snort-dev update download rules code, rules settings for ifaces added

author: robiscool <robrob2626@yahoo.com> 2011-06-13 16:01:36 -0700
committer: robiscool <robrob2626@yahoo.com> 2011-06-13 16:04:51 -0700
commit: 3a16379bd0e3afc1a0845c0ea57a669923a57a4d (patch)
tree: a55bf0b769dc3f253cbeb379a889076be44a9679 /config
parent: 44868bdce5b4fd7316e118d6dda91dd918db6942 (diff)
download: pfsense-packages-3a16379bd0e3afc1a0845c0ea57a669923a57a4d.tar.gz
pfsense-packages-3a16379bd0e3afc1a0845c0ea57a669923a57a4d.tar.bz2
pfsense-packages-3a16379bd0e3afc1a0845c0ea57a669923a57a4d.zip
5 files changed, 535 insertions, 123 deletions
diff --git a/config/snort-dev/snort_download_rules.inc b/config/snort-dev/snort_download_rules.inc
index 92714795..cf40ad89 100644
--- a/config/snort-dev/snort_download_rules.inc
+++ b/config/snort-dev/snort_download_rules.inc
@@ -12,24 +12,38 @@
 function snortSql_fetchAllSettings($dbname, $table, $type, $id_uuid) 
 {
 
-	if ($dbname == '' || $table == '' || $type == '') 
-	{
+	if ($dbname == '' || $table == '' || $type == ''){
 		return false;
 	}
 	  
-	$db = sqlite_open("/usr/local/pkg/snort/$dbname");
+	if ($dbname === 'snortDB') {
+		$db = sqlite_open("/usr/local/pkg/snort/$dbname");
+	}
 	
+	if ($dbname === 'snortDBtemp') {
+		$db = sqlite_open("/var/snort/$dbname");
+	}	
 	  
-	if ($type == 'id')
-	{   
+	if ($type == 'id'){   
 		$result = sqlite_query($db,
 		"SELECT * FROM {$table} where id = '{$id_uuid}';
 		");
 	}
 
+	if ($type == 'uuid'){   
+		$result = sqlite_query($db,
+		"SELECT * FROM {$table} where uuid = '{$id_uuid}';
+		");
+	}
+
+	if ($type == 'filename'){   
+		$result = sqlite_query($db,
+		"SELECT * FROM {$table} where filename = '{$id_uuid}';
+		");
+	}	
 	
-	if ($type == 'id')
-	{
+	
+	if ($type == 'id' || $type == 'uuid' || $type == 'filename'){
 		$chktable = sqlite_fetch_array($result, SQLITE_ASSOC);
 	}
 		
@@ -44,34 +58,46 @@ function snortCmpareMD5($type, $path1, $path2, $filename_md5)
 {
 	update_output_window2('ms2', 'Checking ' . $filename_md5 . ' MD5...');
 	
-	if (file_exists("{$path1}/{$filename_md5}"))
-	{
+	if (file_exists("{$path1}/{$filename_md5}")){
 		
-		if ($type == 'string')
-		{
+		if ($type == 'string'){
 			$md5_check_new = @file_get_contents("{$path1}/{$filename_md5}");
 			$md5_check_old = @file_get_contents("{$path2}/{$filename_md5}");
-			if ($md5_check_new != $md5_check_old || !file_exists("$path2}/{$filename_md5}"))
-			{
-				update_output_window2('ms2', 'MD5s do not match...');
+			if ($md5_check_new !== $md5_check_old){
+				update_output_window2('ms2', "$filename_md5 MD5s do not match...");
 				return false;
 			}
 		}
 		
-		if ($type == 'md5')
-		{		
+		if ($type == 'md5'){		
 			//md5 snortrules-snapshot-2905.tar.gz | awk '{print $4}'
-			$md5_check_new2 = exec("/sbin/md5 {$path1}/{$filename_md5} | '{print $4}'");
-			$md5_check_old2 = exec("/sbin/md5 {$path2}/{$filename_md5} | '{print $4}'");
-			if ($md5_check_new != $md5_check_old)
-			{
-				update_output_window2('ms2', 'MD5s do not match...');
+			$md5_check_new2 = exec("/sbin/md5 {$path1}/{$filename_md5} | /usr/bin/awk '{print $4}'");
+			$md5_check_old2 = exec("/sbin/md5 {$path2}/{$filename_md5} | /usr/bin/awk '{print $4}'");
+			if ($md5_check_new != $md5_check_old){
+				update_output_window2('ms2', "$filename_md5 MD5s do not match...");
 				return false;
 			}
 		}
-	}		
+		
+		if ($type == 'md5FileChk') {		
+				//md5 snortrules-snapshot-2905.tar.gz | awk '{print $4}'
+				$md5_check_new = trim(exec("/sbin/md5 {$path1}/{$filename_md5} | /usr/bin/awk '{print $4}'"));
+				
+				$md5_check_old = exec("/bin/cat {$path1}/{$filename_md5}.md5");
+				
+				$md5_check_old2 = trim(preg_replace('/"/', '', $md5_check_old));
+				
+				if ($md5_check_new != $md5_check_old2){
+					update_output_window2('ms2', "$filename_md5 MD5s do not match...");
+					return false;
+				}
+		}		
 		
 		
+		
+	}
+		
+		update_output_window2('ms2', "$filename_md5 MD5 File Check Passed...");		 
 		return true;
 }
 
@@ -82,8 +108,7 @@ function snortCmpareMD5($type, $path1, $path2, $filename_md5)
 function update_output_window2($type, $text)
 {
 
-	if ($GLOBALS['tmp']['snort']['downloadupdate']['console'] != 'on')
-	{		
+	if ($GLOBALS['tmp']['snort']['downloadupdate']['console'] != 'on'){		
 		snortSql_updateRuleSetList($type, $text, '', '', $GLOBALS['tmp']['snort']['downloadupdate']['workingfile']); // write out msg to db	
 	}else{
 		echo "\n" . $type . ': ' . $text;
@@ -101,44 +126,67 @@ function snortSql_updateRuleSetList($type, $value, $file_size, $downloaded, $fil
 	// do let user pick the DB path
     $db = sqlite_open("/var/snort/{$dbname}");
 
