aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--config/snort-dev/snort_download_rules.inc610
-rw-r--r--config/snort-dev/snort_json_post.php33
-rw-r--r--config/snort-dev/snort_new.inc3
-rw-r--r--config/snort-dev/snort_rules.php2
-rw-r--r--config/snort-dev/snort_rulesets.php10
5 files changed, 535 insertions, 123 deletions
diff --git a/config/snort-dev/snort_download_rules.inc b/config/snort-dev/snort_download_rules.inc
index 92714795..cf40ad89 100644
--- a/config/snort-dev/snort_download_rules.inc
+++ b/config/snort-dev/snort_download_rules.inc
@@ -12,24 +12,38 @@
function snortSql_fetchAllSettings($dbname, $table, $type, $id_uuid)
{
- if ($dbname == '' || $table == '' || $type == '')
- {
+ if ($dbname == '' || $table == '' || $type == ''){
return false;
}
- $db = sqlite_open("/usr/local/pkg/snort/$dbname");
+ if ($dbname === 'snortDB') {
+ $db = sqlite_open("/usr/local/pkg/snort/$dbname");
+ }
+ if ($dbname === 'snortDBtemp') {
+ $db = sqlite_open("/var/snort/$dbname");
+ }
- if ($type == 'id')
- {
+ if ($type == 'id'){
$result = sqlite_query($db,
"SELECT * FROM {$table} where id = '{$id_uuid}';
");
}
+ if ($type == 'uuid'){
+ $result = sqlite_query($db,
+ "SELECT * FROM {$table} where uuid = '{$id_uuid}';
+ ");
+ }
+
+ if ($type == 'filename'){
+ $result = sqlite_query($db,
+ "SELECT * FROM {$table} where filename = '{$id_uuid}';
+ ");
+ }
- if ($type == 'id')
- {
+
+ if ($type == 'id' || $type == 'uuid' || $type == 'filename'){
$chktable = sqlite_fetch_array($result, SQLITE_ASSOC);
}
@@ -44,34 +58,46 @@ function snortCmpareMD5($type, $path1, $path2, $filename_md5)
{
update_output_window2('ms2', 'Checking ' . $filename_md5 . ' MD5...');
- if (file_exists("{$path1}/{$filename_md5}"))
- {
+ if (file_exists("{$path1}/{$filename_md5}")){
- if ($type == 'string')
- {
+ if ($type == 'string'){
$md5_check_new = @file_get_contents("{$path1}/{$filename_md5}");
$md5_check_old = @file_get_contents("{$path2}/{$filename_md5}");
- if ($md5_check_new != $md5_check_old || !file_exists("$path2}/{$filename_md5}"))
- {
- update_output_window2('ms2', 'MD5s do not match...');
+ if ($md5_check_new !== $md5_check_old){
+ update_output_window2('ms2', "$filename_md5 MD5s do not match...");
return false;
}
}
- if ($type == 'md5')
- {
+ if ($type == 'md5'){
//md5 snortrules-snapshot-2905.tar.gz | awk '{print $4}'
- $md5_check_new2 = exec("/sbin/md5 {$path1}/{$filename_md5} | '{print $4}'");
- $md5_check_old2 = exec("/sbin/md5 {$path2}/{$filename_md5} | '{print $4}'");
- if ($md5_check_new != $md5_check_old)
- {
- update_output_window2('ms2', 'MD5s do not match...');
+ $md5_check_new2 = exec("/sbin/md5 {$path1}/{$filename_md5} | /usr/bin/awk '{print $4}'");
+ $md5_check_old2 = exec("/sbin/md5 {$path2}/{$filename_md5} | /usr/bin/awk '{print $4}'");
+ if ($md5_check_new != $md5_check_old){
+ update_output_window2('ms2', "$filename_md5 MD5s do not match...");
return false;
}
}
- }
+
+ if ($type == 'md5FileChk') {
+ //md5 snortrules-snapshot-2905.tar.gz | awk '{print $4}'
+ $md5_check_new = trim(exec("/sbin/md5 {$path1}/{$filename_md5} | /usr/bin/awk '{print $4}'"));
+
+ $md5_check_old = exec("/bin/cat {$path1}/{$filename_md5}.md5");
+
+ $md5_check_old2 = trim(preg_replace('/"/', '', $md5_check_old));
+
+ if ($md5_check_new != $md5_check_old2){
+ update_output_window2('ms2', "$filename_md5 MD5s do not match...");
+ return false;
+ }
+ }
+
+ }
+
+ update_output_window2('ms2', "$filename_md5 MD5 File Check Passed...");
return true;
}
@@ -82,8 +108,7 @@ function snortCmpareMD5($type, $path1, $path2, $filename_md5)
function update_output_window2($type, $text)
{
- if ($GLOBALS['tmp']['snort']['downloadupdate']['console'] != 'on')
- {
+ if ($GLOBALS['tmp']['snort']['downloadupdate']['console'] != 'on'){
snortSql_updateRuleSetList($type, $text, '', '', $GLOBALS['tmp']['snort']['downloadupdate']['workingfile']); // write out msg to db
}else{
echo "\n" . $type . ': ' . $text;
@@ -101,44 +126,67 @@ function snortSql_updateRuleSetList($type, $value, $file_size, $downloaded, $fil
// do let user pick the DB path
$db = sqlite_open("/var/snort/{$dbname}");
- if ($type === 'percent2')
- {
+ if ($type === 'percent2'){
$query_ck = sqlite_query($db, // @ supress warnings usonly in production
