diff options
-rw-r--r-- | config/snort-dev/snort.inc | 109 | ||||
-rw-r--r-- | config/snort-dev/snort_download_rules.php | 49 | ||||
-rw-r--r-- | config/snort-dev/snort_dynamic_ip_reload.php | 23 | ||||
-rw-r--r-- | config/snort-dev/snort_interfaces.php | 10 | ||||
-rw-r--r-- | config/snort-dev/snort_interfaces_edit.php | 22 | ||||
-rwxr-xr-x | pkg_config.7.xml | 2 | ||||
-rwxr-xr-x | pkg_config.8.xml | 2 |
7 files changed, 119 insertions, 98 deletions
diff --git a/config/snort-dev/snort.inc b/config/snort-dev/snort.inc index 7008d9b0..cd8f40ec 100644 --- a/config/snort-dev/snort.inc +++ b/config/snort-dev/snort.inc @@ -473,7 +473,7 @@ class array_ereg { $id += 1; $result_lan = $config['installedpackages']['snortglobal']['rule'][$id]['interface']; - $if_real = convert_friendly_interface_to_real_interface_name($result_lan); + $if_real = convert_friendly_interface_to_real_interface_name2($result_lan); $snort_rules_list[] = "snort_$id$if_real"; @@ -555,12 +555,61 @@ if ($id != '' && $if_real != '') //new if ($snortbarnyardlog_info_chk == 'on') create_barnyard2_conf($id, $if_real, $snort_uuid); + sync_snort_package(); + exec("echo \"Funtion sync all $id $if_real $snort_uuid....\" >> /root/test.log"); conf_mount_ro(); } } } +/* only be run on new iface create, bootup and ip refresh */ +function sync_snort_package_empty() +{ + global $config, $g; + conf_mount_rw(); + + /* do not start config build if rules is empty */ + if (!empty($config['installedpackages']['snortglobal']['rule'])) + { + if ($id == "") + { + + $rule_array = $config['installedpackages']['snortglobal']['rule']; + $id = -1; + foreach ($rule_array as $value) + { + + if ($id == '') { + $id = 0; + } + + $id += 1; + + $result_lan = $config['installedpackages']['snortglobal']['rule'][$id]['interface']; + $if_real = convert_friendly_interface_to_real_interface_name2($result_lan); + + /* create snort configuration file */ + create_snort_conf($id, $if_real, $snort_uuid); + + /* if rules exist cp rules to each iface */ + create_rules_iface($id, $if_real, $snort_uuid); + + /* create barnyard2 configuration file */ + $snortbarnyardlog_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['barnyard_enable']; + if ($snortbarnyardlog_info_chk == 'on') + create_barnyard2_conf($id, $if_real, $snort_uuid); + + } + + /* create snort bootup file snort.sh only create once */ + create_snort_sh(); + + sync_snort_package(); + exec("echo \"Funtion sync empty create files foreach $if_real $id....\" >> /root/test.log"); + } + } +} /* Start of main config files */ /* Start of main config files */ @@ -637,9 +686,6 @@ $snort_sh_text3[] = <<<EOE snort_pid="`/bin/ps -auwx | /usr/bin/grep -v grep | /usr/bin/grep "R {$snort_uuid}_{$if_real}" | /usr/bin/awk '{print $2;}'`" /usr/bin/logger -p daemon.info -i -t SnortStartup "Snort already running, soft restart" - #### Remake the configs on boot Important! - /usr/local/bin/php -f /usr/local/pkg/pf/snort_dynamic_ip_reload.php $id $if_real - #### Restart Iface /bin/kill -HUP \${snort_pid} /usr/bin/logger -p daemon.info -i -t SnortStartup "Snort Soft Reload For {$snort_uuid}_{$if_real}..." @@ -686,6 +732,7 @@ conf_mount_rw(); $snort_sh_text = <<<EOD #!