-	if ($type === 'percent2')
-	{
+	if ($type === 'percent2'){
 		$query_ck = sqlite_query($db, // @ supress warnings usonly in production
 		"UPDATE {$table} SET date = '{$addDate}', percent = '{$value}', filesize = '{$file_size}', downloaded = '{$downloaded}' where filename = '{$filename}';
 		");
 	}    
     
     
-	if ($type === 'percent')
-	{
+	if ($type === 'percent'){
 		$query_ck = sqlite_query($db, // @ supress warnings usonly in production
 		"UPDATE {$table} SET date = '{$addDate}', percent = '{$value}' where filename = '{$filename}';
 		");
 	}
 
-	if ($type === 'msg1')
-	{
+	if ($type === 'msg1'){
 		$query_ck = sqlite_query($db, // @ supress warnings usonly in production
 		"UPDATE SnortDownloadsMsg SET date = '{$addDate}', msg = '{$value}' where id = '1';
 		");
 	}
 
-	if ($type === 'msg2')
-	{
+	if ($type === 'msg2'){
 		$query_ck = sqlite_query($db, // @ supress warnings usonly in production
 		"UPDATE SnortDownloadsMsg SET date = '{$addDate}', msg = '{$value}' where id = '2';
 		");
 	}
 
-	if ($type === 'working')
-	{
+	/*
+	 * INPORTANT:
+	 * Register worker to prevent loops and ghost process
+	 * Needs to be watched, 
+	 */
+	
+	if ($type === 'working'){
+		
+		$getmypid = getmypid();
+		$getmyfilename = $_SERVER['SCRIPT_NAME'];		
+		
+	    $resultChk = sqlite_query($db,
+	    "SELECT * FROM RegisterWorker WHERE uuid = 'jdjEf!773&h3bhFd6A';
+	    ");
+	
+	    $resultChkFinal = sqlite_fetch_all($resultChk, SQLITE_ASSOC);		
+
+	    if (!empty($resultChkFinal)) {	    
+			$query_ck = sqlite_query($db, // @ supress warnings usonly in production
+			"UPDATE RegisterWorker SET date = '{$addDate}', processid = '{$getmypid}', filename = '{$getmyfilename}', working = '{$value}' where uuid = 'jdjEf!773&h3bhFd6A';
+			");		
+	    }else{	
+			$query_ck = sqlite_query($db, // @ supress warnings usonly in production
+			"INSERT INTO RegisterWorker (date, processid, filename, working, uuid) VALUES ('{$addDate}', '{$getmypid}', '{$getmyfilename}', '{$value}', 'jdjEf!773&h3bhFd6A');
+			");	
+	    }		
+	}
+
+	
+	if ($type === 'snortWait'){
 		$query_ck = sqlite_query($db, // @ supress warnings usonly in production
-		"UPDATE {$table} SET date = '{$addDate}', working = '{$value}' where filename = '{$filename}';
+		"UPDATE {$table} SET waittime = '{$addDate}' where filename = '{$filename}';
 		");
 	}	
 	
-      if (sqlite_changes($db) < 1)
-      {
+      if (sqlite_changes($db) < 1){
         sqlite_close($db);
         return 'Error in query';   
       }  
@@ -147,29 +195,77 @@ function snortSql_updateRuleSetList($type, $value, $file_size, $downloaded, $fil
     
     
 }	
-	
+
+// returns array that matches pattern, option to replace objects in matches
+function snortScanDirFilter($arrayList, $pattmatch, $pattreplace, $pattreplacewith)
+{
+	foreach ( $arrayList as $val )
+	{
+		if (preg_match($pattmatch, $val, $matches)) {
+			if ($pattreplace != '') {
+				$matches2 = preg_replace($pattreplace, $pattreplacewith, $matches[0]);
+				$filterDirList[] = $matches2;
+			}else{
+				$filterDirList[] = $matches[0];
+			}
+		}
+	}	
+	return $filterDirList;
+}
+
+// set page vars	
+$generalSettings = snortSql_fetchAllSettings('snortDB', 'SnortSettings', 'id', '1');	
+
+// Setup file names and dir
+$tmpfname = '/usr/local/etc/snort/snort_download';
+$snortdir = '/usr/local/etc/snort';
+$snortdir_rules = '/usr/local/etc/snort/snort_rules';
+$emergingdir_rules = '/usr/local/etc/snort/emerging_rules';
+$pfsensedir_rules = '/usr/local/etc/snort/pfsense_rules';
+$customdir_rules = '/usr/local/etc/snort/custom_rules';
+$snort_filename_md5 = 'snortrules-snapshot-2905.tar.gz.md5';
+$snort_filename = 'snortrules-snapshot-2905.tar.gz';
+$emergingthreats_filename_md5 = 'emerging.rules.tar.gz.md5';
+$emergingthreats_filename = 'emerging.rules.tar.gz';
+$pfsense_rules_filename_md5 = 'pfsense_rules.tar.gz.md5';
+$pfsense_rules_filename = 'pfsense_rules.tar.gz';
+
+// START of MAIN function
 function sendUpdateSnortLogDownload($console)
 {
 	
-	if ($console === 'console')
-	{
+	if ($console === 'console'){
 		$GLOBALS['tmp']['snort']['downloadupdate']['console'] = 'on';	
 	}
-
 	
-	// set page vars	
-	$generalSettings = snortSql_fetchAllSettings('snortDB', 'SnortSettings', 'id', '1');	
+	//bring in the global vars 
+	global $generalSettings, $tmpfname, $snortdir, $snortdir_rules, $emergingdir_rules, $pfsensedir_rules, $customdir_rules, $snort_filename_md5, $snort_filename, $emergingthreats_filename_md5, $emergingthreats_filename, $pfsense_rules_filename_md5, $pfsense_rules_filename;
 	
