/snort_rulesets.php6
16 files changed, 96 insertions, 40 deletions
diff --git a/config/snort/snort.inc b/config/snort/snort.inc
index 79fef4fa..91298838 100755
--- a/config/snort/snort.inc
+++ b/config/snort/snort.inc
@@ -54,7 +54,7 @@ if (empty($snort_version))
$snort_version = "2.9.5.5";
/* package version */
-$pfSense_snort_version = "3.0.1";
+$pfSense_snort_version = "3.0.2";
$snort_package_version = "Snort {$snort_version} pkg v{$pfSense_snort_version}";
// Define SNORTDIR and SNORTLIBDIR constants according to pfSense version
@@ -440,8 +440,8 @@ function snort_build_list($snortcfg, $listname = "", $whitelist = false) {
$gw = get_interface_gateway($snortcfg['interface']);
if (is_ipaddr($gw) && !in_array($gw, $home_net))
$home_net[] = $gw;
- if (function_exists("get_interface_gatewayv6")) {
- $gw = get_interface_gatewayv6($snortcfg['interface']);
+ if (function_exists("get_interface_gateway_v6")) {
+ $gw = get_interface_gateway_v6($snortcfg['interface']);
if (is_ipaddrv6($gw) && !in_array($gw, $home_net))
$home_net[] = $gw;
}
@@ -636,14 +636,14 @@ function snort_get_real_interface($interface) {
}
/*
- this code block is for deleteing logs while keeping the newest file,
+ this code block is for deleting logs while keeping the newest file,
snort is linked to these files while running, do not take the easy way out
by touch and rm, snort will lose sync and not log.
*/
function snort_post_delete_logs($snort_uuid = 0) {
global $config, $g;
- /* do not start config build if rules is empty */
+ /* do nothing if no Snort interfaces active */
if (!is_array($config['installedpackages']['snortglobal']['rule']))
return;
@@ -651,14 +651,21 @@ function snort_post_delete_logs($snort_uuid = 0) {
if ($value['uuid'] != $snort_uuid)
continue;
$if_real = snort_get_real_interface($value['interface']);
- $snort_log_dir = "/var/log/snort/snort_{$if_real}{$snort_uuid}";
+ $snort_log_dir = SNORTLOGDIR . "/snort_{$if_real}{$snort_uuid}";
if ($if_real != '') {
+ /* Clean-up Barnyard2 files if any exist */
$filelist = glob("{$snort_log_dir}/*{$snort_uuid}_{$if_real}.u2.*");
unset($filelist[count($filelist) - 1]);
foreach ($filelist as $file)
@unlink($file);
+ /* Clean-up packet capture files if any exist */
+ $filelist = glob("{$snort_log_dir}/snort.log.*");
+ foreach ($filelist as $file)
+ @unlink($file);
+
+ /* Clean-up stats files if they are enabled */
if ($value['perform_stat'] == 'on') {
$fd = fopen("{$snort_log_dir}/{$if_real}.stats", "w");
if ($fd) {
@@ -670,11 +677,12 @@ function snort_post_delete_logs($snort_uuid = 0) {
}
}
+/* This returns size of passed directory or file in 1024-byte blocks */
function snort_Getdirsize($node) {
if(!is_readable($node))
return false;
- $blah = exec( "/usr/bin/du -kd $node" );
+ $blah = exec( "/usr/bin/du -kdc $node" );
return substr( $blah, 0, strpos($blah, 9) );
}
diff --git a/config/snort/snort.xml b/config/snort/snort.xml
index c50c066a..9d4f1d61 100755
--- a/config/snort/snort.xml
+++ b/config/snort/snort.xml
@@ -47,7 +47,7 @@
<faq>Currently there are no FAQ items provided.</faq>
<name>Snort</name>
<version>2.9.5.5</version>
- <title>Services:2.9.5.5 pkg v3.0.1</title>
+ <title>Services:2.9.5.5 pkg v3.0.2</title>
<include_file>/usr/local/pkg/snort/snort.inc</include_file>
<menu>
<name>Snort</name>
@@ -244,7 +244,7 @@
</custom_add_php_command>
<custom_php_resync_config_command>
<![CDATA[
- if ($GLOBALS['pfSense_snort_version'] == "3.0.1")
+ if ($GLOBALS['pfSense_snort_version'] == "3.0.2")
sync_snort_package_config();
]]>
</custom_php_resync_config_command>
