diff options
| -rwxr-xr-x | config/snort/snort.inc | 14 | ||||
| -rw-r--r-- | config/snort/snort_download_rules.php | 409 | ||||
| -rwxr-xr-x | pkg_config.7.xml | 4 |
3 files changed, 219 insertions, 208 deletions
diff --git a/config/snort/snort.inc b/config/snort/snort.inc index 6fa3fcca..1b8d5571 100755 --- a/config/snort/snort.inc +++ b/config/snort/snort.inc @@ -778,9 +778,11 @@ function verify_snort_rules_md5($tmpfname) { $static_output = gettext("Verifying md5 signature..."); update_all_status($static_output); } - $md5 = file_get_contents("{$tmpfname}/{$snort_filename_md5}"); + + $md555 = file_get_contents("{$tmpfname}/{$snort_filename_md5}"); + $md5 = `/bin/echo "{$md555}" | /usr/bin/awk '{ print $4 }'`; $file_md5_ondisk = `/sbin/md5 {$tmpfname}/{$snort_filename} | /usr/bin/awk '{ print $4 }'`; - if($md5 <> $file_md5_ondisk) { + if($md5 == $file_md5_ondisk) { if(!$console_mode) { $static_output = gettext("snort rules: md5 signature of rules mismatch."); update_all_status($static_output); @@ -801,6 +803,14 @@ function hide_progress_bar_status() { echo "\n<script type=\"text/javascript\">document.progressbar.style.visibility='hidden';\n</script>"; } +/* unhide progress bar */ +function unhide_progress_bar_status() { + global $snort_filename, $snort_filename_md5, $console_mode; + ob_flush(); + if(!$console_mode) + echo "\n<script type=\"text/javascript\">document.progressbar.style.visibility='visible';\n</script>"; +} + /* update both top and bottom text box during an operation */ function update_all_status($status) { global $snort_filename, $snort_filename_md5, $console_mode; diff --git a/config/snort/snort_download_rules.php b/config/snort/snort_download_rules.php index a378a2b2..259bcf86 100644 --- a/config/snort/snort_download_rules.php +++ b/config/snort/snort_download_rules.php @@ -1,9 +1,11 @@ <?php /* $Id$ */ /* - snort_download_rules.php - part of pfSense (http://www.pfsense.com) - Copyright (C) 2005 Scott Ullrich + snort_alerts.php + part of pfSense + + Copyright (C) 2005 Bill Marquette <bill.marquette@gmail.com>. + Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>. All rights reserved. Redistribution and use in source and binary forms, with or without @@ -26,46 +28,33 @@ CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -/* do not require all of this if we already have. */ -if(!$start_me_up) { - require_once("guiconfig.inc"); - require_once("functions.inc"); - require_once("service-utils.inc"); - require("/usr/local/pkg/snort.inc"); -} +/* Setup enviroment */ +$tmpfname = "/tmp/snort_rules_up"; +$snortdir = "/usr/local/etc/snort"; +$snort_filename_md5 = "snortrules-snapshot-2.8.tar.gz.md5"; +$snort_filename = "snortrules-snapshot-2.8.tar.gz"; -/* Allow additional execution time 0 = no limit. */ -ini_set('max_execution_time', '9999'); -ini_set('max_input_time', '9999'); +require_once("guiconfig.inc"); +require_once("functions.inc"); +require_once("service-utils.inc"); +require("/usr/local/pkg/snort.inc"); $pgtitle = "Services: Snort: Update Rules"; -/* define oinkid */ -if($config['installedpackages']['snort']) - $oinkid = $config['installedpackages']['snort']['config'][0]['oinkmastercode']; - -if($_GET['start'] or $_POST['start']) - $start_me_up = true; -else - $start_me_up = false; - -if(!is_dir("/usr/local/etc/snort/rules")) - $start_me_up = true; - -include("head.inc"); +include("/usr/local/www/head.inc"); ?> + <script src="/javascript/scriptaculous/prototype.js" type="text/javascript"></script> <body link="#0000CC" vlink="#0000CC" alink="#0000CC"> -<?php include("fbegin.inc"); ?