aboutsummaryrefslogtreecommitdiffstats
path: root/packages/snort
diff options
context:
space:
mode:
authorScott Ullrich <sullrich@pfsense.org>2006-10-08 19:31:15 +0000
committerScott Ullrich <sullrich@pfsense.org>2006-10-08 19:31:15 +0000
commit133346ae0c1ee2a801d5b7ebbe0a91e061587104 (patch)
treea45d7ae7a74885151d841a2b31fca347ebd267dd /packages/snort
parent1988f622fb02b2f71eaa4f3013f77dc9677cff6d (diff)
downloadpfsense-packages-133346ae0c1ee2a801d5b7ebbe0a91e061587104.tar.gz
pfsense-packages-133346ae0c1ee2a801d5b7ebbe0a91e061587104.tar.bz2
pfsense-packages-133346ae0c1ee2a801d5b7ebbe0a91e061587104.zip
* Add snort advanced tab that allows tuning of bpf values
* Remove hard coded BPF assumptions
Diffstat (limited to 'packages/snort')
-rw-r--r--packages/snort/snort.inc22
-rw-r--r--packages/snort/snort.xml5
-rw-r--r--packages/snort/snort_advanced.xml60
-rw-r--r--packages/snort/snort_alerts.php1
-rw-r--r--packages/snort/snort_blocked.php1
-rw-r--r--packages/snort/snort_download_rules.php1
-rw-r--r--packages/snort/snort_rulesets.php3
-rw-r--r--packages/snort/snort_whitelist.xml6
8 files changed, 93 insertions, 6 deletions
diff --git a/packages/snort/snort.inc b/packages/snort/snort.inc
index 88fef66a..6119d4c8 100644
--- a/packages/snort/snort.inc
+++ b/packages/snort/snort.inc
@@ -44,6 +44,12 @@ function sync_package_snort_reinstall() {
function sync_package_snort() {
global $config, $g;
+
+ /* snort -> advanced features */
+ $bpfbufsize = $config['installedpackages']['snort']['config'][0]['bpfbufsize'];
+ $bpfmaxbufsize = $config['installedpackages']['snort']['config'][0]['bpfmaxbufsize'];
+ $bpfmaxinsns = $config['installedpackages']['snort']['config'][0]['bpfmaxinsns'];
+
conf_mount_rw();
/* create a few directories and ensure the sample files are in place */
exec("/bin/mkdir -p /usr/local/etc/snort");
@@ -77,6 +83,14 @@ function sync_package_snort() {
/* create log directory */
$start = "/bin/mkdir -p /var/log/snort";
+ /* snort advanced features - bpf tuning */
+ if($bpfbufsize)
+ $start .= ";sysctl net.bpf.bufsize={$bpfbufsize}";
+ if($bpfmaxbufsize)
+ $start .= ";sysctl net.bpf.maxbufsize={$bpfmaxbufsize}";
+ if($bpfmaxinsns)
+ $start .= ";sysctl net.bpf.maxinsns={$bpfmaxinsns}";
+
/* start snort */
$start .= ";snort -c /usr/local/etc/snort/snort.conf -l /var/log/snort {$ifaces_final} -A full -D";
@@ -140,10 +154,6 @@ function generate_snort_conf() {
add_text_to_file($filenamea, $text_ww);
exec("killall -HUP cron");
- /* increase bpf buffers to 20480, 5 times the normal 4096 */
- add_text_to_file("/etc/sysctl.conf", "net.bpf.bufsize=20480");
- exec("/sbin/sysctl net.bpf.bufsize=20480");
-
/* should we install a automatic update crontab entry? */
$automaticrulesupdate = $config['installedpackages']['snort']['config'][0]['automaticrulesupdate'];
@@ -550,5 +560,9 @@ function write_snort_config_cache($snort_config) {
return true;
}
+function snort_advanced() {
+ global $g, $config;
+
+}
?> \ No newline at end of file
diff --git a/packages/snort/snort.xml b/packages/snort/snort.xml
index d081dca1..75c7b744 100644
--- a/packages/snort/snort.xml
+++ b/packages/snort/snort.xml
@@ -59,6 +59,11 @@
<chmod>077</chmod>
<item>http://www.pfsense.com/packages/config/snort/snort_xmlrpc_sync.php</item>
</additional_files_needed>
+ <additional_files_needed>
+ <prefix>/usr/local/www/</prefix>
+ <chmod>077</chmod>
+ <item>http://www.pfsense.com/packages/config/snort/snort_advanced.php</item>
+ </additional_files_needed>
<service>
<name>snort</name>
<rcfile>snort.sh</rcfile>
diff --git a/packages/snort/snort_advanced.xml b/packages/snort/snort_advanced.xml
new file mode 100644
index 00000000..b6c4603d
--- /dev/null
+++ b/packages/snort/snort_advanced.xml
@@ -0,0 +1,60 @@
+<?xml version="1.0" encoding="utf-8" ?>
+<packagegui>
+ <title>Services: Snort Advanced</title>
+ <name>Snort</name>
+ <include_file>/usr/local/pkg/snort.inc</include_file>
+ <tabs>
+ <tab>
+ <text>Snort Settings</text>
+ <url>/pkg_edit.php?xml=snort.xml&amp;id=0</url>
+ </tab>
+ <tab>
+ <text>Update Snort Rules</text>
+ <url>/snort_download_rules.php</url>
+ </tab>
+ <tab>
+ <text>Snort Rulesets</text>
+ <url>/snort_rulesets.php</url>
+ </tab>
+ <tab>
+ <text>Snort Blocked</text>
+ <url>/snort_blocked.php</url>
+ </tab>
+ <tab>
+ <text>Snort Whitelist</text>