-	// Setup file names and dir
-	$tmpfname = '/usr/local/etc/snort/snort_download';
-	$snortdir = '/usr/local/etc/snort';
-	$snortdir_wan = '/usr/local/etc/snort'; /// WHAT ?
-	$snort_filename_md5 = 'snortrules-snapshot-2905.tar.gz.md5';
-	$snort_filename = 'snortrules-snapshot-2905.tar.gz';
-	$emergingthreats_filename_md5 = 'emerging.rules.tar.gz.md5';
-	$emergingthreats_filename = 'emerging.rules.tar.gz';
-	$pfsense_rules_filename_md5 = 'pfsense_rules.tar.gz.md5';
-	$pfsense_rules_filename = 'pfsense_rules.tar.gz';
+	/*  Make shure snortdir exits */
+	if (!file_exists("{$snortdir}")) {
+		exec("/bin/mkdir -p {$snortdir}");
+	}
+	if (!file_exists("{$tmpfname}")) {
+		exec("/bin/mkdir -p {$tmpfname}");
+	}
+	if (!file_exists("{$snortdir_rules}")) {
+		exec("/bin/mkdir -p {$snortdir_rules}");
+	}
+	if (!file_exists("{$emergingdir_rules}")) {
+		exec("/bin/mkdir -p {$emergingdir_rules}");
+	}
+	if (!file_exists("{$pfsensedir_rules}")) {
+		exec("/bin/mkdir -p {$pfsensedir_rules}");
+	}
+	if (!file_exists("{$customdir_rules}")) {
+		exec("/bin/mkdir -p {$customdir_rules}");
+	}
+	if (!file_exists("{$snortdir}/signatures")) {
+	exec("/bin/mkdir -p {$snortdir}/signatures");
+	}
+	if (!file_exists('/usr/local/lib/snort/dynamicrules/')) {
+		exec('/bin/mkdir -p /usr/local/lib/snort/dynamicrules/');
+	}
 	
 	
 	/* Set user agent to Mozilla */
@@ -180,8 +276,7 @@ function sendUpdateSnortLogDownload($console)
 	// Get file that does not use redirects, mostly for none snort.org downloads
 	function snort_file_get_contents($tmpfname, $snort_filename, $snort_UrlGet)
 	{
-		if (!file_exists("{$tmpfname}/{$snort_filename}") || filesize("{$tmpfname}/{$snort_filename}") <= 0)
-		{
+		if (!file_exists("{$tmpfname}/{$snort_filename}") || filesize("{$tmpfname}/{$snort_filename}") <= 0){
 			update_output_window2('ms2', 'Downloading ' . $snort_filename.  ' MD5...');
 			ini_set('user_agent','Mozilla/4.0 (compatible; MSIE 6.0)');
 			$file = file_get_contents("$snort_UrlGet/{$snort_filename}"); // use a @ infront of file_get_contents when in production
@@ -252,8 +347,7 @@ function sendUpdateSnortLogDownload($console)
 	{
 	        if($percent > 100) $percent = 1;
 	        
-	        if ($GLOBALS['tmp']['snort']['downloadupdate']['console'] != 'on')
-	        {
+	        if ($GLOBALS['tmp']['snort']['downloadupdate']['console'] != 'on') {
 	        	snortSql_updateRuleSetList('percent2', $percent, $file_size, $downloaded, $GLOBALS['tmp']['snort']['downloadupdate']['workingfile']); // write out percent to db
 			}else{
 				echo "\n" . 'percent: ' . $percent . ' filesize: ' . $file_size . ' downloaded: ' . $downloaded;
@@ -261,7 +355,8 @@ function sendUpdateSnortLogDownload($console)
 	}
 	
 	
-	function read_body_firmware($ch, $string) {
+	function read_body_firmware($ch, $string) 
+	{
 		global $fout, $file_size, $downloaded, $counter;
 		$length = strlen($string);
 		$downloaded += intval($length);
@@ -277,7 +372,8 @@ function sendUpdateSnortLogDownload($console)
 		return $length;
 	}
 	
-	function download_file_with_progress_bar2($url_file, $destination, $workingfile, $readbody = 'read_body2') {
+	function download_file_with_progress_bar2($url_file, $destination, $workingfile, $readbody = 'read_body2') 
+	{
 		global $ch, $fout, $file_size, $downloaded;
 		$file_size  = 1;
 		$downloaded = 1;
@@ -309,98 +405,398 @@ function sendUpdateSnortLogDownload($console)
 		return ($http_code == 200) ? true : $http_code;
 	}
 	
-// ----------------------------------------------------- Begin Code	--------------------------------------------
-
-		/*
-		if (!file_exists("{$tmpfname}/{$snort_filename}"))
-		{
-			$GLOBALS['tmp']['snort']['downloadupdate']['workingfile'] = $snort_filename;
-			snortSql_updateRuleSetList('working', 'on', '', '', $snort_filename); // finish downloading
-			//download_file_with_progress_bar2("http://www.snort.org/pub-bin/oinkmaster.cgi/{$oinkid}/{$snort_filename}", $tmpfname . "/{$snort_filename}", "read_body_firmware");
-			download_file_with_progress_bar2("http://theseusnetworking.com/pub-bin/oinkmaster.cgi/{$oinkid}/{$snort_filename}", $tmpfname, $snort_filename, "read_body_firmware");
-			snortSql_updateRuleSetList('percent', '100', '', '', $snort_filename); // finsh percent
-			snortSql_updateRuleSetList('working', 'off', '', '', $snort_filename); // finish downloading
-		}
-		*/
-	
+// ----------------------------------------------------- Begin Code	--------------------------------------------	
 
 	
 		// rm all tmp filea
-		exec("/bin/rm -r $tmpfname/\*");
+		exec("/bin/rm -r $tmpfname/*");
 
-		// Set all downloads to be true so NO download by default
-		$snort_md5_check_ok = true;
-		$emerg_md5_check_ok = true;
-		$pfsense_md5_check_ok = true;
+		// Set all downloads to be false, download by default
 		
-		/* define checks */		
-		$snortdownload = $generalSettings['snortdownload'];
-		//$oinkid = $generalSettings['oinkmastercode'];
-		$oinkid = '55a1b7a1291b55ac3c157124133744cfc386bb83'; // remove when finished testing				
+		$snort_md5_check_ok = false;
+		$emerg_md5_check_ok = false;
+		$pfsense_md5_check_ok = false;
+		
+		// define checks
+		$oinkid = $generalSettings['oinkmastercode'];
 		
