aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--config/snort-dev/pfsense_rules/pfsense_rules.tar.gz.md51
-rw-r--r--config/snort-dev/snort.xml199
-rw-r--r--config/snort-dev/snort_alerts.php630
-rw-r--r--config/snort-dev/snort_blocked.php445
-rw-r--r--config/snort-dev/snort_download_rules.php1211
-rw-r--r--config/snort-dev/snort_rules_edit.php243
-rw-r--r--config/snort-dev/snort_rulesets.php307
-rw-r--r--config/snort-old/bin/barnyard2 (renamed from config/snort-dev/bin/barnyard2)bin641791 -> 641791 bytes
-rw-r--r--config/snort-old/bin/oinkmaster_contrib/README.contrib (renamed from config/snort-dev/bin/oinkmaster_contrib/README.contrib)0
-rw-r--r--config/snort-old/bin/oinkmaster_contrib/addmsg.pl (renamed from config/snort-dev/bin/oinkmaster_contrib/addmsg.pl)0
-rw-r--r--config/snort-old/bin/oinkmaster_contrib/addsid.pl (renamed from config/snort-dev/bin/oinkmaster_contrib/addsid.pl)0
-rw-r--r--config/snort-old/bin/oinkmaster_contrib/create-sidmap.pl (renamed from config/snort-dev/bin/oinkmaster_contrib/create-sidmap.pl)0
-rw-r--r--config/snort-old/bin/oinkmaster_contrib/makesidex.pl (renamed from config/snort-dev/bin/oinkmaster_contrib/makesidex.pl)0
-rw-r--r--config/snort-old/bin/oinkmaster_contrib/oinkgui.pl (renamed from config/snort-dev/bin/oinkmaster_contrib/oinkgui.pl)0
-rw-r--r--config/snort-old/bin/oinkmaster_contrib/oinkmaster.pl (renamed from config/snort-dev/bin/oinkmaster_contrib/oinkmaster.pl)0
-rwxr-xr-x[-rw-r--r--]config/snort-old/bin/snort2c (renamed from config/snort-dev/bin/snort2c)bin13508 -> 13508 bytes
-rw-r--r--config/snort-old/pfsense_rules/local.rules (renamed from config/snort-dev/pfsense_rules/local.rules)0
-rw-r--r--config/snort-old/pfsense_rules/pfsense_rules.tar.gz.md51
-rw-r--r--config/snort-old/pfsense_rules/rules/pfsense-voip.rules (renamed from config/snort-dev/pfsense_rules/rules/pfsense-voip.rules)0
-rwxr-xr-x[-rw-r--r--]config/snort-old/snort.inc (renamed from config/snort-dev/snort.inc)2042
-rw-r--r--config/snort-old/snort.xml378
-rw-r--r--config/snort-old/snort_advanced.xml (renamed from config/snort/snort_advanced.xml)0
-rw-r--r--config/snort-old/snort_alerts.php124
-rw-r--r--config/snort-old/snort_blocked.php174
-rw-r--r--config/snort-old/snort_check_for_rule_updates.php (renamed from config/snort-dev/snort_check_for_rule_updates.php)529
-rw-r--r--config/snort-old/snort_define_servers.xml (renamed from config/snort/snort_define_servers.xml)0
-rw-r--r--config/snort-old/snort_download_rules.php790
-rw-r--r--config/snort-old/snort_dynamic_ip_reload.php (renamed from config/snort-dev/snort_dynamic_ip_reload.php)27
-rw-r--r--config/snort-old/snort_rules.php (renamed from config/snort-dev/snort_rules.php)331
-rw-r--r--config/snort-old/snort_rules_edit.php207
-rw-r--r--config/snort-old/snort_rulesets.php230
-rw-r--r--config/snort-old/snort_threshold.xml (renamed from config/snort/snort_threshold.xml)0
-rw-r--r--config/snort-old/snort_whitelist.xml (renamed from config/snort-dev/snort_whitelist.xml)44
-rw-r--r--config/snort-old/snort_xmlrpc_sync.php (renamed from config/snort/snort_xmlrpc_sync.php)0
-rw-r--r--config/snort/NOTES.txt (renamed from config/snort-dev/NOTES.txt)0
-rw-r--r--config/snort/bin/7.2.x86/barnyard2 (renamed from config/snort-dev/bin/7.2.x86/barnyard2)bin715041 -> 715041 bytes
-rwxr-xr-xconfig/snort/bin/8.0.x86/barnyard2 (renamed from config/snort-dev/bin/8.0.x86/barnyard2)bin849388 -> 849388 bytes
-rw-r--r--config/snort/bin/8.0.x86/md5_files (renamed from config/snort-dev/bin/8.0.x86/md5_files)0
-rw-r--r--config/snort/bin/8.0.x86/md5_files~ (renamed from config/snort-dev/bin/8.0.x86/md5_files~)0
-rw-r--r--config/snort/bin/oinkmaster_contrib/snort_rename.pl (renamed from config/snort-dev/bin/oinkmaster_contrib/snort_rename.pl)0
-rw-r--r--[-rwxr-xr-x]config/snort/bin/snort2cbin13508 -> 13508 bytes
-rw-r--r--config/snort/css/style.css (renamed from config/snort-dev/css/style.css)0
-rw-r--r--config/snort/css/style2.css (renamed from config/snort-dev/css/style2.css)0
-rw-r--r--config/snort/help_and_info.php (renamed from config/snort-dev/help_and_info.php)0
-rw-r--r--config/snort/images/alert.jpg (renamed from config/snort-dev/images/alert.jpg)bin13730 -> 13730 bytes
-rw-r--r--config/snort/images/down.gif (renamed from config/snort-dev/images/down.gif)bin54 -> 54 bytes
-rw-r--r--config/snort/images/down2.gif (renamed from config/snort-dev/images/down2.gif)bin60 -> 60 bytes
-rw-r--r--config/snort/images/footer.jpg (renamed from config/snort-dev/images/footer.jpg)bin57411 -> 57411 bytes
-rw-r--r--config/snort/images/footer2.jpg (renamed from config/snort-dev/images/footer2.jpg)bin31878 -> 31878 bytes
-rw-r--r--config/snort/images/icon-table-sort-asc.png (renamed from config/snort-dev/images/icon-table-sort-asc.png)bin2906 -> 2906 bytes
-rw-r--r--config/snort/images/icon-table-sort-desc.png (renamed from config/snort-dev/images/icon-table-sort-desc.png)bin2913 -> 2913 bytes
-rw-r--r--config/snort/images/icon-table-sort.png (renamed from config/snort-dev/images/icon-table-sort.png)bin3025 -> 3025 bytes
-rw-r--r--config/snort/images/icon_excli.png (renamed from config/snort-dev/images/icon_excli.png)bin5280 -> 5280 bytes
-rw-r--r--config/snort/images/logo.jpg (renamed from config/snort-dev/images/logo.jpg)bin74306 -> 74306 bytes
-rw-r--r--config/snort/images/up.gif (renamed from config/snort-dev/images/up.gif)bin54 -> 54 bytes
-rw-r--r--config/snort/images/up2.gif (renamed from config/snort-dev/images/up2.gif)bin60 -> 60 bytes
-rw-r--r--config/snort/javascript/jquery-1.3.2.js (renamed from config/snort-dev/javascript/jquery-1.3.2.js)0
-rw-r--r--config/snort/javascript/jquery.blockUI.js (renamed from config/snort-dev/javascript/jquery.blockUI.js)0
-rw-r--r--config/snort/javascript/mootools.js (renamed from config/snort-dev/javascript/mootools.js)0
-rw-r--r--config/snort/javascript/sortableTable.js (renamed from config/snort-dev/javascript/sortableTable.js)0
-rw-r--r--config/snort/javascript/tabs.js (renamed from config/snort-dev/javascript/tabs.js)0
-rw-r--r--config/snort/pfsense_rules/pfsense_rules.tar.gz.md52
-rw-r--r--[-rwxr-xr-x]config/snort/snort.inc2045
-rw-r--r--config/snort/snort.sh (renamed from config/snort-dev/snort.sh)0
-rw-r--r--config/snort/snort.xml333
-rw-r--r--config/snort/snort_alerts.php624
-rw-r--r--config/snort/snort_barnyard.php (renamed from config/snort-dev/snort_barnyard.php)4
-rw-r--r--config/snort/snort_blocked.php453
-rw-r--r--config/snort/snort_check_for_rule_updates.php529
-rw-r--r--config/snort/snort_define_servers.php (renamed from config/snort-dev/snort_define_servers.php)7
-rw-r--r--config/snort/snort_download_rules.php1221
-rw-r--r--config/snort/snort_dynamic_ip_reload.php27
-rw-r--r--config/snort/snort_fbegin.inc (renamed from config/snort-dev/snort_fbegin.inc)0
-rw-r--r--config/snort/snort_gui.inc (renamed from config/snort-dev/snort_gui.inc)0
-rw-r--r--config/snort/snort_help_info.php (renamed from config/snort-dev/snort_help_info.php)0
-rw-r--r--config/snort/snort_interfaces.php (renamed from config/snort-dev/snort_interfaces.php)25
-rw-r--r--config/snort/snort_interfaces_edit.php (renamed from config/snort-dev/snort_interfaces_edit.php)18
-rw-r--r--config/snort/snort_interfaces_edit_bkup.php609
-rw-r--r--config/snort/snort_interfaces_global.php (renamed from config/snort-dev/snort_interfaces_global.php)0
-rw-r--r--config/snort/snort_preprocessors.php (renamed from config/snort-dev/snort_preprocessors.php)8
-rw-r--r--config/snort/snort_rules.php331
-rw-r--r--config/snort/snort_rules_edit.php366
-rw-r--r--config/snort/snort_rulesets.php207
-rw-r--r--config/snort/snort_whitelist.xml44
-rwxr-xr-xpkg_config.7.xml22
-rwxr-xr-xpkg_config.8.xml29
86 files changed, 7707 insertions, 7110 deletions
diff --git a/config/snort-dev/pfsense_rules/pfsense_rules.tar.gz.md5 b/config/snort-dev/pfsense_rules/pfsense_rules.tar.gz.md5
deleted file mode 100644
index 0aede4a0..00000000
--- a/config/snort-dev/pfsense_rules/pfsense_rules.tar.gz.md5
+++ /dev/null
@@ -1 +0,0 @@
-102 \ No newline at end of file
diff --git a/config/snort-dev/snort.xml b/config/snort-dev/snort.xml
deleted file mode 100644
index 37ce9967..00000000
--- a/config/snort-dev/snort.xml
+++ /dev/null
@@ -1,199 +0,0 @@
-<?xml version="1.0" encoding="utf-8" ?>
-<!DOCTYPE packagegui SYSTEM "../schema/packages.dtd">
-<?xml-stylesheet type="text/xsl" href="../xsl/package.xsl"?>
-<packagegui>
- <copyright>
- <![CDATA[
-/* $Id$ */
-/* ========================================================================== */
-/*
- authng.xml
- part of pfSense (http://www.pfsense.com)
- Copyright (C) 2007 to whom it may belong
- All rights reserved.
-
- Based on m0n0wall (http://m0n0.ch/wall)
- Copyright (C) 2003-2006 Manuel Kasper <mk@neon1.net>.
- All rights reserved.
- */
-/* ========================================================================== */
-/*
- Redistribution and use in source and binary forms, with or without
- modification, are permitted provided that the following conditions are met:
-
- 1. Redistributions of source code must retain the above copyright notice,
- this list of conditions and the following disclaimer.
-
- 2. Redistributions in binary form must reproduce the above copyright
- notice, this list of conditions and the following disclaimer in the
- documentation and/or other materials provided with the distribution.
-
- THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
- INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
- AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
- AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
- OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
- SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
- INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
- CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
- POSSIBILITY OF SUCH DAMAGE.
- */
-/* ========================================================================== */
- ]]>
- </copyright>
- <description>Describe your package here</description>
- <requirements>Describe your package requirements here</requirements>
- <faq>Currently there are no FAQ items provided.</faq>
- <name>Snort</name>
- <version>2.8.5.3</version>
- <title>Services: Snort 2.8.5.2 pkg v. 1.18</title>
- <include_file>/usr/local/pkg/snort/snort.inc</include_file>
- <menu>
- <name>Snort</name>
- <tooltiptext>Setup snort specific settings</tooltiptext>
- <section>Services</section>
- <url>/snort/snort_interfaces.php</url>
- </menu>
- <service>
- <name>snort</name>
- <rcfile></rcfile>
- <executable>snort</executable>
- <description>Snort is the most widely deployed IDS/IPS technology worldwide.</description>
- </service>
- <tabs>
- </tabs>
- <additional_files_needed>
- <prefix>/usr/local/pkg/snort/</prefix>
- <chmod>077</chmod>
- <item>http://www.pfsense.com/packages/config/snort-dev/snort.inc</item>
- </additional_files_needed>
- <additional_files_needed>
- <prefix>/usr/local/www/snort/</prefix>
- <chmod>077</chmod>
- <item>http://www.pfsense.com/packages/config/snort-dev/snort_fbegin.inc</item>
- </additional_files_needed>
- <additional_files_needed>
- <prefix>/usr/local/bin/</prefix>
- <chmod>077</chmod>
- <item>http://www.pfsense.com/packages/config/snort-dev/bin/oinkmaster_contrib/create-sidmap.pl</item>
- </additional_files_needed>
- <additional_files_needed>
- <prefix>/usr/local/bin/</prefix>
- <chmod>077</chmod>
- <item>http://www.pfsense.com/packages/config/snort-dev/bin/oinkmaster_contrib/oinkmaster.pl</item>
- </additional_files_needed>
- <additional_files_needed>
- <prefix>/usr/local/bin/</prefix>
- <chmod>077</chmod>
- <item>http://www.pfsense.com/packages/config/snort-dev/bin/oinkmaster_contrib/snort_rename.pl</item>
- </additional_files_needed>
- <additional_files_needed>
- <prefix>/usr/local/pkg/snort/</prefix>
- <chmod>077</chmod>
- <item>http://www.pfsense.com/packages/config/snort-dev/snort_gui.inc</item>
- </additional_files_needed>
- <additional_files_needed>
- <prefix>/usr/local/pkg/pf/</prefix>
- <chmod>077</chmod>
- <item>http://www.pfsense.com/packages/config/snort-dev/snort_dynamic_ip_reload.php</item>
- </additional_files_needed>
- <additional_files_needed>
- <prefix>/usr/local/pkg/snort/</prefix>
- <chmod>077</chmod>
- <item>http://www.pfsense.com/packages/config/snort-dev/snort_whitelist.xml</item>
- </additional_files_needed>
- <additional_files_needed>
- <prefix>/usr/local/www/snort/</prefix>
- <chmod>077</chmod>
- <item>http://www.pfsense.com/packages/config/snort-dev/snort_alerts.php</item>
- </additional_files_needed>
- <additional_files_needed>
- <prefix>/usr/local/www/snort/</prefix>
- <chmod>077</chmod>
- <item>http://www.pfsense.com/packages/config/snort-dev/snort_barnyard.php</item>
- </additional_files_needed>
- <additional_files_needed>
- <prefix>/usr/local/www/snort/</prefix>
- <chmod>077</chmod>
- <item>http://www.pfsense.com/packages/config/snort-dev/snort_blocked.php</item>
- </additional_files_needed>
- <additional_files_needed>
- <prefix>/usr/local/www/snort/</prefix>
- <chmod>077</chmod>
- <item>http://www.pfsense.com/packages/config/snort-dev/snort_define_servers.php</item>
- </additional_files_needed>
- <additional_files_needed>
- <prefix>/usr/local/www/snort/</prefix>
- <chmod>077</chmod>
- <item>http://www.pfsense.com/packages/config/snort-dev/snort_download_rules.php</item>
- </additional_files_needed>
- <additional_files_needed>
- <prefix>/usr/local/pkg/snort/</prefix>
- <chmod>077</chmod>
- <item>http://www.pfsense.com/packages/config/snort-dev/snort_check_for_rule_updates.php</item>
- </additional_files_needed>
- <additional_files_needed>
- <prefix>/usr/local/www/snort/</prefix>
- <chmod>077</chmod>
- <item>http://www.pfsense.com/packages/config/snort-dev/snort_help_info.php</item>
- </additional_files_needed>
- <additional_files_needed>
- <prefix>/usr/local/www/snort/</prefix>
- <chmod>077</chmod>
- <item>http://www.pfsense.com/packages/config/snort-dev/help_and_info.php</item>
- </additional_files_needed>
- <additional_files_needed>
- <prefix>/usr/local/www/snort/</prefix>
- <chmod>077</chmod>
- <item>http://www.pfsense.com/packages/config/snort-dev/snort_interfaces.php</item>
- </additional_files_needed>
- <additional_files_needed>
- <prefix>/usr/local/www/snort/</prefix>
- <chmod>077</chmod>
- <item>http://www.pfsense.com/packages/config/snort-dev/snort_interfaces_edit.php</item>
- </additional_files_needed>
- <additional_files_needed>
- <prefix>/usr/local/www/snort/</prefix>
- <chmod>077</chmod>
- <item>http://www.pfsense.com/packages/config/snort-dev/snort_interfaces_global.php</item>
- </additional_files_needed>
- <additional_files_needed>
- <prefix>/usr/local/www/snort/</prefix>
- <chmod>077</chmod>
- <item>http://www.pfsense.com/packages/config/snort-dev/snort_rules.php</item>
- </additional_files_needed>
- <additional_files_needed>
- <prefix>/usr/local/www/snort/</prefix>
- <chmod>077</chmod>
- <item>http://www.pfsense.com/packages/config/snort-dev/snort_rules_edit.php</item>
- </additional_files_needed>
- <additional_files_needed>
- <prefix>/usr/local/www/snort/</prefix>
- <chmod>077</chmod>
- <item>http://www.pfsense.com/packages/config/snort-dev/snort_rulesets.php</item>
- </additional_files_needed>
- <additional_files_needed>
- <prefix>/usr/local/www/snort/</prefix>
- <chmod>077</chmod>
- <item>http://www.pfsense.com/packages/config/snort-dev/snort_preprocessors.php</item>
- </additional_files_needed>
- <additional_files_needed>
- <prefix>/usr/local/etc/rc.d/</prefix>
- <chmod>755</chmod>
- <item>http://www.pfsense.com/packages/config/snort-dev/snort.sh</item>
- </additional_files_needed>
- <fields>
- </fields>
- <custom_add_php_command>
- </custom_add_php_command>
- <custom_php_resync_config_command>
- sync_snort_package();
- </custom_php_resync_config_command>
- <custom_php_install_command>
- snort_postinstall();
- </custom_php_install_command>
- <custom_php_deinstall_command>
- snort_deinstall();
- </custom_php_deinstall_command>
-</packagegui>
diff --git a/config/snort-dev/snort_alerts.php b/config/snort-dev/snort_alerts.php
deleted file mode 100644
index 4f0ddb03..00000000
--- a/config/snort-dev/snort_alerts.php
+++ /dev/null
@@ -1,630 +0,0 @@
-<?php
-/* $Id$ */
-/*
- snort_alerts.php
- part of pfSense
-
- Copyright (C) 2005 Bill Marquette <bill.marquette@gmail.com>.
- Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>.
- Copyright (C) 2006 Scott Ullrich
- All rights reserved.
-
- Modified for the Pfsense snort package v. 1.8+
- Copyright (C) 2009 Robert Zelaya Sr. Developer
-
- Redistribution and use in source and binary forms, with or without
- modification, are permitted provided that the following conditions are met:
-
- 1. Redistributions of source code must retain the above copyright notice,
- this list of conditions and the following disclaimer.
-
- 2. Redistributions in binary form must reproduce the above copyright
- notice, this list of conditions and the following disclaimer in the
- documentation and/or other materials provided with the distribution.
-
- THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
- INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
- AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
- AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
- OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
- SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
- INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
- CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
- POSSIBILITY OF SUCH DAMAGE.
-*/
-
-require_once("globals.inc");
-require_once("guiconfig.inc");
-require_once("/usr/local/pkg/snort/snort.inc");
-
-$snortalertlogt = $config['installedpackages']['snortglobal']['snortalertlogtype'];
-$snort_logfile = '/var/log/snort/alert';
-
-$pconfig['arefresh'] = $config['installedpackages']['snortglobal']['alertsblocks']['arefresh'];
-$pconfig['alertnumber'] = $config['installedpackages']['snortglobal']['alertsblocks']['alertnumber'];
-
-if ($pconfig['alertnumber'] == '' || $pconfig['alertnumber'] == '0')
-{
- $anentries = '250';
-}else{
- $anentries = $pconfig['alertnumber'];
-}
-
-if ($_POST['save'])
-{
-
- //unset($input_errors);
- //$pconfig = $_POST;
-
- /* input validation */
- if ($_POST['save'])
- {
-
- // if (($_POST['radiusacctport'] && !is_port($_POST['radiusacctport']))) {
- // $input_errors[] = "A valid port number must be specified. [".$_POST['radiusacctport']."]";
- // }
-
- }
-
- /* no errors */
- if (!$input_errors)
- {
-
- $config['installedpackages']['snortglobal']['alertsblocks']['arefresh'] = $_POST['arefresh'] ? on : off;
- $config['installedpackages']['snortglobal']['alertsblocks']['alertnumber'] = $_POST['alertnumber'];
-
- conf_mount_rw();
- write_config();
- //conf_mount_ro();
- sleep(2);
-
- header("Location: /snort/snort_alerts.php");
-
- }
-
-}
-
-
-if ($_POST['delete'])
-{
-
- exec("killall syslogd");
- conf_mount_rw();
- if(file_exists("/var/log/snort/alert"))
- {
- exec('/bin/rm /var/log/snort/*');
- exec('/usr/bin/touch /var/log/snort/alert');
- }
- conf_mount_ro();
- system_syslogd_start();
- //exec("/usr/bin/killall -HUP snort");
-
-}
-
-if ($_POST['download'])
-{
-
- ob_start(); //importanr or other post will fail
- $save_date = exec('/bin/date "+%Y-%m-%d-%H-%M-%S"');
- $file_name = "snort_logs_{$save_date}.tar.gz";
- exec("/usr/bin/tar cfz /tmp/snort_logs_{$save_date}.tar.gz /var/log/snort");
-
- if(file_exists("/tmp/snort_logs_{$save_date}.tar.gz"))
- {
- $file = "/tmp/snort_logs_{$save_date}.tar.gz";
- header("Expires: Mon, 26 Jul 1997 05:00:00 GMT\n");
- header("Pragma: private"); // needed for IE
- header("Cache-Control: private, must-revalidate"); // needed for IE
- header('Content-type: application/force-download');
- header('Content-Transfer-Encoding: Binary');
- header("Content-length: ".filesize($file));
- header("Content-disposition: attachment; filename = {$file_name}");
- readfile("$file");
- exec("/bin/rm /tmp/snort_logs_{$save_date}.tar.gz");
- od_end_clean(); //importanr or other post will fail
- }else{
- echo 'Error no saved file.';
- }
-
-}
-
-
-/* WARNING: took me forever to figure reg expression, dont lose */
-// $fileline = '12/09-18:12:02.086733 [**] [122:6:0] (portscan) TCP Filtered Decoy Portscan [**] [Priority: 3] {PROTO:255} 125.135.214.166 -> 70.61.243.50';
-
-function get_snort_alert_date($fileline)
-{
- /* date full date \d+\/\d+-\d+:\d+:\d+\.\d+\s */
- if (preg_match("/\d+\/\d+-\d+:\d+:\d\d/", $fileline, $matches1))
- {
- $alert_date = "$matches1[0]";
- }
-
-return $alert_date;
-
-}
-
-function get_snort_alert_disc($fileline)
-{
- /* disc */
- if (preg_match("/\[\*\*\] (\[.*\]) (.*) (\[\*\*\])/", $fileline, $matches))
- {
- $alert_disc = "$matches[2]";
- }
-
-return $alert_disc;
-
-}
-
-function get_snort_alert_class($fileline)
-{
- /* class */
- if (preg_match('/\[Classification:\s.+[^\d]\]/', $fileline, $matches2))
- {
- $alert_class = "$matches2[0]";
- }
-
-return $alert_class;
-
-}
-
-function get_snort_alert_priority($fileline)
-{
- /* Priority */
- if (preg_match('/Priority:\s\d/', $fileline, $matches3))
- {
- $alert_priority = "$matches3[0]";
- }
-
-return $alert_priority;
-
-}
-
-function get_snort_alert_proto($fileline)
-{
- /* Priority */
- if (preg_match('/\{.+\}/', $fileline, $matches3))
- {
- $alert_proto = "$matches3[0]";
- }
-
-return $alert_proto;
-
-}
-
-function get_snort_alert_proto_full($fileline)
-{
- /* Protocal full */
- if (preg_match('/.+\sTTL/', $fileline, $matches2))
- {
- $alert_proto_full = "$matches2[0]";
- }
-
-return $alert_proto_full;
-
-}
-
-function get_snort_alert_ip_src($fileline)
-{
- /* SRC IP */
- $re1='.*?'; # Non-greedy match on filler
- $re2='((?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?))(?![\\d])'; # IPv4 IP Address 1
-
- if ($c=preg_match_all ("/".$re1.$re2."/is", $fileline, $matches4))
- {
- $alert_ip_src = $matches4[1][0];
- }
-
-return $alert_ip_src;
-
-}
-
-function get_snort_alert_src_p($fileline)
-{
- /* source port */
- if (preg_match('/:\d+\s-/', $fileline, $matches5))
- {
- $alert_src_p = "$matches5[0]";
- }
-
-return $alert_src_p;
-
-}
-
-function get_snort_alert_flow($fileline)
-{
- /* source port */
- if (preg_match('/(->|<-)/', $fileline, $matches5))
- {
- $alert_flow = "$matches5[0]";
- }
-
-return $alert_flow;
-
-}
-
-function get_snort_alert_ip_dst($fileline)
-{
- /* DST IP */
- $re1dp='.*?'; # Non-greedy match on filler
- $re2dp='(?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)(?![\\d])'; # Uninteresting: ipaddress
- $re3dp='.*?'; # Non-greedy match on filler
- $re4dp='((?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?))(?![\\d])'; # IPv4 IP Address 1
-
- if ($c=preg_match_all ("/".$re1dp.$re2dp.$re3dp.$re4dp."/is", $fileline, $matches6))
- {
- $alert_ip_dst = $matches6[1][0];
- }
-
-return $alert_ip_dst;
-
-}
-
-function get_snort_alert_dst_p($fileline)
-{
- /* dst port */
- if (preg_match('/:\d+$/', $fileline, $matches7))
- {
- $alert_dst_p = "$matches7[0]";
- }
-
-return $alert_dst_p;
-
-}
-
-function get_snort_alert_dst_p_full($fileline)
-{
- /* dst port full */
- if (preg_match('/:\d+\n[A-Z]+\sTTL/', $fileline, $matches7))
- {
- $alert_dst_p = "$matches7[0]";
- }
-
-return $alert_dst_p;
-
-}
-
-function get_snort_alert_sid($fileline)
-{
- /* SID */
- if (preg_match('/\[\d+:\d+:\d+\]/', $fileline, $matches8))
- {
- $alert_sid = "$matches8[0]";
- }
-
-return $alert_sid;
-
-}
-
-//
-
-$pgtitle = "Services: Snort: Snort Alerts";
-include("head.inc");
-
-?>
-
-<link rel="stylesheet" href="/snort/css/style.css" type="text/css" media="all">
-<script type="text/javascript" src="/snort/javascript/mootools.js"></script>
-<script type="text/javascript" src="/snort/javascript/sortableTable.js"></script>
-
-<body link="#0000CC" vlink="#0000CC" alink="#0000CC">
-<?php
-
-include("./snort_fbegin.inc");
-
-echo "<p class=\"pgtitle\">";
-if($pfsense_stable == 'yes'){echo $pgtitle;}
-echo "</p>\n";
-
-/* refresh every 60 secs */
-if ($pconfig['arefresh'] == 'on' || $pconfig['arefresh'] == '')
-{
- echo "<meta http-equiv=\"refresh\" content=\"60;url=/snort/snort_alerts.php\" />\n";
-}
-?>
-<table width="100%" border="0" cellpadding="0" cellspacing="0">
- <tr><td>
-<?php
- $tab_array = array();
- $tab_array[] = array("Snort Interfaces", false, "/snort/snort_interfaces.php");
- $tab_array[] = array("Global Settings", false, "/snort/snort_interfaces_global.php");
- $tab_array[] = array("Rule Updates", false, "/snort/snort_download_rules.php");
- $tab_array[] = array("Alerts", true, "/snort/snort_alerts.php");
- $tab_array[] = array("Blocked", false, "/snort/snort_blocked.php");
- $tab_array[] = array("Whitelists", false, "/pkg.php?xml=/snort/snort_whitelist.xml");
- $tab_array[] = array("Help & Info", false, "/snort/snort_help_info.php");
- display_top_tabs($tab_array);
-?>
-</td>
-</tr>
- <tr>
- <td>
- <div id="mainarea">
- <table class="tabcont" width="100%" border="1" cellspacing="0" cellpadding="0">
- <tr>
- <td width="22%" colspan="0" class="listtopic">
- Last <?=$anentries;?> Alert Entries.
- </td>
- <td width="78%" class="listtopic">
- Latest Alert Entries Are Listed First.
- </td>
- </tr>
- <tr>
- <td width="22%" class="vncell">Save or Remove Logs</td>
- <td width="78%" class="vtable">
- <form action="/snort/snort_alerts.php" method="post">
- <input name="download" type="submit" class="formbtn" value="Download">
- All log files will be saved.
- <input name="delete" type="submit" class="formbtn" value="Clear">
- <span class="red"><strong>Warning:</strong></span> all log files will be deleted.
- </form>
- </td>
- </tr>
- <tr>
- <td width="22%" class="vncell">Auto Refresh and Log View</td>
- <td width="78%" class="vtable">
- <form action="/snort/snort_alerts.php" method="post">
- <input name="save" type="submit" class="formbtn" value="Save">
- Refresh
- <input name="arefresh" type="checkbox" value="on" <?php if ($config['installedpackages']['snortglobal']['alertsblocks']['arefresh']=="on") echo "checked"; ?>>
- <strong>Default</strong> is <strong>ON</strong>.
- <input name="alertnumber" type="text" class="formfld" id="alertnumber" size="5" value="<?=htmlspecialchars($anentries);?>">
- Enter the number of log entries to view. <strong>Default</strong> is <strong>250</strong>.
