diff options
-rwxr-xr-x | config/snort/snort_check_for_rule_updates.php | 91 | ||||
-rwxr-xr-x | config/snort/snort_download_updates.php | 15 |
2 files changed, 67 insertions, 39 deletions
diff --git a/config/snort/snort_check_for_rule_updates.php b/config/snort/snort_check_for_rule_updates.php index 2b60b6ce..c40d6ff4 100755 --- a/config/snort/snort_check_for_rule_updates.php +++ b/config/snort/snort_check_for_rule_updates.php @@ -33,13 +33,33 @@ require_once("functions.inc"); require_once("service-utils.inc"); require_once "/usr/local/pkg/snort/snort.inc"; -global $snort_gui_include, $vrt_enabled, $et_enabled, $rebuild_rules, $snort_rules_upd_log; -global $protect_preproc_rules, $is_postinstall, $snort_community_rules_filename; -global $snort_community_rules_url, $snort_rules_file, $emergingthreats_filename, $g, $pkg_interface; +global $g, $pkg_interface, $snort_gui_include, $rebuild_rules; + + +if (!defined("VRT_DNLD_FILENAME")) + define("VRT_DNLD_FILENAME", "snortrules-snapshot-2946.tar.gz"); +if (!defined("VRT_DNLD_URL")) + define("VRT_DNLD_URL", "https://www.snort.org/reg-rules/"); +if (!defined("ET_VERSION")) + define("ET_VERSION", "2.9.0"); +if (!defined("ET_DNLD_FILENAME")) + define("ET_DNLD_FILENAME", "emerging.rules.tar.gz"); +if (!defined("GPLV2_DNLD_FILENAME")) + define("GPLV2_DNLD_FILENAME", "community-rules.tar.gz"); +if (!defined("GPLV2_DNLD_URL")) + define("GPLV2_DNLD_URL", "https://s3.amazonaws.com/snort-org/www/rules/community/"); +if (!defined("FLOWBITS_FILENAME")) + define("FLOWBITS_FILENAME", "flowbit-required.rules"); +if (!defined("ENFORCING_RULES_FILENAME")) + define("ENFORCING_RULES_FILENAME", "snort.rules"); +if (!defined("RULES_UPD_LOGFILE")) + define("RULES_UPD_LOGFILE", SNORTLOGDIR . "/snort_rules_update.log"); + $snortdir = SNORTDIR; $snortlibdir = SNORTLIBDIR; $snortlogdir = SNORTLOGDIR; +$snort_rules_upd_log = RULES_UPD_LOGFILE; /* Save the state of $pkg_interface so we can restore it */ $pkg_interface_orig = $pkg_interface; @@ -56,21 +76,23 @@ $snortcommunityrules = $config['installedpackages']['snortglobal']['snortcommuni $vrt_enabled = $config['installedpackages']['snortglobal']['snortdownload']; $et_enabled = $config['installedpackages']['snortglobal']['emergingthreats']; -/* Directory where we download rule tarballs */ +/* Working directory for downloaded rules tarballs */ $tmpfname = "{$snortdir}/tmp/snort_rules_up"; -/* Snort VRT rules files and URL */ -$snort_filename_md5 = "{$snort_rules_file}.md5"; -$snort_filename = "{$snort_rules_file}"; -//$snort_rule_url = "http://www.snort.org/pub-bin/oinkmaster.cgi/{$oinkid}/"; -/* Use current Sourcefire VRT download URL and abandon the old CGI one */ -$snort_rule_url = "https://www.snort.org/reg-rules/"; +/* Snort VRT rules filenames and URL */ +$snort_filename = VRT_DNLD_FILENAME; +$snort_filename_md5 = VRT_DNLD_FILENAME . ".md5"; +$snort_rule_url = VRT_DNLD_URL; -/* Emerging Threats rules MD5 file */ -$emergingthreats_filename_md5 = "{$emergingthreats_filename}.md5"; +/* Emerging Threats rules filenames and URL */ +$emergingthreats_filename = ET_DNLD_FILENAME; +$emergingthreats_filename_md5 = ET_DNLD_FILENAME . ".md5"; +$emerging_threats_version = ET_VERSION; -/* Snort GPLv2 Community Rules MD5 file */ -$snort_community_rules_filename_md5 = "{$snort_community_rules_filename}.md5"; +/* Snort GPLv2 Community Rules filenames and URL */ +$snort_community_rules_filename = GPLV2_DNLD_FILENAME; +$snort_community_rules_filename_md5 = GPLV2_DNLD_FILENAME . ".md5"; +$snort_community_rules_url = GPLV2_DNLD_URL; /* Custom function for rules file download via URL */ function snort_download_file_url($url, $file_out) { @@ -80,10 +102,11 @@ function snort_download_file_url($url, $file_out) { /* by $url using the CURL library functions and */ /* saves the content to the file specified by */ /* $file. */ - /* */ + /* */ + /* It provides logging of returned CURL errors. */ /************************************************/ - global $g, $config, $pkg_interface, $last_curl_error; + global $g, $config, $pkg_interface, $last_curl_error, $fout, $ch, $file_size, $downloaded; /* Array of message strings for HTTP Response Codes */ $http_resp_msg = array( 200 => "OK", 202 => "Accepted", 204 => "No Content", 205 => "Reset Content", @@ -97,19 +120,21 @@ function snort_download_file_url($url, $file_out) { $last_curl_error = ""; - /* If not in console mode, use the built-in progress-bar function */ - if ($pkg_interface <> "console") - return download_file_with_progress_bar($url, $file_out); - - /* Otherwise, use our custom function with no output */ - /* (Note: required to suppress errors from XMLRPC) */ - $fp = fopen($file_out, "wb"); - if ($fp) { + $fout = fopen($file_out, "wb"); + if ($fout) { $ch = curl_init($url); if (!