-		$emergingthreats = $generalSettings['emergingthreatsdownload'];
 		$emergingthreatscode = $generalSettings['emergingthreatscode'];
 
+		// dsable downloads if there settings are off
+		if 	($generalSettings['snortdownload'] === 'off') {
+			$snort_md5_check_ok = true;
+		}
 		
+		if 	($generalSettings['emergingthreatsdownload'] == 'off') {
+			$emerg_md5_check_ok = true;
+		}				
 
-		if ($oinkid == '' && $snortdownload == 'on')
-		{
+		if ($oinkid == '' && $generalSettings['snortdownload'] === 'off') {
 			update_output_window2('ms1', 'You must obtain an oinkid from snort.org and set its value in the Snort settings tab.');
 			exec("/usr/bin/logger -p daemon.info -i -t SnortStartup 'You must obtain an oinkid from snort.org and set its value in the Snort settings tab.'");
-			exit;
+			return false;
 		}
 		
-		if ($snortdownload != "on" && $emergingthreats != "on")
-		{
+		if ($emergingthreatscode == '' && $generalSettings['snortdownload'] === 'pro') {
+			update_output_window2('ms1', 'You must obtain an emergingthreat pro id from emergingthreatspro.com and set its value in the Snort settings tab.');
+			exec("/usr/bin/logger -p daemon.info -i -t SnortStartup 'You must obtain an emergingthreat pro id from emergingthreatspro.com and set its value in the Snort settings tab.'");
+			return false;
+		}		
+		
+		if ($generalSettings['snortdownload'] === 'off' && $generalSettings['emergingthreatsdownload'] === 'off') { // note: basic and pro
 			update_output_window2('ms1', 'SnortStartup: No rules have been selected to download.');
 			exec("/usr/bin/logger -p daemon.info -i -t SnortStartup 'No rules have been selected to download.'");
-			exit;
+			return false;
 		}		
 		
 		/*
 		 *  Check MD5s and MARK
 		 * 
 		 */
-		update_output_window2('ms1', 'Starting MD5 checks.....');
 		
-		// download snort.org md5 and compare
-		snort_file_get_contents($tmpfname, $snort_filename_md5, 'http://www.snort.org/pub-bin/oinkmaster.cgi/' . $oinkid);
+		update_output_window2('ms1', 'Starting MD5 checks...');		
+		
+		// check is we need to wait
+		update_output_window2('ms2', 'Checking Wait Status for Snort.org...');
+		$getSnort_filename_Waittime_chk = snortSql_fetchAllSettings('snortDBtemp', 'SnortDownloads', 'filename', $snort_filename);
 		
-		// if snort.org md5 do not match
-		if(!snortCmpareMD5('string', $tmpfname, $snortdir, $snort_filename_md5))
-		{
-			$snort_md5_check_ok = false;
+		if (date(U) > $getSnort_filename_Waittime_chk['waittime'] + 900) {
+			update_output_window2('ms2', 'Snort.org Wait Time Status: OK...');
+		}else{
+			update_output_window2('ms2', 'Snort.org Wait Time Status: Wait 15 min Please...');
+			$snort_md5_check_ok = true;
+			$snort_wait = true;
 		}
 
+		// check is we need to wait
+		update_output_window2('ms2', 'Checking Wait Status for Emergingthreats.net...');
+		$getEmergingthreats_filename_Waittime_chk = snortSql_fetchAllSettings('snortDBtemp', 'SnortDownloads', 'filename', $emergingthreats_filename);		
+
+		if (date(U) > $getEmergingthreats_filename_Waittime_chk['waittime'] + 900) {
+			update_output_window2('ms2', 'Emergingthreats.net Wait Time Status: OK...');
+		}else{
+			update_output_window2('ms2', 'Emergingthreats.net Wait Time Status: Wait 15 min Please...');
+			$emerg_md5_check_ok = true;
+			$emerg_wait = true;
+		}
+		
+		// if all rules need wait stop
+		if ($snort_wait === true && $emerg_wait === true) {			
+			return false;
+		}
+		
+		// download snort.org md5 and compare
+		if ($snort_md5_check_ok === false) {
+		
+			snort_file_get_contents($tmpfname, $snort_filename_md5, 'http://www.snort.org/pub-bin/oinkmaster.cgi/' . $oinkid);
+			
+			// if snort.org md5 do not match
+			if(snortCmpareMD5('string', $tmpfname, $snortdir_rules, $snort_filename_md5)) {
+				$snort_md5_check_ok = true;
+			}
+		
+		}		
+
 		// download emergingthreats.net md5 and compare
-		snort_file_get_contents($tmpfname, $emergingthreats_filename_md5, 'http://rules.emergingthreats.net/open/snort-2.9.0');
+		if ($emerg_md5_check_ok === false) {
+		
+			snort_file_get_contents($tmpfname, $emergingthreats_filename_md5, 'http://rules.emergingthreats.net/open/snort-2.9.0');
+			
+			// if emergingthreats.net md5 do not match
+			if(snortCmpareMD5('string', $tmpfname, $emergingdir_rules, $emergingthreats_filename_md5)) {
+				$emerg_md5_check_ok = true;
+			}
 		
-		// if emergingthreats.net md5 do not match
-		if(!snortCmpareMD5('string', $tmpfname, $snortdir, $emergingthreats_filename_md5))
-		{
-			$emerg_md5_check_ok = false;
 		}
 		
 		// download pfsense.org md5 and compare
 		snort_file_get_contents($tmpfname, $pfsense_rules_filename_md5, 'http://www.pfsense.com/packages/config/snort/pfsense_rules');
 		
