snort-dev, major rewites of startup code started, protected bootup code started

5 files changed, 471 insertions, 71 deletions

diff --git a/config/snort-dev/images/footer2.jpg b/config/snort-dev/images/footer2.jpg
new file mode 100644
index 00000000..37bdb18e
--- /dev/null
+++ b/config/snort-dev/images/footer2.jpg
diff --git a/config/snort-dev/snort.inc b/config/snort-dev/snort.inc
index 4294966f..513fc626 100644
--- a/config/snort-dev/snort.inc
+++ b/config/snort-dev/snort.inc
@@ -444,13 +444,14 @@ function sync_snort_package()
 	conf_mount_ro();
 }
 
-
 /* make sure this func on writes to files and does not start snort */
 function sync_snort_package_all()
 {
 	global $config, $g, $id, $if_real, $interface_fake;
 	conf_mount_rw();
 
+
+
 /* RedDevil suggested code */
 /* TODO: more testing needs to be done */
 exec("/sbin/sysctl net.bpf.bufsize=8388608");
@@ -458,6 +459,9 @@ exec("/sbin/sysctl net.bpf.maxbufsize=4194304");
 exec("/sbin/sysctl net.bpf.maxinsns=512");
 exec("/sbin/sysctl net.inet.tcp.rfc1323=1");
 
+if ($id != '' && $if_real != '')
+{
+
 	/* do not start config build if rules is empty */
 	if (!empty($config['installedpackages']['snortglobal']['rule'])) 
 	{
@@ -477,6 +481,9 @@ exec("/sbin/sysctl net.inet.tcp.rfc1323=1");
 				/* create snort configuration file */
 				create_snort_conf();
 
+				/* create snort bootup file snort.sh */
+				create_snort_sh();
+
 				/* if rules exist cp rules to each iface */
 				create_rules_iface();
 
@@ -492,6 +499,8 @@ exec("/sbin/sysctl net.inet.tcp.rfc1323=1");
 			/* create snort configuration file */
 			create_snort_conf();
 
+			/* create snort bootup file snort.sh */
+			create_snort_sh();
 
 			/* if rules exist cp rules to each iface */
 			create_rules_iface();
@@ -554,11 +563,218 @@ exec("/sbin/sysctl net.inet.tcp.rfc1323=1");
 	conf_mount_ro();
 
 }
+}
 
 /* Start of main config files */
 /* Start of main config files */
 
+////////////////////////// >>>>>>>>>>
+
+
+/* open snort.sh for writing" */
+function create_snort_sh()
+{
+		# Don not add $id or this will break
+
+        global $config, $g, $if_real, $if_real_wan;
+        conf_mount_rw();
+
+	$snortbarnyardlog_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['barnyard_enable'];
+
+	/* define snortbarnyardlog_chk */
+	if ($snortbarnyardlog_info_chk == on) {
+
+	$start_barnyard2 = "sleep 4/n/usr/local/bin/barnyard2 -u snort -g snort -c /usr/local/etc/snort/snort_$id$if_real/barnyard2.conf -d /var/log/snort -f snort.u2_$id$if_real -w /usr/local/etc/snort/snort_$id$if_real/barnyard2.waldo -D -q";
+	
+}
+
+	/* do not start config build if rules is empty */
+	if (!empty($config['installedpackages']['snortglobal']['rule'])) 
+	{
+		if ($id == "") 
+		{
+
+			$rule_array = $config['installedpackages']['snortglobal']['rule'];
+			$id = -1;
+			foreach ($rule_array as $value)
+			{
+
+			$id += 1;
+			
+			$result_lan = $config['installedpackages']['snortglobal']['rule'][$id]['interface'];
+			$if_real = convert_friendly_interface_to_real_interface_name($result_lan);
+
+	/* Get all interface startup commands ready */
+
+$snort_sh_text2[] = <<<EOD
+###### For Each Iface
+
+		# If Snort proc is NOT running
+		if [ "`/bin/ps -auwx | grep -v grep | grep "R $id$if_real" | awk '{print $2;}'`" = "" ]; then
+
+		/bin/echo "snort.sh run" > /tmp/snort.sh.pid
+		
+		# Start snort and barnyard2
+		/bin/rm /var/run/snort_$if_real$id$if_real.pid
+		/bin/rm /var/run/snort_$if_real$id$if_real.pid.lck
+
+		/usr/local/bin/snort -u snort -g snort -R $id$if_real -D -q -l /var/log/snort -G $id -c /usr/local/etc/snort/snort_$id$if_real/snort.conf -i $if_real
+		$start_barnyard2
+
+		/usr/bin/logger -p daemon.info -i -t SnortStartup "Snort HARD Reload For $id$if_real..."
+
+		fi
+EOD;
+
+$snort_sh_text3[] = <<<EOE
+
+###### For Each Iface
+
+		#### Fake start only used on bootup and Pfsense IP changes
+		#### Only try to restart if snort is running on Iface
+		if [ "`/bin/ps -auwx | /usr/bin/grep -v grep | /usr/bin/grep "R $id$if_real" | /usr/bin/awk '{print $2;}'`" != "" ]; then
+
+		snort_pid="`/bin/ps -auwx | /usr/bin/grep -v grep | /usr/bin/grep "R $id$if_real" | /usr/bin/awk '{print $2;}'`"
+		/usr/bin/logger -p daemon.info -i -t SnortStartup "Snort already running, soft restart"
+
+		#### Remake the configs on boot Important!
+		/usr/local/bin/php -f /usr/local/pkg/pf/snort_dynamic_ip_reload.php $id $if_real
+
+		#### Restart Iface
+		/bin/kill -HUP \${snort_pid}
+		/usr/bin/logger -p daemon.info -i -t SnortStartup "Snort Soft Reload For $id$if_real..."
+
+		fi
+
+EOE;
+
+$snort_sh_text4[] = <<<EOF
+
+		pid_s=`/bin/ps -auwx | /usr/bin/grep -v grep | /usr/bin/grep "R $id$if_real" | /usr/bin/awk '{print \$2;}'`
+		sleep 3
+		pid_b=`/bin/ps -auwx | /usr/bin/grep -v grep | /usr/bin/grep "snort.u2_$id$if_real" | /usr/bin/awk '{print \$2;}'`
+
+		if [ \${pid_s} ] ; then
+		
+		/bin/echo "snort.sh run" > /tmp/snort.sh.pid
+		/usr/bin/logger -p daemon.info -i -t SnortStartup "Snort HARD STOP For $id$if_real..."
+
+		/bin/kill \${pid_s}
+		sleep 3
+		/bin/kill \${pid_b}
+
+		/bin/rm /var/run/snort_$if_real$id$if_real.pid.lck
+		/bin/rm /var/run/snort_$if_real$id$if_real.pid
+
+		fi
 