- </form>
- </td>
- </tr>
- </table>
- </div>
- </td>
- </tr>
-</table>
-<table width="100%" border="0" cellpadding="0" cellspacing="0">
- <td width="100%">
- <br>
- <div class="tableFilter">
- <form id="tableFilter" onsubmit="myTable.filter(this.id); return false;">Filter:
- <select id="column">
- <option value="1">PRIORITY</option>
- <option value="2">PROTO</option>
- <option value="3">DESCRIPTION</option>
- <option value="4">CLASS</option>
- <option value="5">SRC</option>
- <option value="6">SRC PORT</option>
- <option value="7">FLOW</option>
- <option value="8">DST</option>
- <option value="9">DST PORT</option>
- <option value="10">SID</option>
- <option value="11">Date</option>
- </select>
- <input type="text" id="keyword" />
- <input type="submit" value="Submit" />
- <input type="reset" value="Clear" />
- </form>
- </div>
-<table class="allRow" id="myTable" width="100%" border="2" cellpadding="1" cellspacing="1">
- <thead>
- <th axis="number">#</th>
- <th axis="string">PRI</th>
- <th axis="string">PROTO</th>
- <th axis="string">DESCRIPTION</th>
- <th axis="string">CLASS</th>
- <th axis="string">SRC</th>
- <th axis="string">SPORT</th>
- <th axis="string">FLOW</th>
- <th axis="string">DST</th>
- <th axis="string">DPORT</th>
- <th axis="string">SID</th>
- <th axis="date">Date</th>
- </thead>
- <tbody>
-<?php
-
- /* make sure alert file exists */
- if(!file_exists('/var/log/snort/alert'))
- {
- conf_mount_rw();
- exec('/usr/bin/touch /var/log/snort/alert');
- conf_mount_ro();
- }
-
- $logent = $anentries;
-
- /* detect the alert file type */
- if ($snortalertlogt == 'full')
- {
- $alerts_array = array_reverse(array_filter(explode("\n\n", file_get_contents('/var/log/snort/alert'))));
- }else{
- $alerts_array = array_reverse(array_filter(split("\n", file_get_contents('/var/log/snort/alert'))));
- }
-
-
-
-if (is_array($alerts_array))
-{
-
- $counter = 0;
- foreach($alerts_array as $fileline)
- {
-
- if($logent <= $counter)
- continue;
-
- $counter++;
-
- /* Date */
- $alert_date_str = get_snort_alert_date($fileline);
-
- if($alert_date_str != '')
- {
- $alert_date = $alert_date_str;
- }else{
- $alert_date = 'empty';
- }
-
- /* Discription */
- $alert_disc_str = get_snort_alert_disc($fileline);
-
- if($alert_disc_str != '')
- {
- $alert_disc = $alert_disc_str;
- }else{
- $alert_disc = 'empty';
- }
-
- /* Classification */
- $alert_class_str = get_snort_alert_class($fileline);
-
- if($alert_class_str != '')
- {
-
- $alert_class_match = array('[Classification:',']');
- $alert_class = str_replace($alert_class_match, '', "$alert_class_str");
- }else{
- $alert_class = 'Prep';
- }
-
- /* Priority */
- $alert_priority_str = get_snort_alert_priority($fileline);
-
- if($alert_priority_str != '')
- {
- $alert_priority_match = array('Priority: ',']');
- $alert_priority = str_replace($alert_priority_match, '', "$alert_priority_str");
- }else{
- $alert_priority = 'empty';
- }
-
- /* Protocol */
- /* Detect alert file type */
- if ($snortalertlogt == 'full')
- {
- $alert_proto_str = get_snort_alert_proto_full($fileline);
- }else{
- $alert_proto_str = get_snort_alert_proto($fileline);
- }
-
- if($alert_proto_str != '')
- {
- $alert_proto_match = array(" TTL",'{','}');
- $alert_proto = str_replace($alert_proto_match, '', "$alert_proto_str");
- }else{
- $alert_proto = 'empty';
- }
-
- /* IP SRC */
- $alert_ip_src_str = get_snort_alert_ip_src($fileline);
-
- if($alert_ip_src_str != '')
- {
- $alert_ip_src = $alert_ip_src_str;
- }else{
- $alert_ip_src = 'empty';
- }
-
- /* IP SRC Port */
- $alert_src_p_str = get_snort_alert_src_p($fileline);
-
- if($alert_src_p_str != '')
- {
- $alert_src_p_match = array(' -',':');
- $alert_src_p = str_replace($alert_src_p_match, '', "$alert_src_p_str");
- }else{
- $alert_src_p = 'empty';
- }
-
- /* Flow */
- $alert_flow_str = get_snort_alert_flow($fileline);
-
- if($alert_flow_str != '')
- {
- $alert_flow = $alert_flow_str;
- }else{
- $alert_flow = 'empty';
- }
-
- /* IP Destination */
- $alert_ip_dst_str = get_snort_alert_ip_dst($fileline);
-
- if($alert_ip_dst_str != '')
- {
- $alert_ip_dst = $alert_ip_dst_str;
- }else{
- $alert_ip_dst = 'empty';
- }
-
- /* IP DST Port */
- if ($snortalertlogt == 'full')
- {
- $alert_dst_p_str = get_snort_alert_dst_p_full($fileline);
- }else{
- $alert_dst_p_str = get_snort_alert_dst_p($fileline);
- }
-
- if($alert_dst_p_str != '')
- {
- $alert_dst_p_match = array(':',"\n"," TTL");
- $alert_dst_p_str2 = str_replace($alert_dst_p_match, '', "$alert_dst_p_str");
- $alert_dst_p_match2 = array('/[A-Z]/');
- $alert_dst_p = preg_replace($alert_dst_p_match2, '', "$alert_dst_p_str2");
- }else{
- $alert_dst_p = 'empty';
- }
-
- /* SID */
- $alert_sid_str = get_snort_alert_sid($fileline);
-
- if($alert_sid_str != '')
- {
- $alert_sid_match = array('[',']');
- $alert_sid = str_replace($alert_sid_match, '', "$alert_sid_str");
- }else{
- $alert_sid_str = 'empty';
- }
-
- /* NOTE: using one echo improves performance by 2x */
- if ($alert_disc != 'empty')
- {
- echo "<tr id=\"{$counter}\">
- <td class=\"centerAlign\">{$counter}</td>
- <td class=\"centerAlign\">{$alert_priority}</td>
- <td class=\"centerAlign\">{$alert_proto}</td>
- <td>{$alert_disc}</td>
- <td class=\"centerAlign\">{$alert_class}</td>
- <td>{$alert_ip_src}</td>
- <td class=\"centerAlign\">{$alert_src_p}</td>
- <td class=\"centerAlign\">{$alert_flow}</td>
- <td>{$alert_ip_dst}</td>
- <td class=\"centerAlign\">{$alert_dst_p}</td>
- <td class=\"centerAlign\">{$alert_sid}</td>
- <td>{$alert_date}</td>
- </tr>\n";
- }
-
-// <script type="text/javascript">
-// var myTable = {};
-// window.addEvent('domready', function(){
-// myTable = new sortableTable('myTable', {overCls: 'over', onClick: function(){alert(this.id)}});
-// });
-// </script>
-
- }
-}
-
-?>
- </tbody>
- </table>
- </td>
-</table>
-
-<?php include("fend.inc"); ?>
-
- <script type="text/javascript">
- var myTable = {};
- window.addEvent('domready', function(){
- myTable = new sortableTable('myTable', {overCls: 'over'});
- });
- </script>
-
-</body>
-</html>
diff --git a/config/snort-dev/snort_blocked.php b/config/snort-dev/snort_blocked.php
deleted file mode 100644
index 293679d9..00000000
--- a/config/snort-dev/snort_blocked.php
+++ /dev/null
@@ -1,445 +0,0 @@
-<?php
-/* $Id$ */
-/*
- snort_blocked.php
- Copyright (C) 2006 Scott Ullrich
- All rights reserved.
-
- Modified for the Pfsense snort package v. 1.8+
- Copyright (C) 2009 Robert Zelaya Sr. Developer
-
- Redistribution and use in source and binary forms, with or without
- modification, are permitted provided that the following conditions are met:
-
- 1. Redistributions of source code must retain the above copyright notice,
- this list of conditions and the following disclaimer.
-
- 2. Redistributions in binary form must reproduce the above copyright
- notice, this list of conditions and the following disclaimer in the
- documentation and/or other materials provided with the distribution.
-
- THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
- INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
- AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
- AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
- OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
- SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
- INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
- CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
- POSSIBILITY OF SUCH DAMAGE.
-*/
-
-require_once("globals.inc");
-require_once("guiconfig.inc");
-require_once("/usr/local/pkg/snort/snort.inc");
-
-$pconfig['brefresh'] = $config['installedpackages']['snortglobal']['alertsblocks']['brefresh'];
-$pconfig['blertnumber'] = $config['installedpackages']['snortglobal']['alertsblocks']['blertnumber'];
-
-if ($pconfig['blertnumber'] == '' || $pconfig['blertnumber'] == '0')
-{
- $bnentries = '500';
-}else{
- $bnentries = $pconfig['blertnumber'];
-}
-
-if($_POST['todelete'] or $_GET['todelete']) {
- if($_POST['todelete'])
- $ip = $_POST['todelete'];
- if($_GET['todelete'])
- $ip = $_GET['todelete'];
- exec("/sbin/pfctl -t snort2c -T delete {$ip}");
-}
-
-if ($_POST['remove']) {
-
-exec("/sbin/pfctl -t snort2c -T flush");
-sleep(1);
-header("Location: /snort/snort_blocked.php");
-
-}
-
-/* TODO: build a file with block ip and disc */
-if ($_POST['download'])
-{
-
- ob_start(); //important or other posts will fail
- $save_date = exec('/bin/date "+%Y-%m-%d-%H-%M-%S"');
- $file_name = "snort_blocked_{$save_date}.tar.gz";
- exec('/bin/mkdir /tmp/snort_blocked');
- exec('/sbin/pfctl -t snort2c -T show > /tmp/snort_block.pf');
-
- $blocked_ips_array_save = str_replace(' ', '', array_filter(explode("\n", file_get_contents('/tmp/snort_block.pf'))));
-
- if ($blocked_ips_array_save[0] != '')
- {
-
- /* build the list */
- $counter = 0;
- foreach($blocked_ips_array_save as $fileline3)
- {
-
- $counter++;
-
- exec("/bin/echo $fileline3 >> /tmp/snort_blocked/snort_block.pf");
-
- }
- }
-
- exec("/usr/bin/tar cfz /tmp/snort_blocked_{$save_date}.tar.gz /tmp/snort_blocked");
-
- if(file_exists("/tmp/snort_blocked_{$save_date}.tar.gz"))
- {
- $file = "/tmp/snort_blocked_{$save_date}.tar.gz";
- header("Expires: Mon, 26 Jul 1997 05:00:00 GMT\n");
- header("Pragma: private"); // needed for IE
- header("Cache-Control: private, must-revalidate"); // needed for IE
- header('Content-type: application/force-download');
- header('Content-Transfer-Encoding: Binary');
- header("Content-length: ".filesize($file));
- header("Content-disposition: attachment; filename = {$file_name}");
- readfile("$file");
- exec("/bin/rm /tmp/snort_blocked_{$save_date}.tar.gz");
- exec("/bin/rm /tmp/snort_block.pf");
- exec("/bin/rm /tmp/snort_blocked/snort_block.pf");
- od_end_clean(); //importanr or other post will fail
- }else{
- echo 'Error no saved file.';
- }
-
-}
-
-if ($_POST['save'])
-{
-
- /* input validation */
- if ($_POST['save'])
- {
-
-
- }
-
- /* no errors */
- if (!$input_errors)
- {
-
- $config['installedpackages']['snortglobal']['alertsblocks']['brefresh'] = $_POST['brefresh'] ? on : off;
- $config['installedpackages']['snortglobal']['alertsblocks']['blertnumber'] = $_POST['blertnumber'];
-
- conf_mount_rw();
- write_config();
- //conf_mount_ro();
- sleep(2);
-
- header("Location: /snort/snort_blocked.php");
-
- }
-
-}
-
-/* build filter funcs */
-function get_snort_alert_ip_src($fileline)
-{
- /* SRC IP */
- $re1='.*?'; # Non-greedy match on filler
- $re2='((?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?))(?![\\d])'; # IPv4 IP Address 1
-
- if ($c=preg_match_all ("/".$re1.$re2."/is", $fileline, $matches4))
- {
- $alert_ip_src = $matches4[1][0];
- }
-
-return $alert_ip_src;
-
-}
-
-function get_snort_alert_disc($fileline)
-{
- /* disc */
- if (preg_match("/\[\*\*\] (\[.*\]) (.*) (\[\*\*\])/", $fileline, $matches))
- {
- $alert_disc = "$matches[2]";
- }
-
-return $alert_disc;
-
-}
-
-/* build sec filters */
-function get_snort_block_ip($fileline)
-{
- /* ip */
- if (preg_match("/\[\d+\.\d+\.\d+\.\d+\]/", $fileline, $matches))
- {
- $alert_block_ip = "$matches[0]";
- }
-
-return $alert_block_ip;
-
-}
-
-function get_snort_block_disc($fileline)
-{
- /* disc */
- if (preg_match("/\]\s\[.+\]$/", $fileline, $matches))
- {
- $alert_block_disc = "$matches[0]";
- }
-
-return $alert_block_disc;
-
-}
-
-/* tell the user what settings they have */
-$blockedtab_msg_chk = $config['installedpackages']['snortglobal']['rm_blocked'];
- if ($blockedtab_msg_chk == "1h_b") {
- $blocked_msg = "hour";
- }
- if ($blockedtab_msg_chk == "3h_b") {
- $blocked_msg = "3 hours";
- }
- if ($blockedtab_msg_chk == "6h_b") {
- $blocked_msg = "6 hours";
- }
- if ($blockedtab_msg_chk == "12h_b") {
- $blocked_msg = "12 hours";
- }
- if ($blockedtab_msg_chk == "1d_b") {
- $blocked_msg = "day";
- }
- if ($blockedtab_msg_chk == "4d_b") {
- $blocked_msg = "4 days";
- }
- if ($blockedtab_msg_chk == "7d_b") {
- $blocked_msg = "7 days";
- }
- if ($blockedtab_msg_chk == "28d_b") {
- $blocked_msg = "28 days";
- }
-
-if ($blockedtab_msg_chk != "never_b")
-{
-$blocked_msg_txt = "Hosts are removed every <strong>$blocked_msg</strong>.";
-}else{
-$blocked_msg_txt = "Settings are set to never <strong>remove</strong> hosts.";
-}
-
-$pgtitle = "Services: Snort Blocked Hosts";
-include("head.inc");
-
-?>
-
-<body link="#000000" vlink="#000000" alink="#000000">
-<?php
-
-include("./snort_fbegin.inc");
-
-echo "<p class=\"pgtitle\">";
-if($pfsense_stable == 'yes'){echo $pgtitle;}
-echo "</p>\n";
-
-/* refresh every 60 secs */
-if ($pconfig['brefresh'] == 'on' || $pconfig['brefresh'] == '')
-{
- echo "<meta http-equiv=\"refresh\" content=\"60;url=/snort/snort_blocked.php\" />\n";
-}
-?>
-
-<script src="/row_toggle.js" type="text/javascript"></script>
-<script src="/javascript/sorttable.js" type="text/javascript"></script>
-<?php if ($savemsg) print_info_box($savemsg); ?>
-<table width="99%" border="0" cellpadding="0" cellspacing="0">
- <tr>
- <td>
-<?php
- $tab_array = array();
- $tab_array[] = array("Snort Interfaces", false, "/snort/snort_interfaces.php");
- $tab_array[] = array("Global Settings", false, "/snort/snort_interfaces_global.php");
- $tab_array[] = array("Rule Updates", false, "/snort/snort_download_rules.php");
- $tab_array[] = array("Alerts", false, "/snort/snort_alerts.php");
- $tab_array[] = array("Blocked", true, "/snort/snort_blocked.php");
- $tab_array[] = array("Whitelists", false, "/pkg.php?xml=/snort/snort_whitelist.xml");
- $tab_array[] = array("Help & Info", false, "/snort/snort_help_info.php");
- display_top_tabs($tab_array);
-?>
- </td>
- </tr>
- <tr>
- <td>
- <div id="mainarea">
-
- <table id="maintable" class="tabcont" width="100%" border="0" cellpadding="0" cellspacing="0">
- <tr>
- <td width="22%" colspan="0" class="listtopic">
- Last <?=$bnentries;?> Blocked.
- </td>
- <td width="78%" class="listtopic">
- This page lists hosts that have been blocked by Snort.&nbsp;&nbsp;<?=$blocked_msg_txt;?>
- </td>
- </tr>
- <tr>
- <td width="22%" class="vncell">Save or Remove Hosts</td>
- <td width="78%" class="vtable">
- <form action="/snort/snort_blocked.php" method="post">
- <input name="download" type="submit" class="formbtn" value="Download">
- All blocked hosts will be saved.
- <input name="remove" type="submit" class="formbtn" value="Clear">
- <span class="red"><strong>Warning:</strong></span> all hosts will be removed.
- </form>
- </td>
- </tr>
- <tr>
- <td width="22%" class="vncell">Auto Refresh and Log View</td>
- <td width="78%" class="vtable">
- <form action="/snort/snort_blocked.php" method="post">
- <input name="save" type="submit" class="formbtn" value="Save">
- Refresh
- <input name="brefresh" type="checkbox" value="on" <?php if ($config['installedpackages']['snortglobal']['alertsblocks']['brefresh']=="on" || $config['installedpackages']['snortglobal']['alertsblocks']['brefresh']=='') echo "checked"; ?>>
- <strong>Default</strong> is <strong>ON</strong>.
- <input name="blertnumber" type="text" class="formfld" id="blertnumber" size="5" value="<?=htmlspecialchars($bnentries);?>">
- Enter the number of blocked entries to view. <strong>Default</strong> is <strong>500</strong>.
- </form>
- </td>
- </tr>
- </table>
-
- </div>
- </td>
- </tr>
-
- <table class="tabcont" width="100%" border="0" cellspacing="0" cellpadding="0">
- <tr>
- <td>
- <table id="sortabletable1" class="sortable" width="100%" border="0" cellpadding="0" cellspacing="0">
- <tr id="frheader">
- <td width="5%" class="listhdrr">Remove</td>
- <td class="listhdrr">#</td>
- <td class="listhdrr">IP</td>
- <td class="listhdrr">Alert Description</td>
- </tr>
-<?php
-
-/* set the arrays */
-exec('/sbin/pfctl -t snort2c -T show > /tmp/snort_block.cache');
-$alerts_array = array_reverse(array_filter(explode("\n\n", file_get_contents('/var/log/snort/alert'))));
-$blocked_ips_array = str_replace(' ', '', array_filter(explode("\n", file_get_contents('/tmp/snort_block.cache'))));
-
-$logent = $bnentries;
-
-if ($blocked_ips_array[0] != '' && $alerts_array[0] != '')
-{
-
- /* build the list and compare blocks to alerts */
- $counter = 0;
- foreach($alerts_array as $fileline)
- {
-
- $counter++;
-
- $alert_ip_src = get_snort_alert_ip_src($fileline);
- $alert_ip_disc = get_snort_alert_disc($fileline);
- $alert_ip_src_array[] = get_snort_alert_ip_src($fileline);
-
- if (in_array("$alert_ip_src", $blocked_ips_array))
- {
- $input[] = "[$alert_ip_src] " . "[$alert_ip_disc]\n";
- }
- }
-
- foreach($blocked_ips_array as $alert_block_ip)
- {
-
- if (!in_array($alert_block_ip, $alert_ip_src_array))
- {
- $input[] = "[$alert_block_ip] " . "[N\A]\n";
- }
- }
-
- /* reduce double occurrences */
- $result = array_unique($input);
-
- /* buil final list, preg_match, buld html */
- $counter2 = 0;
-
- foreach($result as $fileline2)
- {
- if($logent <= $counter2)
- continue;
-
- $counter2++;
-
- $alert_block_ip_str = get_snort_block_ip($fileline2);
-
- if($alert_block_ip_str != '')
- {
- $alert_block_ip_match = array('[',']');
- $alert_block_ip = str_replace($alert_block_ip_match, '', "$alert_block_ip_str");
- }else{
- $alert_block_ip = 'empty';
- }
-
- $alert_block_disc_str = get_snort_block_disc($fileline2);
-
- if($alert_block_disc_str != '')
- {
- $alert_block_disc_match = array('] [',']');
- $alert_block_disc = str_replace($alert_block_disc_match, '', "$alert_block_disc_str");
- }else{
- $alert_block_disc = 'empty';
- }
-
- /* use one echo to do the magic*/
- echo "<tr>
- <td align=\"center\" valign=\"top\"'><a href='snort_blocked.php?todelete=" . trim(urlencode($alert_block_ip)) . "'>
- <img title=\"Delete\" border=\"0\" name='todelete' id='todelete' alt=\"Delete\" src=\"../themes/{$g['theme']}/images/icons/icon_x.gif\"></a></td>
- <td>&nbsp;{$counter2}</td>
- <td>&nbsp;{$alert_block_ip}</td>
- <td>&nbsp;{$alert_block_disc}</td>
- </tr>\n";
-
- }
-
-}else{
-
- /* if alerts file is empty and blocked table is not empty */
- $counter2 = 0;
-
- foreach($blocked_ips_array as $alert_block_ip)
- {
- if($logent <= $counter2)
- continue;
-
- $counter2++;
-
- $alert_block_disc = 'N/A';
-
- /* use one echo to do the magic*/
- echo "<tr>
- <td align=\"center\" valign=\"top\"'><a href='snort_blocked.php?todelete=" . trim(urlencode($alert_block_ip)) . "'>
- <img title=\"Delete\" border=\"0\" name='todelete' id='todelete' alt=\"Delete\" src=\"../themes/{$g['theme']}/images/icons/icon_x.gif\"></a></td>
- <td>&nbsp;{$counter2}</td>
- <td>&nbsp;{$alert_block_ip}</td>
- <td>&nbsp;{$alert_block_disc}</td>
- </tr>\n";
- }
-}
-
-if ($blocked_ips_array[0] == '')
-{
- echo "\n<tr><td colspan='3' align=\"center\" valign=\"top\"><br><strong>There are currently no items being blocked by snort.</strong></td></tr>";
-}else{
- echo "\n<tr><td colspan='3' align=\"center\" valign=\"top\">{$counter2} items listed.</td></tr>";
-}
-
-?>
- </table>
- </td>
- </tr>
- </table>
- </td>
- </tr>
-</table>
-<?php include("fend.inc"); ?>
-</body>
-</html>
diff --git a/config/snort-dev/snort_download_rules.php b/config/snort-dev/snort_download_rules.php
deleted file mode 100644
index b2bcb748..00000000
--- a/config/snort-dev/snort_download_rules.php
+++ /dev/null
@@ -1,1211 +0,0 @@
-<?php
-/* $Id$ */
-/*
- snort_rulesets.php
- Copyright (C) 2006 Scott Ullrich
- Copyright (C) 2009 Robert Zelaya
- All rights reserved.
-
- Redistribution and use in source and binary forms, with or without
- modification, are permitted provided that the following conditions are met:
-
- 1. Redistributions of source code must retain the above copyright notice,
- this list of conditions and the following disclaimer.
-
- 2. Redistributions in binary form must reproduce the above copyright
- notice, this list of conditions and the following disclaimer in the
- documentation and/or other materials provided with the distribution.
-
- THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
- INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
- AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
- AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
- OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
- SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
- INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
- CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
- POSSIBILITY OF SUCH DAMAGE.
-*/
-
-/* Setup enviroment */
-
-/* TODO: review if include files are needed */
-require_once("guiconfig.inc");
-require_once("functions.inc");
-require_once("service-utils.inc");
-require_once("/usr/local/pkg/snort/snort.inc");
-
-$tmpfname = "/tmp/snort_rules_up";
-$snortdir = "/usr/local/etc/snort";
-$snortdir_wan = "/usr/local/etc/snort";
-$snort_filename_md5 = "snortrules-snapshot-2.8.tar.gz.md5";
-$snort_filename = "snortrules-snapshot-2.8.tar.gz";
-$emergingthreats_filename_md5 = "version.txt";
-$emergingthreats_filename = "emerging.rules.tar.gz";
-$pfsense_rules_filename_md5 = "pfsense_rules.tar.gz.md5";
-$pfsense_rules_filename = "pfsense_rules.tar.gz";
-
-$id_d = $_GET['id_d'];
-if (isset($_POST['id_d']))
- $id_d = $_POST['id_d'];
-
-/* Time stamps define */
-$last_md5_download = $config['installedpackages']['snortglobal']['last_md5_download'];
-$last_rules_install = $config['installedpackages']['snortglobal']['last_rules_install'];
-
-/* define checks */
-$oinkid = $config['installedpackages']['snortglobal']['oinkmastercode'];
-$snortdownload = $config['installedpackages']['snortglobal']['snortdownload'];
-$emergingthreats = $config['installedpackages']['snortglobal']['emergingthreats'];
-
-
- if ($snortdownload == "off" && $emergingthreats != "on")
- {
- $snort_emrging_info = "stop";
- }
-
- if ($oinkid == "" && $snortdownload != "off")
- {
- $snort_oinkid_info = "stop";
- }
-
-
- /* check if main rule directory is empty */
- $if_mrule_dir = "/usr/local/etc/snort/rules";
- $mfolder_chk = (count(glob("$if_mrule_dir/*")) === 0) ? 'empty' : 'full';
-
-
-if (file_exists('/var/run/snort.conf.dirty')) {
- $snort_dirty_d = 'stop';
-}
-
-
-
-/* If no id show the user a button */
-if ($id_d == "" || $snort_emrging_info == "stop" || $snort_oinkid_info == "stop" || $snort_dirty_d == 'stop') {
-
-$pgtitle = "Services: Snort: Rule Updates";
-
-include("head.inc");
-include("./snort_fbegin.inc");
-echo "<p class=\"pgtitle\">";
-if($pfsense_stable == 'yes'){echo $pgtitle;}
-echo "</p>\n";
-
- echo "<table height=\"32\" width=\"100%\">\n";
- echo " <tr>\n";
- echo " <td>\n";
- echo " <div style='background-color:#E0E0E0' id='redbox'>\n";
- echo " <table width='100%'><tr><td width='8%'>\n";
- echo " &nbsp;&nbsp;&nbsp;<img style='vertical-align:middle' src=\"/snort/images/icon_excli.png\" width=\"40\" height=\"32\">\n";
- echo " </td>\n";
- echo " <td width='70%'><font color='#FF850A'><b>NOTE:</b></font><font color='#000000'>&nbsp;&nbsp;Snort.org and Emergingthreats.net will go down from time to time. Please be patient.</font>\n";
- echo " </td>";
- echo " </tr></table>\n";
- echo " </div>\n";
- echo " </td>\n";
- echo "</table>\n";
- echo "<script type=\"text/javascript\">\n";
- echo "NiftyCheck();\n";
- echo "Rounded(\"div#redbox\",\"all\",\"#FFF\",\"#E0E0E0\",\"smooth\");\n";
- echo "Rounded(\"td#blackbox\",\"all\",\"#FFF\",\"#000000\",\"smooth\");\n";
- echo "</script>\n";
- echo "\n<br>\n";
-
-/* make sure user has javascript on */
-echo "<style type=\"text/css\">
-.alert {
- position:absolute;
- top:10px;
- left:0px;
- width:94%;
-background:#FCE9C0;
-background-position: 15px;
-border-top:2px solid #DBAC48;
-border-bottom:2px solid #DBAC48;
-padding: 15px 10px 85% 50px;
-}
-</style>
-<noscript><div class=\"alert\" ALIGN=CENTER><img src=\"/themes/nervecenter/images/icons/icon_alert.gif\"/><strong>Please enable JavaScript to view this content</CENTER></div></noscript>\n";
-echo "<body link=\"#000000\" vlink=\"#000000\" alink=\"#000000\">\n";
-
-echo "<script src=\"/row_toggle.js\" type=\"text/javascript\"></script>\n
-<script src=\"/javascript/sorttable.js\" type=\"text/javascript\"></script>\n
-<table width=\"99%\" border=\"0\" cellpadding=\"0\" cellspacing=\"0\">\n
- <tr>\n
- <td>\n";
-
- $tab_array = array();
- $tab_array[] = array("Snort Interfaces", false, "/snort/snort_interfaces.php");
- $tab_array[] = array("Global Settings", false, "/snort/snort_interfaces_global.php");
- $tab_array[] = array("Rule Updates", true, "/snort/snort_download_rules.php");
- $tab_array[] = array("Alerts", false, "/snort/snort_alerts.php");
- $tab_array[] = array("Blocked", false, "/snort/snort_blocked.php");
- $tab_array[] = array("Whitelists", false, "/pkg.php?xml=/snort/snort_whitelist.xml");
- $tab_array[] = array("Help & Info", false, "/snort/snort_help_info.php");
- display_top_tabs($tab_array);
-
-if ($snort_emrging_info == "stop" && $snort_oinkid_info == "stop") {
-$disable_enable_button = 'onclick="this.disabled=true"';
-}else{
-$disable_enable_button = "onClick=\"parent.location='/snort/snort_download_rules.php?id_d=up'\"";
-}
-echo "</td>\n
- </tr>\n
- <tr>\n
- <td>\n
- <div id=\"mainarea\">\n
- <table id=\"maintable\" class=\"tabcont\" width=\"100%\" border=\"0\" cellpadding=\"0\" cellspacing=\"0\">\n
- <tr>\n
- <td>\n
-<input name=\"Submit\" type=\"submit\" class=\"formbtn\" $disable_enable_button value=\"Update Rules\" $disable_button> <br><br> \n";
-
-if ($mfolder_chk == "empty")
-{
-echo "<span class=\"red\"><strong>WARNING:</strong></span> &nbsp;&nbsp;The main rules <strong>directory</strong> is <strong>empty</strong>. /usr/local/etc/snort/rules <br><br>\n";
-}
-
-if ($snort_emrging_info == "stop") {
-echo "<span class=\"red\"><strong>WARNING:</strong></span> &nbsp;&nbsp;Click on the <strong>\"Global Settings\"</strong> tab and select ether snort.org or enmergingthreats.net rules to download. <br><br> \n";
-}
-
-if ($snort_oinkid_info == "stop") {
-echo "<span class=\"red\"><strong>WARNING:</strong></span> &nbsp;&nbsp;Click on the <strong>\"Global Settings\"</strong> tab and enter a <strong>oinkmaster</strong> code. <br><br> \n";
-}
-
-if ($snort_dirty_d == "stop") {
-echo "<span class=\"red\"><strong>WARNING:</span> CHANGES HAVE NOT BEEN APPLIED</strong> &nbsp;&nbsp;Click on the <strong>\"Apply Settings\"</strong> button at the main interface tab.<br><br> \n";
-}
-
-echo " </td>\n
- </tr>\n
- </table>\n
- </div>\n
- </td>\n
- </tr>\n
-</table>\n
-\n
-</form>\n
-\n
-<p>\n\n";
-
-if ($id_d == "")
-echo "Click on the <strong>\"Update Rules\"</strong> button to start the updates. <br><br> \n";
-
-if ($config['installedpackages']['snortglobal']['last_md5_download'] != "")
-echo "The last time the updates were started <strong>$last_md5_download</strong>. <br><br> \n";
-
-if ($config['installedpackages']['snortglobal']['last_rules_install'] != "")
-echo "The last time the updates were installed <strong>$last_rules_install</strong>. <br><br> \n";
-
-include("fend.inc");
-
-echo "</body>";
-echo "</html>";
-
-exit(0);
-
-}
-
-$pgtitle = "Services: Snort: Update Rules";
-
-include("/usr/local/www/head.inc");
-
-?>
-<script src="/javascript/scriptaculous/prototype.js" type="text/javascript"></script>
-<script type="text/javascript" src="/snort/javascript/jquery-1.3.2.js"></script>
-<script type="text/javascript" src="/snort/javascript/jquery.blockUI.js?v2.28"></script>
-
-<script type="text/javascript">
-<!--
-
-function displaymessage()
-{
-
- $.blockUI.defaults.message = "Please be patient....";
-
- $.blockUI({
-
- css: {
- border: 'none',
- padding: '15px',
- backgroundColor: '#000',
- '-webkit-border-radius': '10px',
- '-moz-border-radius': '10px',
- opacity: .5,
- color: '#fff',
- }
- });
-
-}
-
-function displaymessagestop()
-{
-
-setTimeout($.unblockUI, 2000);
-
-}
-
-// -->
-</script>
-
-<body link="#0000CC" vlink="#0000CC" alink="#0000CC">
-<?php include("./snort_fbegin.inc"); ?>
-<p class="pgtitle"><?if($pfsense_stable == 'yes'){echo $pgtitle;}?></p>
-
-<form action="snort_download_rules.php" method="post">
-<div id="inputerrors"></div>
-
-<table width="100%" border="0" cellpadding="0" cellspacing="0">
- <tr>
- <td>
-<?php
- $tab_array = array();
- $tab_array[] = array("Snort Interfaces", false, "/snort/snort_interfaces.php");
- $tab_array[] = array("Global Settings", false, "/snort/snort_interfaces_global.php");
- $tab_array[] = array("Rule Updates", true, "/snort/snort_download_rules.php");
- $tab_array[] = array("Alerts", false, "/snort/snort_alerts.php");
- $tab_array[] = array("Blocked", false, "/snort/snort_blocked.php");
- $tab_array[] = array("Whitelists", false, "/pkg.php?xml=/snort/snort_whitelist.xml");
- $tab_array[] = array("Help & Info", false, "/snort/snort_help_info.php");
- display_top_tabs($tab_array);
-?>
-
-<script type="text/javascript">
-<!--
- displaymessage();
-// -->
-</script>
-
-</td>
-</tr>
- <br>
- <tr>
- <td>
- <div id="mainarea">
- <table class="tabcont" width="100%" border="0" cellpadding="6" cellspacing="0">
- <tr>
- <td align="center" valign="top">
- <!-- progress bar -->
- <table id="progholder" width='420' style='border-collapse: collapse; border: 1px solid #000000;' cellpadding='2' cellspacing='2'>
- <tr>
- <td>
- <img border='0' src='../themes/<?= $g['theme']; ?>/images/misc/progress_bar.gif' width='280' height='23' name='progressbar' id='progressbar' alt='' />
- </td>
- </tr>
- </table>
- <br />
- <!-- status box -->
- <textarea cols="60" rows="2" name="status" id="status" wrap="hard">
- <?=gettext("Initializing...");?>
- </textarea>
- <!-- command output box -->
- <textarea cols="60" rows="2" name="output" id="output" wrap="hard">
- </textarea>
- </td>
- </tr>
- </table>
- </div>
- </td>
- </tr>
-</table>
-</form>
-<?php include("fend.inc");?>
-
-<?php
-
-conf_mount_rw();
-
-/* Begin main code */
-/* Set user agent to Mozilla */
-ini_set('user_agent','Mozilla/4.0 (compatible; MSIE 6.0)');
-ini_set("memory_limit","125M");
-
-/* mark the time update started */
-$config['installedpackages']['snortglobal']['last_md5_download'] = date("Y-M-jS-h:i-A");
-
-/* send current buffer */
-ob_flush();
-conf_mount_rw();
-
-$premium_subscriber_chk = $config['installedpackages']['snortglobal']['snortdownload'];
-
-if ($premium_subscriber_chk == "premium") {
- $premium_subscriber = "_s";
-}else{
- $premium_subscriber = "";
-}
-
-$premium_url_chk = $config['installedpackages']['snortglobal']['snortdownload'];
-if ($premium_url_chk == "premium") {
- $premium_url = "sub-rules";
-}else{
- $premium_url = "reg-rules";
-}
-
-/* hide progress bar */
-hide_progress_bar_status();
-
-/* send current buffer */
-ob_flush();
-conf_mount_rw();
-
-/* remove old $tmpfname files */
-if (file_exists("{$tmpfname}")) {
- update_status(gettext("Removing old tmp files..."));
- exec("/bin/rm -r {$tmpfname}");
- apc_clear_cache();
-}
-
-/* Make shure snortdir exits */
-exec("/bin/mkdir -p {$snortdir}");
-exec("/bin/mkdir -p {$snortdir}/rules");
-exec("/bin/mkdir -p {$snortdir}/signatures");
-exec("/bin/mkdir -p /usr/local/lib/snort/dynamicrules/");
-
-/* send current buffer */
-ob_flush();
-conf_mount_rw();
-
-/* If tmp dir does not exist create it */
-if (file_exists($tmpfname)) {
- update_status(gettext("The directory tmp exists..."));
-} else {
- mkdir("{$tmpfname}", 700);
-}
-
-/* unhide progress bar and lets end this party */