 		// if pfsense.org md5 do not match
-		if(!snortCmpareMD5('string', $tmpfname, $snortdir, $pfsense_rules_filename_md5))
-		{
-			$pfsense_md5_check_ok = false;
+		if(snortCmpareMD5('string', $tmpfname, $pfsensedir_rules, $pfsense_rules_filename_md5)) {
+			$pfsense_md5_check_ok = true;
 		}
+		
+		/*
+		 * If all rule type is not check clean up. 
+		 */
+				
+		/*  Make Clean Snort Directory emergingthreats not checked */
+		if ($snort_md5_check_ok === false && $emergingthreatsdownload === 'off') {
+			update_output_window2('ms1', 'Cleaning the emergingthreats Directory...');
+			exec("/bin/rm {$snortdir}/emerging_rules/*.rules");
+			exec("/bin/rm {$snortdir}/version.txt");
+			update_output_window2('ms2', 'Done cleaning emrg direcory.');
+		}
+		
+		/*  Make Clean Snort Directory snort.org not checked */
+		if ($emerg_md5_check_ok === false && $snortdownload !== 'on') {
+			update_output_window2('ms1', 'Cleaning the snort Directory...');
+			exec("/bin/rm {$snortdir}/snort_rules/*.rules");
+			exec("/bin/rm {$snortdir}/snortrules-snapshot-2905.tar.gz.md5");
+			update_output_window2('ms2', 'Done cleaning snort direcory.');
+		}		
+		
+		
+		/* Check if were up to date exits */
+		if ($snort_md5_check_ok === true && $emerg_md5_check_ok === true && $pfsense_md5_check_ok === true) {
+				update_output_window2('ms1', 'Your rules are up to date...');
+				return false;
+		}		
+		
+		
+		/* You are Not Up to date, always stop snort when updating rules for low end machines */;
+		update_output_window2('ms1', 'You are NOT up to date...');
+		update_output_window2('ms2', 'Stopping Snort and Barnyard2 service...');
+		$chk_if_snort_up = exec('pgrep -x snort');
+		$chk_if_barnyad_up = exec('pgrep -x barnyad2');
+		if ($chk_if_snort_up != '') {
+			exec('/usr/bin/touch /tmp/snort_download_halt.pid'); // IMPORTANT: incase of script crash or error, Mabe use DB
+			exec('/usr/bin/killall snort');
+			if ($chk_if_barnyad_up != ''){
+				exec('/usr/bin/killall barnyad2');
+			}	
+			sleep(2);
+		}
+		
+		
+		/* download snortrules file */
+		if ($snort_md5_check_ok === false) {
+		
+					$GLOBALS['tmp']['snort']['downloadupdate']['workingfile'] = $snort_filename;
+					update_output_window2('ms1', 'Snort.org: Starting Download...');
+					download_file_with_progress_bar2("http://www.snort.org/pub-bin/oinkmaster.cgi/{$oinkid}/{$snort_filename}", $tmpfname, $snort_filename, "read_body_firmware");
+					//download_file_with_progress_bar2("http://theseusnetworking.com/pub-bin/oinkmaster.cgi/{$oinkid}/{$snort_filename}", $tmpfname, $snort_filename, "read_body_firmware");
+					snortSql_updateRuleSetList('percent', '100', '', '', $snort_filename); // finsh percent	
+					update_output_window2('ms1', 'Snort.org: Finished Download...');
+					
+					// if md5 does not match then the file is bad or snort.org says wait 15 min
+					update_output_window2('ms1', 'Snort.org MD5 File Check ...');
+					if (!snortCmpareMD5('md5FileChk', $tmpfname, '', $snort_filename)) {
+						
+						$snort_filename_wait_ck = exec("/usr/bin/egrep '\bYou must wait 15\b' {$tmpfname}/{$snort_filename}");						
+						if ($snort_filename_wait_ck != '') {
+							update_output_window2('ms2', 'Snort.org: You must wait 15 min...');
+						}					
+		
+						// disable snort.org download
+						$snort_md5_check_ok = true;
+						$snort_filename_corrupted = true;
+					
+					}else{
+						snortSql_updateRuleSetList('snortWait', '', '', '', $snort_filename); // Register Worker off
+					}			
+		}		
+		
+		/* download emergingthreats file */
+		if ($emerg_md5_check_ok === false) {
+		
+					$GLOBALS['tmp']['snort']['downloadupdate']['workingfile'] = $emergingthreats_filename;
+					update_output_window2('ms1', 'Emergingthreats.net: Starting Download...');
+					download_file_with_progress_bar2("http://rules.emergingthreats.net/open/snort-2.9.0/{$emergingthreats_filename}", $tmpfname, $emergingthreats_filename, "read_body_firmware");
+					snortSql_updateRuleSetList('percent', '100', '', '', $emergingthreats_filename); // finsh percent	
+					update_output_window2('ms1', 'Emergingthreats.net: Finished Download...');
+					
+					// if md5 does not match then the file is bad or snort.org says wait 15 min
+					update_output_window2('ms1', 'Emergingthreats MD5 File Check ...');
+					if (!snortCmpareMD5('md5FileChk', $tmpfname, '', $emergingthreats_filename)) {				
+		
+						// disable snort.org download
+						$emerg_md5_check_ok = true;
+						$emerg_filename_corrupted = true;
+					
+					}else{
+						snortSql_updateRuleSetList('snortWait', '', '', '', $emergingthreats_filename); // Register Worker off
+					}			
+		}
+		
+		/* download pfsense rule file */
+		if ($pfsense_md5_check_ok === false) {
+		
+					$GLOBALS['tmp']['snort']['downloadupdate']['workingfile'] = $pfsense_rules_filename;
+					update_output_window2('ms1', 'pfSense.org: Starting Download...');
+					download_file_with_progress_bar2("http://www.pfsense.com/packages/config/snort/pfsense_rules/{$pfsense_rules_filename}", $tmpfname, $pfsense_rules_filename, "read_body_firmware");
+					snortSql_updateRuleSetList('percent', '100', '', '', $pfsense_rules_filename); // finsh percent	
+					update_output_window2('ms1', 'pfSense.org: Finished Download...');
+					
+					// if md5 does not match then the file is bad or snort.org says wait 15 min
+					update_output_window2('ms1', 'pfSense.org MD5 File Check ...');
+					if (!snortCmpareMD5('md5FileChk', $tmpfname, '', $pfsense_rules_filename)) {				
+		
+						// disable snort.org download
+						$pfsense_md5_check_ok = true;
+					
+					}else{
+						snortSql_updateRuleSetList('snortWait', '', '', '', $pfsense_rules_filename); // Register Worker off
+					}			
+		}			
+		
+		// if both files are corrupted stop
+		if ($snort_filename_corrupted === true && $emerg_filename_corrupted === true) {
+			update_output_window2('ms1', 'Snort.org and Emergingthreats.net files are corrupted.');
+			update_output_window2('ms2', 'Stoping Script...');
+			return false;
+		}	
+		
+		/*
+		 * START: Untar Files
+		 */				
+
+		// Untar snort rules file individually to help people with low system specs
+		if ($snort_md5_check_ok === false && file_exists("{$tmpfname}/{$snort_filename}")) {						
 