"UPDATE {$table} SET date = '{$addDate}', percent = '{$value}', filesize = '{$file_size}', downloaded = '{$downloaded}' where filename = '{$filename}';
");
}
- if ($type === 'percent')
- {
+ if ($type === 'percent'){
$query_ck = sqlite_query($db, // @ supress warnings usonly in production
"UPDATE {$table} SET date = '{$addDate}', percent = '{$value}' where filename = '{$filename}';
");
}
- if ($type === 'msg1')
- {
+ if ($type === 'msg1'){
$query_ck = sqlite_query($db, // @ supress warnings usonly in production
"UPDATE SnortDownloadsMsg SET date = '{$addDate}', msg = '{$value}' where id = '1';
");
}
- if ($type === 'msg2')
- {
+ if ($type === 'msg2'){
$query_ck = sqlite_query($db, // @ supress warnings usonly in production
"UPDATE SnortDownloadsMsg SET date = '{$addDate}', msg = '{$value}' where id = '2';
");
}
- if ($type === 'working')
- {
+ /*
+ * INPORTANT:
+ * Register worker to prevent loops and ghost process
+ * Needs to be watched,
+ */
+
+ if ($type === 'working'){
+
+ $getmypid = getmypid();
+ $getmyfilename = $_SERVER['SCRIPT_NAME'];
+
+ $resultChk = sqlite_query($db,
+ "SELECT * FROM RegisterWorker WHERE uuid = 'jdjEf!773&h3bhFd6A';
+ ");
+
+ $resultChkFinal = sqlite_fetch_all($resultChk, SQLITE_ASSOC);
+
+ if (!empty($resultChkFinal)) {
+ $query_ck = sqlite_query($db, // @ supress warnings usonly in production
+ "UPDATE RegisterWorker SET date = '{$addDate}', processid = '{$getmypid}', filename = '{$getmyfilename}', working = '{$value}' where uuid = 'jdjEf!773&h3bhFd6A';
+ ");
+ }else{
+ $query_ck = sqlite_query($db, // @ supress warnings usonly in production
+ "INSERT INTO RegisterWorker (date, processid, filename, working, uuid) VALUES ('{$addDate}', '{$getmypid}', '{$getmyfilename}', '{$value}', 'jdjEf!773&h3bhFd6A');
+ ");
+ }
+ }
+
+
+ if ($type === 'snortWait'){
$query_ck = sqlite_query($db, // @ supress warnings usonly in production
- "UPDATE {$table} SET date = '{$addDate}', working = '{$value}' where filename = '{$filename}';
+ "UPDATE {$table} SET waittime = '{$addDate}' where filename = '{$filename}';
");
}
- if (sqlite_changes($db) < 1)
- {
+ if (sqlite_changes($db) < 1){
sqlite_close($db);
return 'Error in query';
}
@@ -147,29 +195,77 @@ function snortSql_updateRuleSetList($type, $value, $file_size, $downloaded, $fil
}
-
+
+// returns array that matches pattern, option to replace objects in matches
+function snortScanDirFilter($arrayList, $pattmatch, $pattreplace, $pattreplacewith)
+{
+ foreach ( $arrayList as $val )
+ {
+ if (preg_match($pattmatch, $val, $matches)) {
+ if ($pattreplace != '') {
+ $matches2 = preg_replace($pattreplace, $pattreplacewith, $matches[0]);
+ $filterDirList[] = $matches2;
+ }else{
+ $filterDirList[] = $matches[0];
+ }
+ }
+ }
+ return $filterDirList;
+}
+
+// set page vars
+$generalSettings = snortSql_fetchAllSettings('snortDB', 'SnortSettings', 'id', '1');
+
+// Setup file names and dir
+$tmpfname = '/usr/local/etc/snort/snort_download';
+$snortdir = '/usr/local/etc/snort';
+$snortdir_rules = '/usr/local/etc/snort/snort_rules';
+$emergingdir_rules = '/usr/local/etc/snort/emerging_rules';
+$pfsensedir_rules = '/usr/local/etc/snort/pfsense_rules';
+$customdir_rules = '/usr/local/etc/snort/custom_rules';
+$snort_filename_md5 = 'snortrules-snapshot-2905.tar.gz.md5';
+$snort_filename = 'snortrules-snapshot-2905.tar.gz';
+$emergingthreats_filename_md5 = 'emerging.rules.tar.gz.md5';
+$emergingthreats_filename = 'emerging.rules.tar.gz';
+$pfsense_rules_filename_md5 = 'pfsense_rules.tar.gz.md5';
+$pfsense_rules_filename = 'pfsense_rules.tar.gz';
+
+// START of MAIN function
function sendUpdateSnortLogDownload($console)
{
- if ($console === 'console')
- {
+ if ($console === 'console'){
$GLOBALS['tmp']['snort']['downloadupdate']['console'] = 'on';
}
-
- // set page vars
- $generalSettings = snortSql_fetchAllSettings('snortDB', 'SnortSettings', 'id', '1');
+ //bring in the global vars
+ global $generalSettings, $tmpfname, $snortdir, $snortdir_rules, $emergingdir_rules, $pfsensedir_rules, $customdir_rules, $snort_filename_md5, $snort_filename, $emergingthreats_filename_md5, $emergingthreats_filename, $pfsense_rules_filename_md5, $pfsense_rules_filename;
- // Setup file names and dir
- $tmpfname = '/usr/local/etc/snort/snort_download';
- $snortdir = '/usr/local/etc/snort';
- $snortdir_wan = '/usr/local/etc/snort'; /// WHAT ?
