Add XMLRPC sync option which will automatically sync Snort configuration to CARP cluster members

2 files changed, 119 insertions, 1 deletions

diff --git a/packages/snort/snort.xml b/packages/snort/snort.xml
index 0248d087..2046b8e3 100644
--- a/packages/snort/snort.xml
+++ b/packages/snort/snort.xml
@@ -54,6 +54,11 @@
 		<chmod>077</chmod>
 		<item>http://www.pfsense.com/packages/config/snort/snort_dynamic_ip_reload.php</item>
 	</additional_files_needed>
+	<additional_files_needed>
+		<prefix>/usr/local/pkg/pf/</prefix>
+		<chmod>077</chmod>
+		<item>http://www.pfsense.com/packages/config/snort/snort_xmlrpc_sync.php</item>
+	</additional_files_needed>
 	<service>
 		<name>snort</name>
 		<rcfile>snort.sh</rcfile>
@@ -123,7 +128,6 @@
 					<value>ac-sparsebands</value>
 					<name>ac-sparsebands</name>
 				</option>
-
 				<option>
 					<value>mwm</value>
 					<name>mwm</name>
@@ -161,6 +165,12 @@
 			<description>Checking this option will install whitelists for all VPNs</description>
 			<type>checkbox</type>
 		</field>
+		<field>
+			<fielddescr>Sync Snort config to secondary cluster members</fielddescr>
+			<fieldname>syncxmlrpc</fieldname>
+			<description>Checking this option will automatically sync the snort configuration via XMLRPC to CARP cluster members.</description>
+			<type>checkbox</type>
+		</field>
     </fields>
     <custom_php_install_command>
 		sync_package_snort_reinstall();
diff --git a/packages/snort/snort_xmlrpc_sync.php b/packages/snort/snort_xmlrpc_sync.php
new file mode 100644
index 00000000..89a7065d
--- /dev/null
+++ b/packages/snort/snort_xmlrpc_sync.php
@@ -0,0 +1,108 @@
+<?php
+
+/* $Id$ */
+/*
+	snort_xmlrpc_sync.php
+	Copyright (C) 2006 Scott Ullrich
+	All rights reserved.
+
+	Redistribution and use in source and binary forms, with or without
+	modification, are permitted provided that the following conditions are met:
+
+	1. Redistributions of source code must retain the above copyright notice,
+	   this list of conditions and the following disclaimer.
+
+	2. Redistributions in binary form must reproduce the above copyright
+	   notice, this list of conditions and the following disclaimer in the
+	   documentation and/or other materials provided with the distribution.
+
+	THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
+	INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+	AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+	AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
+	OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+	SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+	INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+	CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+	ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+	POSSIBILITY OF SUCH DAMAGE.
+*/
+
+/* NOTE: this file gets included from the pfSense filter.inc plugin process */
+
+require_once("/usr/local/pkg/snort.inc");
+require_once("service-utils.inc");
+
+if(!$config) {
+ 	log_error("\$config is not enabled!!");
+} else {
+	if(!$g['booting'])
+		snort_do_xmlrpc_sync();
+}
+
+function snort_do_xmlrpc_sync() {
+	global $config, $g;
+	$syncxmlrpc = $config['installedpackages']['snort']['config'][0]['syncxmlrpc'];
+	/* option enabled? */
+	if(!$syncxmlrpc)
+		return;
+
+	$carp = &$config['installedpackages']['carpsettings']['config'][0];
+	$password = $carp['password'];
+
+	log_error("[SNORT] snort_xmlrpc_sync.php is starting.");
+	$xmlrpc_sync_neighbor = $carp['synchronizetoip'];
+    if($config['system']['webgui']['protocol'] != "") {
+		$synchronizetoip = $config['system']['webgui']['protocol'];
+		$synchronizetoip .= "://";
+    }
+    $port = $config['system']['webgui']['port'];
+    /* if port is empty lets rely on the protocol selection */
+    if($port == "") {
+		if($config['system']['webgui']['protocol'] == "http") {
+			$port = "80";
+		} else {
+			$port = "443";
+		}
+    }
+	$synchronizetoip .= $carp['synchronizetoip'];
+
+	/* xml will hold the sections to sync */
+	$xml = array();
+	$xml['installedpackages']['snort'] = &$config['installedpackages']['snort'];
+	$xml['installedpackages']['snortwhitelist'] = &$config['installedpackages']['snortwhitelist'];
+
+	/* assemble xmlrpc payload */
+	$params = array(
+		XML_RPC_encode($password),
+		XML_RPC_encode($xml)
+	);
+
+	/* set a few variables needed for sync code borrowed from filter.inc */
+	$url = $synchronizetoip;
+	$method = 'pfsense.restore_config_section';
+
+	/* Sync! */
+	log_error("Beginning Snort XMLRPC sync to {$url}:{$port}.");
+	$msg = new XML_RPC_Message($method, $params);
+	$cli = new XML_RPC_Client('/xmlrpc.php', $url, $port);
+	$cli->setCredentials('admin', $password);
+	if($g['debug'])
+		$cli->setDebug(1);
+	/* send our XMLRPC message and timeout after 240 seconds */
+	$resp = $cli->send($msg, "999");
+	if(!$resp) {
+		$error = "A communications error occured while attempting Snort XMLRPC sync with {$url}:{$port}.";
+		log_error($error);
+		file_notice("sync_settings", $error, "Snort Settings Sync", "");
+	} elseif($resp->faultCode()) {
+		$error = "An error code was received while attempting Snort XMLRPC sync with {$url}:{$port} - Code " . $resp->faultCode() . ": " . $resp->faultString();
+		log_error($error);
+		file_notice("sync_settings", $error, "Snort Settings Sync", "");
+	} else {
+		log_error("Snort XMLRPC sync successfully completed with {$url}:{$port}.");
+	}
+	log_error("[SNORT] snort_xmlrpc_sync.php is ending.");
+}
+
+?>
\ No newline at end of file