diff options
-rw-r--r-- | config/snort/snort.inc | 57 | ||||
-rw-r--r-- | config/snort/snort_check_for_rule_updates.php | 167 | ||||
-rw-r--r-- | config/snort/snort_download_updates.php | 4 | ||||
-rw-r--r-- | config/snort/snort_interfaces.php | 4 | ||||
-rw-r--r-- | config/snort/snort_interfaces_global.php | 4 | ||||
-rw-r--r-- | config/snort/snort_rules.php | 4 | ||||
-rw-r--r-- | config/snort/snort_rulesets.php | 4 |
7 files changed, 136 insertions, 108 deletions
diff --git a/config/snort/snort.inc b/config/snort/snort.inc index 35d8229e..a679e594 100644 --- a/config/snort/snort.inc +++ b/config/snort/snort.inc @@ -42,7 +42,7 @@ $pfSense_snort_version = "2.3.0"; $snort_package_version = "Snort {$snort_version} pkg v. {$pfSense_snort_version}"; $snort_rules_file = "snortrules-snapshot-2923.tar.gz"; $emerging_threats_version = "2.9.0"; -$snortdir = "/usr/local/etc/snort"; +define("SNORTDIR", "/usr/local/etc/snort"); /* Allow additional execution time 0 = no limit. */ ini_set('max_execution_time', '9999'); @@ -57,17 +57,6 @@ if (intval($config['version']) > 6) else $snort_pfsense_basever = 'yes'; -/* find out what arch where in x86 , x64 */ -global $snortdir, $snort_arch; -$snort_arch = 'x86'; -$snort_arch_ck = php_uname("m"); -if ($snort_arch_ck == 'i386') - $snort_arch = 'x86'; -else if ($snort_arch_ck == "amd64") - $snort_arch = 'x64'; -else - $snort_arch = "Unknown"; - /* tell me my theme */ $pfsense_theme_is = $config['theme']; @@ -279,7 +268,9 @@ function Running_Stop($snort_uuid, $if_real, $id) { } function Running_Start($snort_uuid, $if_real, $id) { - global $snortdir, $config, $g; + global $config, $g; + + $snortdir = SNORTDIR; $snort_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['enable']; if ($snort_info_chk == 'on') @@ -388,7 +379,9 @@ function snort_post_delete_logs($snort_uuid = 0) } function snort_postinstall() { - global $snortdir, $config, $g, $snort_pfsense_basever, $snort_arch; + global $config, $g, $snort_pfsense_basever; + + $snortdir = SNORTDIR; /* snort -> advanced features */ if (is_array($config['installedpackages']['snortglobal'])) { @@ -724,7 +717,9 @@ function sync_snort_package_config() /* create threshold file */ function create_snort_suppress($id, $if_real) { - global $snortdir, $config, $g; + global $config, $g; + + $snortdir = SNORTDIR; /* make sure dir is there */ if (!is_dir("{$snortdir}/suppress")) @@ -751,7 +746,9 @@ function create_snort_suppress($id, $if_real) { } function create_snort_whitelist($id, $if_real) { - global $snortdir, $config, $g; + global $config, $g; + + $snortdir = SNORTDIR; /* make sure dir is there */ if (!is_dir("{$snortdir}/whitelist")) @@ -823,7 +820,9 @@ function create_snort_externalnet($id, $if_real) { /* open snort.sh for writing" */ function create_snort_sh() { - global $snortdir, $config, $g; + global $config, $g; + + $snortdir = SNORTDIR; if (!is_array($config['installedpackages']['snortglobal']['rule'])) return; @@ -949,7 +948,9 @@ EOD; /* if rules exist copy to new interfaces */ function create_rules_iface($id, $if_real, $snort_uuid) { - global $snortdir, $config, $g; + global $config, $g; + + $snortdir = SNORTDIR; $if_rule_dir = "{$snortdir}/snort_{$snort_uuid}_{$if_real}"; $folder_chk = (count(glob("{$if_rule_dir}/rules/*")) === 0) ? 