- $snort_filename_md5 = 'snortrules-snapshot-2905.tar.gz.md5';
- $snort_filename = 'snortrules-snapshot-2905.tar.gz';
- $emergingthreats_filename_md5 = 'emerging.rules.tar.gz.md5';
- $emergingthreats_filename = 'emerging.rules.tar.gz';
- $pfsense_rules_filename_md5 = 'pfsense_rules.tar.gz.md5';
- $pfsense_rules_filename = 'pfsense_rules.tar.gz';
+ /* Make shure snortdir exits */
+ if (!file_exists("{$snortdir}")) {
+ exec("/bin/mkdir -p {$snortdir}");
+ }
+ if (!file_exists("{$tmpfname}")) {
+ exec("/bin/mkdir -p {$tmpfname}");
+ }
+ if (!file_exists("{$snortdir_rules}")) {
+ exec("/bin/mkdir -p {$snortdir_rules}");
+ }
+ if (!file_exists("{$emergingdir_rules}")) {
+ exec("/bin/mkdir -p {$emergingdir_rules}");
+ }
+ if (!file_exists("{$pfsensedir_rules}")) {
+ exec("/bin/mkdir -p {$pfsensedir_rules}");
+ }
+ if (!file_exists("{$customdir_rules}")) {
+ exec("/bin/mkdir -p {$customdir_rules}");
+ }
+ if (!file_exists("{$snortdir}/signatures")) {
+ exec("/bin/mkdir -p {$snortdir}/signatures");
+ }
+ if (!file_exists('/usr/local/lib/snort/dynamicrules/')) {
+ exec('/bin/mkdir -p /usr/local/lib/snort/dynamicrules/');
+ }
/* Set user agent to Mozilla */
@@ -180,8 +276,7 @@ function sendUpdateSnortLogDownload($console)
// Get file that does not use redirects, mostly for none snort.org downloads
function snort_file_get_contents($tmpfname, $snort_filename, $snort_UrlGet)
{
- if (!file_exists("{$tmpfname}/{$snort_filename}") || filesize("{$tmpfname}/{$snort_filename}") <= 0)
- {
+ if (!file_exists("{$tmpfname}/{$snort_filename}") || filesize("{$tmpfname}/{$snort_filename}") <= 0){
update_output_window2('ms2', 'Downloading ' . $snort_filename. ' MD5...');
ini_set('user_agent','Mozilla/4.0 (compatible; MSIE 6.0)');
$file = file_get_contents("$snort_UrlGet/{$snort_filename}"); // use a @ infront of file_get_contents when in production
@@ -252,8 +347,7 @@ function sendUpdateSnortLogDownload($console)
{
if($percent > 100) $percent = 1;
- if ($GLOBALS['tmp']['snort']['downloadupdate']['console'] != 'on')
- {
+ if ($GLOBALS['tmp']['snort']['downloadupdate']['console'] != 'on') {
snortSql_updateRuleSetList('percent2', $percent, $file_size, $downloaded, $GLOBALS['tmp']['snort']['downloadupdate']['workingfile']); // write out percent to db
}else{
echo "\n" . 'percent: ' . $percent . ' filesize: ' . $file_size . ' downloaded: ' . $downloaded;
@@ -261,7 +355,8 @@ function sendUpdateSnortLogDownload($console)
}
- function read_body_firmware($ch, $string) {
+ function read_body_firmware($ch, $string)
+ {
global $fout, $file_size, $downloaded, $counter;
$length = strlen($string);
$downloaded += intval($length);
@@ -277,7 +372,8 @@ function sendUpdateSnortLogDownload($console)
return $length;
}
- function download_file_with_progress_bar2($url_file, $destination, $workingfile, $readbody = 'read_body2') {
+ function download_file_with_progress_bar2($url_file, $destination, $workingfile, $readbody = 'read_body2')
+ {
global $ch, $fout, $file_size, $downloaded;
$file_size = 1;
$downloaded = 1;
@@ -309,98 +405,398 @@ function sendUpdateSnortLogDownload($console)
return ($http_code == 200) ? true : $http_code;
}
-// ----------------------------------------------------- Begin Code --------------------------------------------
-
- /*
- if (!file_exists("{$tmpfname}/{$snort_filename}"))
- {
- $GLOBALS['tmp']['snort']['downloadupdate']['workingfile'] = $snort_filename;
- snortSql_updateRuleSetList('working', 'on', '', '', $snort_filename); // finish downloading
- //download_file_with_progress_bar2("http://www.snort.org/pub-bin/oinkmaster.cgi/{$oinkid}/{$snort_filename}", $tmpfname . "/{$snort_filename}", "read_body_firmware");
- download_file_with_progress_bar2("http://theseusnetworking.com/pub-bin/oinkmaster.cgi/{$oinkid}/{$snort_filename}", $tmpfname, $snort_filename, "read_body_firmware");
- snortSql_updateRuleSetList('percent', '100', '', '', $snort_filename); // finsh percent
- snortSql_updateRuleSetList('working', 'off', '', '', $snort_filename); // finish downloading
- }
- */
-
+// ----------------------------------------------------- Begin Code --------------------------------------------
// rm all tmp filea
- exec("/bin/rm -r $tmpfname/\*");
+ exec("/bin/rm -r $tmpfname/*");
- // Set all downloads to be true so NO download by default
- $snort_md5_check_ok = true;
- $emerg_md5_check_ok = true;
- $pfsense_md5_check_ok = true;
+ // Set all downloads to be false, download by default
- /* define checks */
- $snortdownload = $generalSettings['snortdownload'];
- //$oinkid = $generalSettings['oinkmastercode'];
- $oinkid = '55a1b7a1291b55ac3c157124133744cfc386bb83'; // remove when finished testing
+ $snort_md5_check_ok = false;
+ $emerg_md5_check_ok = false;
+ $pfsense_md5_check_ok = false;
+
+ // define checks
+ $oinkid = $generalSettings['oinkmastercode'];
