aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--config/snort/snort.inc57
-rw-r--r--config/snort/snort_check_for_rule_updates.php167
-rw-r--r--config/snort/snort_download_updates.php4
-rw-r--r--config/snort/snort_interfaces.php4
-rw-r--r--config/snort/snort_interfaces_global.php4
-rw-r--r--config/snort/snort_rules.php4
-rw-r--r--config/snort/snort_rulesets.php4
7 files changed, 136 insertions, 108 deletions
diff --git a/config/snort/snort.inc b/config/snort/snort.inc
index 35d8229e..a679e594 100644
--- a/config/snort/snort.inc
+++ b/config/snort/snort.inc
@@ -42,7 +42,7 @@ $pfSense_snort_version = "2.3.0";
$snort_package_version = "Snort {$snort_version} pkg v. {$pfSense_snort_version}";
$snort_rules_file = "snortrules-snapshot-2923.tar.gz";
$emerging_threats_version = "2.9.0";
-$snortdir = "/usr/local/etc/snort";
+define("SNORTDIR", "/usr/local/etc/snort");
/* Allow additional execution time 0 = no limit. */
ini_set('max_execution_time', '9999');
@@ -57,17 +57,6 @@ if (intval($config['version']) > 6)
else
$snort_pfsense_basever = 'yes';
-/* find out what arch where in x86 , x64 */
-global $snortdir, $snort_arch;
-$snort_arch = 'x86';
-$snort_arch_ck = php_uname("m");
-if ($snort_arch_ck == 'i386')
- $snort_arch = 'x86';
-else if ($snort_arch_ck == "amd64")
- $snort_arch = 'x64';
-else
- $snort_arch = "Unknown";
-
/* tell me my theme */
$pfsense_theme_is = $config['theme'];
@@ -279,7 +268,9 @@ function Running_Stop($snort_uuid, $if_real, $id) {
}
function Running_Start($snort_uuid, $if_real, $id) {
- global $snortdir, $config, $g;
+ global $config, $g;
+
+ $snortdir = SNORTDIR;
$snort_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['enable'];
if ($snort_info_chk == 'on')
@@ -388,7 +379,9 @@ function snort_post_delete_logs($snort_uuid = 0)
}
function snort_postinstall() {
- global $snortdir, $config, $g, $snort_pfsense_basever, $snort_arch;
+ global $config, $g, $snort_pfsense_basever;
+
+ $snortdir = SNORTDIR;
/* snort -> advanced features */
if (is_array($config['installedpackages']['snortglobal'])) {
@@ -724,7 +717,9 @@ function sync_snort_package_config()
/* create threshold file */
function create_snort_suppress($id, $if_real) {
- global $snortdir, $config, $g;
+ global $config, $g;
+
+ $snortdir = SNORTDIR;
/* make sure dir is there */
if (!is_dir("{$snortdir}/suppress"))
@@ -751,7 +746,9 @@ function create_snort_suppress($id, $if_real) {
}
function create_snort_whitelist($id, $if_real) {
- global $snortdir, $config, $g;
+ global $config, $g;
+
+ $snortdir = SNORTDIR;
/* make sure dir is there */
if (!is_dir("{$snortdir}/whitelist"))
@@ -823,7 +820,9 @@ function create_snort_externalnet($id, $if_real) {
/* open snort.sh for writing" */
function create_snort_sh() {
- global $snortdir, $config, $g;
+ global $config, $g;
+
+ $snortdir = SNORTDIR;
if (!is_array($config['installedpackages']['snortglobal']['rule']))
return;
@@ -949,7 +948,9 @@ EOD;
/* if rules exist copy to new interfaces */
function create_rules_iface($id, $if_real, $snort_uuid) {
- global $snortdir, $config, $g;
+ global $config, $g;
+
+ $snortdir = SNORTDIR;
$if_rule_dir = "{$snortdir}/snort_{$snort_uuid}_{$if_real}";
$folder_chk = (count(glob("{$if_rule_dir}/rules/*")) === 0) ? 'empty' : 'full';
@@ -965,7 +966,9 @@ function create_rules_iface($id, $if_real, $snort_uuid) {
/* open barnyard2.conf for writing */
function create_barnyard2_conf($id, $if_real, $snort_uuid) {
- global $snortdir, $config, $g;