-unhide_progress_bar_status();
-
-/* download md5 sig from snort.org */
-if ($snortdownload == "basic" || $snortdownload == "premium")
-{
- if (file_exists("{$tmpfname}/{$snort_filename_md5}") &&
- filesize("{$tmpfname}/{$snort_filename_md5}") > 0) {
- update_status(gettext("snort.org md5 temp file exists..."));
- } else {
- update_status(gettext("Downloading snort.org md5 file..."));
- ini_set('user_agent','Mozilla/4.0 (compatible; MSIE 6.0)');
- $image = @file_get_contents("http://dl.snort.org/{$premium_url}/snortrules-snapshot-2.8{$premium_subscriber}.tar.gz.md5?oink_code={$oinkid}");
-// $image = @file_get_contents("http://www.mtest.local/pub-bin/oinkmaster.cgi/{$oinkid}/snortrules-snapshot-2.8{$premium_subscriber}.tar.gz.md5");
- $f = fopen("{$tmpfname}/snortrules-snapshot-2.8.tar.gz.md5", 'w');
- fwrite($f, $image);
- fclose($f);
- update_status(gettext("Done downloading snort.org md5"));
- }
-}
-
-/* download md5 sig from emergingthreats.net */
-if ($emergingthreats == "on")
-{
- update_status(gettext("Downloading emergingthreats md5 file..."));
- ini_set('user_agent','Mozilla/4.0 (compatible; MSIE 6.0)');
- $image = @file_get_contents("http://www.emergingthreats.net/version.txt");
-// $image = @file_get_contents("http://www.mtest.local/pub-bin/oinkmaster.cgi/{$oinkid}/version.txt");
- $f = fopen("{$tmpfname}/version.txt", 'w');
- fwrite($f, $image);
- fclose($f);
- update_status(gettext("Done downloading emergingthreats md5"));
-}
-
-/* download md5 sig from pfsense.org */
-if (file_exists("{$tmpfname}/{$pfsense_rules_filename_md5}")) {
- update_status(gettext("pfsense md5 temp file exists..."));
-} else {
- update_status(gettext("Downloading pfsense md5 file..."));
- ini_set('user_agent','Mozilla/4.0 (compatible; MSIE 6.0)');
- $image = @file_get_contents("http://www.pfsense.com/packages/config/snort/pfsense_rules/pfsense_rules.tar.gz.md5");
-// $image = @file_get_contents("http://www.mtest.local/pub-bin/oinkmaster.cgi/{$oinkid}/pfsense_rules.tar.gz.md5");
- $f = fopen("{$tmpfname}/pfsense_rules.tar.gz.md5", 'w');
- fwrite($f, $image);
- fclose($f);
- update_status(gettext("Done downloading pfsense md5."));
-}
-
-/* If md5 file is empty wait 15min exit */
-if ($snortdownload != "off")
-{
- if (0 == filesize("{$tmpfname}/snortrules-snapshot-2.8.tar.gz.md5"))
- {
- update_status(gettext("Please wait... You may only check for New Rules every 15 minutes..."));
- update_output_window(gettext("Rules are released every month from snort.org. You may download the Rules at any time."));
- hide_progress_bar_status();
- /* Display last time of sucsessful md5 check from cache */
- echo "\n\n</body>\n</html>\n";
- echo '
-<script type="text/javascript">
-<!--
- displaymessagestop();
-// -->
-</script>';
-echo "</body>";
-echo "</html>";
-conf_mount_ro();
- exit(0);
- }
-}
-
-/* If emergingthreats md5 file is empty wait 15min exit not needed */
-
-/* If pfsense md5 file is empty wait 15min exit */
-if (0 == filesize("{$tmpfname}/$pfsense_rules_filename_md5")){
- update_status(gettext("Please wait... You may only check for New Pfsense Rules every 15 minutes..."));
- update_output_window(gettext("Rules are released to support Pfsense packages."));
- hide_progress_bar_status();
- /* Display last time of sucsessful md5 check from cache */
- echo "\n\n</body>\n</html>\n";
- echo '
-<script type="text/javascript">
-<!--
- displaymessagestop();
-// -->
-</script>';
-echo "</body>";
-echo "</html>";
-conf_mount_ro();
- exit(0);
-}
-
-/* Check if were up to date snort.org */
-if ($snortdownload != "off")
-{
- if (file_exists("{$snortdir}/snortrules-snapshot-2.8.tar.gz.md5"))
- {
- $md5_check_new_parse = file_get_contents("{$tmpfname}/{$snort_filename_md5}");
- $md5_check_new = `/bin/echo "{$md5_check_new_parse}" | /usr/bin/awk '{ print $1 }'`;
- $md5_check_old_parse = file_get_contents("{$snortdir}/{$snort_filename_md5}");
- $md5_check_old = `/bin/echo "{$md5_check_old_parse}" | /usr/bin/awk '{ print $1 }'`;
- /* Write out time of last sucsessful md5 to cache */
- write_config(); // Will cause switch back to read-only on nanobsd
- conf_mount_rw();
- if ($md5_check_new == $md5_check_old)
- {
- update_status(gettext("Your rules are up to date..."));
- update_output_window(gettext("You may start Snort now, check update."));
- hide_progress_bar_status();
- echo "\n\n</body>\n</html>\n";
- $snort_md5_check_ok = on;
- }
- }
-}
-
-/* Check if were up to date emergingthreats.net */
-if ($emergingthreats == "on")
-{
- if (file_exists("{$snortdir}/version.txt"))
- {
- $emerg_md5_check_new_parse = file_get_contents("{$tmpfname}/version.txt");
- $emerg_md5_check_new = `/bin/echo "{$emerg_md5_check_new_parse}" | /usr/bin/awk '{ print $1 }'`;
- $emerg_md5_check_old_parse = file_get_contents("{$snortdir}/version.txt");
- $emerg_md5_check_old = `/bin/echo "{$emerg_md5_check_old_parse}" | /usr/bin/awk '{ print $1 }'`;
- /* Write out time of last sucsessful md5 to cache */
- // Will cause switch back to read-only on nanobsd
- write_config();
- conf_mount_rw();
- if ($emerg_md5_check_new == $emerg_md5_check_old)
- {
- hide_progress_bar_status();
- $emerg_md5_check_ok = on;
- }
- }
-}
-
-/* Check if were up to date pfsense.org */
- if (file_exists("{$snortdir}/pfsense_rules.tar.gz.md5"))
- {
- $pfsense_check_new_parse = file_get_contents("{$tmpfname}/pfsense_rules.tar.gz.md5");
- $pfsense_md5_check_new = `/bin/echo "{$pfsense_md5_check_new_parse}" | /usr/bin/awk '{ print $1 }'`;
- $pfsense_md5_check_old_parse = file_get_contents("{$snortdir}/pfsense_rules.tar.gz.md5");
- $pfsense_md5_check_old = `/bin/echo "{$pfsense_md5_check_old_parse}" | /usr/bin/awk '{ print $1 }'`;
- /* Write out time of last sucsessful md5 to cache */
- // Will cause switch back to read-only on nanobsd
- write_config();
- conf_mount_rw();
- if ($pfsense_md5_check_new == $pfsense_md5_check_old)
- {
- hide_progress_bar_status();
- $pfsense_md5_check_ok = on;
- }
- }
-
-/* Check if were up to date is so, exit */
-/* WARNING This code needs constant checks */
-if ($snortdownload != "off" && $emergingthreats != "off")
-{
- if ($snort_md5_check_ok == "on" && $emerg_md5_check_ok == "on")
- {
- update_status(gettext("All your rules are up to date..."));
- update_output_window(gettext("You may start Snort now..."));
- echo '
- <script type="text/javascript">
- <!--
- displaymessagestop();
- // -->
- </script>';
- echo "</body>";
- echo "</html>";
- conf_mount_ro();
- exit(0);
- }
-}
-
-if ($snortdownload == "on" && $emergingthreats == "off")
-{
- if ($snort_md5_check_ok == "on")
- {
- update_status(gettext("Your snort.org rules are up to date..."));
- update_output_window(gettext("You may start Snort now..."));
- echo '
- <script type="text/javascript">
- <!--
- displaymessagestop();
- // -->
- </script>';
- echo "</body>";
- echo "</html>";
- conf_mount_ro();
- exit(0);
- }
-}
-
-if ($snortdownload == "off" && $emergingthreats == "on")
-{
- if ($emerg_md5_check_ok == "on")
- {
- update_status(gettext("Your Emergingthreats rules are up to date..."));
- update_output_window(gettext("You may start Snort now..."));
- echo '
- <script type="text/javascript">
- <!--
- displaymessagestop();
- // -->
- </script>';
- echo "</body>";
- echo "</html>";
- conf_mount_ro();
- exit(0);
- }
-}
-
-/* You are Not Up to date, always stop snort when updating rules for low end machines */;
-update_status(gettext("You are NOT up to date..."));
-update_output_window(gettext("Stopping Snort service..."));
-$chk_if_snort_up = exec("pgrep -x snort");
-if ($chk_if_snort_up != "") {
- exec("/usr/bin/touch /tmp/snort_download_halt.pid");
- exec("/bin/sh /usr/local/etc/rc.d/snort.sh stop");
- sleep(2);
-}
-
-/* download snortrules file */
-if ($snortdownload != "off")
-{
- if ($snort_md5_check_ok != on) {
- if (file_exists("{$tmpfname}/{$snort_filename}")) {
- update_status(gettext("Snortrule tar file exists..."));
- } else {
- unhide_progress_bar_status();
- update_status(gettext("There is a new set of Snort rules posted. Downloading..."));
- update_output_window(gettext("May take 4 to 10 min..."));
-// download_file_with_progress_bar("http://www.mtest.local/pub-bin/oinkmaster.cgi/{$oinkid}/snortrules-snapshot-2.8{$premium_subscriber}.tar.gz", $tmpfname . "/{$snort_filename}", "read_body_firmware");
- download_file_with_progress_bar("http://dl.snort.org/{$premium_url}/snortrules-snapshot-2.8{$premium_subscriber}.tar.gz?oink_code={$oinkid}", $tmpfname . "/{$snort_filename}", "read_body_firmware");
- update_all_status($static_output);
- update_status(gettext("Done downloading rules file."));
- if (150000 > filesize("{$tmpfname}/$snort_filename")){
- update_status(gettext("Error with the snort rules download..."));
- update_output_window(gettext("Snort rules file downloaded failed..."));
- echo '
-<script type="text/javascript">
-<!--
- displaymessagestop();
-// -->
-</script>';
-echo "</body>";
-echo "</html>";
-conf_mount_ro();
- exit(0);
- }
- }
- }
-}
-
-/* download emergingthreats rules file */
-if ($emergingthreats == "on")
-{
- if ($emerg_md5_check_ok != on)
- {
- if (file_exists("{$tmpfname}/{$emergingthreats_filename}"))
- {
- update_status(gettext("Emergingthreats tar file exists..."));
- }else{
- update_status(gettext("There is a new set of Emergingthreats rules posted. Downloading..."));
- update_output_window(gettext("May take 4 to 10 min..."));
-// download_file_with_progress_bar("http://www.mtest.local/pub-bin/oinkmaster.cgi/{$oinkid}/emerging.rules.tar.gz", $tmpfname . "/{$emergingthreats_filename}", "read_body_firmware");
- download_file_with_progress_bar("http://www.emergingthreats.net/rules/emerging.rules.tar.gz", $tmpfname . "/{$emergingthreats_filename}", "read_body_firmware");
- update_all_status($static_output);
- update_status(gettext("Done downloading Emergingthreats rules file."));
- }
- }
-}
-
-/* download pfsense rules file */
-if ($pfsense_md5_check_ok != on) {
-if (file_exists("{$tmpfname}/{$pfsense_rules_filename}")) {
- update_status(gettext("Snortrule tar file exists..."));
-} else {
- unhide_progress_bar_status();
- update_status(gettext("There is a new set of Pfsense rules posted. Downloading..."));
- update_output_window(gettext("May take 4 to 10 min..."));
-// download_file_with_progress_bar("http://www.mtest.local/pub-bin/oinkmaster.cgi/{$oinkid}/pfsense_rules.tar.gz", $tmpfname . "/{$pfsense_rules_filename}", "read_body_firmware");
- download_file_with_progress_bar("http://www.pfsense.com/packages/config/snort/pfsense_rules/pfsense_rules.tar.gz", $tmpfname . "/{$pfsense_rules_filename}", "read_body_firmware");
- update_all_status($static_output);
- update_status(gettext("Done downloading rules file."));
- }
-}
-
-/* Compair md5 sig to file sig */
-
-//$premium_url_chk = $config['installedpackages']['snort']['config'][0]['subscriber'];
-//if ($premium_url_chk == on) {
-//$md5 = file_get_contents("{$tmpfname}/{$snort_filename_md5}");
-//$file_md5_ondisk = `/sbin/md5 {$tmpfname}/{$snort_filename} | /usr/bin/awk '{ print $4 }'`;
-// if ($md5 == $file_md5_ondisk) {
-// update_status(gettext("Valid md5 checksum pass..."));
-//} else {
-// update_status(gettext("The downloaded file does not match the md5 file...P is ON"));
-// update_output_window(gettext("Error md5 Mismatch..."));
-// exit(0);
-// }
-//}
-
-//$premium_url_chk = $config['installedpackages']['snort']['config'][0]['subscriber'];
-//if ($premium_url_chk != on) {
-//$md55 = `/bin/cat {$tmpfname}/{$snort_filename_md5} | /usr/bin/awk '{ print $4 }'`;
-//$file_md5_ondisk2 = `/sbin/md5 {$tmpfname}/{$snort_filename} | /usr/bin/awk '{ print $4 }'`;
-// if ($md55 == $file_md5_ondisk2) {
-// update_status(gettext("Valid md5 checksum pass..."));
-//} else {
-// update_status(gettext("The downloaded file does not match the md5 file...Not P"));
-// update_output_window(gettext("Error md5 Mismatch..."));
-// exit(0);
-// }
-//}
-
-/* Untar snort rules file individually to help people with low system specs */
-if ($snortdownload != "off")
-{
- if ($snort_md5_check_ok != on) {
- if (file_exists("{$tmpfname}/{$snort_filename}")) {
- update_status(gettext("Extracting rules..."));
- update_output_window(gettext("May take a while..."));
- exec("/bin/mkdir -p {$snortdir}/rules_bk/");
- exec("/usr/bin/tar xzf {$tmpfname}/{$snort_filename} -C {$snortdir}/rules_bk rules/");
- exec("/usr/bin/tar xzf {$tmpfname}/{$snort_filename} -C {$snortdir} etc/" .
- " so_rules/precompiled/FreeBSD-7.0/i386/2.8.5.1/" .
- " so_rules/bad-traffic.rules/" .
- " so_rules/chat.rules/" .
- " so_rules/dos.rules/" .
- " so_rules/exploit.rules/" .
- " so_rules/imap.rules/" .
- " so_rules/misc.rules/" .
- " so_rules/multimedia.rules/" .
- " so_rules/netbios.rules/" .
- " so_rules/nntp.rules/" .
- " so_rules/p2p.rules/" .
- " so_rules/smtp.rules/" .
- " so_rules/sql.rules/" .
- " so_rules/web-client.rules/" .
- " so_rules/web-misc.rules/");
- /* add prefix to all snort.org files */
- /* remove this part and make it all php with the simplst code posible */
- chdir ("/usr/local/etc/snort/rules_bk/rules");
- sleep(2);
- exec('/usr/local/bin/perl /usr/local/bin/snort_rename.pl s/^/snort_/ *.rules');
- update_status(gettext("Done extracting Rules."));
- }else{
- update_status(gettext("The Download rules file missing..."));
- update_output_window(gettext("Error rules extracting failed..."));
- echo '
-<script type="text/javascript">
-<!--
- displaymessagestop();
-// -->
-</script>';
-echo "</body>";
-echo "</html>";
-conf_mount_ro();
- exit(0);
- }
- }
-}
-
-/* Untar emergingthreats rules to tmp */
-if ($emergingthreats == "on")
-{
- if ($emerg_md5_check_ok != on)
- {
- if (file_exists("{$tmpfname}/{$emergingthreats_filename}"))
- {
- update_status(gettext("Extracting rules..."));
- update_output_window(gettext("May take a while..."));
- exec("/usr/bin/tar xzf {$tmpfname}/{$emergingthreats_filename} -C {$snortdir} rules/");
- }
- }
-}
-
-/* Untar Pfsense rules to tmp */
-if ($pfsense_md5_check_ok != on) {
-if (file_exists("{$tmpfname}/{$pfsense_rules_filename}")) {
- update_status(gettext("Extracting Pfsense rules..."));
- update_output_window(gettext("May take a while..."));
- exec("/usr/bin/tar xzf {$tmpfname}/{$pfsense_rules_filename} -C {$snortdir} rules/");
- }
-}
-
-/* Untar snort signatures */
-if ($snort_md5_check_ok != on) {
-if (file_exists("{$tmpfname}/{$snort_filename}")) {
-$signature_info_chk = $config['installedpackages']['snortglobal']['signatureinfo'];
-if ($premium_url_chk == on) {
- update_status(gettext("Extracting Signatures..."));
- update_output_window(gettext("May take a while..."));
- exec("/usr/bin/tar xzf {$tmpfname}/{$snort_filename} -C {$snortdir} doc/signatures/");
- update_status(gettext("Done extracting Signatures."));
- }
- }
-}
-
-/* Copy so_rules dir to snort lib dir */
-/* Disabed untill I find out why there is a segment failt coredump when using these rules on 2.8.5.3 */
-if ($snortdownload != "off")
-{
- if ($snort_md5_check_ok != on) {
- if (file_exists("{$snortdir}/so_rules/precompiled/FreeBSD-7.0/i386/2.8.5.1")) {
- update_status(gettext("Copying so_rules..."));
- update_output_window(gettext("May take a while..."));
- exec("/bin/cp -f {$snortdir}/so_rules/precompiled/FreeBSD-7.0/i386/2.8.5.1/* /usr/local/lib/snort/dynamicrules/");
- exec("/bin/cp {$snortdir}/so_rules/bad-traffic.rules {$snortdir}/rules/snort_bad-traffic.so.rules");
- exec("/bin/cp {$snortdir}/so_rules/chat.rules {$snortdir}/rules/snort_chat.so.rules");
- exec("/bin/cp {$snortdir}/so_rules/dos.rules {$snortdir}/rules/snort_dos.so.rules");
- exec("/bin/cp {$snortdir}/so_rules/exploit.rules {$snortdir}/rules/snort_exploit.so.rules");
- exec("/bin/cp {$snortdir}/so_rules/imap.rules {$snortdir}/rules/snort_imap.so.rules");
- exec("/bin/cp {$snortdir}/so_rules/misc.rules {$snortdir}/rules/snort_misc.so.rules");
- exec("/bin/cp {$snortdir}/so_rules/multimedia.rules {$snortdir}/rules/snort_multimedia.so.rules");
- exec("/bin/cp {$snortdir}/so_rules/netbios.rules {$snortdir}/rules/snort_netbios.so.rules");
- exec("/bin/cp {$snortdir}/so_rules/nntp.rules {$snortdir}/rules/snort_nntp.so.rules");
- exec("/bin/cp {$snortdir}/so_rules/p2p.rules {$snortdir}/rules/snort_p2p.so.rules");
- exec("/bin/cp {$snortdir}/so_rules/smtp.rules {$snortdir}/rules/snort_smtp.so.rules");
- exec("/bin/cp {$snortdir}/so_rules/sql.rules {$snortdir}/rules/snort_sql.so.rules");
- exec("/bin/cp {$snortdir}/so_rules/web-activex.rules {$snortdir}/rules/snort_web-activex.so.rules");
- exec("/bin/cp {$snortdir}/so_rules/web-client.rules {$snortdir}/rules/snort_web-client.so.rules");
- exec("/bin/cp {$snortdir}/so_rules/web-iis.rules {$snortdir}/rules/snort_web-iis.so.rules");
- exec("/bin/cp {$snortdir}/so_rules/web.misc.rules {$snortdir}/rules/snort_web.misc.so.rules");
- exec("/bin/rm -r {$snortdir}/so_rules");
- update_status(gettext("Done copying so_rules."));
- }else{
- update_status(gettext("Directory so_rules does not exist..."));
- update_output_window(gettext("Error copying so_rules..."));
- echo '
-<script type="text/javascript">
-<!--
- displaymessagestop();
-// -->
-</script>';
- echo "</body>";
- echo "</html>";
- conf_mount_ro();
- exit(0);
- }
- }
-}
-
-/* Copy renamed snort.org rules to snort dir */
-if ($snortdownload != "off")
-{
- if ($snort_md5_check_ok != on)
- {
- if (file_exists("{$snortdir}/rules_bk/rules/Makefile.am"))
- {
- update_status(gettext("Copying renamed snort.org rules to snort directory..."));
- exec("/bin/cp {$snortdir}/rules_bk/rules/* {$snortdir}/rules/");
- }else{
- update_status(gettext("The renamed snort.org rules do not exist..."));
- update_output_window(gettext("Error copying config..."));
- echo '
-<script type="text/javascript">
-<!--
- displaymessagestop();
-// -->
-</script>';
- echo "</body>";
- echo "</html>";
- conf_mount_ro();
- exit(0);
- }
- }
-}
-
-/* Copy configs to snort dir */
-if ($snortdownload != "off")
-{
- if ($snort_md5_check_ok != on)
- {
- if (file_exists("{$snortdir}/etc/Makefile.am")) {
- update_status(gettext("Copying configs to snort directory..."));
- exec("/bin/cp {$snortdir}/etc/* {$snortdir}");
- exec("/bin/rm -r {$snortdir}/etc");
- }else{
- update_status(gettext("The snort config does not exist..."));
- update_output_window(gettext("Error copying config..."));
- echo '
-<script type="text/javascript">
-<!--
- displaymessagestop();
-// -->
-</script>';
-echo "</body>";
-echo "</html>";
-conf_mount_ro();
- exit(0);
- }
- }
-}
-
-
-/* Copy md5 sig to snort dir */
-if ($snortdownload != "off")
-{
- if ($snort_md5_check_ok != on) {
- if (file_exists("{$tmpfname}/$snort_filename_md5")) {
- update_status(gettext("Copying md5 sig to snort directory..."));
- exec("/bin/cp {$tmpfname}/$snort_filename_md5 {$snortdir}/$snort_filename_md5");
- }else{
- update_status(gettext("The md5 file does not exist..."));
- update_output_window(gettext("Error copying config..."));
- echo '
-<script type="text/javascript">
-<!--
- displaymessagestop();
-// -->
-</script>';
- echo "</body>";
- echo "</html>";
- conf_mount_ro();
- exit(0);
- }
- }
-}
-
-/* Copy emergingthreats md5 sig to snort dir */
-if ($emergingthreats == "on")
-{
- if ($emerg_md5_check_ok != on)
- {
- if (file_exists("{$tmpfname}/$emergingthreats_filename_md5"))
- {
- update_status(gettext("Copying md5 sig to snort directory..."));
- exec("/bin/cp {$tmpfname}/$emergingthreats_filename_md5 {$snortdir}/$emergingthreats_filename_md5");
- }else{
- update_status(gettext("The emergingthreats md5 file does not exist..."));
- update_output_window(gettext("Error copying config..."));
- echo "</body>";
- echo "</html>";
- conf_mount_ro();
- exit(0);
- }
- }
-}
-
-/* Copy Pfsense md5 sig to snort dir */
-if ($pfsense_md5_check_ok != on) {
-if (file_exists("{$tmpfname}/$pfsense_rules_filename_md5")) {
- update_status(gettext("Copying Pfsense md5 sig to snort directory..."));
- exec("/bin/cp {$tmpfname}/$pfsense_rules_filename_md5 {$snortdir}/$pfsense_rules_filename_md5");
-} else {
- update_status(gettext("The Pfsense md5 file does not exist..."));
- update_output_window(gettext("Error copying config..."));
- echo '
-<script type="text/javascript">
-<!--
- displaymessagestop();
-// -->
-</script>';
- echo "</body>";
- echo "</html>";
- conf_mount_ro();
- exit(0);
- }
-}
-
-/* Copy signatures dir to snort dir */
-if ($snortdownload != "off")
-{
- if ($snort_md5_check_ok != on)
- {
- $signature_info_chk = $config['installedpackages']['snortglobal']['signatureinfo'];
- if ($premium_url_chk == on)
- {
- if (file_exists("{$snortdir}/doc/signatures")) {
- update_status(gettext("Copying signatures..."));
- update_output_window(gettext("May take a while..."));
- exec("/bin/mv -f {$snortdir}/doc/signatures {$snortdir}/signatures");
- exec("/bin/rm -r {$snortdir}/doc/signatures");
- update_status(gettext("Done copying signatures."));
- }else{
- update_status(gettext("Directory signatures exist..."));
- update_output_window(gettext("Error copying signature..."));
- echo '
-<script type="text/javascript">
-<!--
- displaymessagestop();
-// -->
-</script>';
-echo "</body>";
-echo "</html>";
-conf_mount_ro();
- exit(0);
- }
- }
- }
-}
-
-/* double make shure cleanup emerg rules that dont belong */
-if (file_exists("/usr/local/etc/snort/rules/emerging-botcc-BLOCK.rules")) {
- apc_clear_cache();
- exec("/bin/rm /usr/local/etc/snort/rules/emerging-botcc-BLOCK.rules");
- exec("/bin/rm /usr/local/etc/snort/rules/emerging-botcc.rules");
- exec("/bin/rm /usr/local/etc/snort/rules/emerging-compromised-BLOCK.rules");
- exec("/bin/rm /usr/local/etc/snort/rules/emerging-drop-BLOCK.rules");
- exec("/bin/rm /usr/local/etc/snort/rules/emerging-dshield-BLOCK.rules");
- exec("/bin/rm /usr/local/etc/snort/rules/emerging-rbn-BLOCK.rules");
- exec("/bin/rm /usr/local/etc/snort/rules/emerging-tor-BLOCK.rules");
-}
-
-if (file_exists("/usr/local/lib/snort/dynamicrules/lib_sfdynamic_example_rule.so")) {
- exec("/bin/rm /usr/local/lib/snort/dynamicrules/lib_sfdynamic_example_rule.so");
- exec("/bin/rm /usr/local/lib/snort/dynamicrules/lib_sfdynamic_example\*");
-}
-
-/* make shure default rules are in the right format */
-exec("/usr/local/bin/perl -pi -e 's/#alert/# alert/g' /usr/local/etc/snort/rules/*.rules");
-exec("/usr/local/bin/perl -pi -e 's/##alert/# alert/g' /usr/local/etc/snort/rules/*.rules");
-exec("/usr/local/bin/perl -pi -e 's/## alert/# alert/g' /usr/local/etc/snort/rules/*.rules");
-
-/* create a msg-map for snort */
-update_status(gettext("Updating Alert Messages..."));
-update_output_window(gettext("Please Wait..."));
-exec("/usr/local/bin/perl /usr/local/bin/create-sidmap.pl /usr/local/etc/snort/rules > /usr/local/etc/snort/sid-msg.map");
-
-
-//////////////////
-
-/* open oinkmaster_conf for writing" function */
-function oinkmaster_conf($id, $if_real, $iface_uuid)
-{
-
- global $config, $g, $id, $if_real, $snortdir_wan, $snortdir, $snort_md5_check_ok, $emerg_md5_check_ok, $pfsense_md5_check_ok;
- conf_mount_rw();
-
-/* enable disable setting will carry over with updates */
-/* TODO carry signature changes with the updates */
-if ($snort_md5_check_ok != on || $emerg_md5_check_ok != on || $pfsense_md5_check_ok != on) {
-
-if (!empty($config['installedpackages']['snortglobal']['rule'][$id]['rule_sid_on'])) {
-$enabled_sid_on = $config['installedpackages']['snortglobal']['rule'][$id]['rule_sid_on'];
-$enabled_sid_on_array = split('\|\|', $enabled_sid_on);
-foreach($enabled_sid_on_array as $enabled_item_on)
-$selected_sid_on_sections .= "$enabled_item_on\n";
- }
-
-if (!empty($config['installedpackages']['snortglobal']['rule'][$id]['rule_sid_off'])) {
-$enabled_sid_off = $config['installedpackages']['snortglobal']['rule'][$id]['rule_sid_off'];
-$enabled_sid_off_array = split('\|\|', $enabled_sid_off);
-foreach($enabled_sid_off_array as $enabled_item_off)
-$selected_sid_off_sections .= "$enabled_item_off\n";
- }
-
-$snort_sid_text = <<<EOD
-
-###########################################
-# #
-# this is auto generated on snort updates #
-# #
-###########################################
-
-path = /bin:/usr/bin:/usr/local/bin
-
-update_files = \.rules$|\.config$|\.conf$|\.txt$|\.map$
-
-url = dir:///usr/local/etc/snort/rules
-
-$selected_sid_on_sections
-
-$selected_sid_off_sections
-
-EOD;
-
- /* open snort's oinkmaster.conf for writing */
- $oinkmasterlist = fopen("/usr/local/etc/snort/snort_{$iface_uuid}_{$if_real}/oinkmaster_{$iface_uuid}_{$if_real}.conf", "w");
-
- fwrite($oinkmasterlist, "$snort_sid_text");
-
- /* close snort's oinkmaster.conf file */
- fclose($oinkmasterlist);
-
- }
-}
-
-/* Run oinkmaster to snort_wan and cp configs */
-/* If oinkmaster is not needed cp rules normally */
-/* TODO add per interface settings here */
-function oinkmaster_run($id, $if_real, $iface_uuid)
-{
-
- global $config, $g, $id, $if_real, $snortdir_wan, $snortdir, $snort_md5_check_ok, $emerg_md5_check_ok, $pfsense_md5_check_ok;
- conf_mount_rw();
-
- if ($snort_md5_check_ok != on || $emerg_md5_check_ok != on || $pfsense_md5_check_ok != on)
- {
-
- if ($config['installedpackages']['snortglobal']['rule'][$id]['rule_sid_on'] == '' && $config['installedpackages']['snortglobal']['rule'][$id]['rule_sid_off'] == '')
- {
- update_status(gettext("Your first set of rules are being copied..."));
- update_output_window(gettext("May take a while..."));
- exec("/bin/echo \"test {$snortdir} {$snortdir_wan} {$iface_uuid}_{$if_real}\" > /root/debug");
- exec("/bin/cp {$snortdir}/rules/* {$snortdir_wan}/snort_{$iface_uuid}_{$if_real}/rules/");
- exec("/bin/cp {$snortdir}/classification.config {$snortdir_wan}/snort_{$iface_uuid}_{$if_real}");
- exec("/bin/cp {$snortdir}/gen-msg.map {$snortdir_wan}/snort_{$iface_uuid}_{$if_real}");
- exec("/bin/cp {$snortdir}/generators {$snortdir_wan}/snort_{$iface_uuid}_{$if_real}");
- exec("/bin/cp {$snortdir}/reference.config {$snortdir_wan}/snort_{$iface_uuid}_{$if_real}");
- exec("/bin/cp {$snortdir}/sid {$snortdir_wan}/snort_{$iface_uuid}_{$if_real}");
- exec("/bin/cp {$snortdir}/sid-msg.map {$snortdir_wan}/snort_{$iface_uuid}_{$if_real}");
- exec("/bin/cp {$snortdir}/unicode.map {$snortdir_wan}/snort_{$iface_uuid}_{$if_real}");
- }else{
- update_status(gettext("Your enable and disable changes are being applied to your fresh set of rules..."));
- update_output_window(gettext("May take a while..."));
- exec("/bin/echo \"test2 {$snortdir} {$snortdir_wan} {$iface_uuid}_{$if_real}\" > /root/debug");
- exec("/bin/cp {$snortdir}/rules/* {$snortdir_wan}/snort_{$iface_uuid}_{$if_real}/rules/");
- exec("/bin/cp {$snortdir}/classification.config {$snortdir_wan}/snort_{$iface_uuid}_{$if_real}");
- exec("/bin/cp {$snortdir}/gen-msg.map {$snortdir_wan}/snort_{$iface_uuid}_{$if_real}");
- exec("/bin/cp {$snortdir}/generators {$snortdir_wan}/snort_{$iface_uuid}_{$if_real}");
- exec("/bin/cp {$snortdir}/reference.config {$snortdir_wan}/snort_{$iface_uuid}_{$if_real}");
- exec("/bin/cp {$snortdir}/sid {$snortdir_wan}/snort_{$iface_uuid}_{$if_real}");
- exec("/bin/cp {$snortdir}/sid-msg.map {$snortdir_wan}/snort_{$iface_uuid}_{$if_real}");
- exec("/bin/cp {$snortdir}/unicode.map {$snortdir_wan}/snort_{$iface_uuid}_{$if_real}");
-
- /* might have to add a sleep for 3sec for flash drives or old drives */
- exec("/usr/local/bin/perl /usr/local/bin/oinkmaster.pl -C /usr/local/etc/snort/snort_{$iface_uuid}_{$if_real}/oinkmaster_{$iface_uuid}_{$if_real}.conf -o /usr/local/etc/snort/snort_{$iface_uuid}_{$if_real}/rules > /usr/local/etc/snort/oinkmaster_{$iface_uuid}_{$if_real}.log");
- }
- }
-}
-
-/* Start the proccess for every interface rule */
-/* TODO: try to make the code smother */
-
-if (!empty($config['installedpackages']['snortglobal']['rule']))
-{
-
- $rule_array = $config['installedpackages']['snortglobal']['rule'];
- $id = -1;
- foreach ($rule_array as $value) {
-
- $id += 1;
-
- $result_lan = $config['installedpackages']['snortglobal']['rule'][$id]['interface'];
- $if_real = convert_friendly_interface_to_real_interface_name($result_lan);
- $iface_uuid = $config['installedpackages']['snortglobal']['rule'][$id]['uuid'];
-
- /* make oinkmaster.conf for each interface rule */
- oinkmaster_conf($id, $if_real, $iface_uuid);
-
- /* run oinkmaster for each interface rule */
- oinkmaster_run($id, $if_real, $iface_uuid);
-
- }
-}
-
-//////////////
-
-/* mark the time update finnished */
-$config['installedpackages']['snortglobal']['last_rules_install'] = date("Y-M-jS-h:i-A");
-
-/* remove old $tmpfname files */
-if (file_exists("{$tmpfname}"))
-{
- update_status(gettext("Cleaning up..."));
- exec("/bin/rm -r /tmp/snort_rules_up");
- sleep(2);
- exec("/bin/rm -r {$snortdir}/rules_bk/rules/");
- apc_clear_cache();
-}
-
-/* php code to flush out cache some people are reportting missing files this might help */
-sleep(2);
-apc_clear_cache();
-exec("/bin/sync ;/bin/sync ;/bin/sync ;/bin/sync ;/bin/sync ;/bin/sync ;/bin/sync ;/bin/sync");
-
-/* make all dirs snorts */
-exec("/usr/sbin/chown -R snort:snort /var/log/snort");
-exec("/usr/sbin/chown -R snort:snort /usr/local/etc/snort");
-exec("/usr/sbin/chown -R snort:snort /usr/local/lib/snort");
-exec("/bin/chmod -R 755 /var/log/snort");
-exec("/bin/chmod -R 755 /usr/local/etc/snort");
-exec("/bin/chmod -R 755 /usr/local/lib/snort");
-
-
-/* if snort is running hardrestart, if snort is not running do nothing */
-if (file_exists("/tmp/snort_download_halt.pid")) {
- exec("/bin/sh /usr/local/etc/rc.d/snort.sh start");
- update_status(gettext("The Rules update finished..."));
- update_output_window(gettext("Snort has restarted with your new set of rules..."));
- exec("/bin/rm /tmp/snort_download_halt.pid");
-} else {
- update_status(gettext("The Rules update finished..."));
- update_output_window(gettext("You may start snort now..."));
-}
-
-echo '
-<script type="text/javascript">
-<!--
- displaymessagestop();
-// -->
-</script>';
-
-/* hide progress bar and lets end this party */
-hide_progress_bar_status();
-conf_mount_ro();
-?>
-
-<?php
-
-function read_body_firmware($ch, $string) {
- global $fout, $file_size, $downloaded, $counter, $version, $latest_version, $current_installed_pfsense_version;
- $length = strlen($string);
- $downloaded += intval($length);
- $downloadProgress = round(100 * (1 - $downloaded / $file_size), 0);
- $downloadProgress = 100 - $downloadProgress;
- $a = $file_size;
- $b = $downloaded;
- $c = $downloadProgress;
- $text = " Snort download in progress\\n";
- $text .= "----------------------------------------------------\\n";
- $text .= " Downloaded : {$b}\\n";
- $text .= "----------------------------------------------------\\n";
- $counter++;
- if($counter > 150) {
- update_output_window($text);
- update_progress_bar($downloadProgress);
- flush();
- $counter = 0;
- }
- conf_mount_rw();
- fwrite($fout, $string);
- conf_mount_ro();
- return $length;
-}
-
-?>
-
-</body>
-</html>
diff --git a/config/snort-dev/snort_rules_edit.php b/config/snort-dev/snort_rules_edit.php
deleted file mode 100644
index b770867f..00000000
--- a/config/snort-dev/snort_rules_edit.php
+++ /dev/null
@@ -1,243 +0,0 @@
-#!/usr/local/bin/php
-<?php
-/*
- system_edit.php
- Copyright (C) 2004, 2005 Scott Ullrich
- All rights reserved.