- $emergingthreats = $generalSettings['emergingthreatsdownload'];
$emergingthreatscode = $generalSettings['emergingthreatscode'];
+ // dsable downloads if there settings are off
+ if ($generalSettings['snortdownload'] === 'off') {
+ $snort_md5_check_ok = true;
+ }
+ if ($generalSettings['emergingthreatsdownload'] == 'off') {
+ $emerg_md5_check_ok = true;
+ }
- if ($oinkid == '' && $snortdownload == 'on')
- {
+ if ($oinkid == '' && $generalSettings['snortdownload'] === 'off') {
update_output_window2('ms1', 'You must obtain an oinkid from snort.org and set its value in the Snort settings tab.');
exec("/usr/bin/logger -p daemon.info -i -t SnortStartup 'You must obtain an oinkid from snort.org and set its value in the Snort settings tab.'");
- exit;
+ return false;
}
- if ($snortdownload != "on" && $emergingthreats != "on")
- {
+ if ($emergingthreatscode == '' && $generalSettings['snortdownload'] === 'pro') {
+ update_output_window2('ms1', 'You must obtain an emergingthreat pro id from emergingthreatspro.com and set its value in the Snort settings tab.');
+ exec("/usr/bin/logger -p daemon.info -i -t SnortStartup 'You must obtain an emergingthreat pro id from emergingthreatspro.com and set its value in the Snort settings tab.'");
+ return false;
+ }
+
+ if ($generalSettings['snortdownload'] === 'off' && $generalSettings['emergingthreatsdownload'] === 'off') { // note: basic and pro
update_output_window2('ms1', 'SnortStartup: No rules have been selected to download.');
exec("/usr/bin/logger -p daemon.info -i -t SnortStartup 'No rules have been selected to download.'");
- exit;
+ return false;
}
/*
* Check MD5s and MARK
*
*/
- update_output_window2('ms1', 'Starting MD5 checks.....');
- // download snort.org md5 and compare
- snort_file_get_contents($tmpfname, $snort_filename_md5, 'http://www.snort.org/pub-bin/oinkmaster.cgi/' . $oinkid);
+ update_output_window2('ms1', 'Starting MD5 checks...');
+
+ // check is we need to wait
+ update_output_window2('ms2', 'Checking Wait Status for Snort.org...');
+ $getSnort_filename_Waittime_chk = snortSql_fetchAllSettings('snortDBtemp', 'SnortDownloads', 'filename', $snort_filename);
- // if snort.org md5 do not match
- if(!snortCmpareMD5('string', $tmpfname, $snortdir, $snort_filename_md5))
- {
- $snort_md5_check_ok = false;
+ if (date(U) > $getSnort_filename_Waittime_chk['waittime'] + 900) {
+ update_output_window2('ms2', 'Snort.org Wait Time Status: OK...');
+ }else{
+ update_output_window2('ms2', 'Snort.org Wait Time Status: Wait 15 min Please...');
+ $snort_md5_check_ok = true;
+ $snort_wait = true;
}
+ // check is we need to wait
+ update_output_window2('ms2', 'Checking Wait Status for Emergingthreats.net...');
+ $getEmergingthreats_filename_Waittime_chk = snortSql_fetchAllSettings('snortDBtemp', 'SnortDownloads', 'filename', $emergingthreats_filename);
+
+ if (date(U) > $getEmergingthreats_filename_Waittime_chk['waittime'] + 900) {
+ update_output_window2('ms2', 'Emergingthreats.net Wait Time Status: OK...');
+ }else{
+ update_output_window2('ms2', 'Emergingthreats.net Wait Time Status: Wait 15 min Please...');
+ $emerg_md5_check_ok = true;
+ $emerg_wait = true;
+ }
+
+ // if all rules need wait stop
+ if ($snort_wait === true && $emerg_wait === true) {
+ return false;
+ }
+
+ // download snort.org md5 and compare
+ if ($snort_md5_check_ok === false) {
+
+ snort_file_get_contents($tmpfname, $snort_filename_md5, 'http://www.snort.org/pub-bin/oinkmaster.cgi/' . $oinkid);
+
+ // if snort.org md5 do not match
+ if(snortCmpareMD5('string', $tmpfname, $snortdir_rules, $snort_filename_md5)) {
+ $snort_md5_check_ok = true;
+ }
+
+ }
+
// download emergingthreats.net md5 and compare
- snort_file_get_contents($tmpfname, $emergingthreats_filename_md5, 'http://rules.emergingthreats.net/open/snort-2.9.0');
+ if ($emerg_md5_check_ok === false) {
+
+ snort_file_get_contents($tmpfname, $emergingthreats_filename_md5, 'http://rules.emergingthreats.net/open/snort-2.9.0');
+
+ // if emergingthreats.net md5 do not match
+ if(snortCmpareMD5('string', $tmpfname, $emergingdir_rules, $emergingthreats_filename_md5)) {
+ $emerg_md5_check_ok = true;
+ }
- // if emergingthreats.net md5 do not match
- if(!snortCmpareMD5('string', $tmpfname, $snortdir, $emergingthreats_filename_md5))
- {
- $emerg_md5_check_ok = false;
}
// download pfsense.org md5 and compare
snort_file_get_contents($tmpfname, $pfsense_rules_filename_md5, 'http://www.pfsense.com/packages/config/snort/pfsense_rules');
// if pfsense.org md5 do not match
- if(!snortCmpareMD5('string', $tmpfname, $snortdir, $pfsense_rules_filename_md5))
- {
- $pfsense_md5_check_ok = false;
+ if(snortCmpareMD5('string', $tmpfname, $pfsensedir_rules, $pfsense_rules_filename_md5)) {
+ $pfsense_md5_check_ok = true;
}
+
+ /*
+ * If all rule type is not check clean up.