/bin/sh +######## # This file was automatically generated # by the pfSense service handler. # Code added to protect from double starts on pfSense bootup @@ -703,6 +750,10 @@ rc_start() { /bin/echo "snort.sh run" > /tmp/snort.sh.pid + #### Remake the configs on boot Important! + /usr/local/bin/php -f /usr/local/pkg/pf/snort_dynamic_ip_reload.php + /usr/bin/logger -p daemon.info -i -t SnortStartup "Snort Startup files Sync..." + $start_snort_iface_restart /bin/rm /tmp/snort.sh.pid @@ -802,7 +853,7 @@ exec("echo \"Create rules $snort_uuid $if_real $id ....\" >> /root/test.log"); } /* open barnyard2.conf for writing */ -function create_barnyard2_conf() { +function create_barnyard2_conf($id, $if_real, $snort_uuid) { global $bconfig, $bg, $id, $if_real; /* write out barnyard2_conf */ @@ -1932,54 +1983,6 @@ EOD; return $snort_conf_text; } -/* only be run on new iface create, bootup and ip refresh */ -function sync_snort_package_empty() -//function sync_snort_package_all() -{ - global $config, $g; - conf_mount_rw(); - - /* do not start config build if rules is empty */ - if (!empty($config['installedpackages']['snortglobal']['rule'])) - { - if ($id == "") - { - - $rule_array = $config['installedpackages']['snortglobal']['rule']; - $id = -1; - foreach ($rule_array as $value) - { - - if ($id == '') { - $id = 0; - } - - $id += 1; - - $result_lan = $config['installedpackages']['snortglobal']['rule'][$id]['interface']; - $if_real = convert_friendly_interface_to_real_interface_name($result_lan); - - /* create snort configuration file */ - create_snort_conf($id, $if_real); - - /* create snort bootup file snort.sh */ - create_snort_sh($if_real); - - /* if rules exist cp rules to each iface */ - create_rules_iface($id, $if_real); - - /* create barnyard2 configuration file */ - $snortbarnyardlog_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['barnyard_enable']; - if ($snortbarnyardlog_info_chk == 'on') - create_barnyard2_conf($id, $if_real); - - exec("echo \"Funtion sync empty create files foreach $if_real $id....\" >> /root/test.log"); - - } - } - } -} - /* check downloaded text from snort.org to make sure that an error did not occur * for example, if you are not a premium subscriber you can only download rules * so often, etc. TO BE: Removed unneeded. diff --git a/config/snort-dev/snort_download_rules.php b/config/snort-dev/snort_download_rules.php index 9eca60be..ead5d0c5 100644 --- a/config/snort-dev/snort_download_rules.php +++ b/config/snort-dev/snort_download_rules.php @@ -969,7 +969,7 @@ exec("/usr/local/bin/perl /usr/local/bin/create-sidmap.pl /usr/local/etc/snort/r ////////////////// /* open oinkmaster_conf for writing" function */ -function oinkmaster_conf() +function oinkmaster_conf($id, $if_real, $iface_uuid) { global $config, $g, $id, $if_real, $snortdir_wan, $snortdir, $snort_md5_check_ok, $emerg_md5_check_ok, $pfsense_md5_check_ok; @@ -1014,7 +1014,7 @@ $selected_sid_off_sections EOD; /* open snort's oinkmaster.conf for writing */ - $oinkmasterlist = fopen("/usr/local/etc/snort/snort_$id$if_real/oinkmaster_$id$if_real.conf", "w"); + $oinkmasterlist = fopen("/usr/local/etc/snort/snort_{$iface_uuid}_{$if_real}/oinkmaster_{$iface_uuid}_{$if_real}.conf", "w"); fwrite($oinkmasterlist, "$snort_sid_text"); @@ -1027,7 +1027,7 @@ EOD; /* Run oinkmaster to snort_wan and cp configs */ /* If oinkmaster is not needed cp rules normally */ /* TODO add per interface settings here */ -function oinkmaster_run() +function oinkmaster_run($id, $if_real, $iface_uuid) { global $config, $g, $id, $if_real, $snortdir_wan, $snortdir, $snort_md5_check_ok, $emerg_md5_check_ok, $pfsense_md5_check_ok; @@ -1040,30 +1040,30 @@ function oinkmaster_run() { update_status(gettext("Your first set of rules are being copied...")); update_output_window(gettext("May take a while...")); - exec("/bin/echo \"test {$snortdir} {$snortdir_wan} $id$if_real\" > /root/debug"); - exec("/bin/cp {$snortdir}/rules/* {$snortdir_wan}/snort_$id$if_real/rules/"); - exec("/bin/cp {$snortdir}/classification.config {$snortdir_wan}/snort_$id$if_real"); - exec("/bin/cp {$snortdir}/gen-msg.map {$snortdir_wan}/snort_$id$if_real"); - exec("/bin/cp {$snortdir}/generators {$snortdir_wan}/snort_$id$if_real"); - exec("/bin/cp {$snortdir}/reference.config {$snortdir_wan}/snort_$id$if_real"); - exec("/bin/cp {$snortdir}/sid {$snortdir_wan}/snort_$id$if_real"); - exec("/bin/cp {$snortdir}/sid-msg.map {$snortdir_wan}/snort_$id$if_real"); - exec("/bin/cp {$snortdir}/unicode.map {$snortdir_wan}/snort_$id$if_real"); + exec("/bin/echo \"test {$snortdir} {$snortdir_wan} {$iface_uuid}_{$if_real}\" > /root/debug"); + exec("/bin/cp {$snortdir}/rules/* {$snortdir_wan}/snort_{$iface_uuid}_{$if_real}/rules/"); + exec("/bin/cp {$snortdir}/classification.config {$snortdir_wan}/snort_{$iface_uuid}_{$if_real}"); + exec("/bin/cp {$snortdir}/gen-msg.map {$snortdir_wan}/snort_{$iface_uuid}_{$if_real}"); + exec("/bin/cp {$snortdir}/generators {$snortdir_wan}/snort_{$iface_uuid}_{$if_real}"); + exec("/bin/cp {$snortdir}/reference.config {$snortdir_wan}/snort_{$iface_uuid}_{$if_real}"); + exec("/bin/cp {$snortdir}/sid {$snortdir_wan}/snort_{$iface_uuid}_{$if_real}"); + exec("/bin/cp {$snortdir}/sid-msg.map {$snortdir_wan}/snort_{$iface_uuid}_{$if_real}"); + exec("/bin/cp {$snortdir}/unicode.map {$snortdir_wan}/snort_{$iface_uuid}_{$if_real}"); }else{ update_status(gettext("Your enable and disable changes are being applied to your fresh set of rules...")); update_output_window(gettext("May take a while...")); - exec("/bin/echo \"test2 {$snortdir} {$snortdir_wan} $id$if_real\" > /root/debug"); - exec("/bin/cp {$snortdir}/rules/* {$snortdir_wan}/snort_$id$if_real/rules/"); - exec("/bin/cp {$snortdir}/classification.config {$snortdir_wan}/snort_$id$if_real"); - exec("/bin/cp {$snortdir}/gen-msg.map {$snortdir_wan}/snort_$id$if_real"); - exec("/bin/cp {$snortdir}/generators {$snortdir_wan}/snort_$id$if_real"); - exec("/bin/cp {$snortdir}/reference.config {$snortdir_wan}/snort_$id$if_real"); - exec("/bin/cp {$snortdir}/sid {$snortdir_wan}/snort_$id$if_real"); - exec("/bin/cp {$snortdir}/sid-msg.map {$snortdir_wan}/snort_$id$if_real"); - exec("/bin/cp {$snortdir}/unicode.map {$snortdir_wan}/snort_$id$if_real"); + exec("/bin/echo \"test2 {$snortdir} {$snortdir_wan} {$iface_uuid}_{$if_real}\" > /root/debug"); + exec("/bin/cp {$snortdir}/rules/* {$snortdir_wan}/snort_{$iface_uuid}_{$if_real}/rules/"); + exec("/bin/cp {$snortdir}/classification.config {$snortdir_wan}/snort_{$iface_uuid}_{$if_real}"); + exec("/bin/cp {$snortdir}/gen-msg.map {$snortdir_wan}/snort_{$iface_uuid}_{$if_real}"); + exec("/bin/cp {$snortdir}/generators {$snortdir_wan}/snort_{$iface_uuid}_{$if_real}"); + exec("/bin/cp {$snortdir}/reference.config {$snortdir_wan}/snort_{$iface_uuid}_{$if_real}"); + exec("/bin/cp {$snortdir}/sid {$snortdir_wan}/snort_{$iface_uuid}_{$if_real}"); + exec("/bin/cp {$snortdir}/sid-msg.map {$snortdir_wan}/snort_{$iface_uuid}_{$if_real}"); + exec("/bin/cp {$snortdir}/unicode.map {$snortdir_wan}/snort_{$iface_uuid}_{$if_real}"); /* might have to add