+ global $config, $g;
+
+ $snortdir = SNORTDIR;
if (!file_exists("{$snortdir}/snort_{$snort_uuid}_{$if_real}/barnyard2.conf"))
exec("/usr/bin/touch {$snortdir}/snort_{$snort_uuid}_{$if_real}/barnyard2.conf");
@@ -983,7 +986,9 @@ function create_barnyard2_conf($id, $if_real, $snort_uuid) {
/* open barnyard2.conf for writing" */
function generate_barnyard2_conf($id, $if_real, $snort_uuid) {
- global $snortdir, $config, $g;
+ global $config, $g;
+
+ $snortdir = SNORTDIR;
/* define snortbarnyardlog */
/* TODO: add support for the other 5 output plugins */
@@ -1032,7 +1037,9 @@ EOD;
}
function create_snort_conf($id, $if_real, $snort_uuid) {
- global $snortdir, $config, $g;
+ global $config, $g;
+
+ $snortdir = SNORTDIR;
if (!empty($if_real) && !empty($snort_uuid)) {
if (!is_dir("{$snortdir}/snort_{$snort_uuid}_{$if_real}")) {
@@ -1056,7 +1063,9 @@ function create_snort_conf($id, $if_real, $snort_uuid) {
}
function snort_deinstall() {
- global $snortdir, $config, $g;
+ global $config, $g;
+
+ $snortdir = SNORTDIR;
/* remove custom sysctl */
remove_text_from_file("/etc/sysctl.conf", "sysctl net.bpf.bufsize=20480");
@@ -1108,7 +1117,9 @@ function snort_deinstall() {
}
function generate_snort_conf($id, $if_real, $snort_uuid) {
- global $snortdir, $config, $g, $snort_pfsense_basever;
+ global $config, $g, $snort_pfsense_basever;
+
+ $snortdir = SNORTDIR;
if (!is_array($config['installedpackages']['snortglobal']['rule']))
return;
diff --git a/config/snort/snort_check_for_rule_updates.php b/config/snort/snort_check_for_rule_updates.php
index 00a93ad5..2b6e0f37 100644
--- a/config/snort/snort_check_for_rule_updates.php
+++ b/config/snort/snort_check_for_rule_updates.php
@@ -32,7 +32,9 @@ require_once("functions.inc");
require_once("service-utils.inc");
require_once("/usr/local/pkg/snort/snort.inc");
-global $snort_gui_include, $snortdir;
+global $snort_gui_include;
+
+$snortdir = SNORTDIR;
if (!isset($snort_gui_include))
$pkg_interface = "console";
@@ -163,94 +165,99 @@ if ($snortdownload == 'on') {
/* extract so rules */
exec('/bin/mkdir -p /usr/local/lib/snort/dynamicrules/');
- if($snort_arch == 'x86'){
+ $snort_arch = php_uname("m");
+ if ($snort_arch == 'i386'){
exec("/usr/bin/tar xzf {$tmpfname}/{$snort_filename} -C {$snortdir} so_rules/precompiled/$freebsd_version_so/i386/{$snort_version}/");
exec("/bin/mv -f {$snortdir}/so_rules/precompiled/$freebsd_version_so/i386/{$snort_version}/* /usr/local/lib/snort/dynamicrules/");
- } else if ($snort_arch == 'x64') {
+ } else if ($snort_arch == 'amd64') {
exec("/usr/bin/tar xzf {$tmpfname}/{$snort_filename} -C {$snortdir} so_rules/precompiled/$freebsd_version_so/x86-64/{$snort_version}/");
exec("/bin/mv -f {$snortdir}/so_rules/precompiled/$freebsd_version_so/x86-64/{$snort_version}/* /usr/local/lib/snort/dynamicrules/");
- }
- /* extract so rules none bin and rename */
- exec("/usr/bin/tar xzf {$tmpfname}/{$snort_filename} -C {$snortdir} so_rules/bad-traffic.rules" .
- " so_rules/chat.rules" .
- " so_rules/dos.rules" .
- " so_rules/exploit.rules" .
- " so_rules/icmp.rules" .
- " so_rules/imap.rules" .
- " so_rules/misc.rules" .
- " so_rules/multimedia.rules" .
- " so_rules/netbios.rules" .
- " so_rules/nntp.rules" .
- " so_rules/p2p.rules" .
- " so_rules/smtp.rules" .
- " so_rules/snmp.rules" .
- " so_rules/specific-threats.rules" .
- " so_rules/web-activex.rules" .
- " so_rules/web-client.rules" .
- " so_rules/web-iis.rules" .