-
- Adapted for FreeNAS by Volker Theile (votdev@gmx.de)
- Copyright (C) 2006-2009 Volker Theile
-
- Adapted for Pfsense Snort package by Robert Zelaya
- Copyright (C) 2008-2009 Robert Zelaya
-
- Using dp.SyntaxHighlighter for syntax highlighting
- http://www.dreamprojections.com/SyntaxHighlighter
- Copyright (C) 2004-2006 Alex Gorbatchev. All rights reserved.
-
- Redistribution and use in source and binary forms, with or without
- modification, are permitted provided that the following conditions are met:
-
- 1. Redistributions of source code must retain the above copyright notice,
- this list of conditions and the following disclaimer.
-
- 2. Redistributions in binary form must reproduce the above copyright
- notice, this list of conditions and the following disclaimer in the
- documentation and/or other materials provided with the distribution.
-
- THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
- INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
- AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
- AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
- OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
- SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
- INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
- CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
- POSSIBILITY OF SUCH DAMAGE.
-*/
-
-require_once("guiconfig.inc");
-require_once("config.inc");
-
-
-if (!is_array($config['installedpackages']['snortglobal']['rule'])) {
- $config['installedpackages']['snortglobal']['rule'] = array();
-}
-
-//nat_rules_sort();
-$a_nat = &$config['installedpackages']['snortglobal']['rule'];
-
-$id = $_GET['id'];
-if (isset($_POST['id']))
- $id = $_POST['id'];
-
-$ids = $_GET['ids'];
-if (isset($_POST['ids']))
- $ids = $_POST['ids'];
-
-
-if (isset($id) && $a_nat[$id]) {
-
- $pconfig['enable'] = $a_nat[$id]['enable'];
- $pconfig['interface'] = $a_nat[$id]['interface'];
- $pconfig['rulesets'] = $a_nat[$id]['rulesets'];
-}
-
-/* convert fake interfaces to real */
-$if_real = convert_friendly_interface_to_real_interface_name($pconfig['interface']);
-
-
-$file = $_GET['openruleset'];
-
-//read snort file
-$filehandle = fopen($file, "r");
-
-//get rule id
-$lineid = $_GET['ids'];
-
-//read file into string, and get filesize
-$contents2 = fread($filehandle, filesize($file));
-
-//close handler
-fclose ($filehandle);
-
-//delimiter for each new rule is a new line
-$delimiter = "\n";
-
-//split the contents of the string file into an array using the delimiter
-$splitcontents = explode($delimiter, $contents2);
-
-//copy rule contents from array into string
-$tempstring = $splitcontents[$lineid];
-
-function write_rule_file($content_changed, $received_file)
-{
- //read snort file with writing enabled
- $filehandle = fopen($received_file, "w");
-
- //delimiter for each new rule is a new line
- $delimiter = "\n";
-
- //implode the array back into a string for writing purposes
- $fullfile = implode($delimiter, $content_changed);
-
- //write data to file
- fwrite($filehandle, $fullfile);
-
- //close file handle
- fclose($filehandle);
-
-}
-
-
-
-if($_POST['highlight'] <> "") {
- if($_POST['highlight'] == "yes" or
- $_POST['highlight'] == "enabled") {
- $highlight = "yes";
- } else {
- $highlight = "no";
- }
-} else {
- $highlight = "no";
-}
-
-if($_POST['rows'] <> "")
- $rows = $_POST['rows'];
-else
- $rows = 1;
-
-if($_POST['cols'] <> "")
- $cols = $_POST['cols'];
-else
- $cols = 66;
-
-if ($_POST)
-{
- if ($_POST['save']) {
-
- /* get the changes */
- $rule_content2 = $_POST['code'];
-
- //copy string into file array for writing
- $splitcontents[$lineid] = $rule_content2;
-
- //write the new .rules file
- write_rule_file($splitcontents, $file);
-
- header("Location: /snort/snort_rules_edit.php?id=$id&openruleset=$file&ids=$ids");
-
- }
-}
-
-$pgtitle = array(gettext("Advanced"), gettext("File Editor"));
-
-//
-?>
-
-<?php include("head.inc");?>
-
-<body link="#000000" vlink="#000000" alink="#000000">
-<table width="100%" border="0" cellpadding="0" cellspacing="0">
- <tr>
- <td class="tabcont">
- <form action="snort_rules_edit.php?id=<?=$id; ?>&openruleset=<?=$file; ?>&ids=<?=$ids; ?>" method="post">
- <?php if ($savemsg) print_info_box($savemsg);?>
- <table width="100%" cellpadding='9' cellspacing='9' bgcolor='#eeeeee'>
- <tr>
- <td>
- <input name="save" type="submit" class="formbtn" id="save" value="save" /> <input type="button" class="formbtn" value="Cancel" onclick="history.back()">
- <hr noshade="noshade" />
- <?=gettext("Disable original rule"); ?>:
- <input id="highlighting_enabled" name="highlight2" type="radio" value="yes" <?php if($highlight == "yes") echo " checked=\"checked\""; ?> />
- <label for="highlighting_enabled"><?=gettext("Enabled"); ?></label>
- <input id="highlighting_disabled" name="highlight2" type="radio" value="no"<?php if($highlight == "no") echo " checked=\"checked\""; ?> />
- <label for="highlighting_disabled"><?=gettext("Disabled"); ?></label>
- </td>
- </tr>
- </table>
- <table width='100%'>
- <tr>
- <td valign="top" class="label">
- <div style="background: #eeeeee;" id="textareaitem">
- <!-- NOTE: The opening *and* the closing textarea tag must be on the same line. -->
- <textarea wrap="off" style="width: 98%; margin: 7px;" class="<?php echo $language; ?>:showcolumns" rows="<?php echo $rows; ?>" cols="<?php echo $cols; ?>" name="code"><?php echo $tempstring;?></textarea>
- </div>
- </td>
- </tr>
- </table>
- <table width='100%'>
- <tr>
- <td valign="top" class="label">
- <div style="background: #eeeeee;" id="textareaitem">
- <!-- NOTE: The opening *and* the closing textarea tag must be on the same line. -->
- <textarea disabled wrap="off" style="width: 98%; margin: 7px;" class="<?php echo $language; ?>:showcolumns" rows="33" cols="<?php echo $cols; ?>" name="code2"><?php echo $contents2;?></textarea>
- </div>
- </td>
- </tr>
- </table>
- <?php // include("formend.inc");?>
- </form>
- </td>
- </tr>
-</table>
-<script class="javascript" src="/snort/syntaxhighlighter/shCore.js"></script>
-<script class="javascript" src="/snort/syntaxhighlighter/shBrushCSharp.js"></script>
-<script class="javascript" src="/snort/syntaxhighlighter/shBrushPhp.js"></script>
-<script class="javascript" src="/snort/syntaxhighlighter/shBrushJScript.js"></script>
-<script class="javascript" src="/snort/syntaxhighlighter/shBrushJava.js"></script>
-<script class="javascript" src="/snort/syntaxhighlighter/shBrushVb.js"></script>
-<script class="javascript" src="/snort/syntaxhighlighter/shBrushSql.js"></script>
-<script class="javascript" src="/snort/syntaxhighlighter/shBrushXml.js"></script>
-<script class="javascript" src="/snort/syntaxhighlighter/shBrushDelphi.js"></script>
-<script class="javascript" src="/snort/syntaxhighlighter/shBrushPython.js"></script>
-<script class="javascript" src="/snort/syntaxhighlighter/shBrushRuby.js"></script>
-<script class="javascript" src="/snort/syntaxhighlighter/shBrushCss.js"></script>
-<script class="javascript">
-<!--
- // Set focus.
- document.forms[0].savetopath.focus();
-
- // Append css for syntax highlighter.
- var head = document.getElementsByTagName("head")[0];
- var linkObj = document.createElement("link");
- linkObj.setAttribute("type","text/css");
- linkObj.setAttribute("rel","stylesheet");
- linkObj.setAttribute("href","/snort/syntaxhighlighter/SyntaxHighlighter.css");
- head.appendChild(linkObj);
-
- // Activate dp.SyntaxHighlighter?
- <?php
- if($_POST['highlight'] == "yes") {
- echo "dp.SyntaxHighlighter.HighlightAll('code', true, true);\n";
- // Disable 'Save' button.
- echo "document.forms[0].Save.disabled = 1;\n";
- }
-?>
-//-->
-</script>
-<?php //include("fend.inc");?>
-
-</body>
-</html>
diff --git a/config/snort-dev/snort_rulesets.php b/config/snort-dev/snort_rulesets.php
deleted file mode 100644
index ece409e1..00000000
--- a/config/snort-dev/snort_rulesets.php
+++ /dev/null
@@ -1,307 +0,0 @@
-<?php
-/* $Id$ */
-/*
- snort_rulesets.php
- Copyright (C) 2006 Scott Ullrich
- Copyright (C) 2009 Robert Zelaya
- All rights reserved.
-
- Redistribution and use in source and binary forms, with or without
- modification, are permitted provided that the following conditions are met:
-
- 1. Redistributions of source code must retain the above copyright notice,
- this list of conditions and the following disclaimer.
-
- 2. Redistributions in binary form must reproduce the above copyright
- notice, this list of conditions and the following disclaimer in the
- documentation and/or other materials provided with the distribution.
-
- THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
- INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
- AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
- AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
- OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
- SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
- INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
- CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
- POSSIBILITY OF SUCH DAMAGE.
-*/
-
-require("guiconfig.inc");
-//require_once("filter.inc");
-//require_once("service-utils.inc");
-include_once("/usr/local/pkg/snort/snort.inc");
-require_once("/usr/local/pkg/snort/snort_gui.inc");
-
-
-if (!is_array($config['installedpackages']['snortglobal']['rule'])) {
- $config['installedpackages']['snortglobal']['rule'] = array();
-}
-
-//nat_rules_sort();
-$a_nat = &$config['installedpackages']['snortglobal']['rule'];
-
-$id = $_GET['id'];
-if (isset($_POST['id']))
- $id = $_POST['id'];
-
-
-if (isset($id) && $a_nat[$id]) {
-
- $pconfig['enable'] = $a_nat[$id]['enable'];
- $pconfig['interface'] = $a_nat[$id]['interface'];
- $pconfig['rulesets'] = $a_nat[$id]['rulesets'];
-}
-
-/* convert fake interfaces to real */
-$if_real = convert_friendly_interface_to_real_interface_name($pconfig['interface']);
-
-
-$iface_uuid = $a_nat[$id]['uuid'];
-
-$pgtitle = "Snort: Interface $id $iface_uuid $if_real Categories";
-
-
-/* Check if the rules dir is empy if so warn the user */
-/* TODO give the user the option to delete the installed rules rules */
-$isrulesfolderempty = exec("ls -A /usr/local/etc/snort/snort_{$iface_uuid}_{$if_real}/rules/*.rules");
-if ($isrulesfolderempty == "") {
-
-include("head.inc");
-include("./snort_fbegin.inc");
-
-echo "<p class=\"pgtitle\">";
-if($pfsense_stable == 'yes'){echo $pgtitle;}
-echo "</p>\n";
-
-echo "<body link=\"#000000\" vlink=\"#000000\" alink=\"#000000\">";
-
-echo "
-<table width=\"99%\" border=\"0\" cellpadding=\"0\" cellspacing=\"0\">\n
- <tr>\n
- <td>\n";
-
- $tab_array = array();
- $tab_array[] = array("Snort Interfaces", false, "/snort/snort_interfaces.php");
- $tab_array[] = array("If Settings", false, "/snort/snort_interfaces_edit.php?id={$id}");
- $tab_array[] = array("Categories", true, "/snort/snort_rulesets.php?id={$id}");
- $tab_array[] = array("Rules", false, "/snort/snort_rules.php?id={$id}");
- $tab_array[] = array("Servers", false, "/snort/snort_define_servers.php?id={$id}");
- $tab_array[] = array("Preprocessors", false, "/snort/snort_preprocessors.php?id={$id}");
- $tab_array[] = array("Barnyard2", false, "/snort/snort_barnyard.php?id={$id}");
- display_top_tabs($tab_array);
-
-echo "</td>\n
- </tr>\n
- <tr>\n
- <td>\n
- <div id=\"mainarea\">\n
- <table id=\"maintable\" class=\"tabcont\" width=\"100%\" border=\"0\" cellpadding=\"0\" cellspacing=\"0\">\n
- <tr>\n
- <td>\n
-# The rules directory is empty. /usr/local/etc/snort/snort_{$iface_uuid}_{$if_real}/rules \n
- </td>\n
- </tr>\n
- </table>\n
- </div>\n
- </td>\n
- </tr>\n
-</table>\n
-\n
-</form>\n
-\n
-<p>\n\n";
-
-echo "Please click on the Update Rules tab to install your selected rule sets. $isrulesfolderempty";
-include("fend.inc");
-
-echo "</body>";
-echo "</html>";
-
-exit(0);
-
-}
-
- /* alert file */
-$d_snortconfdirty_path = "/var/run/snort_conf_{$iface_uuid}_{$if_real}.dirty";
-
- /* this will exec when alert says apply */
- if ($_POST['apply']) {
-
- if (file_exists($d_snortconfdirty_path)) {
-
- write_config();
-
- sync_snort_package_all();
- sync_snort_package();
-
- unlink($d_snortconfdirty_path);
-
- }
-
- }
-
- if ($_POST["Submit"]) {
- $enabled_items = "";
- $isfirst = true;
- if (is_array($_POST['toenable'])) {
- foreach($_POST['toenable'] as $toenable) {
- if(!$isfirst)
- $enabled_items .= "||";
- $enabled_items .= "{$toenable}";
- $isfirst = false;
- }
- }else{
- $enabled_items = $_POST['toenable'];
- }
- $a_nat[$id]['rulesets'] = $enabled_items;
-
- write_config();
-
- touch($d_snortconfdirty_path);
-
- header( 'Expires: Sat, 26 Jul 1997 05:00:00 GMT' );
- header( 'Last-Modified: ' . gmdate( 'D, d M Y H:i:s' ) . ' GMT' );
- header( 'Cache-Control: no-store, no-cache, must-revalidate' );
- header( 'Cache-Control: post-check=0, pre-check=0', false );
- header( 'Pragma: no-cache' );
- sleep(2);
- sync_snort_package_all();
- header("Location: /snort/snort_rulesets.php?id=$id");
-
-}
-
-$enabled_rulesets = $a_nat[$id]['rulesets'];
-if($enabled_rulesets)
- $enabled_rulesets_array = split("\|\|", $enabled_rulesets);
-
-include("head.inc");
-
-?>
-
-<body link="#000000" vlink="#000000" alink="#000000">
-<?php include("./snort_fbegin.inc"); ?>
-<p class="pgtitle"><?php if($pfsense_stable == 'yes'){echo $pgtitle;}?></p>
-<?php
-
-echo "<form action=\"snort_rulesets.php?id={$id}\" method=\"post\" name=\"iform\" id=\"iform\">";
-
-?>
-
-<?php
-
- /* Display message */
-
- if ($input_errors) {
- print_input_errors($input_errors); // TODO: add checks
- }
-
- if ($savemsg) {
- print_info_box2($savemsg);
- }
-
- if (file_exists($d_snortconfdirty_path)) {
- echo '<p>';
-
- if($savemsg) {
- print_info_box_np2("{$savemsg}");
- }else{
- print_info_box_np2('
- The Snort configuration has changed and snort needs to be restarted on this interface.<br>
- You must apply the changes in order for them to take effect.<br>
- ');
- }
- }
-
-?>
-
-<table width="99%" border="0" cellpadding="0" cellspacing="0">
- <tr>
- <td>
-<?php
- $tab_array = array();
- $tab_array[] = array("Snort Interfaces", false, "/snort/snort_interfaces.php");
- $tab_array[] = array("If Settings", false, "/snort/snort_interfaces_edit.php?id={$id}");
- $tab_array[] = array("Categories", true, "/snort/snort_rulesets.php?id={$id}");
- $tab_array[] = array("Rules", false, "/snort/snort_rules.php?id={$id}");
- $tab_array[] = array("Servers", false, "/snort/snort_define_servers.php?id={$id}");
- $tab_array[] = array("Preprocessors", false, "/snort/snort_preprocessors.php?id={$id}");
- $tab_array[] = array("Barnyard2", false, "/snort/snort_barnyard.php?id={$id}");
- display_top_tabs($tab_array);
-?>
- </td>
- </tr>
- <tr>
- <td>
- <div id="mainarea">
- <table id="maintable" class="tabcont" width="100%" border="0" cellpadding="0" cellspacing="0">
- <tr>
- <td>
- <table id="sortabletable1" class="sortable" width="100%" border="0" cellpadding="0" cellspacing="0">
- <tr id="frheader">
- <td width="5%" class="listhdrr">Enabled</td>
- <td class="listhdrr">Ruleset: Rules that end with "so.rules" are shared object rules.</td>
- <!-- <td class="listhdrr">Description</td> -->
- </tr>
-<?php
- $dir = "/usr/local/etc/snort/snort_{$iface_uuid}_{$if_real}/rules/";
- $dh = opendir($dir);
- while (false !== ($filename = readdir($dh))) {
- $files[] = $filename;
- }
- sort($files);
- foreach($files as $file) {
- if(!stristr($file, ".rules"))
- continue;
- echo "<tr>";
- echo "<td align=\"center\" valign=\"top\">";
- if(is_array($enabled_rulesets_array))
- if(in_array($file, $enabled_rulesets_array)) {
- $CHECKED = " checked=\"checked\"";
- } else {
- $CHECKED = "";
- }
- else
- $CHECKED = "";
- echo " <input type='checkbox' name='toenable[]' value='$file' {$CHECKED} />";
- echo "</td>";
- echo "<td>";
- echo "<a href='snort_rules.php?id={$id}&openruleset=/usr/local/etc/snort/snort_{$iface_uuid}_{$if_real}/rules/" . urlencode($file) . "'>{$file}</a>";
- echo "</td>";
- //echo "<td>";
- //echo "description";
- //echo "</td>";
- }
-
-?>
- </table>
- </td>
- </tr>
- <tr><td>&nbsp;</td></tr>
- <tr><td>Check the rulesets that you would like Snort to load at startup.</td></tr>
- <tr><td>&nbsp;</td></tr>
- <tr><td><input value="Save" type="submit" name="Submit" id="Submit" /></td></tr>
- </table>
- </div>
- </td>
- </tr>
-</table>
-
-</form>
-
-<p><b>NOTE:</b> You can click on a ruleset name to edit the ruleset.
-
-<?php include("fend.inc"); ?>
-
-</body>
-</html>
-
-<?php
-
- function get_snort_rule_file_description($filename) {
- $filetext = file_get_contents($filename);
-
- }
-
-?>
diff --git a/config/snort-dev/bin/barnyard2 b/config/snort-old/bin/barnyard2
index b942e87f..b942e87f 100644
--- a/config/snort-dev/bin/barnyard2
+++ b/config/snort-old/bin/barnyard2
Binary files differ
diff --git a/config/snort-dev/bin/oinkmaster_contrib/README.contrib b/config/snort-old/bin/oinkmaster_contrib/README.contrib
index 6923fa26..6923fa26 100644
--- a/config/snort-dev/bin/oinkmaster_contrib/README.contrib
+++ b/config/snort-old/bin/oinkmaster_contrib/README.contrib
diff --git a/config/snort-dev/bin/oinkmaster_contrib/addmsg.pl b/config/snort-old/bin/oinkmaster_contrib/addmsg.pl
index e5866d6f..e5866d6f 100644
--- a/config/snort-dev/bin/oinkmaster_contrib/addmsg.pl
+++ b/config/snort-old/bin/oinkmaster_contrib/addmsg.pl
diff --git a/config/snort-dev/bin/oinkmaster_contrib/addsid.pl b/config/snort-old/bin/oinkmaster_contrib/addsid.pl
index 64255d22..64255d22 100644
--- a/config/snort-dev/bin/oinkmaster_contrib/addsid.pl
+++ b/config/snort-old/bin/oinkmaster_contrib/addsid.pl
diff --git a/config/snort-dev/bin/oinkmaster_contrib/create-sidmap.pl b/config/snort-old/bin/oinkmaster_contrib/create-sidmap.pl
index 26a9040c..26a9040c 100644
--- a/config/snort-dev/bin/oinkmaster_contrib/create-sidmap.pl
+++ b/config/snort-old/bin/oinkmaster_contrib/create-sidmap.pl
diff --git a/config/snort-dev/bin/oinkmaster_contrib/makesidex.pl b/config/snort-old/bin/oinkmaster_contrib/makesidex.pl
index 80354735..80354735 100644
--- a/config/snort-dev/bin/oinkmaster_contrib/makesidex.pl
+++ b/config/snort-old/bin/oinkmaster_contrib/makesidex.pl
diff --git a/config/snort-dev/bin/oinkmaster_contrib/oinkgui.pl b/config/snort-old/bin/oinkmaster_contrib/oinkgui.pl
index 4e96f7db..4e96f7db 100644
--- a/config/snort-dev/bin/oinkmaster_contrib/oinkgui.pl
+++ b/config/snort-old/bin/oinkmaster_contrib/oinkgui.pl
diff --git a/config/snort-dev/bin/oinkmaster_contrib/oinkmaster.pl b/config/snort-old/bin/oinkmaster_contrib/oinkmaster.pl
index f9c4d215..f9c4d215 100644
--- a/config/snort-dev/bin/oinkmaster_contrib/oinkmaster.pl
+++ b/config/snort-old/bin/oinkmaster_contrib/oinkmaster.pl
diff --git a/config/snort-dev/bin/snort2c b/config/snort-old/bin/snort2c
index fdc91ac8..fdc91ac8 100644..100755
--- a/config/snort-dev/bin/snort2c
+++ b/config/snort-old/bin/snort2c
Binary files differ
diff --git a/config/snort-dev/pfsense_rules/local.rules b/config/snort-old/pfsense_rules/local.rules
index 83a05f1b..83a05f1b 100644
--- a/config/snort-dev/pfsense_rules/local.rules
+++ b/config/snort-old/pfsense_rules/local.rules
diff --git a/config/snort-old/pfsense_rules/pfsense_rules.tar.gz.md5 b/config/snort-old/pfsense_rules/pfsense_rules.tar.gz.md5
new file mode 100644
index 00000000..83d5bdae
--- /dev/null
+++ b/config/snort-old/pfsense_rules/pfsense_rules.tar.gz.md5
@@ -0,0 +1 @@
+10002 \ No newline at end of file
diff --git a/config/snort-dev/pfsense_rules/rules/pfsense-voip.rules b/config/snort-old/pfsense_rules/rules/pfsense-voip.rules
index 12f2fdf2..12f2fdf2 100644
--- a/config/snort-dev/pfsense_rules/rules/pfsense-voip.rules
+++ b/config/snort-old/pfsense_rules/rules/pfsense-voip.rules
diff --git a/config/snort-dev/snort.inc b/config/snort-old/snort.inc
index cd8ba9a2..00a86c35 100644..100755
--- a/config/snort-dev/snort.inc
+++ b/config/snort-old/snort.inc
@@ -3,7 +3,6 @@
/*
snort.inc
Copyright (C) 2006 Scott Ullrich
- Copyright (C) 2009 Robert Zelaya
part of pfSense
All rights reserved.