+EOF;
+
+			}
+		}
+	}
+
+$start_snort_iface_start = implode("\n\n", $snort_sh_text2);
+
+$start_snort_iface_restart = implode("\n\n", $snort_sh_text3);
+
+$start_snort_iface_stop = implode("\n\n", $snort_sh_text4);
+
+/* open snort.sh for writing" */
+conf_mount_rw();
+
+$snort_sh_text = <<<EOD
+#!/bin/sh
+# This file was automatically generated
+# by the pfSense service handler.
+# Code added to protect from double starts on pfSense bootup
+######## Begining of Main snort.sh
+
+rc_start() {
+
+		#### Check for double starts, Pfsense has problems with that
+		if /bin/ls /tmp/snort.sh.pid > /dev/null ; then
+
+		/usr/bin/logger -p daemon.info -i -t SnortStartup "Error: snort.sh IS running"
+		exit 0
+
+		fi
+
+		/bin/echo "snort.sh run" > /tmp/snort.sh.pid
+
+$start_snort_iface_restart
+
+		/bin/rm /tmp/snort.sh.pid
+
+		#### If on Fake start snort is NOT running DO a real start.
+		if [ "`/bin/ps -auwx | grep -v grep | grep "R $id$if_real" | awk '{print $2;}'`" = "" ]; then
+
+		rc_start_real
+
+		fi
+}
+
+rc_start_real() {
+
+		#### Check for double starts, Pfsense has problems with that
+		if /bin/ls /tmp/snort.sh.pid > /dev/null ; then
+		/usr/bin/logger -p daemon.info -i -t SnortStartup "Error: snort.sh IS running"
+		exit 0
+		fi
+
+$start_snort_iface_start
+
+		/bin/rm /tmp/snort.sh.pid
+
+}
+
+rc_stop() {
+
+		#### Check for double starts, Pfsense has problems with that
+		if /bin/ls /tmp/snort.sh.pid > /dev/null ; then
+		/usr/bin/logger -p daemon.info -i -t SnortStartup "Error: snort.sh IS running"
+		exit 0
+		fi
+
+$start_snort_iface_stop
+
+		/bin/rm /tmp/snort.sh.pid
+		/bin/rm /var/run/snort*
+
+}
+
+case $1 in
+	start)
+		rc_start
+		;;
+	start_real)
+		rc_start_real
+		;;
+	stop)
+		rc_stop
+		;;
+	restart)
+		rc_stop
+		rc_start_real
+		;;
+esac
+
+EOD;
+
+        /* write out snort.sh */
+        $bconf = fopen("/usr/local/etc/rc.d/snort.sh", "w");
+        if(!$bconf) {
+                log_error("Could not open /usr/local/etc/rc.d/snort.sh for writing.");
+                exit;
+        }
+		/* write snort.sh */
+        fwrite($bconf, $snort_sh_text);
+        fclose($bconf);
+
+}
+
+
+///////////////////////// >>>>>>>>>>>>
 