> +<?php include("/usr/local/www/fbegin.inc"); ?> <?php if(!$pgtitle_output) - echo "<p class=\"pgtitle\"><?=$pgtitle?></p>"; + echo "<p class=\"pgtitle\"><?=$pgtitle?></p>"; ?> <form action="snort_download_rules.php" method="post"> @@ -75,225 +64,237 @@ if(!$pgtitle_output) <tr> <td> <?php - $tab_array = array(); - $tab_array[] = array(gettext("Settings"), false, "/pkg_edit.php?xml=snort.xml&id=0"); - $tab_array[] = array(gettext("Update Rules"), true, "/snort_download_rules.php"); - $tab_array[] = array(gettext("Categories"), false, "/snort_rulesets.php"); - $tab_array[] = array(gettext("Rules"), false, "/snort_rules.php"); - $tab_array[] = array(gettext("Blocked"), false, "/snort_blocked.php"); - $tab_array[] = array(gettext("Whitelist"), false, "/pkg.php?xml=snort_whitelist.xml"); - $tab_array[] = array(gettext("Alerts"), false, "/snort_alerts.php"); - $tab_array[] = array(gettext("Advanced"), false, "/pkg_edit.php?xml=snort_advanced.xml&id=0"); - display_top_tabs($tab_array); + $tab_array = array(); + $tab_array[] = array(gettext("Settings"), false, "/pkg_edit.php?xml=snort.xml&id=0"); + $tab_array[] = array(gettext("Update Rules"), true, "/snort_download_rules.php"); + $tab_array[] = array(gettext("Categories"), false, "/snort_rulesets.php"); + $tab_array[] = array(gettext("Rules"), false, "/snort_rules.php"); + $tab_array[] = array(gettext("Blocked"), false, "/snort_blocked.php"); + $tab_array[] = array(gettext("Whitelist"), false, "/pkg.php?xml=snort_whitelist.xml"); + $tab_array[] = array(gettext("Alerts"), false, "/snort_alerts.php"); + $tab_array[] = array(gettext("Advanced"), false, "/pkg_edit.php?xml=snort_advanced.xml&id=0"); + display_top_tabs($tab_array); ?> </td> </tr> -<?php - if($start_me_up == false) { - echo "<tr>\n"; - echo "<td>\n"; - echo "<div id=\"mainarea\">\n"; - echo "<table class=\"tabcont\" width=\"100%\" border=\"0\" cellpadding=\"6\" cellspacing=\"0\">\n"; - echo "<tr>\n"; - echo "<td>\n"; - $last_ruleset_download = $config['installedpackages']['snort']['last_ruleset_download']; - echo "<div id='loading' name='loading'>\n"; - echo "<img src=\"/themes/metallic/images/misc/loader_tab.gif\"> Getting release information from snort.org...\n"; - echo "</div>\n"; - ob_flush(); - ini_set('user_agent','Mozilla/4.0 (compatible; MSIE 6.0)'); - $text = file_get_contents("http://www.snort.org/pub-bin/downloads.cgi"); - echo "<script type=\"text/javascript\">\n"; - echo "$('loading').style.visibility = 'hidden';\n"; - echo "</script>\n"; - if (preg_match_all("/.*RELEASED\: (.*)\</", $text, $matches)) - $last_update_date = trim($matches[1][0]); - echo "<table>\n"; - if($last_update_date) - echo "<tr><td><b>Last snort.org rule update:</b></td><td>{$last_update_date}</td></tr>\n"; - if($last_ruleset_download) - echo "<tr><td><b>You last updated the ruleset:</b></td><td>{$last_ruleset_download}</td></tr>\n"; - else - echo "<tr><td><b>You last updated the ruleset:</b></td><td>NEVER</td></tr>\n"; - echo "</td></tr></table>"; - if(!$oinkid) { - echo "<tr><td colspan='2'>You must obtain an oinkid from snort.org and set its value in the Snort settings tab in order to start the download process.</td></tr>\n"; - } else { - /* get time stamps for comparison operations */ - $date1ts = strtotime($last_update_date); - $date2ts = strtotime($last_ruleset_download); - /* is there a newer ruleset available? */ - if($date1ts > $date2ts or !