@@ -30,981 +29,215 @@
*/
require_once("pfsense-utils.inc");
-require_once("config.inc");
-require_once("functions.inc");
-// Needed on 2.0 because of filter_get_vpns_list()
-require_once("filter.inc");
-
-/* find out if were in 1.2.3-RELEASE */
-
-$pfsense_ver_chk = exec('/bin/cat /etc/version');
-if ($pfsense_ver_chk == '1.2.3-RELEASE')
-{
- $pfsense_stable = 'yes';
-}else{
- $pfsense_stable = 'no';
-}
-
-/* checks to see if snort is running yes/no and stop/start */
- function Running_Ck($snort_uuid, $if_real, $id) {
- global $config;
-
- $snort_up_ck = exec("/bin/ps -auwx | /usr/bin/grep -v grep | /usr/bin/grep snort | /usr/bin/awk '{print \$2;}' | sed 1q");
-
- if(snort_up_ck == ''){
- $snort_up = 'no';
- return $snort_up;
- }
-
- if(snort_up_ck != ''){
-
- //$snort_up_pre = exec("/usr/bin/top -a -U snort -u | grep -v grep | grep \"R {$snort_uuid}_{$if_real}\" | awk '{print \$1;}'");
- //$snort_up_s = exec("/usr/bin/top -U snort -u | grep snort | grep {$snort_up_pre} | /usr/bin/awk '{print \$1;}'");
- //$snort_up_r = exec("/usr/bin/top -U root -u | grep snort | grep {$snort_up_pre} | /usr/bin/awk '{print \$1;}'");
-
- /* use ob_clean to clear output buffer, this code needs to be watched */
- ob_clean();
- $snort_up_prell = exec("/usr/bin/top -a -U snort -u | grep -v grep | grep \"R {$snort_uuid}_{$if_real}\" | awk '{print \$1;}'", $retval);
-
- if ($snort_up_prell != "") {
- $snort_uph = 'yes';
- }else{
- $snort_uph = 'no';
- }
- }
-
- return $snort_uph;
- }
-
-/* checks to see if barnyard2 is running yes/no */
- function Running_Ck_b($snort_uuid, $if_real, $id) {
- global $config;
-
- $snort_up_ck_b = exec("/bin/ps -auwx | /usr/bin/grep -v grep | /usr/bin/grep barnyard2 | /usr/bin/awk '{print \$2;}' | sed 1q");
-
- if($snort_up_ck_b == ''){
- $snort_up_b = 'no';
- return $snort_up_b;
- }
-
- if(snort_up_ck_b != ''){
-
- //$snort_up_pre_b = exec("/usr/bin/top -a -U snort -u | grep -v grep | grep \"f snort_{$snort_uuid}_{$if_real}.u2\" | awk '{print \$1;}'");
- //$snort_up_s_b = exec("/usr/bin/top -U snort -u | grep barnyard2 | grep {$snort_up_pre_b} | /usr/bin/awk '{print \$1;}'");
- //$snort_up_r_b = exec("/usr/bin/top -U root -u | grep barnyard2 | grep {$snort_up_pre_b} | /usr/bin/awk '{print \$1;}'");
-
- /* use ob_clean to clear output buffer, this code needs to be watched */
- ob_clean();
- $snort_up_pre_b = exec("/usr/bin/top -a -U snort -u | grep -v grep | grep \"f snort_{$snort_uuid}_{$if_real}.u2\" | awk '{print \$1;}'");
-
- if ($snort_up_pre_b != '') {
- $snort_up_b = 'yes';
- }else{
- $snort_up_b = 'no';
- }
- }
-
- return $snort_up_b;
- }
-
- function Running_Stop($snort_uuid, $if_real, $id) {
- global $config;
-
- $start_up_pre = exec("/usr/bin/top -a -U snort -u | grep -v grep | grep \"R {$snort_uuid}_{$if_real}\" | awk '{print \$1;}'");
- $start_up_s = exec("/usr/bin/top -U snort -u | grep snort | grep {$start_up_pre} | awk '{ print $1; }'");
- $start_up_r = exec("/usr/bin/top -U root -u | grep snort | grep {$start_up_pre} | awk '{ print $1; }'");
-
- $start2_upb_pre = exec("/usr/bin/top -a -U snort -u | grep -v grep | grep \"snort_{$snort_uuid}_{$if_real}.u2\" | awk '{print \$1;}'");
- $start2_upb_s = exec("/usr/bin/top -U snort -u | grep barnyard2 | grep {$start2_upb_pre} | awk '{ print $1; }'");
- $start2_upb_r = exec("/usr/bin/top -U root -u | grep barnyard2 | grep {$start2_upb_pre} | awk '{ print $1; }'");
-
- if ($start_up_s != "" || $start_up_r != "" || $start2_upb_s != "" || $start2_upb_r != "")
- {
- if ($start_up_s != "")
- {
- exec("/bin/kill {$start_up_s}");
- exec("/bin/rm /var/run/snort_{$snort_uuid}_{$if_real}*");
- }
-
- if ($start2_upb_s != "")
- {
- exec("/bin/kill {$start2_upb_s}");
- exec("/bin/rm /var/run/barnyard2_{$snort_uuid}_{$if_real}*");
- }
-
- if ($start_up_r != "")
- {
- exec("/bin/kill {$start_up_r}");
- exec("/bin/rm /var/run/snort_{$snort_uuid}_{$if_real}*");
- }
-
- if ($start2_upb_r != "")
- {
- exec("/bin/kill {$start2_upb_r}");
- exec("/bin/rm /var/run/barnyard2_{$snort_uuid}_{$if_real}*");
- }
-
- /* Log Iface stop */
- exec("/usr/bin/logger -p daemon.info -i -t SnortStartup 'Interface Rule STOP for {$snort_uuid}_{$if_real}...'");
- }
- }
-
-
- function Running_Start($snort_uuid, $if_real, $id) {
- global $config;
-
- $snort_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['enable'];
- if ($snort_info_chk == 'on') {
- exec("/usr/local/bin/snort -u snort -g snort -R \"{$snort_uuid}_{$if_real}\" -D -q -l /var/log/snort -G {$snort_uuid} -c /usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/snort.conf -i {$if_real}");
- }
- /* define snortbarnyardlog_chk */
- /* top will have trouble if the uuid is to far back */
- $snortbarnyardlog_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['barnyard_enable'];
- $snortbarnyardlog_mysql_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['barnyard_mysql'];
- if ($snortbarnyardlog_info_chk == 'on' && $snortbarnyardlog_mysql_info_chk != '' && $snort_info_chk == 'on') {
- exec("/usr/local/bin/barnyard2 -f \"snort_{$snort_uuid}_{$if_real}.u2\" -u snort -g snort -c /usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/barnyard2.conf -w /usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/barnyard2.waldo -D -q");
- }
-
- /* Log Iface stop */
- exec("/usr/bin/logger -p daemon.info -i -t SnortStartup 'Interface Rule START for {$id}_{$snort_uuid}_{$if_real}...'");
- }
-
-/* get the real iface name of wan */
-function convert_friendly_interface_to_real_interface_name2($interface)
-{
- global $config;
-
- $lc_interface = strtolower($interface);
- if($lc_interface == "lan") return $config['interfaces']['lan']['if'];
- if($lc_interface == "wan") return $config['interfaces']['wan']['if'];
- $ifdescrs = array();
- for ($j = 1; isset($config['interfaces']['opt' . $j]); $j++)
- $ifdescrs['opt' . $j] = "opt" . $j;
- foreach ($ifdescrs as $ifdescr => $ifname)
- {
- if(strtolower($ifname) == $lc_interface)
- return $config['interfaces'][$ifname]['if'];
- if(strtolower($config['interfaces'][$ifname]['descr']) == $lc_interface)
- return $config['interfaces'][$ifname]['if'];
- }
-
- return $interface;
-}
-
-$if_real_wan = convert_friendly_interface_to_real_interface_name2($interface_fake);
+// Needed on 2.0 because of get_vpns_list()
+require_once("filter.inc");
/* Allow additional execution time 0 = no limit. */
ini_set('max_execution_time', '9999');
ini_set('max_input_time', '9999');
/* define oinkid */
-if($config['installedpackages']['snortglobal'])
- $oinkid = $config['installedpackages']['snortglobal']['oinkmastercode'];
-
-function snort_postinstall()
-{
- global $config;
- conf_mount_rw();
-
- if(!file_exists("/var/log/snort/")) {
- mwexec("mkdir -p /var/log/snort/");
- mwexec("mkdir -p /var/log/snort/barnyard2");
- }
-
- if(!file_exists("/var/log/snort/alert"))
- touch("/var/log/snort/alert");
-
- /* snort -> advanced features */
- $bpfbufsize = $config['installedpackages']['snortglobal']['bpfbufsize'];
- $bpfmaxbufsize = $config['installedpackages']['snortglobal']['bpfmaxbufsize'];
- $bpfmaxinsns = $config['installedpackages']['snortglobal']['bpfmaxinsns'];
-
-
- /* create a few directories and ensure the sample files are in place */
- exec("/bin/mkdir -p /usr/local/etc/snort");
- exec("/bin/mkdir -p /var/log/snort");
- exec("/bin/mkdir -p /usr/local/etc/snort/rules");
+if($config['installedpackages']['snort'])
+ $oinkid = $config['installedpackages']['snort']['config'][0]['oinkmastercode'];
- if(file_exists("/usr/local/etc/snort/snort.conf-sample"))
- {
- exec("/bin/rm /usr/local/etc/snort/snort.conf-sample");
- exec("/bin/rm /usr/local/etc/snort/threshold.conf-sample");
- exec("/bin/rm /usr/local/etc/snort/sid-msg.map-sample");
- exec("/bin/rm /usr/local/etc/snort/unicode.map-sample");
- exec("/bin/rm /usr/local/etc/snort/classification.config-sample");
- exec("/bin/rm /usr/local/etc/snort/generators-sample");
- exec("/bin/rm /usr/local/etc/snort/reference.config-sample");
- exec("/bin/rm /usr/local/etc/snort/gen-msg.map-sample");
- exec("/bin/rm /usr/local/etc/snort/sid");
- exec("/bin/rm /usr/local/etc/rc.d/snort");
- exec("/bin/rm /usr/local/etc/rc.d/bardyard2");
- }
-
- if(!file_exists("/usr/local/etc/snort/custom_rules"))
- {
- exec("/bin/mkdir -p /usr/local/etc/snort/custom_rules/");
- }
-
- exec("/usr/sbin/pw groupadd snort");
- exec('/usr/sbin/pw useradd snort -c "SNORT USER" -d /nonexistent -g snort -s /sbin/nologin');
- exec("/usr/sbin/chown -R snort:snort /var/log/snort");
- exec("/usr/sbin/chown -R snort:snort /usr/local/etc/snort");
- exec("/usr/sbin/chown -R snort:snort /usr/local/lib/snort");
- exec("/bin/chmod -R 755 /var/log/snort");
- exec("/bin/chmod -R 755 /usr/local/etc/snort");
- exec("/bin/chmod -R 755 /usr/local/lib/snort");
-
-
- /* remove example files */
- if(file_exists("/usr/local/lib/snort/dynamicrules/lib_sfdynamic_example_rule.so.0"))
- {
- exec('/bin/rm /usr/local/lib/snort/dynamicrules/lib_sfdynamic_example*');
- }
-
- if(file_exists("/usr/local/lib/snort/dynamicpreprocessor/lib_sfdynamic_preprocessor_example.so"))
- {
- exec('/bin/rm /usr/local/lib/snort/dynamicpreprocessor/lib_sfdynamic_preprocessor_example*');
- }
-
- /* find out if were in 1.2.3-RELEASE */
- $pfsense_ver_chk = exec('/bin/cat /etc/version');
- if ($pfsense_ver_chk == '1.2.3-RELEASE')
- {
- $pfsense_stable = 'yes';
- }else{
- $pfsense_stable = 'no';
- }
-
- /* move files around, make it look clean */
- exec('/bin/mkdir -p /usr/local/www/snort/css');
- exec('/bin/mkdir -p /usr/local/www/snort/images');
- exec('/bin/mkdir -p /usr/local/www/snort/javascript');
-
- chdir ("/usr/local/www/snort/css/");
- exec('/usr/bin/fetch http://www.pfsense.com/packages/config/snort-dev/css/style.css');
- exec('/usr/bin/fetch http://www.pfsense.com/packages/config/snort-dev/css/style2.css');
- chdir ("/usr/local/www/snort/images/");
- exec('/usr/bin/fetch http://www.pfsense.com/packages/config/snort-dev/images/alert.jpg');
- exec('/usr/bin/fetch http://www.pfsense.com/packages/config/snort-dev/images/down.gif');
- exec('/usr/bin/fetch http://www.pfsense.com/packages/config/snort-dev/images/down2.gif');
- exec('/usr/bin/fetch http://www.pfsense.com/packages/config/snort-dev/images/icon-table-sort.png');
- exec('/usr/bin/fetch http://www.pfsense.com/packages/config/snort-dev/images/icon-table-sort-asc.png');
- exec('/usr/bin/fetch http://www.pfsense.com/packages/config/snort-dev/images/icon-table-sort-desc.png');
- exec('/usr/bin/fetch http://www.pfsense.com/packages/config/snort-dev/images/up.gif');
- exec('/usr/bin/fetch http://www.pfsense.com/packages/config/snort-dev/images/up2.gif');
- exec('/usr/bin/fetch http://www.pfsense.com/packages/config/snort-dev/images/logo.jpg');
- exec('/usr/bin/fetch http://www.pfsense.com/packages/config/snort-dev/images/footer.jpg');
- exec('/usr/bin/fetch http://www.pfsense.com/packages/config/snort-dev/images/footer2.jpg');
- exec('/usr/bin/fetch http://www.pfsense.com/packages/config/snort-dev/images/icon_excli.png');
- chdir ("/usr/local/www/snort/javascript/");
- exec('/usr/bin/fetch http://www.pfsense.com/packages/config/snort-dev/javascript/jquery.blockUI.js');
- exec('/usr/bin/fetch http://www.pfsense.com/packages/config/snort-dev/javascript/jquery-1.3.2.js');
- exec('/usr/bin/fetch http://www.pfsense.com/packages/config/snort-dev/javascript/mootools.js');
- exec('/usr/bin/fetch http://www.pfsense.com/packages/config/snort-dev/javascript/sortableTable.js');
- exec('/usr/bin/fetch http://www.pfsense.com/packages/config/snort-dev/javascript/tabs.js');
-
- /* install barnyard2 for 2.0 and 1.2.3 */
- chdir ("/usr/local/bin/");
- if ($pfsense_stable == 'yes') {
- exec('/usr/bin/fetch http://www.pfsense.com/packages/config/snort-dev/bin/7.2.x86/barnyard2');
- }else{
- exec('/usr/bin/fetch http://www.pfsense.com/packages/config/snort-dev/bin/8.0.x86/barnyard2');
- }
- exec('/bin/chmod 077 /usr/local/bin/barnyard2');
-
- /* back to default */
- chdir ("/root/");
-
- conf_mount_ro();
-
-}
-
function sync_package_snort_reinstall()
{
global $config;
- conf_mount_rw();
-
- if(!$config['installedpackages']['snortglobal'])
+ if(!$config['installedpackages']['snort'])
return;
/* create snort configuration file */
create_snort_conf();
/* start snort service */
- // start_service("snort"); // do not start, may be needed latter.
-
- conf_mount_ro();
+ start_service("snort");
}
-
-/* func for updating cron */
-function snort_rm_blocked_install_cron($should_install)
-{
- global $config, $g;
-
- if ($g['booting']==true)
- return;
-
- $is_installed = false;
-
- if(!$config['cron']['item'])
- return;
-
- $x=0;
- foreach($config['cron']['item'] as $item)
- {
- if (strstr($item['command'], "snort2c"))
- {
- $is_installed = true;
- break;
- }
- $x++;
- }
-
- $snort_rm_blocked_info_ck = $config['installedpackages']['snortglobal']['rm_blocked'];
- if ($snort_rm_blocked_info_ck == "1h_b")
- {
- $snort_rm_blocked_min = "*/5";
- $snort_rm_blocked_hr = "*";
- $snort_rm_blocked_mday = "*";
- $snort_rm_blocked_month = "*";
- $snort_rm_blocked_wday = "*";
- $snort_rm_blocked_expire = "3600";
- }
- if ($snort_rm_blocked_info_ck == "3h_b")
- {
- $snort_rm_blocked_min = "*/15";
- $snort_rm_blocked_hr = "*";
- $snort_rm_blocked_mday = "*";
- $snort_rm_blocked_month = "*";
- $snort_rm_blocked_wday = "*";
- $snort_rm_blocked_expire = "10800";
- }
- if ($snort_rm_blocked_info_ck == "6h_b")
- {
- $snort_rm_blocked_min = "*/30";
- $snort_rm_blocked_hr = "*";
- $snort_rm_blocked_mday = "*";
- $snort_rm_blocked_month = "*";
- $snort_rm_blocked_wday = "*";
- $snort_rm_blocked_expire = "21600";
- }
- if ($snort_rm_blocked_info_ck == "12h_b")
- {
- $snort_rm_blocked_min = "2";
- $snort_rm_blocked_hr = "*/1";
- $snort_rm_blocked_mday = "*";
- $snort_rm_blocked_month = "*";
- $snort_rm_blocked_wday = "*";
- $snort_rm_blocked_expire = "43200";
- }
- if ($snort_rm_blocked_info_ck == "1d_b")
- {
- $snort_rm_blocked_min = "2";
- $snort_rm_blocked_hr = "*/2";
- $snort_rm_blocked_mday = "*";
- $snort_rm_blocked_month = "*";
- $snort_rm_blocked_wday = "*";
- $snort_rm_blocked_expire = "86400";
- }
- if ($snort_rm_blocked_info_ck == "4d_b")
- {
- $snort_rm_blocked_min = "2";
- $snort_rm_blocked_hr = "*/8";
- $snort_rm_blocked_mday = "*";
- $snort_rm_blocked_month = "*";
- $snort_rm_blocked_wday = "*";
- $snort_rm_blocked_expire = "345600";
- }
- if ($snort_rm_blocked_info_ck == "7d_b")
- {
- $snort_rm_blocked_min = "2";
- $snort_rm_blocked_hr = "*/14";
- $snort_rm_blocked_mday = "*";
- $snort_rm_blocked_month = "*";
- $snort_rm_blocked_wday = "*";
- $snort_rm_blocked_expire = "604800";
- }
- if ($snort_rm_blocked_info_ck == "28d_b")
- {
- $snort_rm_blocked_min = "2";
- $snort_rm_blocked_hr = "0";
- $snort_rm_blocked_mday = "*/2";
- $snort_rm_blocked_month = "*";
- $snort_rm_blocked_wday = "*";
- $snort_rm_blocked_expire = "2419200";
- }
- switch($should_install)
- {
- case true:
- if(!$is_installed)
- {
- $cron_item = array();
- $cron_item['minute'] = "$snort_rm_blocked_min";
- $cron_item['hour'] = "$snort_rm_blocked_hr";
- $cron_item['mday'] = "$snort_rm_blocked_mday";
- $cron_item['month'] = "$snort_rm_blocked_month";
- $cron_item['wday'] = "$snort_rm_blocked_wday";
- $cron_item['who'] = "root";
- $cron_item['command'] = "/usr/bin/nice -n20 /usr/local/sbin/expiretable -t $snort_rm_blocked_expire snort2c";
- $config['cron']['item'][] = $cron_item;
- write_config("Installed $snort_rm_blocked_info_ck minute filter reload for Time Based Rules");
- configure_cron();
- }
- break;
- case false:
- if($is_installed == true)
- {
- if($x > 0)
- {
- unset($config['cron']['item'][$x]);
- write_config();
- conf_mount_rw();
- }
- configure_cron();
- }
- break;
- }
-}
-
-/* func to install snort update */
-function snort_rules_up_install_cron($should_install) {
- global $config, $g;
-
- if ($g['booting']==true)
- return;
-
- $is_installed = false;
-
- if(!$config['cron']['item'])
- return;
-
- $x=0;
- foreach($config['cron']['item'] as $item) {
- if (strstr($item['command'], "snort_check_for_rule_updates.php")) {
- $is_installed = true;
- break;
- }
- $x++;
- }
- $snort_rules_up_info_ck = $config['installedpackages']['snortglobal']['autorulesupdate7'];
- if ($snort_rules_up_info_ck == "6h_up") {
- $snort_rules_up_min = "3";
- $snort_rules_up_hr = "*/6";
- $snort_rules_up_mday = "*";
- $snort_rules_up_month = "*";
- $snort_rules_up_wday = "*";
- }
- if ($snort_rules_up_info_ck == "12h_up") {
- $snort_rules_up_min = "3";
- $snort_rules_up_hr = "*/12";
- $snort_rules_up_mday = "*";
- $snort_rules_up_month = "*";
- $snort_rules_up_wday = "*";
- }
- if ($snort_rules_up_info_ck == "1d_up") {
- $snort_rules_up_min = "3";
- $snort_rules_up_hr = "0";
- $snort_rules_up_mday = "*/1";
- $snort_rules_up_month = "*";
- $snort_rules_up_wday = "*";
- }
- if ($snort_rules_up_info_ck == "4d_up") {
- $snort_rules_up_min = "3";
- $snort_rules_up_hr = "0";
- $snort_rules_up_mday = "*/4";
- $snort_rules_up_month = "*";
- $snort_rules_up_wday = "*";
- }
- if ($snort_rules_up_info_ck == "7d_up") {
- $snort_rules_up_min = "3";
- $snort_rules_up_hr = "0";
- $snort_rules_up_mday = "*/7";
- $snort_rules_up_month = "*";
- $snort_rules_up_wday = "*";
- }
- if ($snort_rules_up_info_ck == "28d_up") {
- $snort_rules_up_min = "3";
- $snort_rules_up_hr = "0";
- $snort_rules_up_mday = "*/28";
- $snort_rules_up_month = "*";
- $snort_rules_up_wday = "*";
- }
- switch($should_install) {
- case true:
- if(!$is_installed) {
- $cron_item = array();
- $cron_item['minute'] = "$snort_rules_up_min";
- $cron_item['hour'] = "$snort_rules_up_hr";
- $cron_item['mday'] = "$snort_rules_up_mday";
- $cron_item['month'] = "$snort_rules_up_month";
- $cron_item['wday'] = "$snort_rules_up_wday";
- $cron_item['who'] = "root";
- $cron_item['command'] = "/usr/bin/nice -n20 /usr/local/bin/php -f /usr/local/pkg/snort/snort_check_for_rule_updates.php >> /usr/local/etc/snort/snort_update.log";
- $config['cron']['item'][] = $cron_item;
- write_config("Installed 15 minute filter reload for Time Based Rules");
- configure_cron();
- }
- break;
- case false:
- if($is_installed == true) {
- if($x > 0) {
- unset($config['cron']['item'][$x]);
- write_config();
- conf_mount_rw();
- }
- configure_cron();
- }
- break;
- }
-}
-
-function sync_snort_package_remove_old()
-{
-
- global $config, $g;
-
-$snort_dir_scan = '/usr/local/etc/snort';
-
-// scan dirm might have to make this into a funtion
-$dh_scan = opendir($snort_dir_scan);
-while (false !== ($dir_filename = readdir($dh_scan))) {
- $list_dir_files[] = $dir_filename;
-}
-
-// find patern in a array, very cool code
-class array_ereg {
- function array_ereg($pattern) { $this->pattern = $pattern; }
- function ereg($string) {
- return ereg($this->pattern, $string);
- }
-}
-
- $rule_array2 = $config['installedpackages']['snortglobal']['rule'];
- $id2 = -1;
- foreach ($rule_array2 as $value)
- {
-
- $id += 1;
-
- $result_lan = $config['installedpackages']['snortglobal']['rule'][$id]['interface'];
- $if_real = convert_friendly_interface_to_real_interface_name2($result_lan);
-
- $snort_rules_list[] = "snort_$id$if_real";
-
- }
-
-
-$snort_dir_filter = array_filter($list_dir_files, array(new array_ereg("snort_"), 'ereg'));
-$snort_dir_filter_search_result = array_diff($snort_dir_filter, $snort_rules_list);
-
- foreach ($snort_dir_filter_search_result as $value)
- {
- exec("rm -r /usr/local/etc/snort/$value");
- }
-
-}
-
-/* make sure this func on writes to files and does not start snort */
-function sync_snort_package()
+function sync_package_snort()
{
global $config, $g;
conf_mount_rw();
- /* all new files are for the user snort nologin */
- if(!file_exists("/var/log/snort"))
- {
- exec("/bin/mkdir -p /var/log/snort");
- }
-
- exec("/usr/sbin/chown -R snort:snort /var/log/snort");
- exec("/usr/sbin/chown -R snort:snort /usr/local/etc/snort");
- exec("/usr/sbin/chown -R snort:snort /usr/local/lib/snort");
- exec("/bin/chmod -R 755 /var/log/snort");
- exec("/bin/chmod -R 755 /usr/local/etc/snort");
- exec("/bin/chmod -R 755 /usr/local/lib/snort");
-
-
- conf_mount_ro();
-}
-
-/* make sure this func on writes to files and does not start snort */
-function sync_snort_package_all()
-{
- global $config, $g, $id, $if_real, $snort_uuid, $interface_fake;
-
-/* RedDevil suggested code */
-/* TODO: more testing needs to be done */
-exec("/sbin/sysctl net.bpf.bufsize=8388608");
-exec("/sbin/sysctl net.bpf.maxbufsize=4194304");
-exec("/sbin/sysctl net.bpf.maxinsns=512");
-exec("/sbin/sysctl net.inet.tcp.rfc1323=1");
-
-# Error checking
-if ($id != '' && $if_real != '') //new
-{
- /* do not start config build if rules is empty */
- if (!empty($config['installedpackages']['snortglobal']['rule']))
- {
-
- conf_mount_rw();
-
- $snort_uuid = $config['installedpackages']['snortglobal']['rule'][$id]['uuid'];
- $result_lan = $config['installedpackages']['snortglobal']['rule'][$id]['interface'];
- $if_real = convert_friendly_interface_to_real_interface_name($result_lan);
-
- /* create snort configuration file */
- create_snort_conf($id, $if_real, $snort_uuid);
-
- /* if rules exist cp rules to each iface */
- create_rules_iface($id, $if_real, $snort_uuid);
-
- /* create snort bootup file snort.sh only create once */
- create_snort_sh();
-
- /* create barnyard2 configuration file */
- $snortbarnyardlog_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['barnyard_enable'];
- if ($snortbarnyardlog_info_chk == 'on')
- create_barnyard2_conf($id, $if_real, $snort_uuid);
-
- sync_snort_package();
-
- conf_mount_ro();
- }
- }
-}
-
-/* only be run on new iface create, bootup and ip refresh */
-function sync_snort_package_empty()
-{
- global $config, $g;
- conf_mount_rw();
-
- /* do not start config build if rules is empty */
- if (!empty($config['installedpackages']['snortglobal']['rule']))
- {
- if ($id == "")
- {
-
- $rule_array = $config['installedpackages']['snortglobal']['rule'];
- $id = -1;
- foreach ($rule_array as $value)
- {
-
- if ($id == '') {
- $id = 0;
- }
-
- $id += 1;
+ mwexec("mkdir -p /var/log/snort/");
- $result_lan = $config['installedpackages']['snortglobal']['rule'][$id]['interface'];
- $if_real = convert_friendly_interface_to_real_interface_name2($result_lan);
- $snort_uuid = $config['installedpackages']['snortglobal']['rule'][$id]['uuid'];
+ if(!file_exists("/var/log/snort/alert"))
+ touch("/var/log/snort/alert");
- if ($if_real != '' && $snort_uuid != '') {
- /* create snort configuration file */
- create_snort_conf($id, $if_real, $snort_uuid);
+ /* snort -> advanced features */
+ $bpfbufsize = $config['installedpackages']['snortadvanced']['config'][0]['bpfbufsize'];
+ $bpfmaxbufsize = $config['installedpackages']['snortadvanced']['config'][0]['bpfmaxbufsize'];
+ $bpfmaxinsns = $config['installedpackages']['snortadvanced']['config'][0]['bpfmaxinsns'];
- /* if rules exist cp rules to each iface */
- create_rules_iface($id, $if_real, $snort_uuid);
+ /* set the snort performance model */
+ if($config['installedpackages']['snort']['config'][0]['performance'])
+ $snort_performance = $config['installedpackages']['snort']['config'][0]['performance'];
+ else
+ $snort_performance = "ac-bnfa";
- /* create barnyard2 configuration file */
- $snortbarnyardlog_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['barnyard_enable'];
- if ($snortbarnyardlog_info_chk == 'on')
- create_barnyard2_conf($id, $if_real, $snort_uuid);
- }
+ /* create a few directories and ensure the sample files are in place */
+ exec("/bin/mkdir -p /usr/local/etc/snort");
+ exec("/bin/mkdir -p /var/log/snort");
+ exec("/bin/mkdir -p /usr/local/etc/snort/rules");
+ exec("/bin/rm /usr/local/etc/snort/snort.conf-sample");
+ exec("/bin/rm /usr/local/etc/snort/threshold.conf-sample");
+ exec("/bin/rm /usr/local/etc/snort/sid-msg.map-sample");
+ exec("/bin/rm /usr/local/etc/snort/unicode.map-sample");
+ exec("/bin/rm /usr/local/etc/snort/classification.config-sample");
+ exec("/bin/rm /usr/local/etc/snort/generators-sample");
+ exec("/bin/rm /usr/local/etc/snort/reference.config-sample");
+ exec("/bin/rm /usr/local/etc/snort/gen-msg.map-sample");
+ exec("/bin/rm /usr/local/etc/snort/sid");
+ exec("/bin/rm -f /usr/local/etc/rc.d/snort");
+
+ $first = 0;
+ $snortInterfaces = array(); /* -gtm */
+
+ $if_list = $config['installedpackages']['snort']['config'][0]['iface_array'];
+ $if_array = split(',', $if_list);
+ //print_r($if_array);
+ if($if_array) {
+ foreach($if_array as $iface) {
+ $if = convert_friendly_interface_to_real_interface_name($iface);
+
+ if($config['interfaces'][$iface]['ipaddr'] == "pppoe") {
+ $if = "ng0";
}
-
- /* create snort bootup file snort.sh only create once */
- create_snort_sh();
-
- sync_snort_package();
-
+
+ /* build a list of user specified interfaces -gtm */
+ if($if){
+ array_push($snortInterfaces, $if);
+ $first = 1;
+ }
+ }
+
+ if (count($snortInterfaces) < 1) {
+ log_error("Snort will not start. You must select an interface for it to listen on.");
+ return;
}
}
-}
-
-/* Start of main config files */
-/* Start of main config files */
-
-
-/* open snort.sh for writing" */
-function create_snort_sh()
-{
- # Don not add $id or this will break
-
- global $config, $g;
- conf_mount_rw();
-
- /* do not start config build if rules is empty */
- if (!empty($config['installedpackages']['snortglobal']['rule']))
+ //print_r($snortInterfaces);
+
+ /* create log directory */
+ $start = "/bin/mkdir -p /var/log/snort\n";
+
+ /* snort advanced features - bpf tuning */
+ if($bpfbufsize)
+ $start .= "sysctl net.bpf.bufsize={$bpfbufsize}\n";
+ if($bpfmaxbufsize)
+ $start .= "sysctl net.bpf.maxbufsize={$bpfmaxbufsize}\n";
+ if($bpfmaxinsns)
+ $start .= "sysctl net.bpf.maxinsns={$bpfmaxinsns}\n";
+
+ /* go ahead and issue bpf changes */
+ if($bpfbufsize)
+ mwexec_bg("sysctl net.bpf.bufsize={$bpfbufsize}");
+ if($bpfmaxbufsize)
+ mwexec_bg("sysctl net.bpf.maxbufsize={$bpfmaxbufsize}");
+ if($bpfmaxinsns)
+ mwexec_bg("sysctl net.bpf.maxinsns={$bpfmaxinsns}");
+
+ /* always stop barnyard2 before starting snort -gtm */
+ $start .= "/usr/bin/killall barnyard2\n";
+
+ /* start a snort process for each interface -gtm */
+ /* Note the sleep delay. Seems to help getting mult interfaces to start -gtm */
+ /* snort start options are; config file, log file, demon, interface, packet flow, alert type, quiet */
+ /* TODO; get snort to start under nologin shell */
+ foreach($snortInterfaces as $snortIf)
{
- if ($id == "")
- {
-
- $rule_array = $config['installedpackages']['snortglobal']['rule'];
- $id = -1;
- foreach ($rule_array as $value)
- {
-
- $id += 1;
-
- $snort_uuid = $config['installedpackages']['snortglobal']['rule'][$id]['uuid'];
- $result_lan = $config['installedpackages']['snortglobal']['rule'][$id]['interface'];
- $if_real = convert_friendly_interface_to_real_interface_name($result_lan);
-
- /* define snortbarnyardlog_chk */
- $snortbarnyardlog_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['barnyard_enable'];
- $snortbarnyardlog_mysql_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['barnyard_mysql'];
-
- if ($snortbarnyardlog_info_chk == 'on' && $snortbarnyardlog_mysql_info_chk != '') {
- $start_barnyard2 = "sleep 4;/usr/local/bin/barnyard2 -f snort_{$snort_uuid}_{$if_real}.u2 -u snort -g snort -c /usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/barnyard2.conf -w /usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/barnyard2.waldo -D -q";
- }
-
-/* Get all interface startup commands ready */
-
-$snort_sh_text2[] = <<<EOD
-###### For Each Iface
-
- # If Snort proc is NOT running
- if [ "`/bin/ps -auwx | grep -v grep | grep "R {$snort_uuid}_{$if_real}" | awk '{print $2;}'`" = "" ]; then
-
- /bin/echo "snort.sh run" > /tmp/snort.sh.pid
-
- # Start snort and barnyard2
- /bin/rm /var/run/snort_{$snort_uuid}_{$if_real}.pid
- /bin/rm /var/run/snort_{$snort_uuid}_{$if_real}.pid.lck
-
- /usr/local/bin/snort -u snort -g snort -R {$snort_uuid}_{$if_real} -D -q -l /var/log/snort -G {$snort_uuid} -c /usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/snort.conf -i {$if_real}
- $start_barnyard2
-
- /usr/bin/logger -p daemon.info -i -t SnortStartup "Snort HARD Reload For {$snort_uuid}_{$if_real}..."
-
- fi
-EOD;
-
-$snort_sh_text3[] = <<<EOE
-
-###### For Each Iface
-
- #### Fake start only used on bootup and Pfsense IP changes
- #### Only try to restart if snort is running on Iface
- if [ "`/bin/ps -auwx | /usr/bin/grep -v grep | /usr/bin/grep "R {$snort_uuid}_{$if_real}" | /usr/bin/awk '{print $2;}'`" != "" ]; then
-
- snort_pid="`/bin/ps -auwx | /usr/bin/grep -v grep | /usr/bin/grep "R {$snort_uuid}_{$if_real}" | /usr/bin/awk '{print $2;}'`"
- /usr/bin/logger -p daemon.info -i -t SnortStartup "Snort already running, soft restart"
-
- #### Restart Iface
- /bin/kill -HUP \${snort_pid}
- /usr/bin/logger -p daemon.info -i -t SnortStartup "Snort Soft Reload For {$snort_uuid}_{$if_real}..."