- " so_rules/web-misc.rules");
-
- exec("/bin/mv -f {$snortdir}/so_rules/bad-traffic.rules {$snortdir}/rules/snort_bad-traffic.so.rules");
- exec("/bin/mv -f {$snortdir}/so_rules/chat.rules {$snortdir}/rules/snort_chat.so.rules");
- exec("/bin/mv -f {$snortdir}/so_rules/dos.rules {$snortdir}/rules/snort_dos.so.rules");
- exec("/bin/mv -f {$snortdir}/so_rules/exploit.rules {$snortdir}/rules/snort_exploit.so.rules");
- exec("/bin/mv -f {$snortdir}/so_rules/icmp.rules {$snortdir}/rules/snort_icmp.so.rules");
- exec("/bin/mv -f {$snortdir}/so_rules/imap.rules {$snortdir}/rules/snort_imap.so.rules");
- exec("/bin/mv -f {$snortdir}/so_rules/misc.rules {$snortdir}/rules/snort_misc.so.rules");
- exec("/bin/mv -f {$snortdir}/so_rules/multimedia.rules {$snortdir}/rules/snort_multimedia.so.rules");
- exec("/bin/mv -f {$snortdir}/so_rules/netbios.rules {$snortdir}/rules/snort_netbios.so.rules");
- exec("/bin/mv -f {$snortdir}/so_rules/nntp.rules {$snortdir}/rules/snort_nntp.so.rules");
- exec("/bin/mv -f {$snortdir}/so_rules/p2p.rules {$snortdir}/rules/snort_p2p.so.rules");
- exec("/bin/mv -f {$snortdir}/so_rules/smtp.rules {$snortdir}/rules/snort_smtp.so.rules");
- exec("/bin/mv -f {$snortdir}/so_rules/snmp.rules {$snortdir}/rules/snort_snmp.so.rules");
- exec("/bin/mv -f {$snortdir}/so_rules/specific-threats.rules {$snortdir}/rules/snort_specific-threats.so.rules");
- exec("/bin/mv -f {$snortdir}/so_rules/web-activex.rules {$snortdir}/rules/snort_web-activex.so.rules");
- exec("/bin/mv -f {$snortdir}/so_rules/web-client.rules {$snortdir}/rules/snort_web-client.so.rules");
- exec("/bin/mv -f {$snortdir}/so_rules/web-iis.rules {$snortdir}/rules/snort_web-iis.so.rules");
- exec("/bin/mv -f {$snortdir}/so_rules/web-misc.rules {$snortdir}/rules/snort_web-misc.so.rules");
- exec("/bin/rm -r {$snortdir}/so_rules");
-
- /* extract base etc files */
- exec("/usr/bin/tar xzf {$tmpfname}/{$snort_filename} -C {$snortdir} etc/");
- exec("/bin/mv -f {$snortdir}/etc/* {$snortdir}");
- exec("/bin/rm -r {$snortdir}/etc");
-
- /* Untar snort signatures */
- $signature_info_chk = $config['installedpackages']['snortglobal']['signatureinfo'];
- if ($premium_url_chk == 'on') {
- update_status(gettext("Extracting Signatures..."));
- exec("/usr/bin/tar xzf {$tmpfname}/{$snort_filename} -C {$snortdir} doc/signatures/");
- update_status(gettext("Done extracting Signatures."));
-
- if (file_exists("{$snortdir}/doc/signatures")) {
- update_status(gettext("Copying signatures..."));
- exec("/bin/mv -f {$snortdir}/doc/signatures {$snortdir}/signatures");
- update_status(gettext("Done copying signatures."));
- } else {
- update_status(gettext("Directory signatures exist..."));
- update_output_window(gettext("Error copying signature..."));
- $snortdownload = 'off';
+ } else
+ $snortdownload = 'off';
+
+ if ($snortdownload == 'on') {
+ /* extract so rules none bin and rename */
+ exec("/usr/bin/tar xzf {$tmpfname}/{$snort_filename} -C {$snortdir} so_rules/bad-traffic.rules" .
+ " so_rules/chat.rules" .
+ " so_rules/dos.rules" .
+ " so_rules/exploit.rules" .
+ " so_rules/icmp.rules" .
+ " so_rules/imap.rules" .
+ " so_rules/misc.rules" .
+ " so_rules/multimedia.rules" .
+ " so_rules/netbios.rules" .
+ " so_rules/nntp.rules" .
+ " so_rules/p2p.rules" .
+ " so_rules/smtp.rules" .
+ " so_rules/snmp.rules" .
+ " so_rules/specific-threats.rules" .
+ " so_rules/web-activex.rules" .
+ " so_rules/web-client.rules" .
+ " so_rules/web-iis.rules" .