$last_ruleset_download) - echo "<tr><td colspan='2'>Press <a href='snort_download_rules.php?start=yes'>here</a> to start download.</td></tr>\n"; - else - echo "<tr><td colspan='2'>Your snort rulesets are <b>up to date</b>.</td></tr>\n"; - } - echo "</td>\n"; - echo " </tr>\n"; - echo " </table>\n"; - echo " </div>\n"; - echo "</td>\n"; - echo "</tr>\n"; - echo "</table>\n"; - include("fend.inc"); - exit; - } -?> - <tr> - <td> - <div id="mainarea"> - <table class="tabcont" width="100%" border="0" cellpadding="6" cellspacing="0"> - <tr> - <td align="center" valign="top"> - <!-- progress bar --> - <table id="progholder" width='420' style='border-collapse: collapse; border: 1px solid #000000;' cellpadding='2' cellspacing='2'> + + <tr> + <td> + <div id="mainarea"> + <table class="tabcont" width="100%" border="0" cellpadding="6" cellspacing="0"> + <tr> + <td align="center" valign="top"> + <!-- progress bar --> + <table id="progholder" width='420' style='border-collapse: collapse; border: 1px solid #000000;' cellpadding='2' cellspacing='2'> <tr> <td> <img border='0' src='./themes/<?= $g['theme']; ?>/images/misc/progress_bar.gif' width='280' height='23' name='progressbar' id='progressbar' alt='' /> </td> </tr> </table> - <br /> - <!-- status box --> - <textarea cols="60" rows="1" name="status" id="status" wrap="hard"> - <?=gettext("Initializing...");?> - </textarea> - <!-- command output box --> - <textarea cols="60" rows="25" name="output" id="output" wrap="hard"> - </textarea> - </td> - </tr> - </table> - </div> - </td> - </tr> + <br /> + <!-- status box --> + <textarea cols="60" rows="1" name="status" id="status" wrap="hard"> + <?=gettext("Initializing...");?> + </textarea> + <!-- command output box --> + <textarea cols="60" rows="1" name="output" id="output" wrap="hard"> + </textarea> + </td> + </tr> + </table> + </div> + </td> + </tr> </table> </form> + <?php include("fend.inc"); ?> + <?php -if(!$oinkid) { - $static_output = gettext("You must obtain an oinkid from snort.org and set its value in the Snort settings tab."); - update_all_status($static_output); - hide_progress_bar_status(); - exit; +/* Begin main code */ +/* Set user agent to Mozilla */ +ini_set('user_agent','Mozilla/4.0 (compatible; MSIE 6.0)'); +ini_set("memory_limit","125M"); + + +/* hide progress bar and lets end this party */ +hide_progress_bar_status(); + +/* remove old $tmpfname files */ +if (file_exists("{$tmpfname}")) { + /* echo "removing old {$tmpfname} files\n"; */ + update_status(gettext("Removing old tmp files...")); + exec("/bin/rm -r {$tmpfname}"); } /* send current buffer */ ob_flush(); -/* setup some variables */ -$premium_subscriber = ""; - -/* Snort version */ -$snort_version = "2.8"; - -/* Are we using the premium subscriber subscription? */ -if($config['installedpackages']['snortadvanced']['config'][0]['subscriber']) { - // http://www.snort.org/pub-bin/downloads.cgi/Download/sub_rules/snortrules-snapshot-CURRENT_s.tar.gz.md5 - $premium_subscriber = "_s"; - $snort_download_prefix = "http://www.snort.org/pub-bin/oinkmaster.cgi"; +/* If tmp dir does not exist create it */ +if (file_exists($tmpfname)) { + /* echo "The directory $tmpfname exists\n"; */ + update_status(gettext("The directory tmp exists...")); } else { - // http://www.snort.org/pub-bin/downloads.cgi/Download/vrt_os/snortrules-snapshot-CURRENT.tar.gz.md5 - $premium_subscriber = ""; - $snort_download_prefix = "http://www.snort.org/pub-bin/oinkmaster.cgi"; + mkdir("{$tmpfname}", 700); } -/* Set snort rules download filename */ -$snort_filename = "snortrules-snapshot-{$snort_version}{$premium_subscriber}.tar.gz"; -$snort_filename_md5 = "snortrules-snapshot-{$snort_version}{$premium_subscriber}.tar.gz.md5"; +/* unhide progress bar and lets end this party */ +unhide_progress_bar_status(); -/* Set user agent to Mozilla */ +/* download md5 sig */ +if (file_exists("{$tmpfname}/{$snort_filename_md5}")) { + /* echo "{$snort_filename_md5} does exists\n"; */ + update_status(gettext("md5 temp file exists...")); +} else { + /* echo "downloading md5\n"; */ + update_status(gettext("Downloading md5 file...")); ini_set('user_agent','Mozilla/4.0 (compatible; MSIE 6.0)'); +$image = file_get_contents('http://dl.snort.org/reg-rules/snortrules-snapshot-2.8.tar.gz.md5?oink_code=658d6fe74f30ac3efd01e7ff551f63d91a926430'); +$f = fopen("{$tmpfname}/snortrules-snapshot-2.8.tar.gz.md5", 'w'); +fwrite($f, $image); +fclose($f); + /* echo "done\n"; */ + update_status(gettext("Done.")); +} -/* Set download URL */ -$dl = "{$snort_download_prefix}/{$oinkid}/{$snort_filename}"; -$dl_md5 = "{$snort_download_prefix}/{$oinkid}/{$snort_filename_md5}"; +/* Check if were up to date */ +if (file_exists("{$snortdir}/{$snort_filename_md5}")) { +$md5_check_new_parse = file_get_contents("{$tmpfname}/{$snort_filename_md5}"); +$md5_check_new = `/bin/echo "{$md5_check_new_parse}" | /usr/bin/awk '{ print $4 }'`; +$md5_check_old_parse = file_get_contents("{$snortdir}/{$snort_filename_md5}"); +$md5_check_old = `/bin/echo "{$md5_check_old_parse}" | /usr/bin/awk '{ print $4 }'`; + if ($md5_check_new == $md5_check_old) + echo "You are Up to date!\n\n</body>\n</html>\n", update_status(gettext("Your rules are up to date...")), update_output_window(gettext("You may start Snort now.")), hide_progress_bar_status(), exit(0); +} -/* multi user system, request new filename and create directory */ -$tmpfname = tempnam("/tmp", "snortRules"); -exec("/bin/rm -rf {$tmpfname};/bin/mkdir -p {$tmpfname}"); +/* echo "You are Not Up to date!\n"; */ +update_status(gettext("You are NOT up to date...")); -/* download snort rules */ -$static_output = gettext("Downloading current snort rules... "); +/* remove old {$snortdir} files */ +if (file_exists("{$snortdir}")) { + /* echo "removing old {$snortdir} files\n"; */ + update_status(gettext("Removing old snort rules...")); + update_output_window(gettext("May take a while...")); + exec("/bin/rm -r {$snortdir}/*"); +} -/* Set URL we are downloading in bottom textarea and - * download snort rules - */ -update_all_status($static_output); -update_output_window("{$dl}"); -download_file_with_progress_bar($dl, $tmpfname . "/{$snort_filename}", "read_body_firmware"); -verify_downloaded_file($tmpfname . "/{$snort_filename}"); +/* download snortrules file */ +if (file_exists("{$tmpfname}/{$snort_filename}")) { + /* echo "{$snort_filename} does exists\n"; */ + update_status(gettext("Snortrule tar file exists...")); +} else { + /* echo "downloading rules\n"; */ + update_status(gettext("Downloading rules...")); + update_output_window(gettext("May take 4 to 10 min...")); -/* download snort rules md5 file */ -$static_output = gettext("Downloading current snort rules md5... "); +update_output_window("{$snort_filename}"); +download_file_with_progress_bar("http://dl.snort.org/reg-rules/snortrules-snapshot-2.8.tar.gz?oink_code=658d6fe74f30ac3efd01e7ff551f63d91a926430", $tmpfname . "/{$snort_filename}", "read_body_firmware"); update_all_status($static_output); -update_output_window("{$dl_md5}"); -download_file_with_progress_bar($dl_md5, $tmpfname . "/{$snort_filename_md5}", "read_body_firmware"); -verify_downloaded_file($tmpfname . "/{$snort_filename_md5}"); + /* echo "done\n"; */ + update_status(gettext("Done.")); +} -/* verify downloaded rules signature */ -update_status(gettext("Verifying MD5 Signature...")); -verify_snort_rules_md5($tmpfname); -/* extract rules */ -update_status(gettext("Extracting rules...")); -extract_snort_rules_md5($tmpfname); +/* Compair md5 sigs */ +$md555 = file_get_contents("{$tmpfname}/{$snort_filename_md5}"); +$md5 = `/bin/echo "{$md555}" | /usr/bin/awk '{ print $4 }'`; +$file_md5_ondisk = `/sbin/md5 {$tmpfname}/{$snort_filename} | /usr/bin/awk '{ print $4 }'`; -$static_output = gettext("Your snort rules are now up to date."); -update_all_status($static_output); + if ($md5 == $file_md5_ondisk) + /* echo "Valid checksum pass\n"; */ + update_status(gettext("Valid checksum pass")); -$config['installedpackages']['snort']['last_ruleset_download'] = date("Y-m-d"); -write_config(); +/* Untar snort rules file */ +if (file_exists("{$tmpfname}/rules")) { + /* echo "The directory {$tmpfname}/rules exists\n"; */ + update_status(gettext("The directory rules exists...")); +} else { + /* echo "extracting rules\n"; */ + update_status(gettext("Extracting rules...")); + update_output_window(gettext("May take a while...")); + exec("/usr/bin/tar xzf {$tmpfname}/{$snort_filename} -C {$tmpfname}"); + update_status(gettext("Done.")); +} -update_status(gettext("Stopping Snort...")); -update_output_window(gettext("One moment please...")); -stop_service("snort"); -update_status(gettext("Starting Snort...")); -update_output_window(gettext("One moment please...")); -start_service("snort"); +/* Copy rules dir to snort dir */ +if (file_exists("{$snortdir}/rules")) { + /* echo "The directory {$snortdir}/rules exists\n"; */ + update_status(gettext("Directory rules exists...")); +} else { + /* echo "copying rules to {$snortdir}\n"; */ + update_status(gettext("Copying rules...")); + update_output_window(gettext("May take a while...")); + exec("/bin/cp -r {$tmpfname}/rules {$snortdir}/rules"); + update_status(gettext("Done.")); +} -/* cleanup temporary directory */ -update_status(gettext("Cleaning up...")); -update_output_window(gettext("One moment please...")); -exec("/bin/rm -rf {$tmpfname};"); +/* Copy md5 sig to snort dir */ +if (file_exists("{$snortdir}/$snort_filename_md5")) { + /* echo "The {$snort_filename_md5} exists in the {$snortdir} exists\n"; */ + update_status(gettext("The md5 file exists...")); +} else { + /* echo "copying sig to {$snortdir}\n"; */ + update_status(gettext("Copying md5 sig to snort directory...")); + exec("/bin/cp {$tmpfname}/$snort_filename_md5 {$snortdir}/$snort_filename_md5"); +} + +/* Copy configs to snort dir */ +if (file_exists("{$snortdir}/Makefile.am")) { + /* echo "The Snort configs exists in the {$snortdir} exists\n"; */ + update_status(gettext("The snort configs exists...")); +} else { + /* echo "copying sig to {$snortdir}\n"; */ + update_status(gettext("Copying configs to snort directory...")); + exec("/bin/cp {$tmpfname}/etc/* {$snortdir}"); +} + +/* Copy signatures dir to snort dir */ +if (file_exists("{$snortdir}/doc/signatures")) { + /* echo "The directory {$snortdir}/signatures exists\n"; */ + update_status(gettext("Directory signatures exists...")); +} else { + /* echo "copying signatures to {$snortdir}\n"; */ + update_status(gettext("Copying signatures...")); + update_output_window(gettext("May take a while...")); + exec("/bin/cp -r {$tmpfname}/doc/signatures {$snortdir}/signatures"); + update_status(gettext("Done.")); +} + +/* echo "done finnal\n"; */ +update_status(gettext("Rules update finished...")); +update_output_window(gettext("You may start Snort now.")); /* hide progress bar and lets end this party */ hide_progress_bar_status(); ?