'empty' : 'full'; @@ -965,7 +966,9 @@ function create_rules_iface($id, $if_real, $snort_uuid) { /* open barnyard2.conf for writing */ function create_barnyard2_conf($id, $if_real, $snort_uuid) { - global $snortdir, $config, $g; + global $config, $g; + + $snortdir = SNORTDIR; if (!file_exists("{$snortdir}/snort_{$snort_uuid}_{$if_real}/barnyard2.conf")) exec("/usr/bin/touch {$snortdir}/snort_{$snort_uuid}_{$if_real}/barnyard2.conf"); @@ -983,7 +986,9 @@ function create_barnyard2_conf($id, $if_real, $snort_uuid) { /* open barnyard2.conf for writing" */ function generate_barnyard2_conf($id, $if_real, $snort_uuid) { - global $snortdir, $config, $g; + global $config, $g; + + $snortdir = SNORTDIR; /* define snortbarnyardlog */ /* TODO: add support for the other 5 output plugins */ @@ -1032,7 +1037,9 @@ EOD; } function create_snort_conf($id, $if_real, $snort_uuid) { - global $snortdir, $config, $g; + global $config, $g; + + $snortdir = SNORTDIR; if (!empty($if_real) && !empty($snort_uuid)) { if (!is_dir("{$snortdir}/snort_{$snort_uuid}_{$if_real}")) { @@ -1056,7 +1063,9 @@ function create_snort_conf($id, $if_real, $snort_uuid) { } function snort_deinstall() { - global $snortdir, $config, $g; + global $config, $g; + + $snortdir = SNORTDIR; /* remove custom sysctl */ remove_text_from_file("/etc/sysctl.conf", "sysctl net.bpf.bufsize=20480"); @@ -1108,7 +1117,9 @@ function snort_deinstall() { } function generate_snort_conf($id, $if_real, $snort_uuid) { - global $snortdir, $config, $g, $snort_pfsense_basever; + global $config, $g, $snort_pfsense_basever; + + $snortdir = SNORTDIR; if (!is_array($config['installedpackages']['snortglobal']['rule'])) return; diff --git a/config/snort/snort_check_for_rule_updates.php b/config/snort/snort_check_for_rule_updates.php index 00a93ad5..2b6e0f37 100644 --- a/config/snort/snort_check_for_rule_updates.php +++ b/config/snort/snort_check_for_rule_updates.php @@ -32,7 +32,9 @@ require_once("functions.inc"); require_once("service-utils.inc"); require_once("/usr/local/pkg/snort/snort.inc"); -global $snort_gui_include, $snortdir; +global $snort_gui_include; + +$snortdir = SNORTDIR; if (!isset($snort_gui_include)) $pkg_interface = "console"; @@ -163,94 +165,99 @@ if ($snortdownload == 'on') { /* extract so rules */ exec('/bin/mkdir -p /usr/local/lib/snort/dynamicrules/'); - if($snort_arch == 'x86'){ + $snort_arch = php_uname("m"); + if ($snort_arch == 'i386'){ exec("/usr/bin/tar xzf {$tmpfname}/{$snort_filename} -C {$snortdir} so_rules/precompiled/$freebsd_version_so/i386/{$snort_version}/"); exec("/bin/mv -f {$snortdir}/so_rules/precompiled/$freebsd_version_so/i386/{$snort_version}/* /usr/local/lib/snort/dynamicrules/"); - } else if ($snort_arch == 'x64') { + } else if ($snort_arch == 'amd64') { exec("/usr/bin/tar xzf {$tmpfname}/{$snort_filename} -C {$snortdir} so_rules/precompiled/$freebsd_version_so/x86-64/{$snort_version}/"); exec("/bin/mv -f {$snortdir}/so_rules/precompiled/$freebsd_version_so/x86-64/{$snort_version}/* /usr/local/lib/snort/dynamicrules/"); - } - /* extract so rules none bin and rename */ - exec("/usr/bin/tar xzf {$tmpfname}/{$snort_filename} -C {$snortdir} so_rules/bad-traffic.rules" . - " so_rules/chat.rules" . - " so_rules/dos.rules" . - " so_rules/exploit.rules" . - " so_rules/icmp.rules" . - " so_rules/imap.rules" . - " so_rules/misc.rules" . - " so_rules/multimedia.rules" . - " so_rules/netbios.rules" . - " so_rules/nntp.rules" . - " so_rules/p2p.rules" . - " so_rules/smtp.rules" . - " so_rules/snmp.rules" . - " so_rules/specific-threats.rules" . - " so_rules/web-activex.rules" . - " so_rules/web-client.rules" . - " so_rules/web-iis.rules" . - " so_rules/web-misc.rules"); - - exec("/bin/mv -f {$snortdir}/so_rules/bad-traffic.rules {$snortdir}/rules/snort_bad-traffic.so.rules"); - exec("/bin/mv -f {$snortdir}/so_rules/chat.rules {$snortdir}/rules/snort_chat.so.rules"); - exec("/bin/mv -f {$snortdir}/so_rules/dos.rules {$snortdir}/rules/snort_dos.so.rules"); - exec("/bin/mv -f {$snortdir}/so_rules/exploit.rules {$snortdir}/rules/snort_exploit.so.rules"); - exec("/bin/mv -f {$snortdir}/so_rules/icmp.rules {$snortdir}/rules/snort_icmp.so.rules"); - exec("/bin/mv -f {$snortdir}/so_rules/imap.rules {$snortdir}/rules/snort_imap.so.rules"); - exec("/bin/mv -f {$snortdir}/so_rules/misc.rules {$snortdir}/rules/snort_misc.so.rules"); - exec("/bin/mv -f {$snortdir}/so_rules/multimedia.rules {$snortdir}/rules/snort_multimedia.so.rules"); - exec("/bin/mv -f {$snortdir}/so_rules/netbios.rules {$snortdir}/rules/snort_netbios.so.rules"); - exec("/bin/mv -f {$snortdir}/so_rules/nntp.rules {$snortdir}/rules/snort_nntp.so.rules"); - exec("/bin/mv -f {$snortdir}/so_rules/p2p.rules {$snortdir}/rules/snort_p2p.so.rules"); - exec("/bin/mv -f {$snortdir}/so_rules/smtp.rules {$snortdir}/rules/snort_smtp.so.rules"); - exec("/bin/mv -f {$snortdir}/so_rules/snmp.rules {$snortdir}/rules/snort_snmp.so.rules"); - exec("/bin/mv -f {$snortdir}/so_rules/specific-threats.rules {$snortdir}/rules/snort_specific-threats.so.rules"); - exec("/bin/mv -f {$snortdir}/so_rules/web-activex.rules {$snortdir}/rules/snort_web-activex.so.rules"); - exec("/bin/mv -f {$snortdir}/so_rules/web-client.rules {$snortdir}/rules/snort_web-client.so.rules"); - exec("/bin/mv -f {$snortdir}/so_rules/web-iis.rules {$snortdir}/rules/snort_web-iis.so.rules"); - exec("/bin/mv -f {$snortdir}/so_rules/web-misc.rules {$snortdir}/rules/snort_web-misc.so.rules"); - exec("/bin/rm -r {$snortdir}/so_rules"); - - /* extract base etc files */ - exec("/usr/bin/tar xzf {$tmpfname}/{$snort_filename} -C {$snortdir} etc/"); - exec("/bin/mv -f {$snortdir}/etc/* {$snortdir}"); - exec("/bin/rm -r {$snortdir}/etc"); - - /* Untar snort signatures */ - $signature_info_chk = $config['installedpackages']['snortglobal']['signatureinfo']; - if ($premium_url_chk == 'on') { - update_status(gettext("Extracting Signatures...")); - exec("/usr/bin/tar xzf {$tmpfname}/{$snort_filename} -C {$snortdir} doc/signatures/"); - update_status(gettext("Done extracting Signatures.")); - - if (file_exists("{$snortdir}/doc/signatures")) { - update_status(gettext("Copying signatures...")); - exec("/bin/mv -f {$snortdir}/doc/signatures {$snortdir}/signatures"); - update_status(gettext("Done copying signatures.")); - } else { - update_status(gettext("Directory signatures exist...")); - update_output_window(gettext("Error copying signature...")); - $snortdownload = 'off'; + } else + $snortdownload = 'off'; + + if ($snortdownload == 'on') { + /* extract so rules none bin and rename */ + exec("/usr/bin/tar xzf {$tmpfname}/{$snort_filename} -C {$snortdir} so_rules/bad-traffic.rules" . + " so_rules/chat.rules" . + " so_rules/dos.rules" . + " so_rules/exploit.rules" . + " so_rules/icmp.rules" . + " so_rules/imap.rules" . + " so_rules/misc.rules" . + " so_rules/multimedia.rules" . + " so_rules/netbios.rules" . + " so_rules/nntp.rules" . + " so_rules/p2p.rules" . + " so_rules/smtp.rules" . + " so_rules/snmp.rules" . + " so_rules/specific-threats.rules" . + " so_rules/web-activex.rules" . + " so_rules/web-client.rules" . + " so_rules/web-iis.rules" . + " so_rules/web-misc.rules"); + + exec("/bin/mv -f {$snortdir}/so_rules/bad-traffic.rules {$snortdir}/rules/snort_bad-traffic.so.rules"); + exec("/bin/mv -f {$snortdir}/so_rules/chat.rules {$snortdir}/rules/snort_chat.so.rules"); + exec("/bin/mv -f {$snortdir}/so_rules/dos.rules {$snortdir}/rules/snort_dos.so.rules"); + exec("/bin/mv -f {$snortdir}/so_rules/exploit.rules {$snortdir}/rules/snort_exploit.so.rules"); + exec("/bin/mv -f {$snortdir}/so_rules/icmp.rules {$snortdir}/rules/snort_icmp.so.rules"); + exec("/bin/mv -f {$snortdir}/so_rules/imap.rules {$snortdir}/rules/snort_imap.so.rules"); + exec("/bin/mv -f {$snortdir}/so_rules/misc.rules {$snortdir}/rules/snort_misc.so.rules"); + exec("/bin/mv -f {$snortdir}/so_rules/multimedia.rules {$snortdir}/rules/snort_multimedia.so.rules"); + exec("/bin/mv -f {$snortdir}/so_rules/netbios.rules {$snortdir}/rules/snort_netbios.so.rules"); + exec("/bin/mv -f {$snortdir}/so_rules/nntp.rules {$snortdir}/rules/snort_nntp.so.rules"); + exec("/bin/mv -f {$snortdir}/so_rules/p2p.rules {$snortdir}/rules/snort_p2p.so.rules"); + exec("/bin/mv -f {$snortdir}/so_rules/smtp.rules {$snortdir}/rules/snort_smtp.so.rules"); + exec("/bin/mv -f {$snortdir}/so_rules/snmp.rules {$snortdir}/rules/snort_snmp.so.rules"); + exec("/bin/mv -f {$snortdir}/so_rules/specific-threats.rules {$snortdir}/rules/snort_specific-threats.so.rules"); + exec("/bin/mv -f {$snortdir}/so_rules/web-activex.rules {$snortdir}/rules/snort_web-activex.so.rules"); + exec("/bin/mv -f {$snortdir}/so_rules/web-client.rules {$snortdir}/rules/snort_web-client.so.rules"); + exec("/bin/mv -f {$snortdir}/so_rules/web-iis.rules {$snortdir}/rules/snort_web-iis.so.rules"); + exec("/bin/mv -f {$snortdir}/so_rules/web-misc.rules {$snortdir}/rules/snort_web-misc.so.rules"); + exec("/bin/rm -r {$snortdir}/so_rules"); + + /* extract base etc files */ + exec("/usr/bin/tar xzf {$tmpfname}/{$snort_filename} -C {$snortdir} etc/"); + exec("/bin/mv -f {$snortdir}/etc/* {$snortdir}"); + exec("/bin/rm -r {$snortdir}/etc"); + + /* Untar snort signatures */ + $signature_info_chk = $config['installedpackages']['snortglobal']['signatureinfo']; + if ($premium_url_chk == 'on') { + update_status(gettext("Extracting Signatures...")); + exec("/usr/bin/tar xzf {$tmpfname}/{$snort_filename} -C {$snortdir} doc/signatures/"); + update_status(gettext("Done extracting Signatures.")); + + if (file_exists("{$snortdir}/doc/signatures")) { + update_status(gettext("Copying signatures...")); + exec("/bin/mv -f {$snortdir}/doc/signatures {$snortdir}/signatures"); + update_status(gettext("Done copying signatures.")); + } else { + update_status(gettext("Directory signatures exist...")); + update_output_window(gettext("Error copying signature...")); + $snortdownload = 'off'; + } } - } - if (file_exists("/usr/local/lib/snort/dynamicrules/lib_sfdynamic_example_rule.so")) { - exec("/bin/rm /usr/local/lib/snort/dynamicrules/lib_sfdynamic_example_rule.so"); - exec("/bin/rm /usr/local/lib/snort/dynamicrules/lib_sfdynamic_example\*"); - } + if (file_exists("/usr/local/lib/snort/dynamicrules/lib_sfdynamic_example_rule.so")) { + exec("/bin/rm /usr/local/lib/snort/dynamicrules/lib_sfdynamic_example_rule.so"); + exec("/bin/rm /usr/local/lib/snort/dynamicrules/lib_sfdynamic_example\*"); + } - /* XXX: Convert this to sed? */ - /* make shure default rules are in the right format */ - exec("/usr/local/bin/perl -pi -e 's/#alert/# alert/g' {$snortdir}/rules/*.rules"); - exec("/usr/local/bin/perl -pi -e 's/##alert/# alert/g' {$snortdir}/rules/*.rules"); - exec("/usr/local/bin/perl -pi -e 's/## alert/# alert/g' {$snortdir}/rules/*.rules"); + /* XXX: Convert this to sed? */ + /* make shure default rules are in the right format */ + exec("/usr/local/bin/perl -pi -e 's/#alert/# alert/g' {$snortdir}/rules/*.rules"); + exec("/usr/local/bin/perl -pi -e 's/##alert/# alert/g' {$snortdir}/rules/*.rules"); + exec("/usr/local/bin/perl -pi -e 's/## alert/# alert/g' {$snortdir}/rules/*.rules"); - /* create a msg-map for snort */ - update_status(gettext("Updating Alert Messages...")); - exec("/usr/local/bin/perl /usr/local/bin/create-sidmap.pl {$snortdir}/rules > {$snortdir}/sid-msg.map"); + /* create a msg-map for snort */ + update_status(gettext("Updating Alert Messages...")); + exec("/usr/local/bin/perl /usr/local/bin/create-sidmap.pl {$snortdir}/rules > {$snortdir}/sid-msg.map"); - if (file_exists("{$tmpfname}/{$snort_filename_md5}")) { - update_status(gettext("Copying md5 sig to snort directory...")); - exec("/bin/cp {$tmpfname}/$snort_filename_md5 {$snortdir}/$snort_filename_md5"); + if (file_exists("{$tmpfname}/{$snort_filename_md5}")) { + update_status(gettext("Copying md5 sig to snort directory...")); + exec("/bin/cp {$tmpfname}/$snort_filename_md5 {$snortdir}/$snort_filename_md5"); + } } } } diff --git a/config/snort/snort_download_updates.php b/config/snort/snort_download_updates.php index 671a1f77..d790aeaa 100644 --- a/config/snort/snort_download_updates.php +++ b/config/snort/snort_download_updates.php @@ -35,7 +35,9 @@ require_once("guiconfig.inc"); require_once("/usr/local/pkg/snort/snort.inc"); -global $g, $snortdir; +global $g; + +$snortdir = SNORTDIR; /* load only javascript that is needed */ $snort_load_jquery = 'yes'; diff --git a/config/snort/snort_interfaces.php b/config/snort/snort_interfaces.php index c4c008b5..8f600182 100644 --- a/config/snort/snort_interfaces.php +++ b/config/snort/snort_interfaces.php @@ -34,7 +34,9 @@ $nocsrf = true; require_once("guiconfig.inc"); require_once("/usr/local/pkg/snort/snort.inc"); -global $g, $snortdir; +global $g; + +$snortdir = SNORTDIR; $id = $_GET['id']; if (isset($_POST['id'])) diff --git a/config/snort/snort_interfaces_global.php b/config/snort/snort_interfaces_global.php index bd905a5e..10559642 100644 --- a/config/snort/snort_interfaces_global.php +++ b/config/snort/snort_interfaces_global.php @@ -37,7 +37,9 @@ require_once("guiconfig.inc"); require_once("/usr/local/pkg/snort/snort.inc"); -global $g, $snortdir; +global $g; + +$snortdir = SNORTDIR; $d_snort_global_dirty_path = '/var/run/snort_global.dirty'; diff --git a/config/snort/snort_rules.php b/config/snort/snort_rules.php index e48dcdf1..bf2970dd 100644 --- a/config/snort/snort_rules.php +++ b/config/snort/snort_rules.php @@ -32,7 +32,9 @@ require_once("guiconfig.inc"); require_once("/usr/local/pkg/snort/snort.inc"); -global $g, $snortdir; +global $g; + +$snortdir = SNORTDIR; if (!is_array($config['installedpackages']['snortglobal']['rule'])) $config['installedpackages']['snortglobal']['rule'] = array(); diff --git a/config/snort/snort_rulesets.php b/config/snort/snort_rulesets.php index 58dd3820..44ac902c 100644 --- a/config/snort/snort_rulesets.php +++ b/config/snort/snort_rulesets.php @@ -32,7 +32,9 @@ require_once("guiconfig.inc"); require_once("/usr/local/pkg/snort/snort.inc"); -global $g, $snortdir; +global $g; + +$snortdir = SNORTDIR; if (!is_array($config['installedpackages']['snortglobal']['rule'])) { $config['installedpackages']['snortglobal']['rule'] = array(); |