diff --git a/config/snort/snort_alerts.php b/config/snort/snort_alerts.php
index 2b957f61..97174cdd 100755
--- a/config/snort/snort_alerts.php
+++ b/config/snort/snort_alerts.php
@@ -221,16 +221,17 @@ if ($_GET['action'] == "clear" || $_POST['delete']) {
$fd = @fopen("/var/log/snort/snort_{$if_real}{$snort_uuid}/alert", "w+");
if ($fd)
fclose($fd);
- conf_mount_ro();
/* XXX: This is needed if snort is run as snort user */
mwexec('/bin/chmod 660 /var/log/snort/*', true);
if (file_exists("{$g['varrun_path']}/snort_{$if_real}{$snort_uuid}.pid"))
mwexec("/bin/pkill -HUP -F {$g['varrun_path']}/snort_{$if_real}{$snort_uuid}.pid -a");
+ conf_mount_ro();
header("Location: /snort/snort_alerts.php?instance={$instanceid}");
exit;
}
if ($_POST['download']) {
+ conf_mount_rw();
$save_date = exec('/bin/date "+%Y-%m-%d-%H-%M-%S"');
$file_name = "snort_logs_{$save_date}_{$if_real}.tar.gz";
exec("cd /var/log/snort/snort_{$if_real}{$snort_uuid} && /usr/bin/tar -czf /tmp/{$file_name} *");
@@ -255,6 +256,8 @@ if ($_POST['download']) {
}
else
$savemsg = gettext("An error occurred while creating archive");
+
+ conf_mount_ro();
}
/* Load up an array with the current Suppression List GID,SID values */
diff --git a/config/snort/snort_blocked.php b/config/snort/snort_blocked.php
index 8d106a90..95109660 100644
--- a/config/snort/snort_blocked.php
+++ b/config/snort/snort_blocked.php
@@ -63,6 +63,7 @@ if ($_POST['remove']) {
/* TODO: build a file with block ip and disc */
if ($_POST['download'])
{
+ conf_mount_rw();
$blocked_ips_array_save = "";
exec('/sbin/pfctl -t snort2c -T show', $blocked_ips_array_save);
/* build the list */
@@ -104,6 +105,8 @@ if ($_POST['download'])
$savemsg = gettext("An error occurred while creating archive");
} else
$savemsg = gettext("No content on snort block list");
+
+ conf_mount_ro();
}
if ($_POST['save'])
diff --git a/config/snort/snort_check_cron_misc.inc b/config/snort/snort_check_cron_misc.inc
index e988b949..038a11cd 100644
--- a/config/snort/snort_check_cron_misc.inc
+++ b/config/snort/snort_check_cron_misc.inc
@@ -52,28 +52,47 @@ if ($snortloglimit == 'off')
if (!is_array($config['installedpackages']['snortglobal']['rule']))
return;
-$snortloglimitDSKsize = exec('/bin/df -k /var | grep -v "Filesystem" | awk \'{print $4}\'');
+/* Convert Log Limit Size setting from MB to KB */
+$snortloglimitsizeKB = round($snortloglimitsize * 1024);
+$snortlogdirsizeKB = snort_Getdirsize(SNORTLOGDIR);
+if ($snortlogdirsizeKB > 0 && $snortlogdirsizeKB > $snortloglimitsizeKB) {
+ log_error(gettext("[Snort] Log directory size exceeds configured limit of " . number_format($snortloglimitsize) . " MB set on Global Settings tab. All Snort log files will be truncated."));
+ conf_mount_rw();
-foreach ($config['installedpackages']['snortglobal']['rule'] as $value) {
- $if_real = snort_get_real_interface($value['interface']);
- $snort_uuid = $value['uuid'];
- $snort_log_dir = "/var/log/snort/snort_{$if_real}{$snort_uuid}";
+ /* Truncate the Rules Update Log file if it exists */
+ if (file_exists(RULES_UPD_LOGFILE)) {
+ log_error(gettext("[Snort] Truncating the Rules Update Log file..."));
+ $fd = @fopen(RULES_UPD_LOGFILE, "w+");
+ if ($fd)
+ fclose($fd);
+ }
- if (file_exists("{$snort_log_dir}/alert")) {
- $snortlogAlertsizeKB = snort_Getdirsize("{$snort_log_dir}/alert");
- $snortloglimitAlertsizeKB = round($snortlogAlertsizeKB * .70);
- $snortloglimitsizeKB = round($snortloglimitsize * 1024);
+ /* Clean-up the logs for each configured Snort instance */
+ foreach ($config['installedpackages']['snortglobal']['rule'] as $value) {