 /* if rules exist copy to new interfaces */
 function create_rules_iface()
@@ -566,16 +782,19 @@ function create_rules_iface()
 
     global $config, $g, $id, $if_real;
     conf_mount_rw();
-
-	$if_rule_dir = "/usr/local/etc/snort/snort_$id$if_real/rules";
-	$folder_chk = (count(glob("$if_rule_dir/*")) === 0) ? 'empty' : 'full';
-
-	if ($folder_chk == "empty")
+	
+	if ($id != '' || $if_real != '')
 	{
-		exec("/bin/cp -R /usr/local/etc/snort/rules /usr/local/etc/snort/snort_$id$if_real");
-		if (file_exists("/usr/local/etc/snort/custom_rules/local_$id$if_real.rules"))
+		$if_rule_dir = "/usr/local/etc/snort/snort_$id$if_real/rules";
+		$folder_chk = (count(glob("$if_rule_dir/*")) === 0) ? 'empty' : 'full';
+
+		if ($folder_chk == "empty")
 		{
-			exec("/bin/cp /usr/local/etc/snort/custom_rules/local_$id$if_real.rules /usr/local/etc/snort/snort_$id$if_real/rules/local_$id$if_real.rules");
+			exec("/bin/cp -R /usr/local/etc/snort/rules /usr/local/etc/snort/snort_$id$if_real");
+			if (file_exists("/usr/local/etc/snort/custom_rules/local_$id$if_real.rules"))
+			{
+				exec("/bin/cp /usr/local/etc/snort/custom_rules/local_$id$if_real.rules /usr/local/etc/snort/snort_$id$if_real/rules/local_$id$if_real.rules");
+			}
 		}
 	}
 }
@@ -795,6 +1014,9 @@ function generate_snort_conf()
 	global $config, $g, $if_real, $id;
 	conf_mount_rw();
 
+if ($id != '' && $if_real != '')
+{
+
 	/* obtain external interface */
 	/* XXX: make multi wan friendly */
 	$snort_ext_int = $config['installedpackages']['snortglobal']['rule'][$id]['interface'];
@@ -820,6 +1042,7 @@ function generate_snort_conf()
 			exec("/bin/mkdir -p /usr/local/etc/snort/snort_$id$if_real/rules");
 		}
 	}
+}
 	
 /* define snortalertlogtype */
 $snortalertlogtype = $config['installedpackages']['snortglobal']['snortalertlogtype'];
diff --git a/config/snort-dev/snort.xml b/config/snort-dev/snort.xml
index 6a46cf7e..6ab6ee7a 100644
--- a/config/snort-dev/snort.xml
+++ b/config/snort-dev/snort.xml
@@ -141,7 +141,7 @@
 	<additional_files_needed>
 		<prefix>/usr/local/www/snort/</prefix>
 		<chmod>077</chmod>
-		<item>http://www.pfsense.com/packages/config/snort-dev/help_and_info.php</item>
+		<item>http://www.pfsense.com/packages/config/snort-dev/help_and_info.html</item>
 	</additional_files_needed>
 	<additional_files_needed>
 		<prefix>/usr/local/www/snort/</prefix>
diff --git a/config/snort-dev/snort_interfaces.php b/config/snort-dev/snort_interfaces.php
index e5b42e4d..996ff83b 100644
--- a/config/snort-dev/snort_interfaces.php
+++ b/config/snort-dev/snort_interfaces.php
@@ -31,7 +31,7 @@
 
 require("guiconfig.inc");
 require("/usr/local/pkg/snort/snort_gui.inc");
-require("/usr/local/pkg/snort/snort.inc");
+include_once("/usr/local/pkg/snort/snort.inc");
 