+ */
+
+ /* Make Clean Snort Directory emergingthreats not checked */
+ if ($snort_md5_check_ok === false && $emergingthreatsdownload === 'off') {
+ update_output_window2('ms1', 'Cleaning the emergingthreats Directory...');
+ exec("/bin/rm {$snortdir}/emerging_rules/*.rules");
+ exec("/bin/rm {$snortdir}/version.txt");
+ update_output_window2('ms2', 'Done cleaning emrg direcory.');
+ }
+
+ /* Make Clean Snort Directory snort.org not checked */
+ if ($emerg_md5_check_ok === false && $snortdownload !== 'on') {
+ update_output_window2('ms1', 'Cleaning the snort Directory...');
+ exec("/bin/rm {$snortdir}/snort_rules/*.rules");
+ exec("/bin/rm {$snortdir}/snortrules-snapshot-2905.tar.gz.md5");
+ update_output_window2('ms2', 'Done cleaning snort direcory.');
+ }
+
+
+ /* Check if were up to date exits */
+ if ($snort_md5_check_ok === true && $emerg_md5_check_ok === true && $pfsense_md5_check_ok === true) {
+ update_output_window2('ms1', 'Your rules are up to date...');
+ return false;
+ }
+
+
+ /* You are Not Up to date, always stop snort when updating rules for low end machines */;
+ update_output_window2('ms1', 'You are NOT up to date...');
+ update_output_window2('ms2', 'Stopping Snort and Barnyard2 service...');
+ $chk_if_snort_up = exec('pgrep -x snort');
+ $chk_if_barnyad_up = exec('pgrep -x barnyad2');
+ if ($chk_if_snort_up != '') {
+ exec('/usr/bin/touch /tmp/snort_download_halt.pid'); // IMPORTANT: incase of script crash or error, Mabe use DB
+ exec('/usr/bin/killall snort');
+ if ($chk_if_barnyad_up != ''){
+ exec('/usr/bin/killall barnyad2');
+ }
+ sleep(2);
+ }
+
+
+ /* download snortrules file */
+ if ($snort_md5_check_ok === false) {
+
+ $GLOBALS['tmp']['snort']['downloadupdate']['workingfile'] = $snort_filename;
+ update_output_window2('ms1', 'Snort.org: Starting Download...');
+ download_file_with_progress_bar2("http://www.snort.org/pub-bin/oinkmaster.cgi/{$oinkid}/{$snort_filename}", $tmpfname, $snort_filename, "read_body_firmware");
+ //download_file_with_progress_bar2("http://theseusnetworking.com/pub-bin/oinkmaster.cgi/{$oinkid}/{$snort_filename}", $tmpfname, $snort_filename, "read_body_firmware");
+ snortSql_updateRuleSetList('percent', '100', '', '', $snort_filename); // finsh percent
+ update_output_window2('ms1', 'Snort.org: Finished Download...');
+
+ // if md5 does not match then the file is bad or snort.org says wait 15 min
+ update_output_window2('ms1', 'Snort.org MD5 File Check ...');
+ if (!snortCmpareMD5('md5FileChk', $tmpfname, '', $snort_filename)) {
+
+ $snort_filename_wait_ck = exec("/usr/bin/egrep '\bYou must wait 15\b' {$tmpfname}/{$snort_filename}");
+ if ($snort_filename_wait_ck != '') {
+ update_output_window2('ms2', 'Snort.org: You must wait 15 min...');
+ }
+
+ // disable snort.org download
+ $snort_md5_check_ok = true;
+ $snort_filename_corrupted = true;
+
+ }else{
+ snortSql_updateRuleSetList('snortWait', '', '', '', $snort_filename); // Register Worker off
+ }
+ }
+
+ /* download emergingthreats file */
+ if ($emerg_md5_check_ok === false) {
+
+ $GLOBALS['tmp']['snort']['downloadupdate']['workingfile'] = $emergingthreats_filename;
+ update_output_window2('ms1', 'Emergingthreats.net: Starting Download...');
+ download_file_with_progress_bar2("http://rules.emergingthreats.net/open/snort-2.9.0/{$emergingthreats_filename}", $tmpfname, $emergingthreats_filename, "read_body_firmware");
+ snortSql_updateRuleSetList('percent', '100', '', '', $emergingthreats_filename); // finsh percent
+ update_output_window2('ms1', 'Emergingthreats.net: Finished Download...');
+
+ // if md5 does not match then the file is bad or snort.org says wait 15 min
+ update_output_window2('ms1', 'Emergingthreats MD5 File Check ...');
+ if (!snortCmpareMD5('md5FileChk', $tmpfname, '', $emergingthreats_filename)) {
+
+ // disable snort.org download
+ $emerg_md5_check_ok = true;
+ $emerg_filename_corrupted = true;
+
+ }else{
+ snortSql_updateRuleSetList('snortWait', '', '', '', $emergingthreats_filename); // Register Worker off
+ }
+ }
+
+ /* download pfsense rule file */
+ if ($pfsense_md5_check_ok === false) {
+
+ $GLOBALS['tmp']['snort']['downloadupdate']['workingfile'] = $pfsense_rules_filename;
+ update_output_window2('ms1', 'pfSense.org: Starting Download...');
+ download_file_with_progress_bar2("http://www.pfsense.com/packages/config/snort/pfsense_rules/{$pfsense_rules_filename}", $tmpfname, $pfsense_rules_filename, "read_body_firmware");