+ $if_real = snort_get_real_interface($value['interface']);
+ $snort_uuid = $value['uuid'];
+ $snort_log_dir = SNORTLOGDIR . "/snort_{$if_real}{$snort_uuid}";
+ log_error(gettext("[Snort] Truncating logs for {$value['descr']} ({$if_real})..."));
+ snort_post_delete_logs($snort_uuid);
- /* do I need HUP kill ? */
- if (snort_Getdirsize($snort_log_dir) >= $snortloglimitsizeKB ) {
- conf_mount_rw();
- if ($snortlogAlertsizeKB >= $snortloglimitAlertsizeKB)
- @file_put_contents("{$snort_log_dir}/alert", "");
- snort_post_delete_logs($snort_uuid);
- conf_mount_ro();
+ /* Truncate the alert log file if it exists */
+ if (file_exists("{$snort_log_dir}/alert")) {
+ $fd = @fopen("{$snort_log_dir}/alert", "w+");
+ if ($fd)
+ fclose($fd);
}
+ /* This is needed if snort is run as snort user */
+ mwexec('/bin/chmod 660 /var/log/snort/*', true);
+
+ /* Soft-restart Snort process to resync logging */
+ if (file_exists("{$g['varrun_path']}/snort_{$if_real}{$snort_uuid}.pid")) {
+ log_error(gettext("[Snort] Restarting logging on {$value['descr']} ({$if_real})..."));
+ mwexec("/bin/pkill -HUP -F {$g['varrun_path']}/snort_{$if_real}{$snort_uuid}.pid -a");
+ }
}
+ conf_mount_ro();
+ log_error(gettext("[Snort] Automatic clean-up of Snort logs completed."));
}
?>
diff --git a/config/snort/snort_define_servers.php b/config/snort/snort_define_servers.php
index e9fcfcab..7b729208 100755
--- a/config/snort/snort_define_servers.php
+++ b/config/snort/snort_define_servers.php
@@ -131,11 +131,13 @@ if ($_POST) {
$a_nat[$id] = $natent;
+ conf_mount_rw();
write_config();
/* Update the snort conf file for this interface. */
$rebuild_rules = false;
snort_generate_conf($a_nat[$id]);
+ conf_mount_ro();
/* after click go to this page */
header( 'Expires: Sat, 26 Jul 1997 05:00:00 GMT' );
diff --git a/config/snort/snort_download_updates.php b/config/snort/snort_download_updates.php
index 5c9b8210..fc97ab96 100755
--- a/config/snort/snort_download_updates.php
+++ b/config/snort/snort_download_updates.php
@@ -87,8 +87,10 @@ if (file_exists("{$snortdir}/{$snort_community_rules_filename}.md5"))
/* Check for postback to see if we should clear the update log file. */
if (isset($_POST['clear'])) {
+ conf_mount_rw();
if (file_exists("{$snort_rules_upd_log}"))
mwexec("/bin/rm -f {$snort_rules_upd_log}");
+ conf_mount_ro();
}
if (isset($_POST['update'])) {
diff --git a/config/snort/snort_edit_hat_data.php b/config/snort/snort_edit_hat_data.php
index f6d00b0b..9189c936 100644
--- a/config/snort/snort_edit_hat_data.php
+++ b/config/snort/snort_edit_hat_data.php
@@ -61,19 +61,23 @@ else
$pconfig['host_attribute_data'] = "";
if ($_POST['clear']) {
+ conf_mount_rw();
unset($a_nat[$id]['host_attribute_data']);
write_config();
$rebuild_rules = false;
snort_generate_conf($a_nat[$id]);
+ conf_mount_ro();
header("Location: /snort/snort_edit_hat_data.php?id={$id}");
exit;
}
if ($_POST['host_attribute_data']) {
+ conf_mount_rw();
$a_nat[$id]['host_attribute_data'] = base64_encode($_POST['host_attribute_data']);
write_config();
$rebuild_rules = false;
snort_generate_conf($a_nat[$id]);
+ conf_mount_ro();
header("Location: /snort/snort_preprocessors.php?id={$id}");
exit;
}
diff --git a/config/snort/snort_interfaces.php b/config/snort/snort_interfaces.php
index 84273167..15d9addc 100755
--- a/config/snort/snort_interfaces.php
+++ b/config/snort/snort_interfaces.php
@@ -220,7 +220,7 @@ if ($pfsense_stable == 'yes')
<table id="maintable" class="tabcont" width="100%" border="0" cellpadding="0" cellspacing="0">
<tr id="frheader">