+ " so_rules/web-misc.rules");
+
+ exec("/bin/mv -f {$snortdir}/so_rules/bad-traffic.rules {$snortdir}/rules/snort_bad-traffic.so.rules");
+ exec("/bin/mv -f {$snortdir}/so_rules/chat.rules {$snortdir}/rules/snort_chat.so.rules");
+ exec("/bin/mv -f {$snortdir}/so_rules/dos.rules {$snortdir}/rules/snort_dos.so.rules");
+ exec("/bin/mv -f {$snortdir}/so_rules/exploit.rules {$snortdir}/rules/snort_exploit.so.rules");
+ exec("/bin/mv -f {$snortdir}/so_rules/icmp.rules {$snortdir}/rules/snort_icmp.so.rules");
+ exec("/bin/mv -f {$snortdir}/so_rules/imap.rules {$snortdir}/rules/snort_imap.so.rules");
+ exec("/bin/mv -f {$snortdir}/so_rules/misc.rules {$snortdir}/rules/snort_misc.so.rules");
+ exec("/bin/mv -f {$snortdir}/so_rules/multimedia.rules {$snortdir}/rules/snort_multimedia.so.rules");
+ exec("/bin/mv -f {$snortdir}/so_rules/netbios.rules {$snortdir}/rules/snort_netbios.so.rules");
+ exec("/bin/mv -f {$snortdir}/so_rules/nntp.rules {$snortdir}/rules/snort_nntp.so.rules");
+ exec("/bin/mv -f {$snortdir}/so_rules/p2p.rules {$snortdir}/rules/snort_p2p.so.rules");
+ exec("/bin/mv -f {$snortdir}/so_rules/smtp.rules {$snortdir}/rules/snort_smtp.so.rules");
+ exec("/bin/mv -f {$snortdir}/so_rules/snmp.rules {$snortdir}/rules/snort_snmp.so.rules");
+ exec("/bin/mv -f {$snortdir}/so_rules/specific-threats.rules {$snortdir}/rules/snort_specific-threats.so.rules");
+ exec("/bin/mv -f {$snortdir}/so_rules/web-activex.rules {$snortdir}/rules/snort_web-activex.so.rules");
+ exec("/bin/mv -f {$snortdir}/so_rules/web-client.rules {$snortdir}/rules/snort_web-client.so.rules");
+ exec("/bin/mv -f {$snortdir}/so_rules/web-iis.rules {$snortdir}/rules/snort_web-iis.so.rules");
+ exec("/bin/mv -f {$snortdir}/so_rules/web-misc.rules {$snortdir}/rules/snort_web-misc.so.rules");
+ exec("/bin/rm -r {$snortdir}/so_rules");
+
+ /* extract base etc files */
+ exec("/usr/bin/tar xzf {$tmpfname}/{$snort_filename} -C {$snortdir} etc/");
+ exec("/bin/mv -f {$snortdir}/etc/* {$snortdir}");
+ exec("/bin/rm -r {$snortdir}/etc");
+
+ /* Untar snort signatures */
+ $signature_info_chk = $config['installedpackages']['snortglobal']['signatureinfo'];
+ if ($premium_url_chk == 'on') {
+ update_status(gettext("Extracting Signatures..."));
+ exec("/usr/bin/tar xzf {$tmpfname}/{$snort_filename} -C {$snortdir} doc/signatures/");
+ update_status(gettext("Done extracting Signatures."));
+
+ if (file_exists("{$snortdir}/doc/signatures")) {
+ update_status(gettext("Copying signatures..."));
+ exec("/bin/mv -f {$snortdir}/doc/signatures {$snortdir}/signatures");
+ update_status(gettext("Done copying signatures."));
+ } else {
+ update_status(gettext("Directory signatures exist..."));
+ update_output_window(gettext("Error copying signature..."));
+ $snortdownload = 'off';
+ }
}
- }
- if (file_exists("/usr/local/lib/snort/dynamicrules/lib_sfdynamic_example_rule.so")) {
- exec("/bin/rm /usr/local/lib/snort/dynamicrules/lib_sfdynamic_example_rule.so");
- exec("/bin/rm /usr/local/lib/snort/dynamicrules/lib_sfdynamic_example\*");
- }
+ if (file_exists("/usr/local/lib/snort/dynamicrules/lib_sfdynamic_example_rule.so")) {
+ exec("/bin/rm /usr/local/lib/snort/dynamicrules/lib_sfdynamic_example_rule.so");
+ exec("/bin/rm /usr/local/lib/snort/dynamicrules/lib_sfdynamic_example\*");
+ }
- /* XXX: Convert this to sed? */
- /* make shure default rules are in the right format */
- exec("/usr/local/bin/perl -pi -e 's/#alert/# alert/g' {$snortdir}/rules/*.rules");
- exec("/usr/local/bin/perl -pi -e 's/##alert/# alert/g' {$snortdir}/rules/*.rules");
