diff options
-rw-r--r-- | packages/snort/snort.inc | 22 | ||||
-rw-r--r-- | packages/snort/snort.xml | 5 | ||||
-rw-r--r-- | packages/snort/snort_advanced.xml | 60 | ||||
-rw-r--r-- | packages/snort/snort_alerts.php | 1 | ||||
-rw-r--r-- | packages/snort/snort_blocked.php | 1 | ||||
-rw-r--r-- | packages/snort/snort_download_rules.php | 1 | ||||
-rw-r--r-- | packages/snort/snort_rulesets.php | 3 | ||||
-rw-r--r-- | packages/snort/snort_whitelist.xml | 6 |
8 files changed, 93 insertions, 6 deletions
diff --git a/packages/snort/snort.inc b/packages/snort/snort.inc index 88fef66a..6119d4c8 100644 --- a/packages/snort/snort.inc +++ b/packages/snort/snort.inc @@ -44,6 +44,12 @@ function sync_package_snort_reinstall() { function sync_package_snort() { global $config, $g; + + /* snort -> advanced features */ + $bpfbufsize = $config['installedpackages']['snort']['config'][0]['bpfbufsize']; + $bpfmaxbufsize = $config['installedpackages']['snort']['config'][0]['bpfmaxbufsize']; + $bpfmaxinsns = $config['installedpackages']['snort']['config'][0]['bpfmaxinsns']; + conf_mount_rw(); /* create a few directories and ensure the sample files are in place */ exec("/bin/mkdir -p /usr/local/etc/snort"); @@ -77,6 +83,14 @@ function sync_package_snort() { /* create log directory */ $start = "/bin/mkdir -p /var/log/snort"; + /* snort advanced features - bpf tuning */ + if($bpfbufsize) + $start .= ";sysctl net.bpf.bufsize={$bpfbufsize}"; + if($bpfmaxbufsize) + $start .= ";sysctl net.bpf.maxbufsize={$bpfmaxbufsize}"; + if($bpfmaxinsns) + $start .= ";sysctl net.bpf.maxinsns={$bpfmaxinsns}"; + /* start snort */ $start .= ";snort -c /usr/local/etc/snort/snort.conf -l /var/log/snort {$ifaces_final} -A full -D"; @@ -140,10 +154,6 @@ function generate_snort_conf() { add_text_to_file($filenamea, $text_ww); exec("killall -HUP cron"); - /* increase bpf buffers to 20480, 5 times the normal 4096 */ - add_text_to_file("/etc/sysctl.conf", "net.bpf.bufsize=20480"); - exec("/sbin/sysctl net.bpf.bufsize=20480"); - /* should we install a automatic update crontab entry? */ $automaticrulesupdate = $config['installedpackages']['snort']['config'][0]['automaticrulesupdate']; @@ -550,5 +560,9 @@ function write_snort_config_cache($snort_config) { return true; } +function snort_advanced() { + global $g, $config; + +} ?>
\ No newline at end of file diff --git a/packages/snort/snort.xml b/packages/snort/snort.xml index d081dca1..75c7b744 100644 --- a/packages/snort/snort.xml +++ b/packages/snort/snort.xml @@ -59,6 +59,11 @@ <chmod>077</chmod> <item>http://www.pfsense.com/packages/config/snort/snort_xmlrpc_sync.php</item> </additional_files_needed> + <additional_files_needed> + <prefix>/usr/local/www/</prefix> + <chmod>077</chmod> + <item>http://www.pfsense.com/packages/config/snort/snort_advanced.php</item> + </additional_files_needed> <service> <name>snort</name> <rcfile>snort.sh</rcfile> diff --git a/packages/snort/snort_advanced.xml b/packages/snort/snort_advanced.xml new file mode 100644 index 00000000..b6c4603d --- /dev/null +++ b/packages/snort/snort_advanced.xml @@ -0,0 +1,60 @@ +<?xml version="1.0" encoding="utf-8" ?> +<packagegui> + <title>Services: Snort Advanced</title> + <name>Snort</name> + <include_file>/usr/local/pkg/snort.inc</include_file> + <tabs> + <tab> + <text>Snort Settings</text> + <url>/pkg_edit.php?xml=snort.xml&id=0</url> + </tab> + <tab> + <text>Update Snort Rules</text> + <url>/snort_download_rules.php</url> + </tab> + <tab> + <text>Snort Rulesets</text> + <url>/snort_rulesets.php</url> + </tab> + <tab> + <text>Snort Blocked</text> + <url>/snort_blocked.php</url> + </tab> + <tab> + <text>Snort Whitelist</text> + <url>/pkg.php?xml=snort_whitelist.xml</url> + </tab> + <tab> + <text>Snort Alerts</text> + <url>/snort_alerts.php</url> + </tab> + <tab> + <text>Snort Advanced</text> + <url>/pkg_edit.php?xml=snort_advanced.xml&id=0</url> + <active/> + </tab> + </tabs> + <fields> + <field> + <fielddescr>BPF Buffer size</fielddescr> + <fieldname>bpfbufsize</fieldname> + <description>Changing this option adjusts the system BPF buffer size. Leave blank if you do not know what this does.