> -</body> -</html> - -<script type="text/javascript"> - document.location.href='snort_download_rules.php?ran=1'; -</script> - <?php function read_body_firmware($ch, $string) { - global $fout, $file_size, $downloaded, $counter, $version, $latest_version, $current_installed_pfsense_version; - $length = strlen($string); - $downloaded += intval($length); - $downloadProgress = round(100 * (1 - $downloaded / $file_size), 0); - $downloadProgress = 100 - $downloadProgress; - $a = $file_size; - $b = $downloaded; - $c = $downloadProgress; - $text = " Snort download in progress\\n"; - $text .= "----------------------------------------------------\\n"; - $text .= " Downloaded : {$b}\\n"; - $text .= "----------------------------------------------------\\n"; - $counter++; - if($counter > 150) { - update_output_window($text); - update_progress_bar($downloadProgress); - flush(); - $counter = 0; - } - fwrite($fout, $string); - return $length; + global $fout, $file_size, $downloaded, $counter, $version, $latest_version, $current_installed_pfsense_version; + $length = strlen($string); + $downloaded += intval($length); + $downloadProgress = round(100 * (1 - $downloaded / $file_size), 0); + $downloadProgress = 100 - $downloadProgress; + $a = $file_size; + $b = $downloaded; + $c = $downloadProgress; + $text = " Snort download in progress\\n"; + $text .= "----------------------------------------------------\\n"; + $text .= " Downloaded : {$b}\\n"; + $text .= "----------------------------------------------------\\n"; + $counter++; + if($counter > 150) { + update_output_window($text); + update_progress_bar($downloadProgress); + flush(); + $counter = 0; + } + fwrite($fout, $string); + return $length; } -?>
\ No newline at end of file +?> diff --git a/pkg_config.7.xml b/pkg_config.7.xml index eeef7439..8db27e54 100755 --- a/pkg_config.7.xml +++ b/pkg_config.7.xml @@ -186,14 +186,14 @@ <name>snort</name> <descr>Snort is a libpcap-based packet sniffer/logger which can be used as a lightweight network intrusion detection system. It features rules based logging and can perform content searching/matching in addition to being used to detect a variety of other attacks and probes, such as buffer overflows, stealth port scans, CGI attacks, SMB probes, and much more.</descr> <category>Security</category> - <depends_on_package_base_url>http://files.pfsense.org/packages/7/All/</depends_on_package_base_url> + <depends_on_package_base_url>http://files.pfsense.org/packages/70/All/</depends_on_package_base_url> <depends_on_package>libdnet-1.11_3.tbz</depends_on_package> <depends_on_package>pcre-7.9.tbz</depends_on_package> <depends_on_package>mysql-client-5.1.34.tbz</depends_on_package> <depends_on_package>snort-2.8.4.1.tbz</depends_on_package> <config_file>http://www.pfsense.com/packages/config/snort/snort.xml</config_file> <version>2.8.4</version> - <required_version>1.2.3</required_version> + <required_version>1.2.2</required_version> <status>Stable</status> <configurationfile>snort.xml</configurationfile> <after_install_info>Please visit the Snort settings tab and enter your oinkid code. Afterwards visit the update rules tab to download the snort rules.</after_install_info> |