+				update_output_window2('ms1', 'Extracting Snort.org rules...');
+				update_output_window2('ms2', 'May take a while...');
+				
+			function build_SnortRuleDir() 
+			{
+				global $tmpfname, $snortdir, $snortdir_rules, $snort_filename;
+				
+					// find out if were in 1.2.3-RELEASE
+					$pfsense_ver_chk = exec('/bin/cat /etc/version');
+					if ($pfsense_ver_chk === '1.2.3-RELEASE') {
+						$pfsense_stable = 'yes';
+					}else{
+						$pfsense_stable = 'no';
+					}	
+			
+					// get the system arch
+					$snort_arch_ck = exec('/usr/bin/uname -m');
+					if ($snort_arch_ck === 'i386') {
+						$snort_arch = 'i386';
+					}else{
+						$snort_arch = 'x86-64'; // amd64
+					}								
+				
+					if ($pfsense_stable === 'yes') {
+						$freebsd_version_so = 'FreeBSD-7-3';
+					}else{
+						$freebsd_version_so = 'FreeBSD-8-1';
+					}
+					
+					// extract snort.org rules and  add prefix to all snort.org files
+					exec("/usr/bin/tar xzf {$tmpfname}/{$snort_filename} -C {$snortdir_rules} rules/");
+					
+					$snort_dirList = scandir("{$snortdir_rules}/rules"); // Waning: only in php 5
+					$snortrules_filterList = snortScanDirFilter($snort_dirList, '/.*\.rules/', '/\.rules/', '');
+					
+					if (!empty($snortrules_filterList)) {		
+						foreach ($snortrules_filterList as $snort_rule_move)
+						{	
+							exec("/bin/mv -f {$snortdir_rules}/rules/{$snort_rule_move}.rules {$snortdir_rules}/rules/snort_{$snort_rule_move}.rules");	
+						}
+					}
+					
+					// extract so rules
+					exec("/usr/bin/tar xzf {$tmpfname}/{$snort_filename} -C {$snortdir_rules} so_rules/precompiled/$freebsd_version_so/$snort_arch/2.9.0.5/");
+					exec("/bin/mv -f {$snortdir_rules}/so_rules/precompiled/$freebsd_version_so/$snort_arch/2.9.0.5/* /usr/local/lib/snort/dynamicrules/");
+					
+					// list so_rules and exclude dir
+					exec("/usr/bin/tar --exclude='precompiled' --exclude='src' -tf {$tmpfname}/{$snort_filename} so_rules", $so_rules_list);
+					
+					$so_rulesPattr = array('/\//', '/\.rules/');
+					$so_rulesPattw = array('', '');				
+					
+					// build list of so rules				
+					$so_rules_filterList = snortScanDirFilter($so_rules_list, '/\/.*\.rules/', $so_rulesPattr, $so_rulesPattw);
+					
+					if (!empty($so_rules_filterList)) {
+						// cp rule to so tmp dir
+						foreach ($so_rules_filterList as $so_rule)
+						{
+							
+							exec("/usr/bin/tar xzf {$tmpfname}/{$snort_filename} -C {$snortdir_rules} so_rules/{$so_rule}.rules");			
+							
+						}
+						// mv and rename so rules
+						foreach ($so_rules_filterList as $so_rule_move)
+						{	
+							exec("/bin/mv -f {$snortdir_rules}/so_rules/{$so_rule_move}.rules {$snortdir_rules}/rules/snort_{$so_rule_move}.so.rules");	
+						}
+					}
+					
+					exec("/bin/rm -r {$snortdir_rules}/so_rules");
 		
-	
+					// extract base etc files
+					exec("/usr/bin/tar xzf {$tmpfname}/{$snort_filename} -C {$snortdir} etc/");
+					exec("/bin/mv -f {$snortdir}/etc/* {$snortdir}");
+					exec("/bin/rm -r {$snortdir}/etc");
+					
+			}
+			build_SnortRuleDir();
+			// cp md5 to main snort dir
+			exec("/bin/cp {$tmpfname}/{$snort_filename_md5} {$snortdir_rules}/{$snort_filename_md5}");		
+			update_output_window2('ms2', 'Done extracting Snort.org Rules.');
+		}
+		
+		/* Untar emergingthreats rules to tmp */
+		if ($emerg_md5_check_ok === false && file_exists("{$tmpfname}/{$emergingthreats_filename}")) {
+			if (file_exists("{$tmpfname}/{$emergingthreats_filename}")) {
+				update_output_window2('ms1', 'Extracting Emergingthreats Rules...');
+				update_output_window2('ms2', 'May take a while...');
+				exec("/usr/bin/tar xzf {$tmpfname}/{$emergingthreats_filename} -C {$emergingdir_rules} rules/");
+				exec("/bin/cp {$tmpfname}/{$emergingthreats_filename_md5} {$emergingdir_rules}/{$emergingthreats_filename_md5}");	
+				update_output_window2('ms2', 'Done extracting Emergingthreats.net Rules.');
+			}
+		}
+		
+		/* Untar Pfsense rules to tmp */
+		if ($pfsense_md5_check_ok === false && file_exists("{$tmpfname}/{$pfsense_rules_filename}")) {
+			if (file_exists("{$tmpfname}/{$pfsense_rules_filename}")) {
+				update_output_window2('ms1', 'Extracting Pfsense rules...');
+				update_output_window2('ms1', 'May take a while...');
+				exec("/usr/bin/tar xzf {$tmpfname}/{$pfsense_rules_filename} -C {$pfsensedir_rules} rules/");
+				exec("/bin/cp {$tmpfname}/{$pfsense_rules_filename_md5} {$pfsensedir_rules}/{$pfsense_rules_filename_md5}");
+				update_output_window2('ms2', 'Done extracting pfSense.org Rules.');
+				
+			}
+		}		
+
+		/* double make shure cleanup emerg rules that dont belong */
+		if (file_exists("/usr/local/lib/snort/dynamicrules/lib_sfdynamic_example_rule.so")) {
+			exec("/bin/rm /usr/local/lib/snort/dynamicrules/lib_sfdynamic_example_rule.so");
+			exec("/bin/rm /usr/local/lib/snort/dynamicrules/lib_sfdynamic_example\*");
+		}
+		
+		/* make shure default rules are in the right format */
+		update_output_window2('ms1', 'Reformatting Rules To One Standard...');
+		update_output_window2('ms2', 'Please Wait...');
+		exec("/usr/local/bin/perl -pi -e 's/#alert/# alert/g' {$snortdir_rules}/rules/*.rules");
+		exec("/usr/local/bin/perl -pi -e 's/##alert/# alert/g' {$snortdir_rules}/rules/*.rules");
+		exec("/usr/local/bin/perl -pi -e 's/## alert/# alert/g' {$snortdir_rules}/rules/*.rules");
+		
+		exec("/usr/local/bin/perl -pi -e 's/#alert/# alert/g' {$emergingdir_rules}/rules/*.rules");
+		exec("/usr/local/bin/perl -pi -e 's/##alert/# alert/g' {$emergingdir_rules}/rules/*.rules");
+		exec("/usr/local/bin/perl -pi -e 's/## alert/# alert/g' {$emergingdir_rules}/rules/*.rules");
 