a sleep for 3sec for flash drives or old drives */ - exec("/usr/local/bin/perl /usr/local/bin/oinkmaster.pl -C /usr/local/etc/snort/snort_$id$if_real/oinkmaster_$id$if_real.conf -o /usr/local/etc/snort/snort_$id$if_real/rules > /usr/local/etc/snort/oinkmaster_$id$if_real.log"); + exec("/usr/local/bin/perl /usr/local/bin/oinkmaster.pl -C /usr/local/etc/snort/snort_{$iface_uuid}_{$if_real}/oinkmaster_{$iface_uuid}_{$if_real}.conf -o /usr/local/etc/snort/snort_{$iface_uuid}_{$if_real}/rules > /usr/local/etc/snort/oinkmaster_{$iface_uuid}_{$if_real}.log"); } } } @@ -1082,12 +1082,13 @@ if (!empty($config['installedpackages']['snortglobal']['rule'])) $result_lan = $config['installedpackages']['snortglobal']['rule'][$id]['interface']; $if_real = convert_friendly_interface_to_real_interface_name($result_lan); + $iface_uuid = $config['installedpackages']['snortglobal']['rule'][$id]['uuid']; /* make oinkmaster.conf for each interface rule */ - oinkmaster_conf(); + oinkmaster_conf($id, $if_real, $iface_uuid); /* run oinkmaster for each interface rule */ - oinkmaster_run(); + oinkmaster_run($id, $if_real, $iface_uuid); } } diff --git a/config/snort-dev/snort_dynamic_ip_reload.php b/config/snort-dev/snort_dynamic_ip_reload.php index dceb84b4..98d9bcce 100644 --- a/config/snort-dev/snort_dynamic_ip_reload.php +++ b/config/snort-dev/snort_dynamic_ip_reload.php @@ -35,23 +35,16 @@ require_once("/usr/local/pkg/snort/snort.inc"); /* get the varibles from the command line */ /* Note: snort.sh sould only be using this */ -$id = $_SERVER["argv"][1]; -$if_real = $_SERVER["argv"][2]; +//$id = $_SERVER["argv"][1]; +//$if_real = $_SERVER["argv"][2]; -$test_iface = $config['installedpackages']['snortglobal']['rule'][$id]['interface']; +//$test_iface = $config['installedpackages']['snortglobal']['rule'][$id]['interface']; -if ($id == "" || $if_real == "" || $test_iface == "") { - exec("/usr/bin/logger -p daemon.info -i -t SnortDynIP \"ERORR starting snort_dynamic_ip_reload.php\""); - exit; - } +//if ($id == "" || $if_real == "" || $test_iface == "") { +// exec("/usr/bin/logger -p daemon.info -i -t SnortDynIP \"ERORR starting snort_dynamic_ip_reload.php\""); +// exit; +// } -if ($id != "" && $if_real != "") { - create_snort_conf(); - -/* create barnyard2 configuration file */ -$snortbarnyardlog_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['barnyard_enable']; -if ($snortbarnyardlog_info_chk == on) - create_barnyard2_conf(); -} +sync_snort_package_empty(); ?>
\ No newline at end of file diff --git a/config/snort-dev/snort_interfaces.php b/config/snort-dev/snort_interfaces.php index e2cf9fdb..e5e5c86b 100644 --- a/config/snort-dev/snort_interfaces.php +++ b/config/snort-dev/snort_interfaces.php @@ -267,7 +267,7 @@ if ($_GET['act'] == "toggle" && $_GET['id'] != "") } -$pgtitle = "Services: Snort 2.8.5.3 pkg v. 1.12 Beta"; +$pgtitle = "Services: Snort 2.8.5.3 pkg v. 1.14 Beta"; include("head.inc"); ?> @@ -312,6 +312,7 @@ padding: 15px 10px 50% 50px; #footer2 { position: relative; + //top: 135px; top: -17px; background-color: #cccccc; background-image: none; @@ -321,7 +322,9 @@ padding: 15px 10px 50% 50px; padding-top: 0px; padding-right: 0px; padding-bottom: 0px; - padding-left: 0px; + padding-left: 10px; + //padding-left: 0px; + clear: both; } </style> @@ -536,10 +539,11 @@ if ($pkg['tabs'] <> "") { ?> </form> + </div> <!-- Right DIV --> </div> <!-- Content DIV --> - <div id="footer2"> + <div id="footer2"> <!