-
- fi
-
-EOE;
-
-$snort_sh_text4[] = <<<EOF
-
- pid_s=`/bin/ps -auwx | /usr/bin/grep -v grep | /usr/bin/grep "R {$snort_uuid}_{$if_real}" | /usr/bin/awk '{print \$2;}'`
- sleep 3
- pid_b=`/bin/ps -auwx | /usr/bin/grep -v grep | /usr/bin/grep "snort_{$snort_uuid}_{$if_real}.u2" | /usr/bin/awk '{print \$2;}'`
-
- if [ \${pid_s} ] ; then
+ $start .= "sleep 4\n";
+ $start .= "/usr/local/bin/snort -c /usr/local/etc/snort/snort.conf -l /var/log/snort -D -i {$snortIf} -q\n";
+ /* define snortbarnyardlog_chk */
+ $snortbarnyardlog_info_chk = $config['installedpackages']['snortadvanced']['config'][0]['snortbarnyardlog'];
+ if ($snortbarnyardlog_info_chk == on)
+ $start .= "\nsleep 4;/usr/local/bin/barnyard2 -c /usr/local/etc/barnyard2.conf -d /var/log/snort -f snort.u2 -w /usr/local/etc/snort/barnyard2.waldo -D -q\n";
+ }
+ $check_if_snort_runs = "\n\tif [ \"`ls -A /usr/local/etc/snort/rules`\" ] ; then\n\techo \"rules exist\"\n\telse\n\techo \"rules DONT exist\"\n\texit 2\n\tfi \n\n\tif [ \"`pgrep -x snort`\" = \"\" ] ; then\n\t/bin/rm /tmp/snort.sh.pid\n\tfi \n\n\tif [ \"`pgrep -x snort`\" != \"\" ] ; then\n\tlogger -p daemon.info -i -t SnortStartup \"Snort already running...\"\n\t/usr/local/bin/php -f /usr/local/pkg/pf/snort_dynamic_ip_reload.php\n\texit 1\n\tfi\n\n";
+ $if_snort_pid = "\nif ls /tmp/snort.sh.pid > /dev/null\nthen\n echo \"snort.sh is running\"\n exit 0\nelse\n echo \"snort.sh is not running\"\nfi\n";
+ $echo_snort_sh_pid = "\necho \"snort.sh run\" > /tmp/snort.sh.pid\n";
+ $echo_snort_sh_startup_log = "\necho \"snort.sh run\" >> /tmp/snort.sh_startup.log\n";
+ $del_old_pids = "\nrm -f /var/run/snort_*\n";
+ $sample_before = "BEFORE_MEM=`top | grep Wired | awk '{print \$12}'`\n";
+ $sample_after = "\n\tAFTER_MEM=`top | grep Wired | awk '{print \$12}'`\n";
+ if ($snort_performance == "ac-bnfa")
+ $sleep_before_final = "\necho \"Sleeping before final memory sampling...\"\nWAITSECURE=60\n";
+ else
+ $sleep_before_final = "\necho \"Sleeping before final memory sampling...\"\nWAITSECURE=300\n";
+ $sleep_before_final .= "while [ \"\$MYSNORTLOG\" = \"\" -a \$WAITSECURE -gt 0 ] ; do\n\tsleep 2\n\tMYSNORTLOG=`/usr/sbin/clog /var/log/system.log | grep snort | tail | grep 'Snort initialization completed successfully'`\n\tWAITSECURE=`expr \$WAITSECURE - 1`\ndone\n";
+ $total_used_after = "TOTAL_USAGE=`top | grep snort | grep -v grep | awk '{ print \$6 }'`\n";
+ $echo_usage .= $sample_after . "\t" . $total_used_after . "\techo \"Ram free BEFORE starting Snort: \$BEFORE_MEM -- Ram free AFTER starting Snort: \$AFTER_MEM -- Mode " . $snort_performance . " -- Snort memory usage: \$TOTAL_USAGE\" | logger -p daemon.info -i -t SnortStartup\n\n";
- /bin/echo "snort.sh run" > /tmp/snort.sh.pid
- /usr/bin/logger -p daemon.info -i -t SnortStartup "Snort HARD STOP For {$snort_uuid}_{$if_real}..."
-
- /bin/kill \${pid_s}
- sleep 3
- /bin/kill \${pid_b}
-
- /bin/rm /var/run/snort_{$snort_uuid}_{$if_real}.pid.lck
- /bin/rm /var/run/snort_{$snort_uuid}_{$if_real}.pid
+ /* write out rc.d start/stop file */
+ write_rcfile(array(
+ "file" => "snort.sh",
+ "start" => "{$check_if_snort_runs}{$if_snort_pid}{$echo_snort_sh_pid}{$echo_snort_sh_startup_log}{$del_old_pids}{$sample_before}{$start}{$sleep_before_final}{$echo_usage}",
+ "stop" => "/usr/bin/killall snort; killall barnyard2"
+ )
+ );
- fi
+ /* create snort configuration file */
+ create_snort_conf();
-EOF;
+/* create barnyard2 configuration file */
+$snortbarnyardlog_info_chk = $config['installedpackages']['snortadvanced']['config'][0]['snortbarnyardlog'];
+if ($snortbarnyardlog_info_chk == on)
+ create_barnyard2_conf();
- }
- }
+ /* snort will not start on install untill setting are set */
+if ($config['installedpackages']['snort']['config'][0]['autorulesupdate7'] != "") {
+ /* start snort service */
+ conf_mount_ro();
+ start_service("snort");
}
-
-
-$start_snort_iface_start = implode("\n\n", $snort_sh_text2);
-
-$start_snort_iface_restart = implode("\n\n", $snort_sh_text3);
-
-$start_snort_iface_stop = implode("\n\n", $snort_sh_text4);
-
-/* open snort.sh for writing" */
-conf_mount_rw();
-
-$snort_sh_text = <<<EOD
-#!/bin/sh
-########
-# This file was automatically generated
-# by the pfSense service handler.
-# Code added to protect from double starts on pfSense bootup
-######## Begining of Main snort.sh
-
-rc_start() {
-
- #### Check for double starts, Pfsense has problems with that
- if /bin/ls /tmp/snort.sh.pid > /dev/null ; then
-
- /usr/bin/logger -p daemon.info -i -t SnortStartup "Error: snort.sh IS running"
- exit 0
-
- fi
-
- /bin/echo "snort.sh run" > /tmp/snort.sh.pid
-
- #### Remake the configs on boot Important!
- /usr/local/bin/php -f /usr/local/pkg/pf/snort_dynamic_ip_reload.php
- /usr/bin/logger -p daemon.info -i -t SnortStartup "Snort Startup files Sync..."
-
-$start_snort_iface_restart
-
- /bin/rm /tmp/snort.sh.pid
-
- #### If on Fake start snort is NOT running DO a real start.
- if [ "`/bin/ps -auwx | grep -v grep | grep "R {$snort_uuid}_{$if_real}" | awk '{print $2;}'`" = "" ]; then
-
- rc_start_real
-
- fi
-}
-
-rc_start_real() {
-
- #### Check for double starts, Pfsense has problems with that
- if /bin/ls /tmp/snort.sh.pid > /dev/null ; then
- /usr/bin/logger -p daemon.info -i -t SnortStartup "Error: snort.sh IS running"
- exit 0
- fi
-
-$start_snort_iface_start
-
- /bin/rm /tmp/snort.sh.pid
-
-}
-
-rc_stop() {
-
- #### Check for double starts, Pfsense has problems with that
- if /bin/ls /tmp/snort.sh.pid > /dev/null ; then
- /usr/bin/logger -p daemon.info -i -t SnortStartup "Error: snort.sh IS running"
- exit 0
- fi
-
-$start_snort_iface_stop
-
- /bin/rm /tmp/snort.sh.pid
- /bin/rm /var/run/snort*
-
-}
-
-case $1 in
- start)
- rc_start
- ;;
- start_real)
- rc_start_real
- ;;
- stop)
- rc_stop
- ;;
- restart)
- rc_stop
- rc_start_real
- ;;
-esac
-
-EOD;
-
- /* write out snort.sh */
- $bconf = fopen("/usr/local/etc/rc.d/snort.sh", "w");
- if(!$bconf) {
- log_error("Could not open /usr/local/etc/rc.d/snort.sh for writing.");
- exit;
- }
- /* write snort.sh */
- fwrite($bconf, $snort_sh_text);
- fclose($bconf);
-
-}
-
-
-///////////////////////// >>>>>>>>>>>>
-
-/* if rules exist copy to new interfaces */
-function create_rules_iface($id, $if_real, $snort_uuid)
-{
-
- global $config, $g;
- conf_mount_rw();
-
- $if_rule_dir = "/usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/rules";
- $folder_chk = (count(glob("$if_rule_dir/*")) === 0) ? 'empty' : 'full';
-
- if ($folder_chk == "empty")
- {
- exec("/bin/cp -R /usr/local/etc/snort/rules /usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}");
- if (file_exists("/usr/local/etc/snort/custom_rules/local_{$snort_uuid}_{$if_real}.rules"))
- {
- exec("/bin/cp /usr/local/etc/snort/custom_rules/local_{$snort_uuid}_{$if_real}.rules /usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/rules/local_{$snort_uuid}_{$if_real}.rules");
- }
- }
-
}
/* open barnyard2.conf for writing */
-function create_barnyard2_conf($id, $if_real, $snort_uuid) {
- global $bconfig, $g;
+function create_barnyard2_conf() {
+ global $bconfig, $bg;
/* write out barnyard2_conf */
-
- if(!file_exists("/usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/barnyard2.conf"))
- {
- exec("/bin//usr/bin/touch /usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/barnyard2.conf");
- }
-
- $barnyard2_conf_text = generate_barnyard2_conf($id, $if_real, $snort_uuid);
- $bconf = fopen("/usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/barnyard2.conf", "w");
+ conf_mount_rw();
+ $barnyard2_conf_text = generate_barnyard2_conf();
+ $bconf = fopen("/usr/local/etc/barnyard2.conf", "w");
if(!$bconf) {
- log_error("Could not open /usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/barnyard2.conf for writing.");
+ log_error("Could not open /usr/local/etc/barnyard2.conf for writing.");
exit;
}
fwrite($bconf, $barnyard2_conf_text);
fclose($bconf);
+ conf_mount_ro();
}
-
/* open barnyard2.conf for writing" */
-function generate_barnyard2_conf($id, $if_real, $snort_uuid) {
+function generate_barnyard2_conf() {
global $config, $g;
conf_mount_rw();
/* define snortbarnyardlog */
-/* TODO: add support for the other 5 output plugins */
+/* TODO add support for the other 5 output plugins */
-$snortbarnyardlog_database_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['barnyard_mysql'];
-$snortbarnyardlog_hostname_info_chk = exec("/bin/hostname");
+$snortbarnyardlog_database_info_chk = $config['installedpackages']['snortadvanced']['config'][0]['snortbarnyardlog_database'];
+$snortbarnyardlog_hostname_info_chk = $config['installedpackages']['snortadvanced']['config'][0]['snortbarnyardlog_hostname'];
+$snortbarnyardlog_interface_info_chk = $config['installedpackages']['snortadvanced']['config'][0]['snortbarnyardlog_interface'];
$barnyard2_conf_text = <<<EOD
# barnyard2.conf
# barnyard2 can be found at http://www.securixlive.com/barnyard2/index.php
-#
+
# Copyright (C) 2006 Robert Zelaya
# part of pfSense
# All rights reserved.
-#
+
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are met:
+
# 1. Redistributions of source code must retain the above copyright notice,
# this list of conditions and the following disclaimer.
-#
+
# 2. Redistributions in binary form must reproduce the above copyright
# notice, this list of conditions and the following disclaimer in the
# documentation and/or other materials provided with the distribution.
-#
+
# THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
# INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
# AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
@@ -1015,125 +248,93 @@ $barnyard2_conf_text = <<<EOD
# CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
# ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
# POSSIBILITY OF SUCH DAMAGE.
-#
# set the appropriate paths to the file(s) your Snort process is using
-
-config reference_file: /usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/reference.config
-config classification_file: /usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/classification.config
-config gen_file: /usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/gen-msg.map
-config sid_file: /usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/sid-msg.map
+config reference-map: /usr/local/etc/snort/reference.config
+config class-map: /usr/local/etc/snort/classification.config
+config gen-msg-map: /usr/local/etc/snort/gen-msg.map
+config sid-msg-map: /usr/local/etc/snort/sid-msg.map
config hostname: $snortbarnyardlog_hostname_info_chk
-config interface: {$snort_uuid}_{$if_real}
+config interface: $snortbarnyardlog_interface_info_chk
# Step 2: setup the input plugins
input unified2
-config logdir: /var/log/snort
-
# database: log to a variety of databases
# output database: log, mysql, user=xxxx password=xxxxxx dbname=xxxx host=xxx.xxx.xxx.xxxx
$snortbarnyardlog_database_info_chk
EOD;
-
+ conf_mount_rw();
return $barnyard2_conf_text;
}
-function create_snort_conf($id, $if_real, $snort_uuid)
-{
+function create_snort_conf() {
global $config, $g;
/* write out snort.conf */
-
- if ($if_real != '' && $snort_uuid != '') {
-
- $snort_conf_text = generate_snort_conf($id, $if_real, $snort_uuid);
+ $snort_conf_text = generate_snort_conf();
conf_mount_rw();
- $conf = fopen("/usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/snort.conf", "w");
+ $conf = fopen("/usr/local/etc/snort/snort.conf", "w");
if(!$conf) {
- log_error("Could not open /usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/snort.conf for writing.");
+ log_error("Could not open /usr/local/etc/snort/snort.conf for writing.");
exit;
}
fwrite($conf, $snort_conf_text);
fclose($conf);
conf_mount_ro();
- }
}
-function snort_deinstall()
-{
+function snort_deinstall() {
- global $config, $g, $id, $if_real;
- conf_mount_rw();
+ global $config, $g;
/* remove custom sysctl */
remove_text_from_file("/etc/sysctl.conf", "sysctl net.bpf.bufsize=20480");
/* decrease bpf buffers back to 4096, from 20480 */
exec("/sbin/sysctl net.bpf.bufsize=4096");
- exec("/usr/usr/bin/killall snort");
- sleep(2);
- exec("/usr/usr/bin/killall -9 snort");
- sleep(2);
- exec("/usr/usr/bin/killall barnyard2");
- sleep(2);
- exec("/usr/usr/bin/killall -9 barnyard2");
- sleep(2);
- exec("/usr/sbin/pw userdel snort");
- exec("/usr/sbin/pw groupdel snort");
+ exec("/usr/bin/killall snort");
+ sleep(5);
+ exec("/usr/bin/killall -9 snort");
+ exec("rm -f /usr/local/etc/rc.d/snort*");
exec("rm -rf /usr/local/etc/snort*");
- //exec("cd /var/db/pkg && pkg_delete `ls | grep barnyard2`");
exec("cd /var/db/pkg && pkg_delete `ls | grep snort`");
- exec("cd /var/db/pkg && pkg_delete `ls | grep mysql`");
- exec("cd /var/db/pkg && pkg_delete `ls | grep pcre`");
- exec("cd /var/db/pkg && pkg_delete `ls | grep perl`");
+ exec("cd /var/db/pkg && pkg_delete `ls | grep mysql-client`");
+ exec("cd /var/db/pkg && pkg_delete `ls | grep libdnet`");
+ exec("/usr/bin/killall -9 snort");
+ exec("/usr/bin/killall snort");
/* Remove snort cron entries Ugly code needs smoothness*/
-
-function snort_rm_blocked_deinstall_cron($should_install)
-{
+
+ function snort_rm_blocked_deinstall_cron($should_install) {
global $config, $g;
- conf_mount_rw();
$is_installed = false;
if(!$config['cron']['item'])
- return;
+ return;
$x=0;
- foreach($config['cron']['item'] as $item)
- {
- if (strstr($item['command'], "snort2c"))
- {
- $is_installed = true;
- break;
- }
-
- $x++;
-
+ foreach($config['cron']['item'] as $item) {
+ if (strstr($item['command'], "snort2c")) {
+ $is_installed = true;
+ break;
+ }
+ $x++;
+ }
+ if($is_installed == true) {
+ if($x > 0) {
+ unset($config['cron']['item'][$x]);
+ write_config();
+ }
+ configure_cron();
+ }
}
- if($is_installed == true)
- {
- if($x > 0)
- {
- unset($config['cron']['item'][$x]);
- write_config();
- conf_mount_rw();
- }
-
- configure_cron();
-
- }
- conf_mount_ro();
-
-}
-
- function snort_rules_up_deinstall_cron($should_install)
-{
+
+ function snort_rules_up_deinstall_cron($should_install) {
global $config, $g;
- conf_mount_rw();
$is_installed = false;
@@ -1152,11 +353,10 @@ function snort_rm_blocked_deinstall_cron($should_install)
if($x > 0) {
unset($config['cron']['item'][$x]);
write_config();
- conf_mount_rw();
}
configure_cron();
}
-}
+ }
snort_rm_blocked_deinstall_cron("");
snort_rules_up_deinstall_cron("");
@@ -1164,200 +364,177 @@ snort_rules_up_deinstall_cron("");
/* Unset snort registers in conf.xml IMPORTANT snort will not start with out this */
/* Keep this as a last step */
- unset($config['installedpackages']['snortglobal']);
+ unset($config['installedpackages']['snort']['config'][0]['autorulesupdate7']);
+ unset($config['installedpackages']['snort']['config'][0]['rm_blocked']);
write_config();
- conf_mount_rw();
- exec("rm -r /usr/local/www/snort");
- exec("rm -r /usr/local/pkg/snort");
- exec("rm -r /usr/local/lib/snort/");
- exec("rm -r /var/log/snort/");
-
- conf_mount_ro();
-
}
-function generate_snort_conf($id, $if_real, $snort_uuid)
-{
+function generate_snort_conf() {
global $config, $g;
-
conf_mount_rw();
-
/* obtain external interface */
/* XXX: make multi wan friendly */
- $snort_ext_int = $config['installedpackages']['snortglobal']['rule'][$id]['interface'];
+ $snort_ext_int = $config['installedpackages']['snort']['config'][0]['iface_array'][0];
- /* create basic files */
- if(!file_exists("/usr/local/etc/snort/snort/snort_{$snort_uuid}_{$if_real}"))
- {
- exec("/bin/mkdir -p /usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/");
- exec("/bin/mkdir -p /usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/rules");
-
- if(!file_exists("/usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/gen-msg.map"))
- {
- exec("/bin/cp /usr/local/etc/snort/classification.config /usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/classification.config");
- exec("/bin/cp /usr/local/etc/snort/gen-msg.map /usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/gen-msg.map");
- exec("/bin/cp /usr/local/etc/snort/reference.config /usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/reference.config");
- exec("/bin/cp /usr/local/etc/snort/sid-msg.map /usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/sid-msg.map");
- exec("/bin/cp /usr/local/etc/snort/unicode.map /usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/unicode.map");
- exec("/bin/cp /usr/local/etc/snort/threshold.conf /usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/threshold.conf");
- exec("/bin/cp /usr/local/etc/snort/snort.conf /usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/snort.conf");
- exec("/bin/cp/usr/bin/touch /usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/barnyard2.conf");
- exec("/bin/mkdir -p /usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/rules");
- }
- }
+ $snort_config_pass_thru = $config['installedpackages']['snortadvanced']['config'][0]['configpassthru'];
/* define snortalertlogtype */
-$snortalertlogtype = $config['installedpackages']['snortglobal']['snortalertlogtype'];
+$snortalertlogtype = $config['installedpackages']['snortadvanced']['config'][0]['snortalertlogtype'];
if ($snortalertlogtype == fast)
$snortalertlogtype_type = "output alert_fast: alert";
else
$snortalertlogtype_type = "output alert_full: alert";
/* define alertsystemlog */
-$alertsystemlog_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['alertsystemlog'];
+$alertsystemlog_info_chk = $config['installedpackages']['snortadvanced']['config'][0]['alertsystemlog'];
if ($alertsystemlog_info_chk == on)
$alertsystemlog_type = "output alert_syslog: log_alert";
/* define tcpdumplog */
-$tcpdumplog_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['tcpdumplog'];
+$tcpdumplog_info_chk = $config['installedpackages']['snortadvanced']['config'][0]['tcpdumplog'];
if ($tcpdumplog_info_chk == on)
$tcpdumplog_type = "output log_tcpdump: snorttcpd.log";
+/* define snortbarnyardlog_chk */
+$snortbarnyardlog_info_chk = $config['installedpackages']['snortadvanced']['config'][0]['snortbarnyardlog'];
+if ($snortbarnyardlog_info_chk == on)
+ $snortbarnyardlog_type = "barnyard2 -c /usr/local/etc/barnyard2.conf -d /var/log/snort -f snort.u2 -w /usr/local/etc/snort/barnyard2.waldo -D";
+
/* define snortunifiedlog */
-$snortunifiedlog_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['snortunifiedlog'];
+$snortunifiedlog_info_chk = $config['installedpackages']['snortadvanced']['config'][0]['snortunifiedlog'];
if ($snortunifiedlog_info_chk == on)
- $snortunifiedlog_type = "output unified2: filename snort_{$snort_uuid}_{$if_real}.u2, limit 128";
+ $snortunifiedlog_type = "output unified2: filename snort.u2, limit 128";
-/* define spoink (DISABLED)*/
-$spoink_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['blockoffenders7'];
+/* define spoink */
+$spoink_info_chk = $config['installedpackages']['snort']['config'][0]['blockoffenders7'];
if ($spoink_info_chk == on)
$spoink_type = "output alert_pf: /var/db/whitelist,snort2c";
/* define servers and ports snortdefservers */
/* def DNS_SERVSERS */
-$def_dns_servers_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['def_dns_servers'];
+$def_dns_servers_info_chk = $config['installedpackages']['snortdefservers']['config'][0]['def_dns_servers'];
if ($def_dns_servers_info_chk == "")
$def_dns_servers_type = "\$HOME_NET";
else
$def_dns_servers_type = "$def_dns_servers_info_chk";
/* def DNS_PORTS */
-$def_dns_ports_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['def_dns_ports'];
+$def_dns_ports_info_chk = $config['installedpackages']['snortdefservers']['config'][0]['def_dns_ports'];
if ($def_dns_ports_info_chk == "")
$def_dns_ports_type = "53";
else
$def_dns_ports_type = "$def_dns_ports_info_chk";
/* def SMTP_SERVSERS */
-$def_smtp_servers_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['def_smtp_servers'];
+$def_smtp_servers_info_chk = $config['installedpackages']['snortdefservers']['config'][0]['def_smtp_servers'];
if ($def_smtp_servers_info_chk == "")
$def_smtp_servers_type = "\$HOME_NET";
else
$def_smtp_servers_type = "$def_smtp_servers_info_chk";
/* def SMTP_PORTS */
-$def_smtp_ports_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['def_smtp_ports'];
+$def_smtp_ports_info_chk = $config['installedpackages']['snortdefservers']['config'][0]['def_smtp_ports'];
if ($def_smtp_ports_info_chk == "")
$def_smtp_ports_type = "25";
else
$def_smtp_ports_type = "$def_smtp_ports_info_chk";
/* def MAIL_PORTS */
-$def_mail_ports_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['def_mail_ports'];
+$def_mail_ports_info_chk = $config['installedpackages']['snortdefservers']['config'][0]['def_mail_ports'];
if ($def_mail_ports_info_chk == "")
$def_mail_ports_type = "25,143,465,691";
else
$def_mail_ports_type = "$def_mail_ports_info_chk";
/* def HTTP_SERVSERS */
-$def_http_servers_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['def_http_servers'];
+$def_http_servers_info_chk = $config['installedpackages']['snortdefservers']['config'][0]['def_http_servers'];
if ($def_http_servers_info_chk == "")
$def_http_servers_type = "\$HOME_NET";
else
$def_http_servers_type = "$def_http_servers_info_chk";
/* def WWW_SERVSERS */
-$def_www_servers_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['def_www_servers'];
+$def_www_servers_info_chk = $config['installedpackages']['snortdefservers']['config'][0]['def_www_servers'];
if ($def_www_servers_info_chk == "")
$def_www_servers_type = "\$HOME_NET";
else
$def_www_servers_type = "$def_www_servers_info_chk";
/* def HTTP_PORTS */
-$def_http_ports_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['def_http_ports'];
+$def_http_ports_info_chk = $config['installedpackages']['snortdefservers']['config'][0]['def_http_ports'];
if ($def_http_ports_info_chk == "")
$def_http_ports_type = "80";
else
$def_http_ports_type = "$def_http_ports_info_chk";
/* def SQL_SERVSERS */
-$def_sql_servers_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['def_sql_servers'];
+$def_sql_servers_info_chk = $config['installedpackages']['snortdefservers']['config'][0]['def_sql_servers'];
if ($def_sql_servers_info_chk == "")
$def_sql_servers_type = "\$HOME_NET";
else
$def_sql_servers_type = "$def_sql_servers_info_chk";
/* def ORACLE_PORTS */
-$def_oracle_ports_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['def_oracle_ports'];
+$def_oracle_ports_info_chk = $config['installedpackages']['snortdefservers']['config'][0]['def_oracle_ports'];
if ($def_oracle_ports_info_chk == "")
$def_oracle_ports_type = "1521";
else
$def_oracle_ports_type = "$def_oracle_ports_info_chk";
/* def MSSQL_PORTS */
-$def_mssql_ports_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['def_mssql_ports'];
+$def_mssql_ports_info_chk = $config['installedpackages']['snortdefservers']['config'][0]['def_mssql_ports'];
if ($def_mssql_ports_info_chk == "")
$def_mssql_ports_type = "1433";
else
$def_mssql_ports_type = "$def_mssql_ports_info_chk";
/* def TELNET_SERVSERS */
-$def_telnet_servers_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['def_telnet_servers'];
+$def_telnet_servers_info_chk = $config['installedpackages']['snortdefservers']['config'][0]['def_telnet_servers'];
if ($def_telnet_servers_info_chk == "")
$def_telnet_servers_type = "\$HOME_NET";
else
$def_telnet_servers_type = "$def_telnet_servers_info_chk";
/* def TELNET_PORTS */
-$def_telnet_ports_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['def_telnet_ports'];
+$def_telnet_ports_info_chk = $config['installedpackages']['snortdefservers']['config'][0]['def_telnet_ports'];
if ($def_telnet_ports_info_chk == "")
$def_telnet_ports_type = "23";
else
$def_telnet_ports_type = "$def_telnet_ports_info_chk";
/* def SNMP_SERVSERS */
-$def_snmp_servers_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['def_snmp_servers'];
+$def_snmp_servers_info_chk = $config['installedpackages']['snortdefservers']['config'][0]['def_snmp_servers'];
if ($def_snmp_servers_info_chk == "")
$def_snmp_servers_type = "\$HOME_NET";
else
$def_snmp_servers_type = "$def_snmp_servers_info_chk";
/* def SNMP_PORTS */
-$def_snmp_ports_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['def_snmp_ports'];
+$def_snmp_ports_info_chk = $config['installedpackages']['snortdefservers']['config'][0]['def_snmp_ports'];
if ($def_snmp_ports_info_chk == "")
$def_snmp_ports_type = "161";
else
$def_snmp_ports_type = "$def_snmp_ports_info_chk";
/* def FTP_SERVSERS */
-$def_ftp_servers_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['def_ftp_servers'];
+$def_ftp_servers_info_chk = $config['installedpackages']['snortdefservers']['config'][0]['def_ftp_servers'];
if ($def_ftp_servers_info_chk == "")
$def_ftp_servers_type = "\$HOME_NET";
else
$def_ftp_servers_type = "$def_ftp_servers_info_chk";
/* def FTP_PORTS */
-$def_ftp_ports_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['def_ftp_ports'];
+$def_ftp_ports_info_chk = $config['installedpackages']['snortdefservers']['config'][0]['def_ftp_ports'];
if ($def_ftp_ports_info_chk == "")
$def_ftp_ports_type = "21";
else
$def_ftp_ports_type = "$def_ftp_ports_info_chk";
/* def SSH_SERVSERS */
-$def_ssh_servers_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['def_ssh_servers'];
+$def_ssh_servers_info_chk = $config['installedpackages']['snortdefservers']['config'][0]['def_ssh_servers'];
if ($def_ssh_servers_info_chk == "")
$def_ssh_servers_type = "\$HOME_NET";
else
@@ -1370,124 +547,360 @@ else
$ssh_port = "22";
/* def SSH_PORTS */
-$def_ssh_ports_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['def_ssh_ports'];
+$def_ssh_ports_info_chk = $config['installedpackages']['snortdefservers']['config'][0]['def_ssh_ports'];
if ($def_ssh_ports_info_chk == "")
$def_ssh_ports_type = "{$ssh_port}";
else
$def_ssh_ports_type = "$def_ssh_ports_info_chk";
/* def POP_SERVSERS */
-$def_pop_servers_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['def_pop_servers'];
+$def_pop_servers_info_chk = $config['installedpackages']['snortdefservers']['config'][0]['def_pop_servers'];
if ($def_pop_servers_info_chk == "")
$def_pop_servers_type = "\$HOME_NET";
else
$def_pop_servers_type = "$def_pop_servers_info_chk";
/* def POP2_PORTS */
-$def_pop2_ports_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['def_pop2_ports'];
+$def_pop2_ports_info_chk = $config['installedpackages']['snortdefservers']['config'][0]['def_pop2_ports'];
if ($def_pop2_ports_info_chk == "")
$def_pop2_ports_type = "109";
else
$def_pop2_ports_type = "$def_pop2_ports_info_chk";
/* def POP3_PORTS */
-$def_pop3_ports_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['def_pop3_ports'];
+$def_pop3_ports_info_chk = $config['installedpackages']['snortdefservers']['config'][0]['def_pop3_ports'];
if ($def_pop3_ports_info_chk == "")
$def_pop3_ports_type = "110";
else
$def_pop3_ports_type = "$def_pop3_ports_info_chk";
/* def IMAP_SERVSERS */
-$def_imap_servers_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['def_imap_servers'];
+$def_imap_servers_info_chk = $config['installedpackages']['snortdefservers']['config'][0]['def_imap_servers'];
if ($def_imap_servers_info_chk == "")
$def_imap_servers_type = "\$HOME_NET";
else
$def_imap_servers_type = "$def_imap_servers_info_chk";
/* def IMAP_PORTS */
-$def_imap_ports_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['def_imap_ports'];
+$def_imap_ports_info_chk = $config['installedpackages']['snortdefservers']['config'][0]['def_imap_ports'];
if ($def_imap_ports_info_chk == "")
$def_imap_ports_type = "143";
else
$def_imap_ports_type = "$def_imap_ports_info_chk";
/* def SIP_PROXY_IP */
-$def_sip_proxy_ip_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['def_sip_proxy_ip'];
+$def_sip_proxy_ip_info_chk = $config['installedpackages']['snortdefservers']['config'][0]['def_sip_proxy_ip'];
if ($def_sip_proxy_ip_info_chk == "")
$def_sip_proxy_ip_type = "\$HOME_NET";
else
$def_sip_proxy_ip_type = "$def_sip_proxy_ip_info_chk";
/* def SIP_PROXY_PORTS */
-$def_sip_proxy_ports_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['def_sip_proxy_ports'];
+$def_sip_proxy_ports_info_chk = $config['installedpackages']['snortdefservers']['config'][0]['def_sip_proxy_ports'];
if ($def_sip_proxy_ports_info_chk == "")
$def_sip_proxy_ports_type = "5060:5090,16384:32768";
else
$def_sip_proxy_ports_type = "$def_sip_proxy_ports_info_chk";
/* def AUTH_PORTS */
-$def_auth_ports_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['def_auth_ports'];
+$def_auth_ports_info_chk = $config['installedpackages']['snortdefservers']['config'][0]['def_auth_ports'];
if ($def_auth_ports_info_chk == "")
$def_auth_ports_type = "113";
else
$def_auth_ports_type = "$def_auth_ports_info_chk";
/* def FINGER_PORTS */
-$def_finger_ports_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['def_finger_ports'];
+$def_finger_ports_info_chk = $config['installedpackages']['snortdefservers']['config'][0]['def_finger_ports'];
if ($def_finger_ports_info_chk == "")
$def_finger_ports_type = "79";
else
$def_finger_ports_type = "$def_finger_ports_info_chk";
/* def IRC_PORTS */
-$def_irc_ports_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['def_irc_ports'];
+$def_irc_ports_info_chk = $config['installedpackages']['snortdefservers']['config'][0]['def_irc_ports'];
