diff options
author | bmeeks8 <bmeeks8@bellsouth.net> | 2014-09-15 20:51:13 -0400 |
---|---|---|
committer | bmeeks8 <bmeeks8@bellsouth.net> | 2014-09-15 20:59:46 -0400 |
commit | c94c09a0bad4c46c3e1485823d91ecd6208b637b (patch) | |
tree | 3be0f057326f10ca919784ee6b82fd17038a9f54 /config/snort | |
parent | dbdc87b66bcc0fe8dfeed12814767913c76afa78 (diff) | |
download | pfsense-packages-c94c09a0bad4c46c3e1485823d91ecd6208b637b.tar.gz pfsense-packages-c94c09a0bad4c46c3e1485823d91ecd6208b637b.tar.bz2 pfsense-packages-c94c09a0bad4c46c3e1485823d91ecd6208b637b.zip |
Allow setting of FACILITY & PRIORITY in BY2 when logging to local syslog.
Diffstat (limited to 'config/snort')
-rwxr-xr-x | config/snort/snort.inc | 68 | ||||
-rw-r--r-- | config/snort/snort_barnyard.php | 8 |
2 files changed, 41 insertions, 35 deletions
diff --git a/config/snort/snort.inc b/config/snort/snort.inc index 4f77f51d..fbeea89f 100755 --- a/config/snort/snort.inc +++ b/config/snort/snort.inc @@ -702,14 +702,17 @@ function snort_Getdirsize($node) { return substr( $blah, 0, strpos($blah, 9) ); } -function snort_cron_job_exists($crontask, $minute="0", $hour="*", $monthday="*", $month="*", $weekday="*", $who="root") { +function snort_cron_job_exists($crontask, $match_time=FALSE, $minute="0", $hour="*", $monthday="*", $month="*", $weekday="*", $who="root") { /************************************************************ * This function iterates the cron[] array in the config * * to determine if the passed $crontask entry exists. It * - * returns TRUE if the exact $crontask already exists and * - * the time and $who parameters match, or FALSE if there * - * is no exact match. * + * returns TRUE if the $crontask already exists, or FALSE * + * if there is no match. * + * * + * The $match_time flag, when set, causes a test of the * + * configured task execution times along with the task * + * when checking for a match. * * * * We use this to prevent unneccessary config writes if * * the $crontask already exists. * @@ -724,18 +727,20 @@ function snort_cron_job_exists($crontask, $minute="0", $hour="*", $monthday="*", foreach($config['cron']['item'] as $item) { if(strpos($item['command'], $crontask) !== FALSE) { - if ($item['minute'] != $minute) - return FALSE; - if ($item['hour'] != $hour) - return FALSE; - if ($item['mday'] != $monthday) - return FALSE; - if ($item['month'] != $month) - return FALSE; - if ($item['wday'] != $weekday) - return FALSE; - if ($item['who'] != $who) - return FALSE; + if ($match_time) { + if ($item['minute'] != $minute) + return FALSE; + if ($item['hour'] != $hour) + return FALSE; + if ($item['mday'] != $monthday) + return FALSE; + if ($item['month'] != $month) + return FALSE; + if ($item['wday'] != $weekday) + return FALSE; + if ($item['who'] != $who) + return FALSE; + } return TRUE; } } @@ -746,12 +751,13 @@ function snort_snortloglimit_install_cron($should_install=TRUE) { // See if simply removing existing "loglimit" job for Snort if ($should_install == FALSE) { - install_cron_job("snort_check_cron_misc.inc", false); + if (snort_cron_job_exists("snort/snort_check_cron_misc.inc", FALSE)) + install_cron_job("snort_check_cron_misc.inc", false); return; } // If there are no changes in the cron job command string from the existing job, then exit. - if ($should_install && snort_cron_job_exists("/usr/local/pkg/snort/snort_check_cron_misc.inc", "*/5")) + if ($should_install && snort_cron_job_exists("/usr/local/pkg/snort/snort_check_cron_misc.inc", TRUE, "*/5")) return; // Else install the new or updated cron job @@ -763,7 +769,8 @@ function snort_rm_blocked_install_cron($should_install) { // See if simply removing existing "expiretable" job for Snort if ($should_install == FALSE) { - install_cron_job("snort2c", false); + if (snort_cron_job_exists("snort2c", FALSE)) + install_cron_job("snort2c", false); return; } @@ -855,7 +862,7 @@ function snort_rm_blocked_install_cron($should_install) { $command = "/usr/bin/nice -n20 /sbin/pfctl -q -t snort2c -T expire {$snort_rm_blocked_expire}"; // If there are no changes in the cron job command string from the existing job, then exit. - if (snort_cron_job_exists($command, $snort_rm_blocked_min, $snort_rm_blocked_hr, $snort_rm_blocked_mday, $snort_rm_blocked_month, $snort_rm_blocked_wday, "root")) + if (snort_cron_job_exists($command, TRUE, $snort_rm_blocked_min, $snort_rm_blocked_hr, $snort_rm_blocked_mday, $snort_rm_blocked_month, $snort_rm_blocked_wday, "root")) return; // Else install the new or updated cron job @@ -871,7 +878,8 @@ function snort_rules_up_install_cron($should_install) { // If called with FALSE as argument, then we're removing // the existing job. if ($should_install == FALSE) { - install_cron_job("snort_check_for_rule_updates.php", false); + if (snort_cron_job_exists("snort_check_for_rule_updates.php", FALSE)) + install_cron_job("snort_check_for_rule_updates.php", false); return; } @@ -943,7 +951,7 @@ function snort_rules_up_install_cron($should_install) { $command = "/usr/bin/nice -n20 /usr/local/bin/php -f /usr/local/pkg/snort/snort_check_for_rule_updates.php"; // If there are no changes in the cron job command string from the existing job, then exit - if (snort_cron_job_exists($command, $snort_rules_up_min, $snort_rules_up_hr, $snort_rules_up_mday, $snort_rules_up_month, $snort_rules_up_wday, "root")) + if (snort_cron_job_exists($command, TRUE, $snort_rules_up_min, $snort_rules_up_hr, $snort_rules_up_mday, $snort_rules_up_month, $snort_rules_up_wday, "root")) return; // Else install the new or updated cron job @@ -993,8 +1001,6 @@ function sync_snort_package_config() { /* set the snort rules update time */ snort_rules_up_install_cron($snortglob['autorulesupdate7'] != "never_up" ? true : false); - configure_cron(); - /* Do not attempt package sync if reinstalling package or booting */ if (!$g['snort_postinstall'] && !$g['booting']) snort_sync_on_changes(); @@ -2969,7 +2975,7 @@ function snort_generate_barnyard2_conf($snortcfg, $if_real) { else $snortbarnyardlog_output_plugins .= "sensor_name {$snortbarnyard_hostname_info}, "; if ($snortcfg['barnyard_syslog_local'] == 'on') - $snortbarnyardlog_output_plugins .= "local, log_facility LOG_AUTH, log_priority LOG_INFO\n\n"; + $snortbarnyardlog_output_plugins .= "local, log_facility {$snortcfg['barnyard_syslog_facility']}, log_priority {$snortcfg['barnyard_syslog_priority']}\n\n"; else { $snortbarnyardlog_output_plugins .= "server {$snortcfg['barnyard_syslog_rhost']}, protocol {$snortcfg['barnyard_syslog_proto']}, "; $snortbarnyardlog_output_plugins .= "port {$snortcfg['barnyard_syslog_dport']}, operation_mode {$snortcfg['barnyard_syslog_opmode']}, "; @@ -3061,11 +3067,13 @@ function snort_deinstall() { /* Remove the snort user and group */ mwexec('/usr/sbin/pw userdel snort; /usr/sbin/pw groupdel snort', true); - /* Remove all the Snort cron jobs. */ - install_cron_job("snort2c", false); - install_cron_job("snort_check_for_rule_updates.php", false); - install_cron_job("snort_check_cron_misc.inc", false); - configure_cron(); + /* Remove all the existing Snort cron jobs. */ + if (snort_cron_job_exists("snort2c", FALSE)) + install_cron_job("snort2c", false); + if (snort_cron_job_exists("snort_check_for_rule_updates.php", FALSE)) + install_cron_job("snort_check_for_rule_updates.php", false); + if (snort_cron_job_exists("snort_check_cron_misc.inc", FALSE)) + install_cron_job("snort_check_cron_misc.inc", false); /* Remove our associated Dashboard widget config. If */ /* "save settings" is enabled, then save old widget */ diff --git a/config/snort/snort_barnyard.php b/config/snort/snort_barnyard.php index 1e834ff0..f5d6f04c 100644 --- a/config/snort/snort_barnyard.php +++ b/config/snort/snort_barnyard.php @@ -427,7 +427,7 @@ include_once("head.inc"); <input name="barnyard_syslog_local" type="checkbox" value="on" <?php if ($pconfig['barnyard_syslog_local'] == "on") echo "checked"; ?> onClick="toggle_local_syslog()"/> <?php echo gettext("Enable logging of alerts to the local system only"); ?><br/> - <?php echo gettext("This will send alert data to the local system only and overrides the host, port, protocol, facility and priority values below."); ?></td> + <?php echo gettext("This will send alert data to the local system only and overrides the host, port, and protocol values below."); ?></td> </tr> <tr> <td width="22%" valign="top" class="vncell"><?php echo gettext("Remote Host"); ?></td> @@ -470,7 +470,7 @@ include_once("head.inc"); echo "<option value='{$facility}'{$selected}>" . $facility . "</option>\n"; } ?></select> - <?php echo gettext("Select Syslog Facility to use for remote reporting. Default is ") . "<strong>" . gettext("LOG_USER") . "</strong>."; ?> + <?php echo gettext("Select Syslog Facility to use for reporting. Default is ") . "<strong>" . gettext("LOG_USER") . "</strong>."; ?> </td> </tr> <tr> @@ -486,7 +486,7 @@ include_once("head.inc"); echo "<option value='{$priority}'{$selected}>" . $priority . "</option>\n"; } ?></select> - <?php echo gettext("Select Syslog Priority (Level) to use for remote reporting. Default is ") . "<strong>" . gettext("LOG_INFO") . "</strong>."; ?> + <?php echo gettext("Select Syslog Priority (Level) to use for reporting. Default is ") . "<strong>" . gettext("LOG_INFO") . "</strong>."; ?> </td> </tr> </tbody> @@ -592,8 +592,6 @@ function toggle_local_syslog() { document.iform.barnyard_syslog_dport.disabled = endis; document.iform.barnyard_syslog_proto_udp.disabled = endis; document.iform.barnyard_syslog_proto_tcp.disabled = endis; - document.iform.barnyard_syslog_facility.disabled = endis; - document.iform.barnyard_syslog_priority.disabled = endis; } } |