<td width="3%" class="list">&nbsp;</td>
- <td width="10%" class="listhdrr"><?php echo gettext("If"); ?></td>
+ <td width="10%" class="listhdrr"><?php echo gettext("Interface"); ?></td>
<td width="13%" class="listhdrr"><?php echo gettext("Snort"); ?></td>
<td width="10%" class="listhdrr"><?php echo gettext("Performance"); ?></td>
<td width="10%" class="listhdrr"><?php echo gettext("Block"); ?></td>
diff --git a/config/snort/snort_interfaces_edit.php b/config/snort/snort_interfaces_edit.php
index 9d488207..0a99e60a 100755
--- a/config/snort/snort_interfaces_edit.php
+++ b/config/snort/snort_interfaces_edit.php
@@ -150,8 +150,10 @@ if ($_POST["Submit"]) {
if ($natent['interface'] != $a_rule[$id]['interface']) {
$oif_real = snort_get_real_interface($a_rule[$id]['interface']);
snort_stop($a_rule[$id], $oif_real);
+ conf_mount_rw();
exec("rm -r /var/log/snort_{$oif_real}" . $a_rule[$id]['uuid']);
exec("mv -f {$snortdir}/snort_" . $a_rule[$id]['uuid'] . "_{$oif_real} {$snortdir}/snort_" . $a_rule[$id]['uuid'] . "_{$if_real}");
+ conf_mount_ro();
}
$a_rule[$id] = $natent;
} else {
diff --git a/config/snort/snort_interfaces_whitelist_edit.php b/config/snort/snort_interfaces_whitelist_edit.php
index cbc31378..882c2b6f 100644
--- a/config/snort/snort_interfaces_whitelist_edit.php
+++ b/config/snort/snort_interfaces_whitelist_edit.php
@@ -100,8 +100,6 @@ if ($_GET['act'] == "import") {
}
if ($_POST['submit']) {
- conf_mount_rw();
-
unset($input_errors);
$pconfig = $_POST;
diff --git a/config/snort/snort_migrate_config.php b/config/snort/snort_migrate_config.php
index 1a555408..61989e99 100644
--- a/config/snort/snort_migrate_config.php
+++ b/config/snort/snort_migrate_config.php
@@ -296,7 +296,7 @@ unset($r);
// Write out the new configuration to disk if we changed anything
if ($updated_cfg) {
- $config['installedpackages']['snortglobal']['snort_config_ver'] = "3.0.1";
+ $config['installedpackages']['snortglobal']['snort_config_ver'] = "3.0.2";
log_error("[Snort] Saving configuration settings in new format...");
write_config();
log_error("[Snort] Settings successfully migrated to new configuration format...");
diff --git a/config/snort/snort_post_install.php b/config/snort/snort_post_install.php
index a7b54503..f79737a2 100644
--- a/config/snort/snort_post_install.php
+++ b/config/snort/snort_post_install.php
@@ -1354,6 +1354,7 @@ EOD;
/*****************************************************************************/
/* This starts the actual post-install code */
/*****************************************************************************/
+conf_mount_rw();
/* Hard kill any running Snort processes that may have been started by any */
/* of the pfSense scripts such as check_reload_status() or rc.start_packages */
@@ -1436,7 +1437,6 @@ if ($config['installedpackages']['snortglobal']['forcekeepsettings'] == 'on') {
/* Add the recurring jobs created above to crontab */
configure_cron();
- conf_mount_ro();
$rebuild_rules = false;
update_output_window(gettext("Finished rebuilding Snort configuration files..."));
@@ -1453,8 +1453,9 @@ if ($config['installedpackages']['snortglobal']['forcekeepsettings'] == 'on') {
}
/* Update Snort package version in configuration */
-$config['installedpackages']['snortglobal']['snort_config_ver'] = "3.0.1";
+$config['installedpackages']['snortglobal']['snort_config_ver'] = "3.0.2";
write_config();
+conf_mount_ro();
/* Done with post-install, so clear flag */
unset($g['snort_postinstall']);
diff --git a/config/snort/snort_preprocessors.php b/config/snort/snort_preprocessors.php