 $id = $_GET['id'];
 if (isset($_POST['id']))
@@ -78,35 +78,84 @@ if (isset($_POST['del_x'])) {
     /* delete selected rules */
     if (is_array($_POST['rule']) && count($_POST['rule'])) {
 	    foreach ($_POST['rule'] as $rulei) {
-
-
-		    /* dont flood the syslog code */
-		    exec("/bin/cp /var/log/system.log /var/log/system.log.bk");
-		    exec("/bin/sh /usr/local/etc/rc.d/snort.sh stop $rulei");
-
-		    /* stop syslog flood code */		
-		    $if_real_wan_rulei = $a_nat[$rulei]['interface'];
-		    $if_real_wan_rulei2 = convert_friendly_interface_to_real_interface_name2($if_real_wan_rulei);
-		    exec("/bin/cp /var/log/system.log /var/log/snort/snort_sys_$rulei$if_real.log");
-		    exec("/usr/bin/killall syslogd");
-		    exec("/usr/sbin/clog -i -s 262144 /var/log/system.log");
-		    exec("/usr/sbin/syslogd -c -ss -f /var/etc/syslog.conf");
-		    sleep(2);
-		    exec("/bin/cp /var/log/system.log.bk /var/log/system.log");
-		    $after_mem = exec("/usr/bin/top | /usr/bin/grep Wired | /usr/bin/awk '{ print $2 }'");
-		    exec("/usr/bin/logger -p daemon.info -i -t SnortStartup 'MEM after {$rulei}{$if_real} STOP {$after_mem}'");				
-		    exec("/usr/bin/logger -p daemon.info -i -t SnortStartup 'Interface Rule removed for {$rulei}{$if_real}...'");
-
-		    unset($a_nat[$rulei]);
-
+			
+			/* convert fake interfaces to real */
+			$if_real = convert_friendly_interface_to_real_interface_name($a_nat[$rulei]['interface']);
+			
+			$snort_pid = exec("/bin/ps -auwx | grep -v grep | grep \"$if_real -c\" | awk '{print $2;}'");
+			
+			if ($snort_pid != "")
+			{
+			
+				$start_up_pre = exec("/bin/cat /var/run/snort_{$if_real}{$rulei}{$if_real}.pid");
+				$start_up_s = exec("/usr/bin/top -U snort -u | grep snort | grep {$start_up_pre} | awk '{ print $1; }'");
+				$start_up_r = exec("/usr/bin/top -U root -u | grep snort | grep {$start_up_pre} | awk '{ print $1; }'");
+					
+				$start2_upb_pre = exec("/bin/cat /var/run/barnyard2_{$rulei}{$if_real}.pid");
+				$start2_upb_s = exec("/usr/bin/top -U snort -u | grep barnyard2 | grep {$start2_upb_pre} | awk '{ print $1; }'");
+				$start2_upb_r = exec("/usr/bin/top -U root -u | grep barnyard2 | grep {$start2_upb_pre} | awk '{ print $1; }'");
+				
+					
+				if ($start_up_s != "" || $start_up_r != "" || $start2_upb_s != "" || $start2_upb_r != "")
+				{
+				
+				/* dont flood the syslog code */
+				exec("/bin/cp /var/log/system.log /var/log/system.log.bk");
+				sleep(3);
+					
+					
+					/* remove only running instances */
+					if ($start_up_s != "")
+						{
+							exec("/bin/kill {$start_up_s}");
+							exec("/bin/rm /var/run/snort_$if_real$rulei$if_real*");
+						}
+		
+					if ($start2_upb_s != "")
+						{
+							exec("/bin/kill {$start2_upb_s}");
+							exec("/bin/rm /var/run/barnyard2_$rulei$if_real*");
+						}
+		
+					if ($start_up_r != "")
+						{
+							exec("/bin/kill {$start_up_r}");
+							exec("/bin/rm /var/run/snort_$if_real$rulei$if_real*");
+						}
+		
+					if ($start2_upb_r != "")
+						{
+							exec("/bin/kill {$start2_upb_r}");
+							exec("/bin/rm /var/run/barnyard2_$rulei$if_real*");
+						}
+						
+			/* stop syslog flood code */		
+			$if_real_wan_rulei = $a_nat[$rulei]['interface'];
+			$if_real_wan_rulei2 = convert_friendly_interface_to_real_interface_name2($if_real_wan_rulei);
+			exec("/sbin/ifconfig $if_real_wan_rulei2 -promisc");
+			exec("/bin/cp /var/log/system.log /var/log/snort/snort_sys_$rulei$if_real.log");
+			exec("/usr/bin/killall syslogd");
+			exec("/usr/sbin/clog -i -s 262144 /var/log/system.log");
+			exec("/usr/sbin/syslogd -c -ss -f /var/etc/syslog.conf");
+			sleep(2);
+			exec("/bin/cp /var/log/system.log.bk /var/log/system.log");
+			$after_mem = exec("/usr/bin/top | /usr/bin/grep Wired | /usr/bin/awk '{ print $2 }'");
+			exec("/usr/bin/logger -p daemon.info -i -t SnortStartup 'MEM after {$rulei}{$if_real} STOP {$after_mem}'");				
+			exec("/usr/bin/logger -p daemon.info -i -t SnortStartup 'Interface Rule removed for {$rulei}{$if_real}...'");
+			
+				}
+			
+			}
+			
+	        unset($a_nat[$rulei]);
+			
 	    }
-
-
-
-	    conf_mount_rw();
-	    exec("/bin/rm -r /usr/local/etc/snort/snort_$rulei$if_real");
-	    exec("/bin/rm /var/log/snort/snort.u2_$rulei$if_real*");
-	    conf_mount_ro();
+		
+			conf_mount_rw();
+			exec("/bin/rm -r /usr/local/etc/snort/snort_$rulei$if_real");
+			exec("/bin/rm /usr/local/etc/rc.d/snort_$rulei$if_real.sh");
+			exec("/bin/rm /var/log/snort/snort.u2_$rulei$if_real*");
+			conf_mount_ro();
 		
 	    write_config();
 	    // touch($d_natconfdirty_path);
@@ -166,19 +215,88 @@ if ($_GET['act'] == "toggle" && $_GET['id'] != "")
 {
 