+ snortSql_updateRuleSetList('percent', '100', '', '', $pfsense_rules_filename); // finsh percent
+ update_output_window2('ms1', 'pfSense.org: Finished Download...');
+
+ // if md5 does not match then the file is bad or snort.org says wait 15 min
+ update_output_window2('ms1', 'pfSense.org MD5 File Check ...');
+ if (!snortCmpareMD5('md5FileChk', $tmpfname, '', $pfsense_rules_filename)) {
+
+ // disable snort.org download
+ $pfsense_md5_check_ok = true;
+
+ }else{
+ snortSql_updateRuleSetList('snortWait', '', '', '', $pfsense_rules_filename); // Register Worker off
+ }
+ }
+
+ // if both files are corrupted stop
+ if ($snort_filename_corrupted === true && $emerg_filename_corrupted === true) {
+ update_output_window2('ms1', 'Snort.org and Emergingthreats.net files are corrupted.');
+ update_output_window2('ms2', 'Stoping Script...');
+ return false;
+ }
+
+ /*
+ * START: Untar Files
+ */
+
+ // Untar snort rules file individually to help people with low system specs
+ if ($snort_md5_check_ok === false && file_exists("{$tmpfname}/{$snort_filename}")) {
+ update_output_window2('ms1', 'Extracting Snort.org rules...');
+ update_output_window2('ms2', 'May take a while...');
+
+ function build_SnortRuleDir()
+ {
+ global $tmpfname, $snortdir, $snortdir_rules, $snort_filename;
+
+ // find out if were in 1.2.3-RELEASE
+ $pfsense_ver_chk = exec('/bin/cat /etc/version');
+ if ($pfsense_ver_chk === '1.2.3-RELEASE') {
+ $pfsense_stable = 'yes';
+ }else{
+ $pfsense_stable = 'no';
+ }
+
+ // get the system arch
+ $snort_arch_ck = exec('/usr/bin/uname -m');
+ if ($snort_arch_ck === 'i386') {
+ $snort_arch = 'i386';
+ }else{
+ $snort_arch = 'x86-64'; // amd64
+ }
+
+ if ($pfsense_stable === 'yes') {
+ $freebsd_version_so = 'FreeBSD-7-3';
+ }else{
+ $freebsd_version_so = 'FreeBSD-8-1';
+ }
+
+ // extract snort.org rules and add prefix to all snort.org files
+ exec("/usr/bin/tar xzf {$tmpfname}/{$snort_filename} -C {$snortdir_rules} rules/");
+
+ $snort_dirList = scandir("{$snortdir_rules}/rules"); // Waning: only in php 5
+ $snortrules_filterList = snortScanDirFilter($snort_dirList, '/.*\.rules/', '/\.rules/', '');
+
+ if (!empty($snortrules_filterList)) {
+ foreach ($snortrules_filterList as $snort_rule_move)
+ {
+ exec("/bin/mv -f {$snortdir_rules}/rules/{$snort_rule_move}.rules {$snortdir_rules}/rules/snort_{$snort_rule_move}.rules");
+ }
+ }
+
+ // extract so rules
+ exec("/usr/bin/tar xzf {$tmpfname}/{$snort_filename} -C {$snortdir_rules} so_rules/precompiled/$freebsd_version_so/$snort_arch/2.9.0.5/");
+ exec("/bin/mv -f {$snortdir_rules}/so_rules/precompiled/$freebsd_version_so/$snort_arch/2.9.0.5/* /usr/local/lib/snort/dynamicrules/");
+
+ // list so_rules and exclude dir
+ exec("/usr/bin/tar --exclude='precompiled' --exclude='src' -tf {$tmpfname}/{$snort_filename} so_rules", $so_rules_list);
+
+ $so_rulesPattr = array('/\//', '/\.rules/');
+ $so_rulesPattw = array('', '');
+
+ // build list of so rules
+ $so_rules_filterList = snortScanDirFilter($so_rules_list, '/\/.*\.rules/', $so_rulesPattr, $so_rulesPattw);
+
+ if (!empty($so_rules_filterList)) {
+ // cp rule to so tmp dir
+ foreach ($so_rules_filterList as $so_rule)
+ {
+
+ exec("/usr/bin/tar xzf {$tmpfname}/{$snort_filename} -C {$snortdir_rules} so_rules/{$so_rule}.rules");
+
+ }
+ // mv and rename so rules
+ foreach ($so_rules_filterList as $so_rule_move)
+ {
+ exec("/bin/mv -f {$snortdir_rules}/so_rules/{$so_rule_move}.rules {$snortdir_rules}/rules/snort_{$so_rule_move}.so.rules");
+ }
+ }
+
+ exec("/bin/rm -r {$snortdir_rules}/so_rules");
-
+ // extract base etc files
+ exec("/usr/bin/tar xzf {$tmpfname}/{$snort_filename} -C {$snortdir} etc/");
+ exec("/bin/mv -f {$snortdir}/etc/* {$snortdir}");
+ exec("/bin/rm -r {$snortdir}/etc");
+
+ }
+ build_SnortRuleDir();
+ // cp md5 to main snort dir
+ exec("/bin/cp {$tmpfname}/{$snort_filename_md5} {$snortdir_rules}/{$snort_filename_md5}");
+ update_output_window2('ms2', 'Done extracting Snort.org Rules.');
+ }
+
+ /* Untar emergingthreats rules to tmp */
+ if ($emerg_md5_check_ok === false && file_exists("{$tmpfname}/{$emergingthreats_filename}")) {
+ if (file_exists("{$tmpfname}/{$emergingthreats_filename}")) {
+ update_output_window2('ms1', 'Extracting Emergingthreats Rules...');
+ update_output_window2('ms2', 'May take a while...');
+ exec("/usr/bin/tar xzf {$tmpfname}/{$emergingthreats_filename} -C {$emergingdir_rules} rules/");
+ exec("/bin/cp {$tmpfname}/{$emergingthreats_filename_md5} {$emergingdir_rules}/{$emergingthreats_filename_md5}");