+ <url>/pkg.php?xml=snort_whitelist.xml</url>
+ </tab>
+ <tab>
+ <text>Snort Alerts</text>
+ <url>/snort_alerts.php</url>
+ </tab>
+ <tab>
+ <text>Snort Advanced</text>
+ <url>/pkg_edit.php?xml=snort_advanced.xml&id=0</url>
+ <active/>
+ </tab>
+ </tabs>
+ <fields>
+ <field>
+ <fielddescr>BPF Buffer size</fielddescr>
+ <fieldname>bpfbufsize</fieldname>
+ <description>Changing this option adjusts the system BPF buffer size. Leave blank if you do not know what this does.</description>
+ <type>checkbox</type>
+ </field>
+ <field>
+ <fielddescr>Maximum BPF buffer size</fielddescr>
+ <fieldname>bpfmaxbufsize</fieldname>
+ <description>Changing this option adjusts the system maximum BPF buffer size. Leave blank if you do not know what this does.</description>
+ <type>checkbox</type>
+ </field>
+ <field>
+ <fielddescr>Maximum BPF inserts</fielddescr>
+ <fieldname>bpfmaxinsns</fieldname>
+ <description>Changing this option adjusts the system maximum BPF insert size. Leave blank if you do not know what this does.</description>
+ <type>checkbox</type>
+ </field>
+ </fields>
+ <custom_php_deinstall_command>
+ snort_advanced();
+ </custom_php_deinstall_command>
+</packagegui>
diff --git a/packages/snort/snort_alerts.php b/packages/snort/snort_alerts.php
index dfa20b68..ca3c8bdd 100644
--- a/packages/snort/snort_alerts.php
+++ b/packages/snort/snort_alerts.php
@@ -67,6 +67,7 @@ include("head.inc");
$tab_array[] = array(gettext("Snort Blocked"), false, "/snort_blocked.php");
$tab_array[] = array(gettext("Snort Whitelist"), false, "/pkg.php?xml=snort_whitelist.xml");
$tab_array[] = array(gettext("Snort Alerts"), true, "/snort_alerts.php");
+ $tab_array[] = array(gettext("Snort Advanced"), false, "/pkg_edit.php?xml=snort_advanced.xml&id=0");
display_top_tabs($tab_array);
?>
</td></tr>
diff --git a/packages/snort/snort_blocked.php b/packages/snort/snort_blocked.php
index 67bd1f90..bab607ba 100644
--- a/packages/snort/snort_blocked.php
+++ b/packages/snort/snort_blocked.php
@@ -63,6 +63,7 @@ include("head.inc");
$tab_array[] = array(gettext("Snort Blocked"), true, "/snort_blocked.php");
$tab_array[] = array(gettext("Snort Whitelist"), false, "/pkg.php?xml=snort_whitelist.xml");
$tab_array[] = array(gettext("Snort Alerts"), false, "/snort_alerts.php");
+ $tab_array[] = array(gettext("Snort Advanced"), false, "/pkg_edit.php?xml=snort_advanced.xml&id=0");
display_top_tabs($tab_array);
?>
</td>
diff --git a/packages/snort/snort_download_rules.php b/packages/snort/snort_download_rules.php
index 872bafe9..ae2ba540 100644
--- a/packages/snort/snort_download_rules.php
+++ b/packages/snort/snort_download_rules.php
@@ -75,6 +75,7 @@ include("head.inc");
$tab_array[] = array(gettext("Snort Blocked"), false, "/snort_blocked.php");
$tab_array[] = array(gettext("Snort Whitelist"), false, "/pkg.php?xml=snort_whitelist.xml");
$tab_array[] = array(gettext("Snort Alerts"), false, "/snort_alerts.php");
+ $tab_array[] = array(gettext("Snort Advanced"), false, "/pkg_edit.php?xml=snort_advanced.xml&id=0");
display_top_tabs($tab_array);
?>
</td>
diff --git a/packages/snort/snort_rulesets.php b/packages/snort/snort_rulesets.php
index 9950c96b..3d14dce6 100644
--- a/packages/snort/snort_rulesets.php
+++ b/packages/snort/snort_rulesets.php
@@ -27,7 +27,7 @@
POSSIBILITY OF SUCH DAMAGE.
*/
-if(!is_dir("/usr/local/etc/snort/rules"))
+if(!is_dir("/usr/local/etc/snort/rules"))
Header("Location: snort_download_rules.php");
require("guiconfig.inc");
@@ -81,6 +81,7 @@ include("head.inc");
$tab_array[] = array(gettext("Snort Blocked"), false, "/snort_blocked.php");
$tab_array[] = array(gettext("Snort Whitelist"), false, "/pkg.php?xml=snort_whitelist.xml");
$tab_array[] = array(gettext("Snort Alerts"), false, "/snort_alerts.php");
+ $tab_array[] = array(gettext("Snort Advanced"), false, "/pkg_edit.php?xml=snort_advanced.xml&id=0");
display_top_tabs($tab_array);
?>
</td>
diff --git a/packages/snort/snort_whitelist.xml b/packages/snort/snort_whitelist.xml
index 902bf299..1e820722 100644
--- a/packages/snort/snort_whitelist.xml
+++ b/packages/snort/snort_whitelist.xml
@@ -30,7 +30,11 @@
<tab>
<text>Snort Alerts</text>
<url>/snort_alerts.php</url>
- </tab>
+ </tab>
+ <tab>
+ <text>Snort Advanced</text>
+ <url>/pkg_edit.php?xml=snort_advanced.xml&id=0</url>
+ </tab>
</tabs>
<adddeleteeditpagefields>
<columnitem>