 	$if_real2 = convert_friendly_interface_to_real_interface_name($a_nat[$id]['interface']);
-	$name = "{$id}{$if_real2}";
-	$snort_pid = exec("pgrep -F /var/run/snort_{$if_real2}{$name}.pid snort");
 	
-	if ($snort_pid != "") {
-		exec("/bin/sh /usr/local/etc/rc.d/snort.sh stop $name");
+	$start_up_pre = exec("/usr/bin/top -a -U snort -u | grep -v grep | grep \"R {$id}{$if_real2}\" | awk '{print \$1;}'");
+	$start_up_s = exec("/usr/bin/top -U snort -u | grep snort | grep {$start_up_pre} | awk '{ print $1; }'");
+	$start_up_r = exec("/usr/bin/top -U root -u | grep snort | grep {$start_up_pre} | awk '{ print $1; }'");
+					
+	//$start2_upb_pre = exec("/bin/cat /var/run/barnyard2_{$id}{$if_real2}.pid");
+	//$start2_upb_s = exec("/usr/bin/top -U snort -u | grep barnyard2 | grep {$start2_upb_pre} | awk '{ print $1; }'");
+	//$start2_upb_r = exec("/usr/bin/top -U root -u | grep barnyard2 | grep {$start2_upb_pre} | awk '{ print $1; }'");
+
+
+	if ($start_up_s != "" || $start_up_r != "" || $start2_upb_s != "" || $start2_upb_r != "")
+	{
+	
+		/* stop syslog flood code */
+		//exec("/bin/cp /var/log/system.log /var/log/system.log.bk");
+		//sleep(3);	
+	
+		if ($start_up_s != "")
+		{
+			exec("/bin/kill {$start_up_s}");
+			exec("/bin/rm /var/run/snort_$if_real2$id$if_real2*");
+		}
+		
+		//if ($start2_upb_s != "")
+		//{
+			//exec("/bin/kill {$start2_upb_s}");
+			//exec("/bin/rm /var/run/barnyard2_$id$if_real2*");
+		//}
+		
+		if ($start_up_r != "")
+		{
+			exec("/bin/kill {$start_up_r}");
+			exec("/bin/rm /var/run/snort_$if_real2$id$if_real2*");
+		}
+		
+		//if ($start2_upb_r != "")
+		//{
+			//exec("/bin/kill {$start2_upb_r}");
+			//exec("/bin/rm /var/run/barnyard2_$id$if_real2*");
+		//}
+		
+					/* stop syslog flood code */
+					$if_real_wan_id = $a_nat[$id]['interface'];
+					$if_real_wan_id2 = convert_friendly_interface_to_real_interface_name2($if_real_wan_id);
+					exec("/sbin/ifconfig $if_real_wan_id2 -promisc");
+					//exec("/bin/cp /var/log/system.log /var/log/snort/snort_sys_$id$if_real2.log");
+					//exec("/usr/bin/killall syslogd");
+					//exec("/usr/sbin/clog -i -s 262144 /var/log/system.log");
+					//exec("/usr/sbin/syslogd -c -ss -f /var/etc/syslog.conf");
+					//sleep(2);
+					//exec("/bin/cp /var/log/system.log.bk /var/log/system.log");
+					//$after_mem2 = exec("/usr/bin/top | /usr/bin/grep Wired | /usr/bin/awk '{ print $2 }'");
+					//exec("/usr/bin/logger -p daemon.info -i -t SnortStartup 'MEM after {$id}{$if_real2} STOP {$after_mem2}'");
+					//exec("/usr/bin/logger -p daemon.info -i -t SnortStartup 'Interface Rule STOP for {$id}{$if_real2}...'");
+		
+
+		header( 'Expires: Sat, 26 Jul 1997 05:00:00 GMT' );
+		header( 'Last-Modified: ' . gmdate( 'D, d M Y H:i:s' ) . ' GMT' );
+		header( 'Cache-Control: no-store, no-cache, must-revalidate' );
+		header( 'Cache-Control: post-check=0, pre-check=0', false );
+		header( 'Pragma: no-cache' );
+		sleep(2);
+		header("Location: /snort/snort_interfaces.php");
+				
 	}else{
 		sync_snort_package_all();
-		exec("/bin/sh /usr/local/etc/rc.d/snort.sh start $name");
+
+		exec("/usr/local/bin/snort -u snort -g snort -R \"$id$if_real2\" -D -q -l /var/log/snort -G $id -c /usr/local/etc/snort/snort_$id$if_real2/snort.conf -i $if_real2");
+		//print_r("$id $if_real2");
+
+		header( 'Expires: Sat, 26 Jul 1997 05:00:00 GMT' );
+		header( 'Last-Modified: ' . gmdate( 'D, d M Y H:i:s' ) . ' GMT' );
+		header( 'Cache-Control: no-store, no-cache, must-revalidate' );
+		header( 'Cache-Control: post-check=0, pre-check=0', false );
+		header( 'Pragma: no-cache' );
+		sleep(2);
+		header("Location: /snort/snort_interfaces.php");
 	}
-	header("Location: snort_interfaces.php");
+
 }	
 
