diff options
-rwxr-xr-x | config/snort/snort.inc | 201 | ||||
-rw-r--r-- | config/snort/snort_post_install.php | 14 |
2 files changed, 6 insertions, 209 deletions
diff --git a/config/snort/snort.inc b/config/snort/snort.inc index e9feec1a..53ae4a9d 100755 --- a/config/snort/snort.inc +++ b/config/snort/snort.inc @@ -1109,9 +1109,6 @@ function sync_snort_package_config() { if ($is_dirty) write_config("Snort pkg: updated snort service entry configuration."); - /* create snort bootup file snort.sh only create once */ -// snort_create_rc(); - $snortglob = $config['installedpackages']['snortglobal']; snort_snortloglimit_install_cron(true); @@ -2833,204 +2830,6 @@ function snort_modify_sids(&$rule_map, $snortcfg) { unset($enablesid, $disablesid); } -function snort_create_rc() { - -/*********************************************************/ -/* This function builds the /usr/local/etc/rc.d/snort.sh */ -/* shell script for starting and stopping Snort. The */ -/* script is rebuilt on each package sync operation and */ -/* after any changes to snort.conf saved in the GUI. */ -/*********************************************************/ - - global $config, $g, $pfs_version; - - $snortdir = SNORTDIR; - $snortlogdir = SNORTLOGDIR; - $rcdir = RCFILEPREFIX; - - // If no interfaces are configured for Snort, exit - if (!is_array($config['installedpackages']['snortglobal']['rule'])) - return; - $snortconf = $config['installedpackages']['snortglobal']['rule']; - if (empty($snortconf)) - return; - - // At least one interface is configured, so OK - $start_snort_iface_start = array(); - $start_snort_iface_stop = array(); - - // If not using PBI package, then make sure Barnyard2 can - // find the latest MySQL shared libs in /usr/local/lib/mysql - if ($pfs_version < 2.1) { - $sql_lib_path = "\n# Ensure MySQL shared libs are in ldconfig search path\n"; - $sql_lib_path .= "/sbin/ldconfig -m /usr/local/lib/mysql"; - $start_snort_iface_start[] = $sql_lib_path; - } - - // Loop thru each configured interface and build - // the shell script. - foreach ($snortconf as $value) { - // Skip disabled Snort interfaces - if ($value['enable'] <> 'on') - continue; - $snort_uuid = $value['uuid']; - $if_real = get_real_interface($value['interface']); - - $start_barnyard = <<<EOE - - if [ ! -f {$g['varrun_path']}/barnyard2_{$if_real}{$snort_uuid}.pid ]; then - pid=`/bin/pgrep -fn "barnyard2 -r {$snort_uuid} "` - else - pid=`/bin/pgrep -F {$g['varrun_path']}/barnyard2_{$if_real}{$snort_uuid}.pid` - fi - if [ ! -z \$pid ]; then - /usr/bin/logger -p daemon.info -i -t SnortStartup "Barnyard2 SOFT RESTART for {$value['descr']}({$snort_uuid}_{$if_real})..." - /bin/pkill -HUP \$pid - else - /usr/bin/logger -p daemon.info -i -t SnortStartup "Barnyard2 START for {$value['descr']}({$snort_uuid}_{$if_real})..." - /usr/local/bin/barnyard2 -r {$snort_uuid} -f snort_{$snort_uuid}_{$if_real}.u2 --pid-path {$g['varrun_path']} --nolock-pidfile -c {$snortdir}/snort_{$snort_uuid}_{$if_real}/barnyard2.conf -d {$snortlogdir}/snort_{$if_real}{$snort_uuid} -D -q - fi - -EOE; - $stop_barnyard2 = <<<EOE - - if [ -f {$g['varrun_path']}/barnyard2_{$if_real}{$snort_uuid}.pid ]; then - /usr/bin/logger -p daemon.info -i -t SnortStartup "Barnyard2 STOP for {$value['descr']}({$snort_uuid}_{$if_real})..." - pid=`/bin/pgrep -F {$g['varrun_path']}/barnyard2_{$if_real}{$snort_uuid}.pid` - /bin/pkill -F {$g['varrun_path']}/barnyard2_{$if_real}{$snort_uuid}.pid -a - time=0 timeout=30 - while kill -0 \$pid 2>/dev/null; do - sleep 1 - time=\$((time+1)) - if [ \$time -gt \$timeout ]; then - break - fi - done - if [ -f /var/run/barnyard2_{$if_real}{$snort_uuid}.pid ]; then - /bin/rm /var/run/barnyard2_{$if_real}{$snort_uuid}.pid - fi - else - pid=`/bin/pgrep -fn "barnyard2 -r {$snort_uuid} "` - if [ ! -z \$pid ]; then - /bin/pkill -f "barnyard2 -r {$snort_uuid} " - time=0 timeout=30 - while kill -0 \$pid 2>/dev/null; do - sleep 1 - time=\$((time+1)) - if [ \$time -gt \$timeout ]; then - break - fi - done - fi - fi - -EOE; - if ($value['barnyard_enable'] == 'on') - $start_barnyard2 = $start_barnyard; - else - $start_barnyard2 = $stop_barnyard2; - - $start_snort_iface_start[] = <<<EOE - -###### For Each Iface - # Start snort and barnyard2 - if [ ! -f {$g['varrun_path']}/snort_{$if_real}{$snort_uuid}.pid ]; then - pid=`/bin/pgrep -fn "snort -R {$snort_uuid} "` - else - pid=`/bin/pgrep -F {$g['varrun_path']}/snort_{$if_real}{$snort_uuid}.pid` - fi - - if [ ! -z \$pid ]; then - /usr/bin/logger -p daemon.info -i -t SnortStartup "Snort SOFT RESTART for {$value['descr']}({$snort_uuid}_{$if_real})..." - /bin/pkill -HUP \$pid - else - /usr/bin/logger -p daemon.info -i -t SnortStartup "Snort START for {$value['descr']}({$snort_uuid}_{$if_real})..." - /usr/local/bin/snort -R {$snort_uuid} -D -q -l {$snortlogdir}/snort_{$if_real}{$snort_uuid} --pid-path {$g['varrun_path']} --nolock-pidfile -G {$snort_uuid} -c {$snortdir}/snort_{$snort_uuid}_{$if_real}/snort.conf -i {$if_real} - fi - - sleep 2 - {$start_barnyard2} - -EOE; - - $start_snort_iface_stop[] = <<<EOE - - if [ -f {$g['varrun_path']}/snort_{$if_real}{$snort_uuid}.pid ]; then - pid=`/bin/pgrep -F {$g['varrun_path']}/snort_{$if_real}{$snort_uuid}.pid` - /usr/bin/logger -p daemon.info -i -t SnortStartup "Snort STOP for {$value['descr']}({$snort_uuid}_{$if_real})..." - /bin/pkill -F {$g['varrun_path']}/snort_{$if_real}{$snort_uuid}.pid -a - time=0 timeout=30 - while kill -0 \$pid 2>/dev/null; do - sleep 1 - time=\$((time+1)) - if [ \$time -gt \$timeout ]; then - break - fi - done - if [ -f /var/run/snort_{$if_real}{$snort_uuid}.pid ]; then - /bin/rm /var/run/snort_{$if_real}{$snort_uuid}.pid - fi - else - pid=`/bin/pgrep -fn "snort -R {$snort_uuid} "` - if [ ! -z \$pid ]; then - /usr/bin/logger -p daemon.info -i -t SnortStartup "Snort STOP for {$value['descr']}({$snort_uuid}_{$if_real})..." - /bin/pkill -fn "snort -R {$snort_uuid} " - time=0 timeout=30 - while kill -0 \$pid 2>/dev/null; do - sleep 1 - time=\$((time+1)) - if [ \$time -gt \$timeout ]; then - break - fi - done - fi - fi - - sleep 2 - {$stop_barnyard2} - -EOE; - } - - $rc_start = implode("\n", $start_snort_iface_start); - $rc_stop = implode("\n", $start_snort_iface_stop); - - $snort_sh_text = <<<EOD -#!/bin/sh -######## -# This file was automatically generated -# by the pfSense service handler. -# Code added to protect from double starts on pfSense bootup -######## Start of main snort.sh - -rc_start() { - {$rc_start} -} - -rc_stop() { - {$rc_stop} -} - -case $1 in - start) - rc_start - ;; - stop) - rc_stop - ;; - restart) - rc_stop - rc_start - ;; -esac - -EOD; - - /* write out snort.sh */ - @file_put_contents("{$rcdir}snort.sh", $snort_sh_text); - @chmod("{$rcdir}snort.sh", 0755); -} - function snort_generate_barnyard2_conf($snortcfg, $if_real) { /****************************************************/ diff --git a/config/snort/snort_post_install.php b/config/snort/snort_post_install.php index ece75f2b..f84cfc55 100644 --- a/config/snort/snort_post_install.php +++ b/config/snort/snort_post_install.php @@ -112,9 +112,9 @@ foreach ($preproc_rules as $file) { } /* Remove any previously installed scripts since we rebuild them */ -@unlink("{$snortdir}/sid"); -@unlink("{$rcdir}snort.sh"); -@unlink("{$rcdir}barnyard2"); +unlink_if_exists("{$snortdir}/sid"); +unlink_if_exists("{$rcdir}snort.sh"); +unlink_if_exists("{$rcdir}barnyard2"); /* Create required log and db directories in /var */ safe_mkdir(SNORTLOGDIR); @@ -217,10 +217,12 @@ if ($config['installedpackages']['snortglobal']['forcekeepsettings'] == 'on') { unset($snort_conf_text, $selected_rules_sections, $suppress_file_name, $snort_misc_include_rules, $spoink_type, $snortunifiedlog_type, $alertsystemlog_type); unset($home_net, $external_net, $ipvardef, $portvardef); - // create barnyard2.conf file for interface + // Create barnyard2.conf file for interface if ($snortcfg['barnyard_enable'] == 'on') snort_generate_barnyard2_conf($snortcfg, $if_real); + // If this interface is not enabled, we're done with it so + // loop to the next one. if ($snortcfg['enable'] != 'on') continue; @@ -269,9 +271,6 @@ if ($config['installedpackages']['snortglobal']['forcekeepsettings'] == 'on') { } } - /* create snort bootup file snort.sh */ -// snort_create_rc(); - /* Set Log Limit, Block Hosts Time and Rules Update Time */ snort_snortloglimit_install_cron(true); snort_rm_blocked_install_cron($config['installedpackages']['snortglobal']['rm_blocked'] != "never_b" ? true : false); @@ -291,7 +290,6 @@ if ($config['installedpackages']['snortglobal']['forcekeepsettings'] == 'on') { update_status(gettext("Starting Snort using rebuilt configuration...")); update_output_window(gettext("Please wait... while Snort is started...")); log_error(gettext("[Snort] Starting Snort using rebuilt configuration...")); -// mwexec_bg("{$rcdir}snort.sh start"); foreach ($config['installedpackages']['snortglobal']['rule'] as $snortcfg) { if ($snortcfg['enable'] != 'on') continue; |