+		exec("/usr/local/bin/perl -pi -e 's/#alert/# alert/g' {$pfsensedir_rules}/rules/*.rules");
+		exec("/usr/local/bin/perl -pi -e 's/##alert/# alert/g' {$pfsensedir_rules}/rules/*.rules");
+		exec("/usr/local/bin/perl -pi -e 's/## alert/# alert/g' {$pfsensedir_rules}/rules/*.rules");
+		update_output_window2('ms2', 'Done...');		
+		
+		/* create a msg-map for snort  */
+		update_output_window2('ms1', 'Updating Alert Sid Messages...');
+		update_output_window2('ms2', 'Please Wait...');
+		exec("/usr/local/bin/perl /usr/local/bin/create-sidmap.pl {$snortdir_rules}/rules > /usr/local/etc/snort/sid-msg.map");		
+		exec("/usr/local/bin/perl /usr/local/bin/create-sidmap.pl {$emergingdir_rules}/rules >> /usr/local/etc/snort/sid-msg.map");
+		exec("/usr/local/bin/perl /usr/local/bin/create-sidmap.pl {$pfsensedir_rules}/rules >> /usr/local/etc/snort/sid-msg.map");
+		update_output_window2('ms2', 'Done...');
+		
+		
+		
 // ----------------------------------------------------- End Code	--------------------------------------------
 			
 } // -------------------- END Main function ------------	
 	
-$argv[1] = 'console';
+//$argv[1] = 'console';
 
-sendUpdateSnortLogDownload($argv[1]);	// start main function
+	$getWorkerStat = snortSql_fetchAllSettings('snortDBtemp', 'RegisterWorker', 'uuid', 'jdjEf!773&h3bhFd6A');
 	
+	if ($getWorkerStat['working'] !== 'on') {
+		snortSql_updateRuleSetList('working', 'on', '', '', ''); // Register Worker on
+		sendUpdateSnortLogDownload($argv[1]);	// start main function
+		snortSql_updateRuleSetList('working', 'off', '', '', ''); // Register Worker off
+	}	
 	
 	
 	
diff --git a/config/snort-dev/snort_json_post.php b/config/snort-dev/snort_json_post.php
index 446e0db9..8e09964e 100644
--- a/config/snort-dev/snort_json_post.php
+++ b/config/snort-dev/snort_json_post.php
@@ -168,18 +168,31 @@ if ($_POST['snortSaveSettings'] == 1)
 			/*
 			 * make dir for the new iface
 			 * may need to move this as a func to new_snort,inc
-			 */			
-			if (!is_dir('/usr/local/etc/snort/sn_' . $_POST['uuid'] . '_' . $_POST['interface']))
-			{
-				$newSnortDirCraete = 'mkdir -p /usr/local/etc/snort/sn_' . $_POST['uuid'] . '_' . $_POST['interface'];
-				exec($newSnortDirCraete);
+			 */
+			
+			$newSnortDir = 'sn_' . $_POST['uuid'] . '_' . $_POST['interface'];
+			
+			if (!is_dir("/usr/local/etc/snort/{$newSnortDir}")) {				
+				
+				// creat iface dir and ifcae rules dir
+				exec("/bin/mkdir -p /usr/local/etc/snort/{$newSnortDir}/rules");
+				
 				// NOTE: code only works on php5
-				$listRulesDir = snortScanDirFilter('/usr/local/etc/snort/rules', '.rules');
-				if (!empty($listRulesDir) && file_exists('/usr/local/etc/snort/base_rules.tar.gz'))
-				{	
-					$newSnortDir = 'sn_' . $_POST['uuid'] . '_' . $_POST['interface'];					
-					exec('/usr/bin/tar xvfz /usr/local/etc/snort/base_rules.tar.gz ' . '-C /usr/local/etc/snort/' . $newSnortDir);					
+				$listSnortRulesDir = snortScanDirFilter('/usr/local/etc/snort/snort_rules/rules', '\.rules');
+				$listEmergingRulesDir = snortScanDirFilter('/usr/local/etc/snort/emerging_rules/rules', '\.rules');
+				$listPfsenseRulesDir = snortScanDirFilter('/usr/local/etc/snort/pfsense_rules/rules', '\.rules');
+				
+				if (!empty($listSnortRulesDir)) {											
+					exec("/bin/cp -R /usr/local/etc/snort/snort_rules/rules/* /usr/local/etc/snort/{$newSnortDir}/rules");					
+				}
+				if (!empty($listEmergingRulesDir)) {											
+					exec("/bin/cp -R /usr/local/etc/snort/emerging_rules/rules/* /usr/local/etc/snort/{$newSnortDir}/rules");					
+				}								
+				if (!empty($listPfsenseRulesDir)) {											
+					exec("/bin/cp -R /usr/local/etc/snort/pfsense_rules/rules/* /usr/local/etc/snort/{$newSnortDir}/rules");					
 				}
+				
+				
 			} //end of mkdir
 		          