-$pgtitle = "Services: Snort 2.8.5.3 pkg v. 1.10 Alpha";
+$pgtitle = "Services: Snort 2.8.5.3 pkg v. 1.10 alpha";
 include("head.inc");
 
 ?>
@@ -186,6 +304,7 @@ include("head.inc");
 <?php include("fbegin.inc"); ?>
 <p class="pgtitle"><?if($pfsense_stable == 'yes'){echo $pgtitle;}?></p>
 <style type="text/css">
+
 .alert {
  position:absolute;
  top:10px;
@@ -219,6 +338,21 @@ padding: 15px 10px 50% 50px;
 	padding-top: 4px;
 	padding-bottom: 4px;
 }
+#footer2
+{
+	position: relative;
+	top: -17px;
+	background-color: #cccccc;
+	background-image: none;
+	background-repeat: repeat;
+	background-attachment: scroll;
+	background-position: 0% 0%;
+	padding-top: 0px;
+	padding-right: 0px;
+	padding-bottom: 0px;
+	padding-left: 0px;
+}
+
 </style> 
 <noscript><div class="alert" ALIGN=CENTER><img src="../themes/nervecenter/images/icons/icon_alert.gif"/><strong>Please enable JavaScript to view this content</CENTER></div></noscript>
 
@@ -237,18 +371,18 @@ padding: 15px 10px 50% 50px;
   <tr><td>
 <?php
 	$tab_array = array();
-	$tab_array[] = array("Snort Interfaces", true, "/snort/snort_interfaces.php");
+	$tab_array[] = array("Snort Inertfaces", true, "/snort/snort_interfaces.php");
 	$tab_array[] = array("Global Settings", false, "/snort/snort_interfaces_global.php");
 	$tab_array[] = array("Rule Updates", false, "/snort/snort_download_rules.php");
 	$tab_array[] = array("Alerts", false, "/snort/snort_alerts.php");
     $tab_array[] = array("Blocked", false, "/snort/snort_blocked.php");
-	$tab_array[] = array("Whitelists", false, "/pkg.php?xml=/snort_whitelist.xml");
+	$tab_array[] = array("Whitelists", false, "/pkg.php?xml=/snort/snort_whitelist.xml");
 	$tab_array[] = array("Help & Info", false, "/snort/snort_help_info.php");
 	display_top_tabs($tab_array);
 ?>
  </td></tr>
-	<tr>
-	<td>
+  <tr>
+    <td>
 	<div id="mainarea">
               <table class="tabcont" width="100%" border="0" cellpadding="0" cellspacing="0">
                 <tr id="frheader">
@@ -264,30 +398,47 @@ padding: 15px 10px 50% 50px;
                     <table border="0" cellspacing="0" cellpadding="1">
                       <tr>
 			<td width="17"></td>
-					<td><a href="snort_interfaces_edit.php"><img src="../themes/<?= $g['theme']; ?>/images/icons/icon_plus.gif" width="17" height="17" border="0"></a></td>
-					</tr>
+                        <td><a href="snort_interfaces_edit.php"><img src="../themes/<?= $g['theme']; ?>/images/icons/icon_plus.gif" width="17" height="17" border="0"></a></td>
+                      </tr>
                     </table>
 		  </td>
 		</tr>
 	<?php $nnats = $i = 0; foreach ($a_nat as $natent): ?>
                 <tr valign="top" id="fr<?=$nnats;?>">
-					<?php	
+					<?php
+
 					/* convert fake interfaces to real and check if iface is up */
+					/* There has to be a smarter way to do this */
 					$if_real = convert_friendly_interface_to_real_interface_name($natent['interface']);
 
-					$snort_pid = exec("pgrep -F /var/run/snort_{$if_real}{$nnats}{$if_real}.pid snort");
-					if ($snort_pid) {
+					$color_up_ck = exec("/bin/ps -auwx | /usr/bin/grep -v grep | /usr/bin/grep snort | /usr/bin/awk '{print \$2;}' | sed 1q");
+					
+					if ($color_up_ck == "")
+					{
+						$iconfn = "pass";
+						$class_color_up = "listbg";
+					}
+
+					if ($color_up_ck != "")
+					{	
+					//$color_up_pre = exec("/bin/cat /var/run/snort_{$if_real}{$nnats}{$if_real}.pid");
+					$color_up_pre = exec("/usr/bin/top -a -U snort -u | grep -v grep | grep \"R $nnats$if_real\" | awk '{print \$1;}'");
+
+					//  /bin/ps -auwx | grep -v grep | grep "$id$if_real -c" | awk '{print $2;}'
+					$color_up_s = exec("/usr/bin/top -U snort -u | grep snort | grep {$color_up_pre} | /usr/bin/awk '{print \$1;}'");
+					$color_up_r = exec("/usr/bin/top -U root -u | grep snort | grep {$color_up_pre} | /usr/bin/awk '{print \$1;}'");
+					if ($color_up_s != "" || $color_up_r != "") {
 						$class_color_up = "listbg2";
 						$iconfn = "block";
 					}else{
 						$class_color_up = "listbg";
 						$iconfn = "pass";
 					}
-					
+					}
 					