</description> + <type>checkbox</type> + </field> + <field> + <fielddescr>Maximum BPF buffer size</fielddescr> + <fieldname>bpfmaxbufsize</fieldname> + <description>Changing this option adjusts the system maximum BPF buffer size. Leave blank if you do not know what this does.</description> + <type>checkbox</type> + </field> + <field> + <fielddescr>Maximum BPF inserts</fielddescr> + <fieldname>bpfmaxinsns</fieldname> + <description>Changing this option adjusts the system maximum BPF insert size. Leave blank if you do not know what this does.</description> + <type>checkbox</type> + </field> + </fields> + <custom_php_deinstall_command> + snort_advanced(); + </custom_php_deinstall_command> +</packagegui> diff --git a/packages/snort/snort_alerts.php b/packages/snort/snort_alerts.php index dfa20b68..ca3c8bdd 100644 --- a/packages/snort/snort_alerts.php +++ b/packages/snort/snort_alerts.php @@ -67,6 +67,7 @@ include("head.inc"); $tab_array[] = array(gettext("Snort Blocked"), false, "/snort_blocked.php"); $tab_array[] = array(gettext("Snort Whitelist"), false, "/pkg.php?xml=snort_whitelist.xml"); $tab_array[] = array(gettext("Snort Alerts"), true, "/snort_alerts.php"); + $tab_array[] = array(gettext("Snort Advanced"), false, "/pkg_edit.php?xml=snort_advanced.xml&id=0"); display_top_tabs($tab_array); ?> </td></tr> diff --git a/packages/snort/snort_blocked.php b/packages/snort/snort_blocked.php index 67bd1f90..bab607ba 100644 --- a/packages/snort/snort_blocked.php +++ b/packages/snort/snort_blocked.php @@ -63,6 +63,7 @@ include("head.inc"); $tab_array[] = array(gettext("Snort Blocked"), true, "/snort_blocked.php"); $tab_array[] = array(gettext("Snort Whitelist"), false, "/pkg.php?xml=snort_whitelist.xml"); $tab_array[] = array(gettext("Snort Alerts"), false, "/snort_alerts.php"); + $tab_array[] = array(gettext("Snort Advanced"), false, "/pkg_edit.php?xml=snort_advanced.xml&id=0"); display_top_tabs($tab_array); ?> </td> diff --git a/packages/snort/snort_download_rules.php b/packages/snort/snort_download_rules.php index 872bafe9..ae2ba540 100644 --- a/packages/snort/snort_download_rules.php +++ b/packages/snort/snort_download_rules.php @@ -75,6 +75,7 @@ include("head.inc"); $tab_array[] = array(gettext("Snort Blocked"), false, "/snort_blocked.php"); $tab_array[] = array(gettext("Snort Whitelist"), false, "/pkg.php?xml=snort_whitelist.xml"); $tab_array[] = array(gettext("Snort Alerts"), false, "/snort_alerts.php"); + $tab_array[] = array(gettext("Snort Advanced"), false, "/pkg_edit.php?xml=snort_advanced.xml&id=0"); display_top_tabs($tab_array); ?> </td> diff --git a/packages/snort/snort_rulesets.php b/packages/snort/snort_rulesets.php index 9950c96b..3d14dce6 100644 --- a/packages/snort/snort_rulesets.php +++ b/packages/snort/snort_rulesets.php @@ -27,7 +27,7 @@ POSSIBILITY OF SUCH DAMAGE. */ -if(!is_dir("/usr/local/etc/snort/rules")) +if(!is_dir("/usr/local/etc/snort/rules")) Header("Location: snort_download_rules.php"); require("guiconfig.inc"); @@ -81,6 +81,7 @@ include("head.inc"); $tab_array[] = array(gettext("Snort Blocked"), false, "/snort_blocked.php"); $tab_array[] = array(gettext("Snort Whitelist"), false, "/pkg.php?xml=snort_whitelist.xml"); $tab_array[] = array(gettext("Snort Alerts"), false, "/snort_alerts.php"); + $tab_array[] = array(gettext("Snort Advanced"), false, "/pkg_edit.php?xml=snort_advanced.xml&id=0"); display_top_tabs($tab_array); ?> </td> diff --git a/packages/snort/snort_whitelist.xml b/packages/snort/snort_whitelist.xml index 902bf299..1e820722 100644 --- a/packages/snort/snort_whitelist.xml +++ b/packages/snort/snort_whitelist.xml @@ -30,7 +30,11 @@ <tab> <text>Snort Alerts</text> <url>/snort_alerts.php</url> - </tab> + </tab> + <tab> + <text>Snort Advanced</text> + <url>/pkg_edit.php?xml=snort_advanced.xml&id=0</url> + </tab> </tabs> <adddeleteeditpagefields> <columnitem> |