index 289a3941..d1b3e5be 100755
--- a/config/snort/snort_preprocessors.php
+++ b/config/snort/snort_preprocessors.php
@@ -509,25 +509,27 @@ elseif ($_POST['Submit']) {
$natent['stream5_track_udp'] = $_POST['stream5_track_udp'] ? 'on' : 'off';
$natent['stream5_track_icmp'] = $_POST['stream5_track_icmp'] ? 'on' : 'off';
- /* If 'preproc_auto_rule_disable' is off, then clear log file */
- if ($natent['preproc_auto_rule_disable'] == 'off')
- @unlink("{$disabled_rules_log}");
-
if (isset($id) && $a_nat[$id]) {
$a_nat[$id] = $natent;
write_config();
}
- /* Set flag to rebuild rules for this interface */
- $rebuild_rules = true;
+ conf_mount_rw();
/*************************************************/
/* Update the snort.conf file and rebuild the */
/* rules for this interface. */
/*************************************************/
+ $rebuild_rules = true;
snort_generate_conf($natent);
$rebuild_rules = false;
+ /* If 'preproc_auto_rule_disable' is off, then clear log file */
+ if ($natent['preproc_auto_rule_disable'] == 'off')
+ @unlink("{$disabled_rules_log}");
+
+ conf_mount_ro();
+
/*******************************************************/
/* Signal Snort to reload Host Attribute Table if one */
/* is configured and saved. */
diff --git a/config/snort/snort_rules.php b/config/snort/snort_rules.php
index 0434f88f..37b06914 100755
--- a/config/snort/snort_rules.php
+++ b/config/snort/snort_rules.php
@@ -319,21 +319,25 @@ if ($_GET['act'] == "resetall" && !empty($rules_map)) {
}
if ($_POST['clear']) {
+ conf_mount_rw();
unset($a_rule[$id]['customrules']);
write_config();
$rebuild_rules = true;
snort_generate_conf($a_rule[$id]);
$rebuild_rules = false;
+ conf_mount_ro();
header("Location: /snort/snort_rules.php?id={$id}&openruleset={$currentruleset}");
exit;
}
if ($_POST['customrules']) {
+ conf_mount_rw();
$a_rule[$id]['customrules'] = base64_encode($_POST['customrules']);
write_config();
$rebuild_rules = true;
snort_generate_conf($a_rule[$id]);
$rebuild_rules = false;
+ conf_mount_ro();
$output = "";
$retcode = "";
exec("/usr/local/bin/snort -T -c {$snortdir}/snort_{$snort_uuid}_{$if_real}/snort.conf 2>&1", $output, $retcode);
@@ -352,7 +356,7 @@ if ($_POST['customrules']) {
}
else if ($_POST['apply']) {
-
+ conf_mount_rw();
/* Save new configuration */
write_config();
@@ -363,6 +367,10 @@ else if ($_POST['apply']) {
$rebuild_rules = true;
snort_generate_conf($a_rule[$id]);
$rebuild_rules = false;
+ conf_mount_ro();
+
+ /* Soft-restart Snort to live-load new rules */
+ snort_reload_config($a_rule[$id]);
/* Return to this same page */
header("Location: /snort/snort_rules.php?id={$id}&openruleset={$currentruleset}");
diff --git a/config/snort/snort_rulesets.php b/config/snort/snort_rulesets.php
index 62b68a1b..dc37cb10 100755
--- a/config/snort/snort_rulesets.php
+++ b/config/snort/snort_rulesets.php
@@ -118,7 +118,6 @@ if ($a_nat[$id]['ips_policy_enable'] == 'on') {
else
$disable_vrt_rules = "";
-/* alert file */
if ($_POST["Submit"]) {
if ($_POST['ips_policy_enable'] == "on") {
@@ -146,6 +145,7 @@ if ($_POST["Submit"]) {
@unlink("{$snortdir}/snort_{$snort_uuid}_{$if_real}/rules/{$flowbit_rules_file}");
}
+ conf_mount_rw();
write_config();
/*************************************************/
@@ -155,6 +155,10 @@ if ($_POST["Submit"]) {
$rebuild_rules = true;
snort_generate_conf($a_nat[$id]);
$rebuild_rules = false;
+ conf_mount_ro();
+
+ /* Soft-restart Snort to live-load new rules */
+ snort_reload_config($a_nat[$id]);
header("Location: /snort/snort_rulesets.php?id=$id");
exit;