+ update_output_window2('ms2', 'Done extracting Emergingthreats.net Rules.');
+ }
+ }
+
+ /* Untar Pfsense rules to tmp */
+ if ($pfsense_md5_check_ok === false && file_exists("{$tmpfname}/{$pfsense_rules_filename}")) {
+ if (file_exists("{$tmpfname}/{$pfsense_rules_filename}")) {
+ update_output_window2('ms1', 'Extracting Pfsense rules...');
+ update_output_window2('ms1', 'May take a while...');
+ exec("/usr/bin/tar xzf {$tmpfname}/{$pfsense_rules_filename} -C {$pfsensedir_rules} rules/");
+ exec("/bin/cp {$tmpfname}/{$pfsense_rules_filename_md5} {$pfsensedir_rules}/{$pfsense_rules_filename_md5}");
+ update_output_window2('ms2', 'Done extracting pfSense.org Rules.');
+
+ }
+ }
+
+ /* double make shure cleanup emerg rules that dont belong */
+ if (file_exists("/usr/local/lib/snort/dynamicrules/lib_sfdynamic_example_rule.so")) {
+ exec("/bin/rm /usr/local/lib/snort/dynamicrules/lib_sfdynamic_example_rule.so");
+ exec("/bin/rm /usr/local/lib/snort/dynamicrules/lib_sfdynamic_example\*");
+ }
+
+ /* make shure default rules are in the right format */
+ update_output_window2('ms1', 'Reformatting Rules To One Standard...');
+ update_output_window2('ms2', 'Please Wait...');
+ exec("/usr/local/bin/perl -pi -e 's/#alert/# alert/g' {$snortdir_rules}/rules/*.rules");
+ exec("/usr/local/bin/perl -pi -e 's/##alert/# alert/g' {$snortdir_rules}/rules/*.rules");
+ exec("/usr/local/bin/perl -pi -e 's/## alert/# alert/g' {$snortdir_rules}/rules/*.rules");
+
+ exec("/usr/local/bin/perl -pi -e 's/#alert/# alert/g' {$emergingdir_rules}/rules/*.rules");
+ exec("/usr/local/bin/perl -pi -e 's/##alert/# alert/g' {$emergingdir_rules}/rules/*.rules");
+ exec("/usr/local/bin/perl -pi -e 's/## alert/# alert/g' {$emergingdir_rules}/rules/*.rules");
+ exec("/usr/local/bin/perl -pi -e 's/#alert/# alert/g' {$pfsensedir_rules}/rules/*.rules");
+ exec("/usr/local/bin/perl -pi -e 's/##alert/# alert/g' {$pfsensedir_rules}/rules/*.rules");
+ exec("/usr/local/bin/perl -pi -e 's/## alert/# alert/g' {$pfsensedir_rules}/rules/*.rules");
+ update_output_window2('ms2', 'Done...');
+
+ /* create a msg-map for snort */
+ update_output_window2('ms1', 'Updating Alert Sid Messages...');
+ update_output_window2('ms2', 'Please Wait...');
+ exec("/usr/local/bin/perl /usr/local/bin/create-sidmap.pl {$snortdir_rules}/rules > /usr/local/etc/snort/sid-msg.map");
+ exec("/usr/local/bin/perl /usr/local/bin/create-sidmap.pl {$emergingdir_rules}/rules >> /usr/local/etc/snort/sid-msg.map");
+ exec("/usr/local/bin/perl /usr/local/bin/create-sidmap.pl {$pfsensedir_rules}/rules >> /usr/local/etc/snort/sid-msg.map");
+ update_output_window2('ms2', 'Done...');
+
+
+
// ----------------------------------------------------- End Code --------------------------------------------
} // -------------------- END Main function ------------
-$argv[1] = 'console';
+//$argv[1] = 'console';
-sendUpdateSnortLogDownload($argv[1]); // start main function
+ $getWorkerStat = snortSql_fetchAllSettings('snortDBtemp', 'RegisterWorker', 'uuid', 'jdjEf!773&h3bhFd6A');
+ if ($getWorkerStat['working'] !== 'on') {
+ snortSql_updateRuleSetList('working', 'on', '', '', ''); // Register Worker on
+ sendUpdateSnortLogDownload($argv[1]); // start main function
+ snortSql_updateRuleSetList('working', 'off', '', '', ''); // Register Worker off
+ }
diff --git a/config/snort-dev/snort_json_post.php b/config/snort-dev/snort_json_post.php
index 446e0db9..8e09964e 100644
--- a/config/snort-dev/snort_json_post.php
+++ b/config/snort-dev/snort_json_post.php
@@ -168,18 +168,31 @@ if ($_POST['snortSaveSettings'] == 1)
/*
* make dir for the new iface
* may need to move this as a func to new_snort,inc
- */
- if (!is_dir('/usr/local/etc/snort/sn_' . $_POST['uuid'] . '_' . $_POST['interface']))
- {
- $newSnortDirCraete = 'mkdir -p /usr/local/etc/snort/sn_' . $_POST['uuid'] . '_' . $_POST['interface'];
- exec($newSnortDirCraete);
+ */
+
+ $newSnortDir = 'sn_' . $_POST['uuid'] . '_' . $_POST['interface'];
+
+ if (!is_dir("/usr/local/etc/snort/{$newSnortDir}")) {
+
+ // creat iface dir and ifcae rules dir
+ exec("/bin/mkdir -p /usr/local/etc/snort/{$newSnortDir}/rules");
+
// NOTE: code only works on php5
- $listRulesDir = snortScanDirFilter('/usr/local/etc/snort/rules', '.rules');
- if (!empty($listRulesDir) && file_exists('/usr/local/etc/snort/base_rules.tar.gz'))
- {
- $newSnortDir = 'sn_' . $_POST['uuid'] . '_' . $_POST['interface'];