$ch) return false; - curl_setopt($ch, CURLOPT_FILE, $fp); - curl_setopt($ch, CURLOPT_HEADER, false); + curl_setopt($ch, CURLOPT_FILE, $fout); + + /* NOTE: required to suppress errors from XMLRPC due to progress bar output */ + if ($g['snort_sync_in_progress']) + curl_setopt($ch, CURLOPT_HEADER, false); + else { + curl_setopt($ch, CURLOPT_HEADERFUNCTION, 'read_header'); + curl_setopt($ch, CURLOPT_WRITEFUNCTION, 'read_body'); + } + curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true); curl_setopt($ch, CURLOPT_USERAGENT, "Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Win64; x64; Trident/6.0)"); /* Don't verify SSL peers since we don't have the certificates to do so. */ @@ -134,7 +159,7 @@ function snort_download_file_url($url, $file_out) { if (isset($http_resp_msg[$http_code])) $last_curl_error = $http_resp_msg[$http_code]; curl_close($ch); - fclose($fp); + fclose($fout); /* If we had to try more than once, log it */ if ($counter > 1) log_error(gettext("File '" . basename($file_out) . "' download attempts: {$counter} ...")); @@ -417,9 +442,9 @@ if ($emergingthreats == "on") { /* If using Sourcefire VRT rules with ET, then we should use the open-nogpl ET rules. */ if ($vrt_enabled == "on") - $rc = snort_download_file_url("http://rules.emergingthreats.net/open-nogpl/snort-{$emerging_threats_version}/emerging.rules.tar.gz", "{$tmpfname}/{$emergingthreats_filename}"); + $rc = snort_download_file_url("http://rules.emergingthreats.net/open-nogpl/snort-{$emerging_threats_version}/{$emergingthreats_filename}", "{$tmpfname}/{$emergingthreats_filename}"); else - $rc = snort_download_file_url("http://rules.emergingthreats.net/open/snort-{$emerging_threats_version}/emerging.rules.tar.gz", "{$tmpfname}/{$emergingthreats_filename}"); + $rc = snort_download_file_url("http://rules.emergingthreats.net/open/snort-{$emerging_threats_version}/{$emergingthreats_filename}", "{$tmpfname}/{$emergingthreats_filename}"); /* Test for a valid rules file download. Turn off ET update if download failed. */ if ($rc === true) { @@ -675,10 +700,10 @@ if ($snortdownload == 'on' || $emergingthreats == 'on' || $snortcommunityrules = /* Set the flag to force rule rebuilds since we downloaded new rules, */ /* except when in post-install mode. Post-install does its own rebuild. */ - if ($is_postinstall) - $rebuild_rules = 'off'; + if ($g['snort_postinstall']) + $rebuild_rules = false; else - $rebuild_rules = 'on'; + $rebuild_rules = true; /* Create configuration for each active Snort interface */ foreach ($config['installedpackages']['snortglobal']['rule'] as $id => $value) { @@ -708,7 +733,7 @@ if ($snortdownload == 'on' || $emergingthreats == 'on' || $snortcommunityrules = } /* Clear the rebuild rules flag. */ - $rebuild_rules = 'off'; + $rebuild_rules = false; /* remove old $tmpfname files */ if (is_dir("{$snortdir}/tmp")) { diff --git a/config/snort/snort_download_updates.php b/config/snort/snort_download_updates.php index c6e24532..1f87fbbc 100755 --- a/config/snort/snort_download_updates.php +++ b/config/snort/snort_download_updates.php @@ -36,11 +36,13 @@ require_once("guiconfig.inc"); require_once("/usr/local/pkg/snort/snort.inc"); -global $g, $snort_rules_upd_log, $snort_rules_file, $emergingthreats_filename; - +/* Define some locally required variables from Snort constants */ $snortdir = SNORTDIR; - +$snort_rules_upd_log = RULES_UPD_LOGFILE; $log = $snort_rules_upd_log; +$snort_rules_file = VRT_DNLD_FILENAME; +$emergingthreats_filename = ET_DNLD_FILENAME; +$snort_community_rules_filename = GPLV2_DNLD_FILENAME; /* load only javascript that is needed */ $snort_load_jquery = 'yes'; @@ -133,8 +135,8 @@ h += 96; <tr> <td id="download_rules_td" style="background-color: #eeeeee"> <div height="32" width="725px" style="background-color: #eeeeee"> - <font color="#777777" size="2.5px"> <p style="text-align: left; margin-left: 225px;"> + <font color="#777777" size="2.5px"> <b><?php echo gettext("INSTALLED RULESET SIGNATURES"); ?></b></font><br/><br/> <font color="#FF850A" size="1px"><b>SNORT.ORG --></b></font> <font size="1px" color="#000000"> <? echo $snort_org_sig_chk_local; ?></font><br/> @@ -213,8 +215,9 @@ h += 96; <td id="download_rules_td" style='background-color: #eeeeee'> <div height="32" width="725px" style='background-color: #eeeeee'><span class="vexpl"> <span class="red"><b><?php echo gettext("NOTE:"); ?></b></span> - <?php echo gettext("Snort.org and EmergingThreats.net " . - "will go down from time to time. Please be patient."); ?></span> + <a href="http://www.snort.org/" target="_blank"><?php echo gettext("Snort.org") . "</a>" . + gettext(" and ") . "<a href=\"http://www.emergingthreats.net/\" target=\"_blank\">" . gettext("EmergingThreats.net") . "</a>" . + gettext(" will go down from time to time. Please be patient."); ?></span> </div> </td> </tr> |