if ($def_irc_ports_info_chk == "")
$def_irc_ports_type = "6665,6666,6667,6668,6669,7000";
else
$def_irc_ports_type = "$def_irc_ports_info_chk";
/* def NNTP_PORTS */
-$def_nntp_ports_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['def_nntp_ports'];
+$def_nntp_ports_info_chk = $config['installedpackages']['snortdefservers']['config'][0]['def_nntp_ports'];
if ($def_nntp_ports_info_chk == "")
$def_nntp_ports_type = "119";
else
$def_nntp_ports_type = "$def_nntp_ports_info_chk";
/* def RLOGIN_PORTS */
-$def_rlogin_ports_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['def_rlogin_ports'];
+$def_rlogin_ports_info_chk = $config['installedpackages']['snortdefservers']['config'][0]['def_rlogin_ports'];
if ($def_rlogin_ports_info_chk == "")
$def_rlogin_ports_type = "513";
else
$def_rlogin_ports_type = "$def_rlogin_ports_info_chk";
/* def RSH_PORTS */
-$def_rsh_ports_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['def_rsh_ports'];
+$def_rsh_ports_info_chk = $config['installedpackages']['snortdefservers']['config'][0]['def_rsh_ports'];
if ($def_rsh_ports_info_chk == "")
$def_rsh_ports_type = "514";
else
$def_rsh_ports_type = "$def_rsh_ports_info_chk";
/* def SSL_PORTS */
-$def_ssl_ports_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['def_ssl_ports'];
+$def_ssl_ports_info_chk = $config['installedpackages']['snortdefservers']['config'][0]['def_ssl_ports'];
if ($def_ssl_ports_info_chk == "")
- $def_ssl_ports_type = "443,465,563,636,989,990,992,993,994,995";
+ $def_ssl_ports_type = "25,443,465,636,993,995";
else
$def_ssl_ports_type = "$def_ssl_ports_info_chk";
+ /* add auto update scripts to /etc/crontab */
+// $text_ww = "*/60\t* \t 1\t *\t *\t root\t /usr/bin/nice -n20 /usr/local/pkg/snort_check_for_rule_updates.php";
+// $filenamea = "/etc/crontab";
+// remove_text_from_file($filenamea, $text_ww);
+// add_text_to_file($filenamea, $text_ww);
+// exec("killall -HUP cron"); */
+
/* should we install a automatic update crontab entry? */
- $automaticrulesupdate = $config['installedpackages']['snortglobal']['automaticrulesupdate7'];
+ $automaticrulesupdate = $config['installedpackages']['snort']['config'][0]['automaticrulesupdate'];
/* if user is on pppoe, we really want to use ng0 interface */
if($config['interfaces'][$snort_ext_int]['ipaddr'] == "pppoe")
$snort_ext_int = "ng0";
/* set the snort performance model */
- if($config['installedpackages']['snortglobal']['rule'][$id]['performance'])
- $snort_performance = $config['installedpackages']['snortglobal']['rule'][$id]['performance'];
+ if($config['installedpackages']['snort']['config'][0]['performance'])
+ $snort_performance = $config['installedpackages']['snort']['config'][0]['performance'];
else
$snort_performance = "ac-bnfa";
- /* open snort's whitelist for writing */
+ /* set the snort block hosts time IMPORTANT snort has trouble installing if snort_rm_blocked_info_ck != "" */
+ $snort_rm_blocked_info_ck = $config['installedpackages']['snort']['config'][0]['rm_blocked'];
+ if ($snort_rm_blocked_info_ck == "never_b")
+ $snort_rm_blocked_false = "";
+ else
+ $snort_rm_blocked_false = "true";
+
+if ($snort_rm_blocked_info_ck != "") {
+function snort_rm_blocked_install_cron($should_install) {
+ global $config, $g;
+ conf_mount_rw();
+ if ($g['booting']==true)
+ return;
+
+ $is_installed = false;
+
+ if(!$config['cron']['item'])
+ return;
+
+ $x=0;
+ foreach($config['cron']['item'] as $item) {
+ if (strstr($item['command'], "snort2c")) {
+ $is_installed = true;
+ break;
+ }
+ $x++;
+ }
+ $snort_rm_blocked_info_ck = $config['installedpackages']['snort']['config'][0]['rm_blocked'];
+ if ($snort_rm_blocked_info_ck == "1h_b") {
+ $snort_rm_blocked_min = "*/5";
+ $snort_rm_blocked_hr = "*";
+ $snort_rm_blocked_mday = "*";
+ $snort_rm_blocked_month = "*";
+ $snort_rm_blocked_wday = "*";
+ $snort_rm_blocked_expire = "3600";
+ }
+ if ($snort_rm_blocked_info_ck == "3h_b") {
+ $snort_rm_blocked_min = "*/15";
+ $snort_rm_blocked_hr = "*";
+ $snort_rm_blocked_mday = "*";
+ $snort_rm_blocked_month = "*";
+ $snort_rm_blocked_wday = "*";
+ $snort_rm_blocked_expire = "10800";
+ }
+ if ($snort_rm_blocked_info_ck == "6h_b") {
+ $snort_rm_blocked_min = "*/30";
+ $snort_rm_blocked_hr = "*";
+ $snort_rm_blocked_mday = "*";
+ $snort_rm_blocked_month = "*";
+ $snort_rm_blocked_wday = "*";
+ $snort_rm_blocked_expire = "21600";
+ }
+ if ($snort_rm_blocked_info_ck == "12h_b") {
+ $snort_rm_blocked_min = "2";
+ $snort_rm_blocked_hr = "*/1";
+ $snort_rm_blocked_mday = "*";
+ $snort_rm_blocked_month = "*";
+ $snort_rm_blocked_wday = "*";
+ $snort_rm_blocked_expire = "43200";
+ }
+ if ($snort_rm_blocked_info_ck == "1d_b") {
+ $snort_rm_blocked_min = "2";
+ $snort_rm_blocked_hr = "*/2";
+ $snort_rm_blocked_mday = "*";
+ $snort_rm_blocked_month = "*";
+ $snort_rm_blocked_wday = "*";
+ $snort_rm_blocked_expire = "86400";
+ }
+ if ($snort_rm_blocked_info_ck == "4d_b") {
+ $snort_rm_blocked_min = "2";
+ $snort_rm_blocked_hr = "*/8";
+ $snort_rm_blocked_mday = "*";
+ $snort_rm_blocked_month = "*";
+ $snort_rm_blocked_wday = "*";
+ $snort_rm_blocked_expire = "345600";
+ }
+ if ($snort_rm_blocked_info_ck == "7d_b") {
+ $snort_rm_blocked_min = "2";
+ $snort_rm_blocked_hr = "*/14";
+ $snort_rm_blocked_mday = "*";
+ $snort_rm_blocked_month = "*";
+ $snort_rm_blocked_wday = "*";
+ $snort_rm_blocked_expire = "604800";
+ }
+ if ($snort_rm_blocked_info_ck == "28d_b") {
+ $snort_rm_blocked_min = "2";
+ $snort_rm_blocked_hr = "0";
+ $snort_rm_blocked_mday = "*/2";
+ $snort_rm_blocked_month = "*";
+ $snort_rm_blocked_wday = "*";
+ $snort_rm_blocked_expire = "2419200";
+ }
+ switch($should_install) {
+ case true:
+ if(!$is_installed) {
+ $cron_item = array();
+ $cron_item['minute'] = "$snort_rm_blocked_min";
+ $cron_item['hour'] = "$snort_rm_blocked_hr";
+ $cron_item['mday'] = "$snort_rm_blocked_mday";
+ $cron_item['month'] = "$snort_rm_blocked_month";
+ $cron_item['wday'] = "$snort_rm_blocked_wday";
+ $cron_item['who'] = "root";
+ $cron_item['command'] = "/usr/bin/nice -n20 /usr/local/sbin/expiretable -t $snort_rm_blocked_expire snort2c";
+ $config['cron']['item'][] = $cron_item;
+ write_config("Installed 15 minute filter reload for Time Based Rules");
+ conf_mount_rw();
+ configure_cron();
+ }
+ break;
+ case false:
+ if($is_installed == true) {
+ if($x > 0) {
+ unset($config['cron']['item'][$x]);
+ write_config();
+ conf_mount_rw();
+ }
+ configure_cron();
+ }
+ break;
+ }
+ }
+ snort_rm_blocked_install_cron("");
+ snort_rm_blocked_install_cron($snort_rm_blocked_false);
+}
+
+ /* set the snort rules update time */
+ $snort_rules_up_info_ck = $config['installedpackages']['snort']['config'][0]['autorulesupdate7'];
+ if ($snort_rules_up_info_ck == "never_up")
+ $snort_rules_up_false = "";
+ else
+ $snort_rules_up_false = "true";
+
+if ($snort_rules_up_info_ck != "") {
+function snort_rules_up_install_cron($should_install) {
+ global $config, $g;
+ conf_mount_rw();
+ if ($g['booting']==true)
+ return;
+
+ $is_installed = false;
+
+ if(!$config['cron']['item'])
+ return;
+
+ $x=0;
+ foreach($config['cron']['item'] as $item) {
+ if (strstr($item['command'], "snort_check_for_rule_updates.php")) {
+ $is_installed = true;
+ break;
+ }
+ $x++;
+ }
+ $snort_rules_up_info_ck = $config['installedpackages']['snort']['config'][0]['autorulesupdate7'];
+ if ($snort_rules_up_info_ck == "6h_up") {
+ $snort_rules_up_min = "3";
+ $snort_rules_up_hr = "*/6";
+ $snort_rules_up_mday = "*";
+ $snort_rules_up_month = "*";
+ $snort_rules_up_wday = "*";
+ }
+ if ($snort_rules_up_info_ck == "12h_up") {
+ $snort_rules_up_min = "3";
+ $snort_rules_up_hr = "*/12";
+ $snort_rules_up_mday = "*";
+ $snort_rules_up_month = "*";
+ $snort_rules_up_wday = "*";
+ }
+ if ($snort_rules_up_info_ck == "1d_up") {
+ $snort_rules_up_min = "3";
+ $snort_rules_up_hr = "0";
+ $snort_rules_up_mday = "*/1";
+ $snort_rules_up_month = "*";
+ $snort_rules_up_wday = "*";
+ }
+ if ($snort_rules_up_info_ck == "4d_up") {
+ $snort_rules_up_min = "3";
+ $snort_rules_up_hr = "0";
+ $snort_rules_up_mday = "*/4";
+ $snort_rules_up_month = "*";
+ $snort_rules_up_wday = "*";
+ }
+ if ($snort_rules_up_info_ck == "7d_up") {
+ $snort_rules_up_min = "3";
+ $snort_rules_up_hr = "0";
+ $snort_rules_up_mday = "*/7";
+ $snort_rules_up_month = "*";
+ $snort_rules_up_wday = "*";
+ }
+ if ($snort_rules_up_info_ck == "28d_up") {
+ $snort_rules_up_min = "3";
+ $snort_rules_up_hr = "0";
+ $snort_rules_up_mday = "*/28";
+ $snort_rules_up_month = "*";
+ $snort_rules_up_wday = "*";
+ }
+ switch($should_install) {
+ case true:
+ if(!$is_installed) {
+ $cron_item = array();
+ $cron_item['minute'] = "$snort_rules_up_min";
+ $cron_item['hour'] = "$snort_rules_up_hr";
+ $cron_item['mday'] = "$snort_rules_up_mday";
+ $cron_item['month'] = "$snort_rules_up_month";
+ $cron_item['wday'] = "$snort_rules_up_wday";
+ $cron_item['who'] = "root";
+ $cron_item['command'] = "/usr/bin/nice -n20 /usr/local/bin/php -f /usr/local/pkg/snort_check_for_rule_updates.php >> /usr/local/etc/snort_bkup/snort_update.log";
+ $config['cron']['item'][] = $cron_item;
+ write_config("Installed 15 minute filter reload for Time Based Rules");
+ conf_mount_rw();
+ configure_cron();
+ }
+ break;
+ case false:
+ if($is_installed == true) {
+ if($x > 0) {
+ unset($config['cron']['item'][$x]);
+ write_config();
+ conf_mount_rw();
+ }
+ configure_cron();
+ }
+ break;
+ }
+ }
+ snort_rules_up_install_cron("");
+ snort_rules_up_install_cron($snort_rules_up_false);
+}
+ /* Be sure we're really rw before writing */
+ conf_mount_rw();
+ /* open snort2c's whitelist for writing */
$whitelist = fopen("/var/db/whitelist", "w");
if(!$whitelist) {
log_error("Could not open /var/db/whitelist for writing.");
@@ -1543,14 +956,13 @@ else
$home_net .= "127.0.0.1 ";
/* iterate all vips and add to whitelist */
-
if($config['virtualip'])
foreach($config['virtualip']['vip'] as $vip)
if($vip['subnet'])
$home_net .= $vip['subnet'] . " ";
- if($config['installedpackages']['snortglobal']['config'])
- foreach($config['installedpackages']['snortglobal']['config'] as $snort)
+ if($config['installedpackages']['snortwhitelist'])
+ foreach($config['installedpackages']['snortwhitelist']['config'] as $snort)
if($snort['ip'])
$home_net .= $snort['ip'] . " ";
@@ -1570,19 +982,11 @@ else
fwrite($whitelist, trim($wl) . "\n");
/* should we whitelist vpns? */
- $whitelistvpns = $config['installedpackages']['snortglobal']['whitelistvpns'];
+ $whitelistvpns = $config['installedpackages']['snort']['config'][0]['whitelistvpns'];
/* grab a list of vpns and whitelist if user desires added by nestorfish 954 */
if($whitelistvpns) {
- if ($pfsense_stable == 'yes') // chk what pfsense version were on
- {
- $vpns_list = get_vpns_list();
- }
- if ($pfsense_stable == 'no') // chk what pfsense version were on
- {
- $vpns_list = filter_get_vpns_list();
- }
-
+ $vpns_list = get_vpns_list();
$whitelist_vpns = split(" ", $vpns_list);
foreach($whitelist_vpns as $wl)
if(trim($wl))
@@ -1591,9 +995,34 @@ else
/* close file */
fclose($whitelist);
-
+
+ /* Be sure we're really rw before writing */
+ conf_mount_rw();
+ /* open snort's threshold.conf for writing */
+ $threshlist = fopen("/usr/local/etc/snort/threshold.conf", "w");
+ if(!$threshlist) {
+ log_error("Could not open /usr/local/etc/snort/threshold.conf for writing.");
+ return;
+ }
+
+ /* list all entries to new lines */
+ if($config['installedpackages']['snortthreshold'])
+ foreach($config['installedpackages']['snortthreshold']['config'] as $snortthreshlist)
+ if($snortthreshlist['threshrule'])
+ $snortthreshlist_r .= $snortthreshlist['threshrule'] . "\n";
+
+
+ /* foreach through threshlist, writing out to file */
+ $threshlist_split = split("\n", $snortthreshlist_r);
+ foreach($threshlist_split as $wl)
+ if(trim($wl))
+ fwrite($threshlist, trim($wl) . "\n");
+
+ /* close snort's threshold.conf file */
+ fclose($threshlist);
+
/* generate rule sections to load */
- $enabled_rulesets = $config['installedpackages']['snortglobal']['rule'][$id]['rulesets'];
+ $enabled_rulesets = $config['installedpackages']['snort']['rulesets'];
if($enabled_rulesets) {
$selected_rules_sections = "";
$enabled_rulesets_array = split("\|\|", $enabled_rulesets);
@@ -1603,256 +1032,6 @@ else
conf_mount_ro();
-/////////////////////////////
-
-/* preprocessor code */
-
-/* def perform_stat */
-$snort_perform_stat = <<<EOD
-##########################
- #
-# NEW #
-# Performance Statistics #
- #
-##########################
-
-preprocessor perfmonitor: time 300 file /var/log/snort/snort_{$snort_uuid}_{$if_real}.stats pktcnt 10000
-
-EOD;
-
-$def_perform_stat_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['perform_stat'];
-if ($def_perform_stat_info_chk == "on")
- $def_perform_stat_type = "$snort_perform_stat";
-else
- $def_perform_stat_type = "";
-
-$def_flow_depth_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['flow_depth'];
-if ($def_flow_depth_info_chk == '')
- $def_flow_depth_type = '0';
-else
- $def_flow_depth_type = $config['installedpackages']['snortglobal']['rule'][$id]['flow_depth'];
-
-/* def http_inspect */
-$snort_http_inspect = <<<EOD
-#################
- #
-# HTTP Inspect #
- #
-#################
-
-preprocessor http_inspect: global iis_unicode_map unicode.map 1252
-
-preprocessor http_inspect_server: server default \
- ports { 80 8080 } \
- non_strict \
- non_rfc_char { 0x00 0x01 0x02 0x03 0x04 0x05 0x06 0x07 } \
- flow_depth {$def_flow_depth_type} \
- apache_whitespace no \
- directory no \
- iis_backslash no \
- u_encode yes \
- ascii no \
- chunk_length 500000 \
- bare_byte yes \
- double_decode yes \
- iis_unicode no \
- iis_delimiter no \
- multi_slash no
-
-EOD;
-
-$def_http_inspect_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['http_inspect'];
-if ($def_http_inspect_info_chk == "on")
- $def_http_inspect_type = "$snort_http_inspect";
-else
- $def_http_inspect_type = "";
-
-/* def other_preprocs */
-$snort_other_preprocs = <<<EOD
-##################
- #
-# Other preprocs #
- #
-##################
-
-preprocessor rpc_decode: 111 32770 32771 32772 32773 32774 32775 32776 32777 32778 32779
-preprocessor bo
-
-EOD;
-
-$def_other_preprocs_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['other_preprocs'];
-if ($def_other_preprocs_info_chk == "on")
- $def_other_preprocs_type = "$snort_other_preprocs";
-else
- $def_other_preprocs_type = "";
-
-/* def ftp_preprocessor */
-$snort_ftp_preprocessor = <<<EOD
-#####################
- #
-# ftp preprocessor #
- #
-#####################
-
-preprocessor ftp_telnet: global \
-inspection_type stateless
-
-preprocessor ftp_telnet_protocol: telnet \
- normalize \
- ayt_attack_thresh 200
-
-preprocessor ftp_telnet_protocol: \
- ftp server default \
- def_max_param_len 100 \
- ports { 21 } \
- ftp_cmds { USER PASS ACCT CWD SDUP SMNT QUIT REIN PORT PASV TYPE STRU MODE } \
- ftp_cmds { RETR STOR STOU APPE ALLO REST RNFR RNTO ABOR DELE RMD MKD PWD } \
- ftp_cmds { LIST NLST SITE SYST STAT HELP NOOP } \
- ftp_cmds { AUTH ADAT PROT PBSZ CONF ENC } \
- ftp_cmds { FEAT CEL CMD MACB } \
- ftp_cmds { MDTM REST SIZE MLST MLSD } \
- ftp_cmds { XPWD XCWD XCUP XMKD XRMD TEST CLNT } \
- alt_max_param_len 0 { CDUP QUIT REIN PASV STOU ABOR PWD SYST NOOP } \
- alt_max_param_len 100 { MDTM CEL XCWD SITE USER PASS REST DELE RMD SYST TEST STAT MACB EPSV CLNT LPRT } \
- alt_max_param_len 200 { XMKD NLST ALLO STOU APPE RETR STOR CMD RNFR HELP } \
- alt_max_param_len 256 { RNTO CWD } \
- alt_max_param_len 400 { PORT } \
- alt_max_param_len 512 { SIZE } \
- chk_str_fmt { USER PASS ACCT CWD SDUP SMNT PORT TYPE STRU MODE } \
- chk_str_fmt { RETR STOR STOU APPE ALLO REST RNFR RNTO DELE RMD MKD } \
- chk_str_fmt { LIST NLST SITE SYST STAT HELP } \
- chk_str_fmt { AUTH ADAT PROT PBSZ CONF ENC } \
- chk_str_fmt { FEAT CEL CMD } \
- chk_str_fmt { MDTM REST SIZE MLST MLSD } \
- chk_str_fmt { XPWD XCWD XCUP XMKD XRMD TEST CLNT } \
- cmd_validity MODE < char ASBCZ > \
- cmd_validity STRU < char FRP > \
- cmd_validity ALLO < int [ char R int ] > \
- cmd_validity TYPE < { char AE [ char NTC ] | char I | char L [ number ] } > \
- cmd_validity MDTM < [ date nnnnnnnnnnnnnn[.n[n[n]]] ] string > \
- cmd_validity PORT < host_port >
-
-preprocessor ftp_telnet_protocol: ftp client default \
- max_resp_len 256 \
- bounce yes \
- telnet_cmds yes
-
-EOD;
-
-$def_ftp_preprocessor_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['ftp_preprocessor'];
-if ($def_ftp_preprocessor_info_chk == "on")
- $def_ftp_preprocessor_type = "$snort_ftp_preprocessor";
-else
- $def_ftp_preprocessor_type = "";
-
-/* def smtp_preprocessor */
-$snort_smtp_preprocessor = <<<EOD
-#####################
- #
-# SMTP preprocessor #
- #
-#####################
-
-preprocessor SMTP: \
- ports { 25 465 691 } \
- inspection_type stateful \
- normalize cmds \
- valid_cmds { MAIL RCPT HELP HELO ETRN EHLO EXPN VRFY ATRN SIZE BDAT DEBUG EMAL ESAM ESND ESOM EVFY IDENT NOOP RSET SEND SAML SOML AUTH TURN ETRN PIPELINING \
-CHUNKING DATA DSN RSET QUIT ONEX QUEU STARTTLS TICK TIME TURNME VERB X-EXPS X-LINK2STATE XADR XAUTH XCIR XEXCH50 XGEN XLICENSE XQUEU XSTA XTRN XUSR } \
- normalize_cmds { MAIL RCPT HELP HELO ETRN EHLO EXPN VRFY ATRN SIZE BDAT DEBUG EMAL ESAM ESND ESOM EVFY IDENT NOOP RSET SEND SAML SOML AUTH TURN ETRN \
-PIPELINING CHUNKING DATA DSN RSET QUIT ONEX QUEU STARTTLS TICK TIME TURNME VERB X-EXPS X-LINK2STATE XADR XAUTH XCIR XEXCH50 XGEN XLICENSE XQUEU XSTA XTRN XUSR } \
- max_header_line_len 1000 \
- max_response_line_len 512 \
- alt_max_command_line_len 260 { MAIL } \
- alt_max_command_line_len 300 { RCPT } \
- alt_max_command_line_len 500 { HELP HELO ETRN EHLO } \
- alt_max_command_line_len 255 { EXPN VRFY ATRN SIZE BDAT DEBUG EMAL ESAM ESND ESOM EVFY IDENT NOOP RSET } \
- alt_max_command_line_len 246 { SEND SAML SOML AUTH TURN ETRN PIPELINING CHUNKING DATA DSN RSET QUIT ONEX } \
- alt_max_command_line_len 246 { QUEU STARTTLS TICK TIME TURNME VERB X-EXPS X-LINK2STATE XADR } \
- alt_max_command_line_len 246 { XAUTH XCIR XEXCH50 XGEN XLICENSE XQUEU XSTA XTRN XUSR } \
- xlink2state { enable }
-
-EOD;
-
-$def_smtp_preprocessor_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['smtp_preprocessor'];
-if ($def_smtp_preprocessor_info_chk == "on")
- $def_smtp_preprocessor_type = "$snort_smtp_preprocessor";
-else
- $def_smtp_preprocessor_type = "";
-
-/* def sf_portscan */
-$snort_sf_portscan = <<<EOD
-################
- #
-# sf Portscan #
- #
-################
-
-preprocessor sfportscan: scan_type { all } \
- proto { all } \
- memcap { 10000000 } \
- sense_level { medium } \
- ignore_scanners { \$HOME_NET }
-
-EOD;
-
-$def_sf_portscan_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['sf_portscan'];
-if ($def_sf_portscan_info_chk == "on")
- $def_sf_portscan_type = "$snort_sf_portscan";
-else
- $def_sf_portscan_type = "";
-
-/* def dce_rpc_2 */
-$snort_dce_rpc_2 = <<<EOD
-###############
- #
-# NEW #
-# DCE/RPC 2 #
- #
-###############
-
-preprocessor dcerpc2: memcap 102400, events [smb, co, cl]
-preprocessor dcerpc2_server: default, policy WinXP, \
- detect [smb [139,445], tcp 135, udp 135, rpc-over-http-server 593], \
- autodetect [tcp 1025:, udp 1025:, rpc-over-http-server 1025:], \
- smb_max_chain 3
-
-EOD;
-
-$def_dce_rpc_2_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['dce_rpc_2'];
-if ($def_dce_rpc_2_info_chk == "on")
- $def_dce_rpc_2_type = "$snort_dce_rpc_2";
-else
- $def_dce_rpc_2_type = "";
-
-/* def dns_preprocessor */
-$snort_dns_preprocessor = <<<EOD
-####################
- #
-# DNS preprocessor #
- #
-####################
-
-preprocessor dns: \
- ports { 53 } \
- enable_rdata_overflow
-
-EOD;
-
-$def_dns_preprocessor_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['dns_preprocessor'];
-if ($def_dns_preprocessor_info_chk == "on")
- $def_dns_preprocessor_type = "$snort_dns_preprocessor";
-else
- $def_dns_preprocessor_type = "";
-
-/* def SSL_PORTS IGNORE */
-$def_ssl_ports_ignore_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['def_ssl_ports_ignore'];
-if ($def_ssl_ports_ignore_info_chk == "")
- $def_ssl_ports_ignore_type = "443 465 563 636 989 990 992 993 994 995";
-else
- $def_ssl_ports_ignore_type = "$def_ssl_ports_ignore_info_chk";
-
-//////////////////////////////////////////////////////////////////
/* build snort configuration file */
/* TODO; feed back from pfsense users to reduce false positives */
$snort_conf_text = <<<EOD
@@ -1864,21 +1043,21 @@ else
# for more information
# snort.conf
# Snort can be found at http://www.snort.org/
-#
-# Copyright (C) 2009 Robert Zelaya
+
+# Copyright (C) 2006 Robert Zelaya
# part of pfSense
# All rights reserved.
-#
+
# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions are met:
-#
+
# 1. Redistributions of source code must retain the above copyright notice,
# this list of conditions and the following disclaimer.
-#
+
# 2. Redistributions in binary form must reproduce the above copyright
# notice, this list of conditions and the following disclaimer in the
# documentation and/or other materials provided with the distribution.
-#
+
# THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
# INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
# AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
@@ -1967,7 +1146,7 @@ portvar DCERPC_BRIGHTSTORE [6503,6504]
#
#####################
-var RULE_PATH /usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/rules
+var RULE_PATH /usr/local/etc/snort/rules
# var PREPROC_RULE_PATH ./preproc_rules
################################
@@ -1992,7 +1171,8 @@ config disable_decode_drops
#
###################################
-config detection: search-method {$snort_performance} max_queue_events 5
+config detection: search-method {$snort_performance}
+config detection: max_queue_events 5
config event_queue: max_queue 8 log 3 order_events content_length
#Configure dynamic loaded libraries
@@ -2007,25 +1187,150 @@ dynamicdetection directory /usr/local/lib/snort/dynamicrules/
###################
preprocessor frag3_global: max_frags 8192
+preprocessor frag3_engine: policy windows
+preprocessor frag3_engine: policy linux
+preprocessor frag3_engine: policy first
preprocessor frag3_engine: policy bsd detect_anomalies
preprocessor stream5_global: max_tcp 8192, track_tcp yes, \
track_udp yes, track_icmp yes
+preprocessor stream5_tcp: bind_to any, policy windows
+preprocessor stream5_tcp: bind_to any, policy linux
+preprocessor stream5_tcp: bind_to any, policy vista
+preprocessor stream5_tcp: bind_to any, policy macos
preprocessor stream5_tcp: policy BSD, ports both all, use_static_footprint_sizes
-preprocessor stream5_udp:
-preprocessor stream5_icmp:
+preprocessor stream5_udp
+preprocessor stream5_icmp
+
+##########################
+ #
+# NEW #
+# Performance Statistics #
+ #
+##########################
+
+preprocessor perfmonitor: time 300 file /var/log/snort/snort.stats pktcnt 10000
+
+#################
+ #
+# HTTP Inspect #
+ #
+#################
-{$def_perform_stat_type}
+preprocessor http_inspect: global iis_unicode_map unicode.map 1252
-{$def_http_inspect_type}
+preprocessor http_inspect_server: server default \
+ ports { 80 8080 } \
+ no_alerts \
+ non_strict \
+ non_rfc_char { 0x00 0x01 0x02 0x03 0x04 0x05 0x06 0x07 } \
+ flow_depth 0 \
+ apache_whitespace yes \
+ directory no \
+ iis_backslash no \
+ u_encode yes \
+ ascii yes \
+ chunk_length 500000 \
+ bare_byte yes \
+ double_decode yes \
+ iis_unicode yes \
+ iis_delimiter yes \
+ multi_slash no
-{$def_other_preprocs_type}
+##################
+ #
+# Other preprocs #
+ #
+##################
+
+preprocessor rpc_decode: 111 32770 32771 32772 32773 32774 32775 32776 32777 32778 32779
+preprocessor bo
+
+#####################
+ #
+# ftp preprocessor #
+ #
+#####################
-{$def_ftp_preprocessor_type}
+preprocessor ftp_telnet: global \
+inspection_type stateless
-{$def_smtp_preprocessor_type}
+preprocessor ftp_telnet_protocol: telnet \
+ normalize \
+ ayt_attack_thresh 200
-{$def_sf_portscan_type}
+preprocessor ftp_telnet_protocol: \
+ ftp server default \
+ def_max_param_len 100 \
+ ports { 21 } \
+ ftp_cmds { USER PASS ACCT CWD SDUP SMNT QUIT REIN PORT PASV TYPE STRU MODE } \
+ ftp_cmds { RETR STOR STOU APPE ALLO REST RNFR RNTO ABOR DELE RMD MKD PWD } \
+ ftp_cmds { LIST NLST SITE SYST STAT HELP NOOP } \
+ ftp_cmds { AUTH ADAT PROT PBSZ CONF ENC } \
+ ftp_cmds { FEAT CEL CMD MACB } \
+ ftp_cmds { MDTM REST SIZE MLST MLSD } \
+ ftp_cmds { XPWD XCWD XCUP XMKD XRMD TEST CLNT } \
+ alt_max_param_len 0 { CDUP QUIT REIN PASV STOU ABOR PWD SYST NOOP } \
+ alt_max_param_len 100 { MDTM CEL XCWD SITE USER PASS REST DELE RMD SYST TEST STAT MACB EPSV CLNT LPRT } \
+ alt_max_param_len 200 { XMKD NLST ALLO STOU APPE RETR STOR CMD RNFR HELP } \
+ alt_max_param_len 256 { RNTO CWD } \
+ alt_max_param_len 400 { PORT } \
+ alt_max_param_len 512 { SIZE } \
+ chk_str_fmt { USER PASS ACCT CWD SDUP SMNT PORT TYPE STRU MODE } \
+ chk_str_fmt { RETR STOR STOU APPE ALLO REST RNFR RNTO DELE RMD MKD } \
+ chk_str_fmt { LIST NLST SITE SYST STAT HELP } \
+ chk_str_fmt { AUTH ADAT PROT PBSZ CONF ENC } \
+ chk_str_fmt { FEAT CEL CMD } \
+ chk_str_fmt { MDTM REST SIZE MLST MLSD } \
+ chk_str_fmt { XPWD XCWD XCUP XMKD XRMD TEST CLNT } \
+ cmd_validity MODE < char ASBCZ > \
+ cmd_validity STRU < char FRP > \
+ cmd_validity ALLO < int [ char R int ] > \
+ cmd_validity TYPE < { char AE [ char NTC ] | char I | char L [ number ] } > \
+ cmd_validity MDTM < [ date nnnnnnnnnnnnnn[.n[n[n]]] ] string > \
+ cmd_validity PORT < host_port >
+
+preprocessor ftp_telnet_protocol: ftp client default \
+ max_resp_len 256 \
+ bounce yes \
+ telnet_cmds yes
+
+#####################
+ #
+# SMTP preprocessor #
+ #
+#####################
+
+preprocessor SMTP: \
+ ports { 25 465 691 } \
+ inspection_type stateful \
+ normalize cmds \
+ valid_cmds { MAIL RCPT HELP HELO ETRN EHLO EXPN VRFY ATRN SIZE BDAT DEBUG EMAL ESAM ESND ESOM EVFY IDENT NOOP RSET SEND SAML SOML AUTH TURN ETRN PIPELINING \
+CHUNKING DATA DSN RSET QUIT ONEX QUEU STARTTLS TICK TIME TURNME VERB X-EXPS X-LINK2STATE XADR XAUTH XCIR XEXCH50 XGEN XLICENSE XQUEU XSTA XTRN XUSR } \
+ normalize_cmds { MAIL RCPT HELP HELO ETRN EHLO EXPN VRFY ATRN SIZE BDAT DEBUG EMAL ESAM ESND ESOM EVFY IDENT NOOP RSET SEND SAML SOML AUTH TURN ETRN \
+PIPELINING CHUNKING DATA DSN RSET QUIT ONEX QUEU STARTTLS TICK TIME TURNME VERB X-EXPS X-LINK2STATE XADR XAUTH XCIR XEXCH50 XGEN XLICENSE XQUEU XSTA XTRN XUSR } \
+ max_header_line_len 1000 \
+ max_response_line_len 512 \
+ alt_max_command_line_len 260 { MAIL } \
+ alt_max_command_line_len 300 { RCPT } \
+ alt_max_command_line_len 500 { HELP HELO ETRN EHLO } \
+ alt_max_command_line_len 255 { EXPN VRFY ATRN SIZE BDAT DEBUG EMAL ESAM ESND ESOM EVFY IDENT NOOP RSET } \
+ alt_max_command_line_len 246 { SEND SAML SOML AUTH TURN ETRN PIPELINING CHUNKING DATA DSN RSET QUIT ONEX } \
+ alt_max_command_line_len 246 { QUEU STARTTLS TICK TIME TURNME VERB X-EXPS X-LINK2STATE XADR } \
+ alt_max_command_line_len 246 { XAUTH XCIR XEXCH50 XGEN XLICENSE XQUEU XSTA XTRN XUSR } \
+ xlink2state { enable }
+
+################
+ #
+# sf Portscan #
+ #
+################
+
+preprocessor sfportscan: scan_type { all } \
+ proto { all } \
+ memcap { 10000000 } \
+ sense_level { medium } \
+ ignore_scanners { \$HOME_NET }
############################
#
@@ -2037,9 +1342,28 @@ preprocessor stream5_icmp:
#
############################
-{$def_dce_rpc_2_type}
+###############
+ #
+# NEW #
+# DCE/RPC 2 #
+ #
+###############
+
+preprocessor dcerpc2: memcap 102400, events [smb, co, cl]
+preprocessor dcerpc2_server: default, policy WinXP, \
+ detect [smb [139,445], tcp 135, udp 135, rpc-over-http-server 593], \
+ autodetect [tcp 1025:, udp 1025:, rpc-over-http-server 1025:], \
+ smb_max_chain 3
+
+####################
+ #
+# DNS preprocessor #
+ #
+####################
-{$def_dns_preprocessor_type}
+preprocessor dns: \
+ ports { 53 } \
+ enable_rdata_overflow
##############################
#
@@ -2048,7 +1372,7 @@ preprocessor stream5_icmp:
#
##############################
-preprocessor ssl: ports { {$def_ssl_ports_ignore_type} }, trustservers, noinspect_encrypted
+preprocessor ssl: ports { 443 465 563 636 989 992 993 994 995 }, trustservers, noinspect_encrypted
#####################
#
@@ -2069,9 +1393,9 @@ $spoink_type
#
#################
-include /usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/reference.config
-include /usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/classification.config
-include /usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/threshold.conf
+include /usr/local/etc/snort/reference.config
+include /usr/local/etc/snort/classification.config
+include /usr/local/etc/snort/threshold.conf
# Snort user pass through configuration
{$snort_config_pass_thru}
@@ -2085,19 +1409,17 @@ include /usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/threshold.conf
{$selected_rules_sections}
EOD;
-
+ conf_mount_ro();
return $snort_conf_text;
}
/* check downloaded text from snort.org to make sure that an error did not occur
* for example, if you are not a premium subscriber you can only download rules
- * so often, etc. TO BE: Removed unneeded.