-- style="width:760px; --> <IMG SRC="./images/footer2.jpg" width="780px" height="35" ALT="Apps"> <font size="1">Snort® is a registered trademark of Sourcefire, Inc., Barnyard2® is a registered trademark of securixlive.com., Orion® copyright Robert Zelaya., Emergingthreats is a registered trademark of emergingthreats.net., Mysql® is a registered trademark of Mysql.com.</font> diff --git a/config/snort-dev/snort_interfaces_edit.php b/config/snort-dev/snort_interfaces_edit.php index f91f56eb..551c0460 100644 --- a/config/snort-dev/snort_interfaces_edit.php +++ b/config/snort-dev/snort_interfaces_edit.php @@ -305,6 +305,12 @@ if ($_POST["Submit"]) { } //touch($d_natconfdirty_path); + header( 'Expires: Sat, 26 Jul 1997 05:00:00 GMT' ); + header( 'Last-Modified: ' . gmdate( 'D, d M Y H:i:s' ) . ' GMT' ); + header( 'Cache-Control: no-store, no-cache, must-revalidate' ); + header( 'Cache-Control: post-check=0, pre-check=0', false ); + header( 'Pragma: no-cache' ); + sleep(2); header("Location: /snort/snort_interfaces_edit.php?id=$id"); exit; @@ -327,8 +333,13 @@ if ($_POST["Submit"]) { sync_snort_package_all($id, $if_real); sleep(1); exec("/usr/local/bin/snort -u snort -g snort -R \"{$snort_uuid}_{$if_real}\" -D -q -l /var/log/snort -G {$snort_uuid} -c /usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/snort.conf -i {$if_real}"); + header( 'Expires: Sat, 26 Jul 1997 05:00:00 GMT' ); + header( 'Last-Modified: ' . gmdate( 'D, d M Y H:i:s' ) . ' GMT' ); + header( 'Cache-Control: no-store, no-cache, must-revalidate' ); + header( 'Cache-Control: post-check=0, pre-check=0', false ); + header( 'Pragma: no-cache' ); + sleep(2); header("Location: /snort/snort_interfaces_edit.php?id=$id"); - exit; } if ($_POST["Submit3"]) @@ -351,6 +362,15 @@ if ($_POST["Submit"]) { exec("/bin/kill {$start_up_r}"); exec("/bin/rm /var/run/snort_{$snort_uuid}_{$if_real}*"); } + header( 'Expires: Sat, 26 Jul 1997 05:00:00 GMT' ); + header( 'Last-Modified: ' . gmdate( 'D, d M Y H:i:s' ) . ' GMT' ); + header( 'Cache-Control: no-store, no-cache, must-revalidate' ); + header( 'Cache-Control: post-check=0, pre-check=0', false ); + header( 'Pragma: no-cache' ); + sleep(2); + header("Location: /snort/snort_interfaces_edit.php?id=$id"); + + } $iface_uuid = $a_nat[$id]['uuid']; diff --git a/pkg_config.7.xml b/pkg_config.7.xml index 36bd7ff8..c535bfce 100755 --- a/pkg_config.7.xml +++ b/pkg_config.7.xml @@ -359,7 +359,7 @@ <depends_on_package>mysql-client-5.1.44_1.tbz</depends_on_package> <depends_on_package>snort-2.8.5.3.tbz</depends_on_package> <config_file>http://www.pfsense.com/packages/config/snort-dev/snort.xml</config_file> - <version>2.8.5.3 pkg v. 1.12</version> + <version>2.8.5.3 pkg v. 1.14</version> <required_version>1.2.3</required_version> <status>Beta</status> <configurationfile>/snort.xml</configurationfile> diff --git a/pkg_config.8.xml b/pkg_config.8.xml index 9e98f231..88174fe3 100755 --- a/pkg_config.8.xml +++ b/pkg_config.8.xml @@ -264,7 +264,7 @@ <depends_on_package>mysql-client-5.1.44_1.tbz</depends_on_package> <depends_on_package>snort-2.8.5.3.tbz</depends_on_package> <config_file>http://www.pfsense.com/packages/config/snort-dev/snort.xml</config_file> - <version>2.8.5.3 pkg v. 1.12</version> + <version>2.8.5.3 pkg v. 1.14</version> <required_version>1.2.3</required_version> <status>Beta</status> <configurationfile>/snort.xml</configurationfile> |