 		} // end of snort_interfaces_edit		
diff --git a/config/snort-dev/snort_new.inc b/config/snort-dev/snort_new.inc
index cc574baf..efd546d8 100644
--- a/config/snort-dev/snort_new.inc
+++ b/config/snort-dev/snort_new.inc
@@ -257,6 +257,7 @@ function snortSql_updateRuleSetList()
 	$table = $_POST['dbTable'];
 	$ruleSetfilenames = $_POST['filenamcheckbox'];
 	$ifaceuuid = $_POST['ifaceuuid'];
+	$iface = $_POST['iface'];
 	
 	
 	$addDate = date(U);
@@ -303,7 +304,7 @@ function snortSql_updateRuleSetList()
 
 			
 			// clean database of old names	and turn rulesets off
-    		$listDir = snortScanDirFilter('/usr/local/etc/snort/rules/', '.rules');
+    		$listDir = snortScanDirFilter("/usr/local/etc/snort/sn_{$ifaceuuid}_{$iface}/rules/", '.rules');
     
 		    $resultAllRulesetname = sqlite_query($db,
 		            "SELECT rulesetname FROM {$table} WHERE ifaceuuid = '{$ifaceuuid}';
diff --git a/config/snort-dev/snort_rules.php b/config/snort-dev/snort_rules.php
index e030173d..5eb70549 100644
--- a/config/snort-dev/snort_rules.php
+++ b/config/snort-dev/snort_rules.php
@@ -57,7 +57,7 @@ $snortRuleDir = '/usr/local/etc/snort/sn_' . $uuid . '_' . $a_list['interface'];
 
 	// list rules in the default dir
 	$filterDirList = array();
-	$filterDirList = snortScanDirFilter($snortRuleDir . '/rules', '.rules');
+	$filterDirList = snortScanDirFilter($snortRuleDir . '/rules', '\.rules');
 
 	// START read rule file
 	if ($_GET['openruleset'])
diff --git a/config/snort-dev/snort_rulesets.php b/config/snort-dev/snort_rulesets.php
index 9d41eb0b..09d81f4c 100644
--- a/config/snort-dev/snort_rulesets.php
+++ b/config/snort-dev/snort_rulesets.php
@@ -49,7 +49,7 @@ $a_list = snortSql_fetchAllSettings('snortDBrules', 'Snortrules', 'uuid', $uuid)
 
 	// list rules in the default dir
 	$filterDirList = array();
-	$filterDirList = snortScanDirFilter('/usr/local/etc/snort/sn_' . $uuid . '_' . $a_list['interface'] . '/rules', '.rules');
+	$filterDirList = snortScanDirFilter('/usr/local/etc/snort/sn_' . $uuid . '_' . $a_list['interface'] . '/rules', '\.rules');
 	
 	// list rules in db that are on in a array
 	$listOnRules = array();
@@ -144,14 +144,14 @@ jQuery(document).ready(function() {
 			}else{
 				var rulesetChecked = '';
 			}
-		
+			
 			jQuery('.rulesetloopblock').append(
 					"\n" + '<tr>' + "\n" +
 					'<td class="' + rowIsEvenOdd + '" align="center" valign="top" width="9%">' + "\n" +
 					'	<input class="domecheck" name="filenamcheckbox[]" value="' + snortObjlist.ruleSets[i].rule + '" type="checkbox" ' + rulesetChecked + ' >' + "\n" +
 					'</td>' + "\n" +
 					'<td class="' + rowIsEvenOdd + '">' + "\n" +
-					'	<a href="snort_rules.php?uuid=0&amp;openruleset=//usr//local//etc//snort//snort_44035_em0//rules//attack-responses.rules">' + snortObjlist.ruleSets[i].rule + '</a>' + "\n" + 
+					'	<a href="/snort/snort_rules.php?uuid=<?=$uuid?>' + '&openruleset=' + snortObjlist.ruleSets[i].rule + '">' + snortObjlist.ruleSets[i].rule + '</a>' + "\n" + 
 					'</td>' + "\n" +
 					'</tr>' + "\n\n"			
 			);	
@@ -220,7 +220,9 @@ jQuery(document).ready(function() {
 		<input type="hidden" name="dbName" value="snortDBrules" /> <!-- what db-->
 		<input type="hidden" name="dbTable" value="SnortruleSets" /> <!-- what db table-->
 		<input type="hidden" name="ifaceTab" value="snort_rulesets" /> <!-- what interface tab -->
-		<input type="hidden" name="ifaceuuid" value="<?=$uuid; ?>" /> <!-- what interface to save for -->	
+		<input type="hidden" name="ifaceuuid" value="<?=$uuid;?>" /> <!-- what interface to save for -->
+		<input type="hidden" name="iface" value="<?=$a_list['interface'];?>" /> <!-- what interface to save for -->
+			
 		<table width="100%" border="0" cellpadding="0" cellspacing="0">
 		
 		<tr >
author	robiscool <robrob2626@yahoo.com>	2011-06-13 16:01:36 -0700
committer	robiscool <robrob2626@yahoo.com>	2011-06-13 16:04:51 -0700
commit	3a16379bd0e3afc1a0845c0ea57a669923a57a4d (patch)
tree	a55bf0b769dc3f253cbeb379a889076be44a9679 /config
parent	44868bdce5b4fd7316e118d6dda91dd918db6942 (diff)
download	pfsense-packages-3a16379bd0e3afc1a0845c0ea57a669923a57a4d.tar.gz pfsense-packages-3a16379bd0e3afc1a0845c0ea57a669923a57a4d.tar.bz2 pfsense-packages-3a16379bd0e3afc1a0845c0ea57a669923a57a4d.zip