 					?>
-                  <td class="listt" width="5%><a href="?act=toggle&id=<?=$i;?>"><img src="../themes/<?= $g['theme']; ?>/images/icons/icon_<?=$iconfn;?>.gif" width="13" height="13" border="0" title="click to toggle start/stop snort"></a><input type="checkbox" id="frc<?=$nnats;?>" name="rule[]" value="<?=$i;?>" onClick="fr_bgcolor('<?=$nnats;?>')" style="margin: 0; padding: 0;"></td>
-                  <td class="listt" align="center"></td>
+                  <td class="listt"><a href="?act=toggle&id=<?=$i;?>"><img src="../themes/<?= $g['theme']; ?>/images/icons/icon_<?=$iconfn;?>.gif" width="13" height="13" border="0" title="click to toggle start/stop snort"></a><input type="checkbox" id="frc<?=$nnats;?>" name="rule[]" value="<?=$i;?>" onClick="fr_bgcolor('<?=$nnats;?>')" style="margin: 0; padding: 0; width: 7px; height: 7px;"></td>
+                 <td class="listt" align="center"></td>
                   <td class="<?=$class_color_up;?>" onClick="fr_toggle(<?=$nnats;?>)" id="frd<?=$nnats;?>" ondblclick="document.location='snort_interfaces_edit.php?id=<?=$nnats;?>';">
 		    <?php
 			if (!$natent['interface'] || ($natent['interface'] == "wan"))
@@ -339,8 +490,11 @@ padding: 15px 10px 50% 50px;
                   </td>
 				  <?php
 				 				  
-					$byard_pid = exec("pgrep -F /var/run/barnyard2_{$nnats}{$if_real}.pid barnyard2");
-					if ($byard_pid) {
+					$color2_udp_pre = exec("/bin/cat /var/run/barnyard2_{$nnats}{$if_real}.pid");
+					
+					$color2_upb_s = exec("/usr/bin/top -U snort -u | grep barnyard2 | grep {$color2_udp_pre}");
+					$color2_upb_r = exec("/usr/bin/top -U root -u | grep barnyard2 | grep {$color2_udp_pre}");
+					if ($color2_upb_s != "" || $color2_upb_r != "") {
 						$class_color_upb = "listbg2";
 					}else{
 						$class_color_upb = "listbg";
@@ -391,15 +545,15 @@ padding: 15px 10px 50% 50px;
   <table class="tabcont" width="100%" border="0" cellpadding="0" cellspacing="0">
 	  <td width="100%"><span class="vexpl"><span class="red"><strong>Note:</strong></span>
 	  <br>
-		 This is the <strong>Snort Menu</strong>, displaying an overview of all interface settings.
+		 This is the <strong>Snort Menu</strong> where you can see an over view of all your interface settings.
 		 <br>
-		 Please edit the <strong>Global Settings</strong> tab before adding an interface.
+		 Please edit the <strong>Global Settings</strong> tab befor adding an interface.
 		 <br><br>
-		 <strong>Click</strong> on the <img src="../themes/<?= $g['theme']; ?>/images/icons/icon_plus.gif" width="17" height="17" border="0" title="Add Icon"> icon to add an interface.&nbsp&nbsp&nbsp&nbsp&nbsp&nbsp&nbsp&nbsp&nbsp&nbsp&nbsp&nbsp&nbsp&nbsp&nbsp&nbsp&nbsp&nbsp&nbsp&nbsp&nbsp&nbsp&nbsp&nbsp&nbsp&nbsp&nbsp<strong>Click</strong> on the <img src="../themes/<?= $g['theme']; ?>/images/icons/icon_pass.gif" width="13" height="13" border="0" title="Start Icon"> icon to <strong>start</strong> snort and barnyard.
+		 <strong>Click</strong> on the <img src="../themes/<?= $g['theme']; ?>/images/icons/icon_plus.gif" width="17" height="17" border="0" title="Add Icon"> icon to add a interface.&nbsp&nbsp&nbsp&nbsp&nbsp&nbsp&nbsp&nbsp&nbsp&nbsp&nbsp&nbsp&nbsp&nbsp&nbsp&nbsp&nbsp&nbsp&nbsp&nbsp&nbsp&nbsp&nbsp&nbsp&nbsp&nbsp&nbsp<strong>Click</strong> on the <img src="../themes/<?= $g['theme']; ?>/images/icons/icon_pass.gif" width="13" height="13" border="0" title="Start Icon"> icon to <strong>start</strong> snort and barnyard.
 		 <br>
-		 <strong>Click</strong> on the <img src="../themes/<?= $g['theme']; ?>/images/icons/icon_e.gif" width="17" height="17" border="0" title="Edit Icon"> icon to edit an interface and settings.&nbsp&nbsp&nbsp&nbsp&nbsp&nbsp<strong>Click</strong> on the <img src="../themes/<?= $g['theme']; ?>/images/icons/icon_block.gif" width="13" height="13" border="0" title="Stop Icon"> icon to <strong>stop</strong> snort and barnyard.
+		 <strong>Click</strong> on the <img src="../themes/<?= $g['theme']; ?>/images/icons/icon_e.gif" width="17" height="17" border="0" title="Edit Icon"> icon to edit a interface and settings.&nbsp&nbsp&nbsp&nbsp&nbsp&nbsp<strong>Click</strong> on the <img src="../themes/<?= $g['theme']; ?>/images/icons/icon_block.gif" width="13" height="13" border="0" title="Stop Icon"> icon to <strong>stop</strong> snort and barnyard.
 		 <br>
-		<strong> Click</strong> on the <img src="../themes/<?= $g['theme']; ?>/images/icons/icon_x.gif" width="17" height="17" border="0" title="Delete Icon"> icon to delete an interface and settings.
+		<strong> Click</strong> on the <img src="../themes/<?= $g['theme']; ?>/images/icons/icon_x.gif" width="17" height="17" border="0" title="Delete Icon"> icon to delete a interface and settings.
 </td>
     </table>
  