- exec("/usr/local/bin/perl -pi -e 's/## alert/# alert/g' {$snortdir}/rules/*.rules");
+ /* XXX: Convert this to sed? */
+ /* make shure default rules are in the right format */
+ exec("/usr/local/bin/perl -pi -e 's/#alert/# alert/g' {$snortdir}/rules/*.rules");
+ exec("/usr/local/bin/perl -pi -e 's/##alert/# alert/g' {$snortdir}/rules/*.rules");
+ exec("/usr/local/bin/perl -pi -e 's/## alert/# alert/g' {$snortdir}/rules/*.rules");
- /* create a msg-map for snort */
- update_status(gettext("Updating Alert Messages..."));
- exec("/usr/local/bin/perl /usr/local/bin/create-sidmap.pl {$snortdir}/rules > {$snortdir}/sid-msg.map");
+ /* create a msg-map for snort */
+ update_status(gettext("Updating Alert Messages..."));
+ exec("/usr/local/bin/perl /usr/local/bin/create-sidmap.pl {$snortdir}/rules > {$snortdir}/sid-msg.map");
- if (file_exists("{$tmpfname}/{$snort_filename_md5}")) {
- update_status(gettext("Copying md5 sig to snort directory..."));
- exec("/bin/cp {$tmpfname}/$snort_filename_md5 {$snortdir}/$snort_filename_md5");
+ if (file_exists("{$tmpfname}/{$snort_filename_md5}")) {
+ update_status(gettext("Copying md5 sig to snort directory..."));
+ exec("/bin/cp {$tmpfname}/$snort_filename_md5 {$snortdir}/$snort_filename_md5");
+ }
}
}
}
diff --git a/config/snort/snort_download_updates.php b/config/snort/snort_download_updates.php
index 671a1f77..d790aeaa 100644
--- a/config/snort/snort_download_updates.php
+++ b/config/snort/snort_download_updates.php
@@ -35,7 +35,9 @@
require_once("guiconfig.inc");
require_once("/usr/local/pkg/snort/snort.inc");
-global $g, $snortdir;
+global $g;
+
+$snortdir = SNORTDIR;
/* load only javascript that is needed */
$snort_load_jquery = 'yes';
diff --git a/config/snort/snort_interfaces.php b/config/snort/snort_interfaces.php
index c4c008b5..8f600182 100644
--- a/config/snort/snort_interfaces.php
+++ b/config/snort/snort_interfaces.php
@@ -34,7 +34,9 @@ $nocsrf = true;
require_once("guiconfig.inc");
require_once("/usr/local/pkg/snort/snort.inc");
-global $g, $snortdir;
+global $g;
+
+$snortdir = SNORTDIR;
$id = $_GET['id'];
if (isset($_POST['id']))
diff --git a/config/snort/snort_interfaces_global.php b/config/snort/snort_interfaces_global.php
index bd905a5e..10559642 100644
--- a/config/snort/snort_interfaces_global.php
+++ b/config/snort/snort_interfaces_global.php
@@ -37,7 +37,9 @@
require_once("guiconfig.inc");
require_once("/usr/local/pkg/snort/snort.inc");
-global $g, $snortdir;
+global $g;
+
+$snortdir = SNORTDIR;
$d_snort_global_dirty_path = '/var/run/snort_global.dirty';
diff --git a/config/snort/snort_rules.php b/config/snort/snort_rules.php
index e48dcdf1..bf2970dd 100644
--- a/config/snort/snort_rules.php
+++ b/config/snort/snort_rules.php
@@ -32,7 +32,9 @@
require_once("guiconfig.inc");
require_once("/usr/local/pkg/snort/snort.inc");
-global $g, $snortdir;
+global $g;
+
+$snortdir = SNORTDIR;
if (!is_array($config['installedpackages']['snortglobal']['rule']))
$config['installedpackages']['snortglobal']['rule'] = array();
diff --git a/config/snort/snort_rulesets.php b/config/snort/snort_rulesets.php
index 58dd3820..44ac902c 100644
--- a/config/snort/snort_rulesets.php
+++ b/config/snort/snort_rulesets.php
@@ -32,7 +32,9 @@
require_once("guiconfig.inc");
require_once("/usr/local/pkg/snort/snort.inc");
-global $g, $snortdir;
+global $g;
+
+$snortdir = SNORTDIR;
if (!is_array($config['installedpackages']['snortglobal']['rule'])) {
$config['installedpackages']['snortglobal']['rule'] = array();