- exec('/usr/bin/tar xvfz /usr/local/etc/snort/base_rules.tar.gz ' . '-C /usr/local/etc/snort/' . $newSnortDir);
+ $listSnortRulesDir = snortScanDirFilter('/usr/local/etc/snort/snort_rules/rules', '\.rules');
+ $listEmergingRulesDir = snortScanDirFilter('/usr/local/etc/snort/emerging_rules/rules', '\.rules');
+ $listPfsenseRulesDir = snortScanDirFilter('/usr/local/etc/snort/pfsense_rules/rules', '\.rules');
+
+ if (!empty($listSnortRulesDir)) {
+ exec("/bin/cp -R /usr/local/etc/snort/snort_rules/rules/* /usr/local/etc/snort/{$newSnortDir}/rules");
+ }
+ if (!empty($listEmergingRulesDir)) {
+ exec("/bin/cp -R /usr/local/etc/snort/emerging_rules/rules/* /usr/local/etc/snort/{$newSnortDir}/rules");
+ }
+ if (!empty($listPfsenseRulesDir)) {
+ exec("/bin/cp -R /usr/local/etc/snort/pfsense_rules/rules/* /usr/local/etc/snort/{$newSnortDir}/rules");
}
+
+
} //end of mkdir
} // end of snort_interfaces_edit
diff --git a/config/snort-dev/snort_new.inc b/config/snort-dev/snort_new.inc
index cc574baf..efd546d8 100644
--- a/config/snort-dev/snort_new.inc
+++ b/config/snort-dev/snort_new.inc
@@ -257,6 +257,7 @@ function snortSql_updateRuleSetList()
$table = $_POST['dbTable'];
$ruleSetfilenames = $_POST['filenamcheckbox'];
$ifaceuuid = $_POST['ifaceuuid'];
+ $iface = $_POST['iface'];
$addDate = date(U);
@@ -303,7 +304,7 @@ function snortSql_updateRuleSetList()
// clean database of old names and turn rulesets off
- $listDir = snortScanDirFilter('/usr/local/etc/snort/rules/', '.rules');
+ $listDir = snortScanDirFilter("/usr/local/etc/snort/sn_{$ifaceuuid}_{$iface}/rules/", '.rules');
$resultAllRulesetname = sqlite_query($db,
"SELECT rulesetname FROM {$table} WHERE ifaceuuid = '{$ifaceuuid}';
diff --git a/config/snort-dev/snort_rules.php b/config/snort-dev/snort_rules.php
index e030173d..5eb70549 100644
--- a/config/snort-dev/snort_rules.php
+++ b/config/snort-dev/snort_rules.php
@@ -57,7 +57,7 @@ $snortRuleDir = '/usr/local/etc/snort/sn_' . $uuid . '_' . $a_list['interface'];
// list rules in the default dir
$filterDirList = array();
- $filterDirList = snortScanDirFilter($snortRuleDir . '/rules', '.rules');
+ $filterDirList = snortScanDirFilter($snortRuleDir . '/rules', '\.rules');
// START read rule file
if ($_GET['openruleset'])
diff --git a/config/snort-dev/snort_rulesets.php b/config/snort-dev/snort_rulesets.php
index 9d41eb0b..09d81f4c 100644
--- a/config/snort-dev/snort_rulesets.php
+++ b/config/snort-dev/snort_rulesets.php
@@ -49,7 +49,7 @@ $a_list = snortSql_fetchAllSettings('snortDBrules', 'Snortrules', 'uuid', $uuid)
// list rules in the default dir
$filterDirList = array();
- $filterDirList = snortScanDirFilter('/usr/local/etc/snort/sn_' . $uuid . '_' . $a_list['interface'] . '/rules', '.rules');
+ $filterDirList = snortScanDirFilter('/usr/local/etc/snort/sn_' . $uuid . '_' . $a_list['interface'] . '/rules', '\.rules');
// list rules in db that are on in a array
$listOnRules = array();
@@ -144,14 +144,14 @@ jQuery(document).ready(function() {
}else{
var rulesetChecked = '';
}
-
+
jQuery('.rulesetloopblock').append(
"\n" + '<tr>' + "\n" +
'<td class="' + rowIsEvenOdd + '" align="center" valign="top" width="9%">' + "\n" +
' <input class="domecheck" name="filenamcheckbox[]" value="' + snortObjlist.ruleSets[i].rule + '" type="checkbox" ' + rulesetChecked + ' >' + "\n" +
'</td>' + "\n" +
'<td class="' + rowIsEvenOdd + '">' + "\n" +
- ' <a href="snort_rules.php?uuid=0&amp;openruleset=//usr//local//etc//snort//snort_44035_em0//rules//attack-responses.rules">' + snortObjlist.ruleSets[i].rule + '</a>' + "\n" +
+ ' <a href="/snort/snort_rules.php?uuid=<?=$uuid?>' + '&openruleset=' + snortObjlist.ruleSets[i].rule + '">' + snortObjlist.ruleSets[i].rule + '</a>' + "\n" +
'</td>' + "\n" +
'</tr>' + "\n\n"
);
@@ -220,7 +220,9 @@ jQuery(document).ready(function() {
<input type="hidden" name="dbName" value="snortDBrules" /> <!-- what db-->
<input type="hidden" name="dbTable" value="SnortruleSets" /> <!-- what db table-->
<input type="hidden" name="ifaceTab" value="snort_rulesets" /> <!-- what interface tab -->
- <input type="hidden" name="ifaceuuid" value="<?=$uuid; ?>" /> <!-- what interface to save for -->
+ <input type="hidden" name="ifaceuuid" value="<?=$uuid;?>" /> <!-- what interface to save for -->
+ <input type="hidden" name="iface" value="<?=$a_list['interface'];?>" /> <!-- what interface to save for -->
+
<table width="100%" border="0" cellpadding="0" cellspacing="0">
<tr >