@@ -410,6 +564,24 @@ if ($pkg['tabs'] <> "") {
 ?>
 
 </form>
-<?php include("fend.inc"); ?>
+</div> <!-- Right DIV -->
+</div> <!-- Content DIV -->
+
+	<div id="footer2">
+		<IMG SRC="./images/footer2.jpg" width="780px" height="35" ALT="Apps">
+			<font size="1">Snort® is a registered trademark of Sourcefire, Inc., Barnyard2® is a registered trademark of securixlive.com., Orion® copyright Robert Zelaya., 
+			Emergingthreats is a registered trademark of emergingthreats.net., Mysql® is a registered trademark of Mysql.com.</font>
+	</div>
+
+        <div id="footer">
+			<a target="_blank" href="http://www.pfsense.org/?gui12" class="redlnk">pfSense</a> is &copy;
+			 2004 - 2009 by <a href="http://www.bsdperimeter.com" class="tblnk">BSD Perimeter LLC</a>. All Rights Reserved.
+			[<a href="/license.php" class="tblnk">view license</a>] 
+			<br/>
+			[<a target="_blank" href="https://portal.pfsense.org/?guilead=true" class="tblnk">Commercial Support Available</a>]
+		</div> <!-- Footer DIV -->
+
+</div> <!-- Wrapper Div -->
+<script type="text/javascript" src="/themes/nervecenter/bottom-loader.js"></script>
 </body>
 </html>
diff --git a/config/snort-dev/snort_interfaces_edit.php b/config/snort-dev/snort_interfaces_edit.php
index 9d2301f0..6bdb0dc7 100644
--- a/config/snort-dev/snort_interfaces_edit.php
+++ b/config/snort-dev/snort_interfaces_edit.php
@@ -121,7 +121,7 @@ if (isset($_GET['dup']))
 /* convert fake interfaces to real */
 $if_real = convert_friendly_interface_to_real_interface_name($pconfig['interface']);
 
-if ($_POST["Submit"]) {
+if ($_POST['Submit']) {
 
 	/* input validation */
 //	if(strtoupper($_POST['proto']) == "TCP" or strtoupper($_POST['proto']) == "UDP" or strtoupper($_POST['proto']) == "TCP/UDP") {
@@ -277,24 +277,29 @@ if ($_POST["Submit"]) {
 		write_config();
 		// stop_service("snort");
 
-		if ($pconfig['interface'] != "") {
+		if ($pconfig['interface'] != '' && $id != '') {
 		sync_snort_package_all();
+
 		}
 		
-		if ($pconfig['interface'] != "") {		
+		if ($pconfig['interface'] != '' && $id != '') {
 		header("Location: /snort/snort_interfaces_edit.php?id=$id");
 		}else{
 		touch($d_natconfdirty_path);
 		header("Location: /snort/snort_interfaces.php");
+		
 		}
 		exit;
 	}
 }
 
 		if ($_POST["Submit2"]) {
-		sync_snort_package_all();
+			if ($id != '')
+			{
+			sync_snort_package_all();
+			}
 		sleep(1);
-		exec("/bin/sh /usr/local/etc/rc.d/snort.sh restart {$id}{$if_real}");
+		exec("/bin/sh /usr/local/etc/rc.d/snort.sh start {$id}{$if_real}");
 		header("Location: /snort/snort_interfaces_edit.php?id=$id");
 		exit;
 		}