+ * so often, etc.
*/
-
function check_for_common_errors($filename) {
global $snort_filename, $snort_filename_md5, $console_mode;
-
-// ob_flush();
+ ob_flush();
$contents = file_get_contents($filename);
if(stristr($contents, "You don't have permission")) {
if(!$console_mode) {
@@ -2105,6 +1427,7 @@ function check_for_common_errors($filename) {
hide_progress_bar_status();
} else {
log_error("An error occured. Scroll down to inspect it's contents.");
+ echo "An error occured. Scroll down to inspect it's contents.";
}
if(!$console_mode) {
update_output_window(strip_tags("$contents"));
@@ -2147,12 +1470,14 @@ function verify_downloaded_file($filename) {
}
exit;
}
- update_all_status("Verified {$filename}.");
+ update_all_status("Verifyied {$filename}.");
}
/* extract rules */
function extract_snort_rules_md5($tmpfname) {
global $snort_filename, $snort_filename_md5, $console_mode;
+ ini_set("memory_limit","64M");
+ conf_mount_rw();
ob_flush();
if(!$console_mode) {
$static_output = gettext("Extracting snort rules...");
@@ -2175,6 +1500,7 @@ function extract_snort_rules_md5($tmpfname) {
log_error("Snort rules extracted.");
echo "Snort rules extracted.";
}
+ conf_mount_ro();
}
/* verify MD5 against downloaded item */
@@ -2187,7 +1513,7 @@ function verify_snort_rules_md5($tmpfname) {
}
$md555 = file_get_contents("{$tmpfname}/{$snort_filename_md5}");
- $md5 = `echo "{$md555}" | /usr/bin/awk '{ print $4 }'`;
+ $md5 = `/bin/echo "{$md555}" | /usr/bin/awk '{ print $4 }'`;
$file_md5_ondisk = `/sbin/md5 {$tmpfname}/{$snort_filename} | /usr/bin/awk '{ print $4 }'`;
if($md5 == $file_md5_ondisk) {
if(!$console_mode) {
@@ -2243,7 +1569,7 @@ function get_snort_alert($ip) {
if (preg_match("/\[\*\*\] (\[.*\]) (.*) (\[\*\*\])/", $fileline, $matches))
$alert_title = $matches[2];
if (preg_match("/(\b(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\b)/", $fileline, $matches))
- $alert_ip = $matches[$id];
+ $alert_ip = $matches[0];
if($alert_ip == $ip) {
if(!$snort_config[$ip])
$snort_config[$ip] = $alert_title;
@@ -2256,7 +1582,7 @@ function get_snort_alert($ip) {
function make_clickable($buffer) {
global $config, $g;
/* if clickable urls is disabled, simply return buffer back to caller */
- $clickablalerteurls = $config['installedpackages']['snort']['config'][$id]['oinkmastercode'];
+ $clickablalerteurls = $config['installedpackages']['snort']['config'][0]['oinkmastercode'];
if(!$clickablalerteurls)
return $buffer;
$buffer = eregi_replace("(^|[ \n\r\t])((http(s?)://)(www\.)?([a-z0-9_-]+(\.[a-z0-9_-]+)+)(/[^/ \n\r]*)*)","\\1<a href=\"\\2\" target=\"_blank\">\\2</a>", $buffer);
diff --git a/config/snort-old/snort.xml b/config/snort-old/snort.xml
new file mode 100644
index 00000000..6f067f2d
--- /dev/null
+++ b/config/snort-old/snort.xml
@@ -0,0 +1,378 @@
+<?xml version="1.0" encoding="utf-8" ?>
+<!DOCTYPE packagegui SYSTEM "../schema/packages.dtd">
+<?xml-stylesheet type="text/xsl" href="../xsl/package.xsl"?>
+<packagegui>
+ <copyright>
+ <![CDATA[
+/* $Id$ */
+/* ========================================================================== */
+/*
+ authng.xml
+ part of pfSense (http://www.pfsense.com)
+ Copyright (C) 2007 to whom it may belong
+ All rights reserved.
+
+ Based on m0n0wall (http://m0n0.ch/wall)
+ Copyright (C) 2003-2006 Manuel Kasper <mk@neon1.net>.
+ All rights reserved.
+ */
+/* ========================================================================== */
+/*
+ Redistribution and use in source and binary forms, with or without
+ modification, are permitted provided that the following conditions are met:
+
+ 1. Redistributions of source code must retain the above copyright notice,
+ this list of conditions and the following disclaimer.
+
+ 2. Redistributions in binary form must reproduce the above copyright
+ notice, this list of conditions and the following disclaimer in the
+ documentation and/or other materials provided with the distribution.
+
+ THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
+ INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+ AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
+ OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ POSSIBILITY OF SUCH DAMAGE.
+ */
+/* ========================================================================== */
+ ]]>
+ </copyright>
+ <description>Describe your package here</description>
+ <requirements>Describe your package requirements here</requirements>
+ <faq>Currently there are no FAQ items provided.</faq>
+ <name>Snort</name>
+ <version>2.8.4.1_5</version>
+ <title>Services: Snort 2.8.4.1_5 pkg v. 1.7</title>
+ <include_file>/usr/local/pkg/snort.inc</include_file>
+ <menu>
+ <name>Snort</name>
+ <tooltiptext>Setup snort specific settings</tooltiptext>
+ <section>Services</section>
+ <url>/pkg_edit.php?xml=snort.xml&amp;id=0</url>
+ </menu>
+ <service>
+ <name>snort</name>
+ <rcfile>snort.sh</rcfile>
+ <executable>snort</executable>
+ <description>Snort is the most widely deployed IDS/IPS technology worldwide..</description>
+ </service>
+ <tabs>
+ <tab>
+ <text>Settings</text>
+ <url>/pkg_edit.php?xml=snort.xml&amp;id=0</url>
+ <active/>
+ </tab>
+ <tab>
+ <text>Update Rules</text>
+ <url>/snort_download_rules.php</url>
+ </tab>
+ <tab>
+ <text>Categories</text>
+ <url>/snort_rulesets.php</url>
+ </tab>
+ <tab>
+ <text>Rules</text>
+ <url>/snort_rules.php</url>
+ </tab>
+ <tab>
+ <text>Servers</text>
+ <url>/pkg_edit.php?xml=snort_define_servers.xml&amp;id=0</url>
+ </tab>
+ <tab>
+ <text>Blocked</text>
+ <url>/snort_blocked.php</url>
+ </tab>
+ <tab>
+ <text>Whitelist</text>
+ <url>/pkg.php?xml=snort_whitelist.xml</url>
+ </tab>
+ <tab>
+ <text>Threshold</text>
+ <url>/pkg.php?xml=snort_threshold.xml</url>
+ </tab>
+ <tab>
+ <text>Alerts</text>
+ <url>/snort_alerts.php</url>
+ </tab>
+ <tab>
+ <text>Advanced</text>
+ <url>/pkg_edit.php?xml=snort_advanced.xml&amp;id=0</url>
+ </tab>
+ </tabs>
+ <additional_files_needed>
+ <prefix>/usr/local/pkg/</prefix>
+ <chmod>077</chmod>
+ <item>http://www.pfsense.com/packages/config/snort-old/snort.inc</item>
+ </additional_files_needed>
+ <additional_files_needed>
+ <prefix>/usr/local/bin/</prefix>
+ <chmod>077</chmod>
+ <item>http://www.pfsense.com/packages/config/snort-old/bin/barnyard2</item>
+ </additional_files_needed>
+ <additional_files_needed>
+ <prefix>/usr/local/bin/</prefix>
+ <chmod>077</chmod>
+ <item>http://www.pfsense.com/packages/config/snort-old/bin/oinkmaster_contrib/create-sidmap.pl</item>
+ </additional_files_needed>
+ <additional_files_needed>
+ <prefix>/usr/local/bin/</prefix>
+ <chmod>077</chmod>
+ <item>http://www.pfsense.com/packages/config/snort-old/bin/oinkmaster_contrib/oinkmaster.pl</item>
+ </additional_files_needed>
+ <additional_files_needed>
+ <prefix>/usr/local/www/</prefix>
+ <chmod>077</chmod>
+ <item>http://www.pfsense.com/packages/config/snort-old/snort_download_rules.php</item>
+ </additional_files_needed>
+ <additional_files_needed>
+ <prefix>/usr/local/www/</prefix>
+ <chmod>077</chmod>
+ <item>http://www.pfsense.com/packages/config/snort-old/snort_rules.php</item>
+ </additional_files_needed>
+ <additional_files_needed>
+ <prefix>/usr/local/www/</prefix>
+ <chmod>077</chmod>
+ <item>http://www.pfsense.com/packages/config/snort-old/snort_rules_edit.php</item>
+ </additional_files_needed>
+ <additional_files_needed>
+ <prefix>/usr/local/www/</prefix>
+ <chmod>077</chmod>
+ <item>http://www.pfsense.com/packages/config/snort-old/snort_rulesets.php</item>
+ </additional_files_needed>
+ <additional_files_needed>
+ <prefix>/usr/local/pkg/</prefix>
+ <chmod>077</chmod>
+ <item>http://www.pfsense.com/packages/config/snort-old/snort_whitelist.xml</item>
+ </additional_files_needed>
+ <additional_files_needed>
+ <prefix>/usr/local/www/</prefix>
+ <chmod>077</chmod>
+ <item>http://www.pfsense.com/packages/config/snort-old/snort_blocked.php</item>
+ </additional_files_needed>
+ <additional_files_needed>
+ <prefix>/usr/local/pkg/</prefix>
+ <chmod>077</chmod>
+ <item>http://www.pfsense.com/packages/config/snort-old/snort_check_for_rule_updates.php</item>
+ </additional_files_needed>
+ <additional_files_needed>
+ <prefix>/usr/local/www/</prefix>
+ <chmod>077</chmod>
+ <item>http://www.pfsense.com/packages/config/snort-old/snort_alerts.php</item>
+ </additional_files_needed>
+ <additional_files_needed>
+ <prefix>/usr/local/pkg/pf/</prefix>
+ <chmod>077</chmod>
+ <item>http://www.pfsense.com/packages/config/snort-old/snort_dynamic_ip_reload.php</item>
+ </additional_files_needed>
+ <additional_files_needed>
+ <prefix>/usr/local/pkg/</prefix>
+ <chmod>077</chmod>
+ <item>http://www.pfsense.com/packages/config/snort-old/snort_advanced.xml</item>
+ </additional_files_needed>
+ <additional_files_needed>
+ <prefix>/usr/local/pkg/</prefix>
+ <chmod>077</chmod>
+ <item>http://www.pfsense.com/packages/config/snort-old/snort_define_servers.xml</item>
+ </additional_files_needed>
+ <additional_files_needed>
+ <prefix>/usr/local/pkg/</prefix>
+ <chmod>077</chmod>
+ <item>http://www.pfsense.com/packages/config/snort-old/snort_threshold.xml</item>
+ </additional_files_needed>
+ <additional_files_needed>
+ <prefix>/usr/local/pkg/</prefix>
+ <chmod>077</chmod>
+ <item>http://www.pfsense.com/packages/config/snort-old/pfsense_rules/local.rules</item>
+ </additional_files_needed>
+ <fields>
+ <field>
+ <fielddescr>Interface</fielddescr>
+ <fieldname>iface_array</fieldname>
+ <description>Select the interface(s) Snort will listen on.</description>
+ <type>interfaces_selection</type>
+ <size>3</size>
+ <value>lan</value>
+ <multiple>true</multiple>
+ </field>
+ <field>
+ <fielddescr>Memory Performance</fielddescr>
+ <fieldname>performance</fieldname>
+ <description>Lowmem and ac-bnfa are recommended for low end systems, Ac: high memory, best performance, ac-std: moderate memory,high performance, acs: small memory, moderateperformance, ac-banded: small memory,moderate performance, ac-sparsebands: small memory, high performance.</description>
+ <type>select</type>
+ <options>
+ <option>
+ <name>ac-bnfa</name>
+ <value>ac-bnfa</value>
+ </option>
+ <option>
+ <name>lowmem</name>
+ <value>lowmem</value>
+ </option>
+ <option>
+ <name>ac-std</name>
+ <value>ac-std</value>
+ </option>
+ <option>
+ <name>ac</name>
+ <value>ac</value>
+ </option>
+ <option>
+ <name>ac-banded</name>
+ <value>ac-banded</value>
+ </option>
+ <option>
+ <name>ac-sparsebands</name>
+ <value>ac-sparsebands</value>
+ </option>
+ <option>
+ <name>acs</name>
+ <value>acs</value>
+ </option>
+ </options>
+ </field>
+ <field>
+ <fielddescr>Oinkmaster code</fielddescr>
+ <fieldname>oinkmastercode</fieldname>
+ <description>Obtain a snort.org Oinkmaster code and paste here.</description>
+ <type>input</type>
+ <size>60</size>
+ <value></value>
+ </field>
+ <field>
+ <fielddescr>Snort.org subscriber</fielddescr>
+ <fieldname>subscriber</fieldname>
+ <description>Check this box if you are a Snort.org subscriber (premium rules).</description>
+ <type>checkbox</type>
+ <size>60</size>
+ </field>
+ <field>
+ <fielddescr>Block offenders</fielddescr>
+ <fieldname>blockoffenders7</fieldname>
+ <description>Checking this option will automatically block hosts that generate a snort alert.</description>
+ <type>checkbox</type>
+ <size>60</size>
+ </field>
+ <field>
+ <fielddescr>Remove blocked hosts every</fielddescr>
+ <fieldname>rm_blocked</fieldname>
+ <description>Please select the amount of time hosts are blocked</description>
+ <type>select</type>
+ <options>
+ <option>
+ <name>never</name>
+ <value>never_b</value>
+ </option>
+ <option>
+ <name>1 hour</name>
+ <value>1h_b</value>
+ </option>
+ <option>
+ <name>3 hours</name>
+ <value>3h_b</value>
+ </option>
+ <option>
+ <name>6 hours</name>
+ <value>6h_b</value>
+ </option>
+ <option>
+ <name>12 hours</name>
+ <value>12h_b</value>
+ </option>
+ <option>
+ <name>1 day</name>
+ <value>1d_b</value>
+ </option>
+ <option>
+ <name>4 days</name>
+ <value>4d_b</value>
+ </option>
+ <option>
+ <name>7 days</name>
+ <value>7d_b</value>
+ </option>
+ <option>
+ <name>28 days</name>
+ <value>28d_b</value>
+ </option>
+ </options>
+ </field>
+ <field>
+ </field>
+ <field>
+ <fielddescr>Update rules automatically</fielddescr>
+ <fieldname>autorulesupdate7</fieldname>
+ <description>Please select the update times for rules.</description>
+ <type>select</type>
+ <options>
+ <option>
+ <name>never</name>
+ <value>never_up</value>
+ </option>
+ <option>
+ <name>6 hours</name>
+ <value>6h_up</value>
+ </option>
+ <option>
+ <name>12 hours</name>
+ <value>12h_up</value>
+ </option>
+ <option>
+ <name>1 day</name>
+ <value>1d_up</value>
+ </option>
+ <option>
+ <name>4 days</name>
+ <value>4d_up</value>
+ </option>
+ <option>
+ <name>7 days</name>
+ <value>7d_up</value>
+ </option>
+ <option>
+ <name>28 days</name>
+ <value>28d_up</value>
+ </option>
+ </options>
+ </field>
+ <field>
+ <fielddescr>Whitelist VPNs automatically</fielddescr>
+ <fieldname>whitelistvpns</fieldname>
+ <description>Checking this option will install whitelists for all VPNs.</description>
+ <type>checkbox</type>
+ </field>
+ <field>
+ <fielddescr>Convert Snort alerts urls to clickable links</fielddescr>
+ <fieldname>clickablalerteurls</fieldname>
+ <description>Checking this option will automatically convert URLs in the Snort alerts tab to clickable links.</description>
+ <type>checkbox</type>
+ </field>
+ <field>
+ <fielddescr>Associate events on Blocked tab</fielddescr>
+ <fieldname>associatealertip</fieldname>
+ <description>Checking this option will automatically associate the blocked reason from the snort alerts file.</description>
+ <type>checkbox</type>
+ </field>
+ <field>
+ <fielddescr>Install emergingthreats rules.</fielddescr>
+ <fieldname>emergingthreats</fieldname>
+ <description>Emerging Threats is an open source community that produces fastest moving and diverse Snort Rules.</description>
+ <type>checkbox</type>
+ </field>
+ </fields>
+ <custom_php_resync_config_command>
+ sync_package_snort();
+ </custom_php_resync_config_command>
+ <custom_add_php_command>
+ </custom_add_php_command>
+ <custom_php_install_command>
+ sync_package_snort_reinstall();
+ </custom_php_install_command>
+ <custom_php_deinstall_command>
+ snort_deinstall();
+ </custom_php_deinstall_command>
+</packagegui>
diff --git a/config/snort/snort_advanced.xml b/config/snort-old/snort_advanced.xml
index 1fdddda2..1fdddda2 100644
--- a/config/snort/snort_advanced.xml
+++ b/config/snort-old/snort_advanced.xml
diff --git a/config/snort-old/snort_alerts.php b/config/snort-old/snort_alerts.php
new file mode 100644
index 00000000..e67b9b5f
--- /dev/null
+++ b/config/snort-old/snort_alerts.php
@@ -0,0 +1,124 @@
+<?php
+/* $Id$ */
+/*
+ snort_alerts.php
+ part of pfSense
+
+ Copyright (C) 2005 Bill Marquette <bill.marquette@gmail.com>.
+ Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>.
+ All rights reserved.
+
+ Redistribution and use in source and binary forms, with or without
+ modification, are permitted provided that the following conditions are met:
+
+ 1. Redistributions of source code must retain the above copyright notice,
+ this list of conditions and the following disclaimer.
+
+ 2. Redistributions in binary form must reproduce the above copyright
+ notice, this list of conditions and the following disclaimer in the
+ documentation and/or other materials provided with the distribution.
+
+ THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
+ INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+ AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
+ OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ POSSIBILITY OF SUCH DAMAGE.
+*/
+
+require("globals.inc");
+require("guiconfig.inc");
+require("/usr/local/pkg/snort.inc");
+
+$snort_logfile = "{$g['varlog_path']}/snort/alert";
+
+$nentries = $config['syslog']['nentries'];
+if (!$nentries)
+ $nentries = 50;
+
+if ($_POST['clear']) {
+ exec("killall syslogd");
+ conf_mount_rw();
+ exec("rm {$snort_logfile}; touch {$snort_logfile}");
+ conf_mount_ro();
+ system_syslogd_start();
+ exec("/usr/bin/killall -HUP snort");
+ exec("/usr/bin/killall snort2c");
+ if ($config['installedpackages']['snort']['config'][0]['blockoffenders'] == 'on')
+ exec("/usr/local/bin/snort2c -w /var/db/whitelist -a /var/log/snort/alert");
+}
+
+$pgtitle = "Services: Snort: Snort Alerts";
+include("head.inc");
+
+?>
+
+<body link="#0000CC" vlink="#0000CC" alink="#0000CC">
+<?php include("fbegin.inc"); ?>
+<?php
+if(!$pgtitle_output)
+ echo "<p class=\"pgtitle\"><?=$pgtitle?></p>";
+?>
+<table width="100%" border="0" cellpadding="0" cellspacing="0">
+ <tr><td>
+<?php
+ $tab_array = array();
+ $tab_array[] = array(gettext("Settings"), false, "/pkg_edit.php?xml=snort.xml&id=0");
+ $tab_array[] = array(gettext("Update Rules"), false, "/snort_download_rules.php");
+ $tab_array[] = array(gettext("Categories"), false, "/snort_rulesets.php");
+ $tab_array[] = array(gettext("Rules"), false, "/snort_rules.php");
+ $tab_array[] = array(gettext("Servers"), false, "/pkg_edit.php?xml=snort_define_servers.xml&amp;id=0");
+ $tab_array[] = array(gettext("Blocked"), false, "/snort_blocked.php");
+ $tab_array[] = array(gettext("Whitelist"),false, "/pkg.php?xml=snort_whitelist.xml");
+ $tab_array[] = array(gettext("Threshold"), false, "/pkg.php?xml=snort_threshold.xml");
+ $tab_array[] = array(gettext("Alerts"), true, "/snort_alerts.php");
+ $tab_array[] = array(gettext("Advanced"), false, "/pkg_edit.php?xml=snort_advanced.xml&id=0");
+ display_top_tabs($tab_array);
+?>
+ </td></tr>
+ <tr>
+ <td>
+ <div id="mainarea">
+ <table class="tabcont" width="100%" border="0" cellspacing="0" cellpadding="0">
+ <tr>
+ <td colspan="2" class="listtopic">
+ Last <?=$nentries;?> Snort Alert entries</td>
+ </tr>
+ <?php dump_log_file($snort_logfile, $nentries); ?>
+ <tr><td><br><form action="snort_alerts.php" method="post">
+ <input name="clear" type="submit" class="formbtn" value="Clear log"></td></tr>
+ </table>
+ </div>
+ </form>
+ </td>
+ </tr>
+</table>
+<?php include("fend.inc"); ?>
+<meta http-equiv="refresh" content="60;url=<?php print $_SERVER['SCRIPT_NAME']; ?>">
+</body>
+</html>
+<!-- <?php echo $snort_logfile; ?> -->
+
+<?php
+
+function dump_log_file($logfile, $tail, $withorig = true, $grepfor = "", $grepinvert = "") {
+ global $g, $config;
+ $logarr = "";
+ exec("cat {$logfile} | /usr/bin/tail -n {$tail}", $logarr);
+ foreach ($logarr as $logent) {
+ if(!logent)
+ continue;
+ $ww_logent = $logent;
+ $ww_logent = str_replace("[", " [ ", $ww_logent);
+ $ww_logent = str_replace("]", " ] ", $ww_logent);
+ echo "<tr valign=\"top\">\n";
+ echo "<td colspan=\"2\" class=\"listr\">" . make_clickable($ww_logent) . "&nbsp;</td>\n";
+ echo "</tr>\n";
+ }
+}
+
+?> \ No newline at end of file
diff --git a/config/snort-old/snort_blocked.php b/config/snort-old/snort_blocked.php
new file mode 100644
index 00000000..ff158853
--- /dev/null
+++ b/config/snort-old/snort_blocked.php
@@ -0,0 +1,174 @@
+<?php
+/* $Id$ */
+/*
+ snort_blocked.php
+ Copyright (C) 2006 Scott Ullrich
+ All rights reserved.
+
+ Redistribution and use in source and binary forms, with or without
+ modification, are permitted provided that the following conditions are met:
+
+ 1. Redistributions of source code must retain the above copyright notice,
+ this list of conditions and the following disclaimer.
+
+ 2. Redistributions in binary form must reproduce the above copyright
+ notice, this list of conditions and the following disclaimer in the
+ documentation and/or other materials provided with the distribution.
+
+ THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
+ INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+ AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
+ OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ POSSIBILITY OF SUCH DAMAGE.
+*/
+
+require("guiconfig.inc");
+require("/usr/local/pkg/snort.inc");
+
+if($_POST['todelete'] or $_GET['todelete']) {
+ if($_POST['todelete'])
+ $ip = $_POST['todelete'];
+ if($_GET['todelete'])
+ $ip = $_GET['todelete'];
+ exec("/sbin/pfctl -t snort2c -T delete {$ip}");
+}
+
+$pgtitle = "Snort: Snort Blocked";
+include("head.inc");
+
+?>
+
+<body link="#000000" vlink="#000000" alink="#000000">
+<?php include("fbegin.inc"); ?>
+
+<?php
+if(!$pgtitle_output)
+ echo "<p class=\"pgtitle\"><?=$pgtitle?></p>";
+?>
+
+<form action="snort_rulesets.php" method="post" name="iform" id="iform">
+<script src="/row_toggle.js" type="text/javascript"></script>
+<script src="/javascript/sorttable.js" type="text/javascript"></script>
+<?php if ($savemsg) print_info_box($savemsg); ?>
+<table width="99%" border="0" cellpadding="0" cellspacing="0">
+ <tr>
+ <td>
+<?php
+ $tab_array = array();
+ $tab_array[] = array(gettext("Settings"), false, "/pkg_edit.php?xml=snort.xml&id=0");
+ $tab_array[] = array(gettext("Update Rules"), false, "/snort_download_rules.php");
+ $tab_array[] = array(gettext("Categories"), false, "/snort_rulesets.php");
+ $tab_array[] = array(gettext("Rules"), false, "/snort_rules.php");
+ $tab_array[] = array(gettext("Servers"), false, "/pkg_edit.php?xml=snort_define_servers.xml&amp;id=0");
+ $tab_array[] = array(gettext("Blocked"), true, "/snort_blocked.php");
+ $tab_array[] = array(gettext("Whitelist"), false, "/pkg.php?xml=snort_whitelist.xml");
+ $tab_array[] = array(gettext("Threshold"), false, "/pkg.php?xml=snort_threshold.xml");
+ $tab_array[] = array(gettext("Alerts"), false, "/snort_alerts.php");
+ $tab_array[] = array(gettext("Advanced"), false, "/pkg_edit.php?xml=snort_advanced.xml&id=0");
+ display_top_tabs($tab_array);
+?>
+ </td>
+ </tr>
+ <tr>
+ <td>
+ <div id="mainarea">
+ <table id="maintable" class="tabcont" width="100%" border="0" cellpadding="0" cellspacing="0">
+ <tr>
+ <td>
+ <table id="sortabletable1" class="sortable" width="100%" border="0" cellpadding="0" cellspacing="0">
+ <tr id="frheader">
+ <td width="5%" class="listhdrr">Remove</td>
+ <td class="listhdrr">IP</td>
+ <td class="listhdrr">Alert Description</td>
+ </tr>
+<?php
+
+ $associatealertip = $config['installedpackages']['snort']['config'][0]['associatealertip'];
+ $ips = `/sbin/pfctl -t snort2c -T show`;
+ $ips_array = split("\n", $ips);
+ $counter = 0;
+ foreach($ips_array as $ip) {
+ if(!$ip)
+ continue;
+ $ww_ip = str_replace(" ", "", $ip);
+ $counter++;
+ if($associatealertip)
+ $alert_description = get_snort_alert($ww_ip);
+ else
+ $alert_description = "";
+ echo "\n<tr>";
+ echo "\n<td align=\"center\" valign=\"top\"'><a href='snort_blocked.php?todelete=" . trim(urlencode($ww_ip)) . "'>";
+ echo "\n<img title=\"Delete\" border=\"0\" name='todelete' id='todelete' alt=\"Delete\" src=\"./themes/{$g['theme']}/images/icons/icon_x.gif\"></a></td>";
+ echo "\n<td>&nbsp;{$ww_ip}</td>";
+ echo "\n<td>&nbsp;{$alert_description}<!-- |{$ww_ip}| get_snort_alert($ww_ip); --></td>";
+ echo "\n</tr>";
+ }
+ echo "\n<tr><td colspan='3'>&nbsp;</td></tr>";
+ if($counter < 1)
+ echo "\n<tr><td colspan='3' align=\"center\" valign=\"top\">There are currently no items being blocked by snort.</td></tr>";
+ else
+ echo "\n<tr><td colspan='3' align=\"center\" valign=\"top\">{$counter} items listed.</td></tr>";
+
+?>
+
+ </table>
+ </td>
+ </tr>
+ </table>
+ </div>
+ </td>
+ </tr>
+</table>
+
+</form>
+
+<p>
+
+<?php
+
+$blockedtab_msg_chk = $config['installedpackages']['snort']['config'][0]['rm_blocked'];
+ if ($blockedtab_msg_chk == "1h_b") {
+ $blocked_msg = "hour";
+ }
+ if ($blockedtab_msg_chk == "3h_b") {
+ $blocked_msg = "3 hours";
+ }
+ if ($blockedtab_msg_chk == "6h_b") {
+ $blocked_msg = "6 hours";
+ }
+ if ($blockedtab_msg_chk == "12h_b") {
+ $blocked_msg = "12 hours";
+ }
+ if ($blockedtab_msg_chk == "1d_b") {
+ $blocked_msg = "day";
+ }
+ if ($blockedtab_msg_chk == "4d_b") {
+ $blocked_msg = "4 days";
+ }
+ if ($blockedtab_msg_chk == "7d_b") {
+ $blocked_msg = "7 days";
+ }
+ if ($blockedtab_msg_chk == "28d_b") {
+ $blocked_msg = "28 days";
+ }
+
+echo "This page lists hosts that have been blocked by Snort. Hosts are automatically deleted every $blocked_msg.";
+
+?>
+
+<?php include("fend.inc"); ?>
+
+</body>
+</html>
+
+<?php
+
+/* write out snort cache */
+write_snort_config_cache($snort_config);
+
+?> \ No newline at end of file
diff --git a/config/snort-dev/snort_check_for_rule_updates.php b/config/snort-old/snort_check_for_rule_updates.php
index 6f95b101..8d308245 100644
--- a/config/snort-dev/snort_check_for_rule_updates.php
+++ b/config/snort-old/snort_check_for_rule_updates.php
@@ -3,7 +3,6 @@
/*
snort_rulesets.php
Copyright (C) 2006 Scott Ullrich
- Copyright (C) 2009 Robert Zelaya
All rights reserved.
Redistribution and use in source and binary forms, with or without
@@ -29,8 +28,8 @@
*/
/* Setup enviroment */
-$tmpfname = "/tmp/snort_rules_up";
-$snortdir = "/usr/local/etc/snort";
+$tmpfname = "/root/snort_rules_up";
+$snortdir = "/usr/local/etc/snort_bkup";
$snortdir_wan = "/usr/local/etc/snort";
$snort_filename_md5 = "snortrules-snapshot-2.8.tar.gz.md5";
$snort_filename = "snortrules-snapshot-2.8.tar.gz";
@@ -39,71 +38,53 @@ $emergingthreats_filename = "emerging.rules.tar.gz";
$pfsense_rules_filename_md5 = "pfsense_rules.tar.gz.md5";
$pfsense_rules_filename = "pfsense_rules.tar.gz";
-require_once("globals.inc");
-require_once("guiconfig.inc");
-require_once("/usr/local/pkg/snort/snort.inc");
+require("/usr/local/pkg/snort.inc");
+require_once("config.inc");
-/* define checks */
-$oinkid = $config['installedpackages']['snortglobal']['oinkmastercode'];
-$snortdownload = $config['installedpackages']['snortglobal']['snortdownload'];
-$emergingthreats = $config['installedpackages']['snortglobal']['emergingthreats'];
-
-if ($oinkid == "" && $snortdownload != "off")
-{
- echo "You must obtain an oinkid from snort.org and set its value in the Snort settings tab.\n";
- exec("/usr/bin/logger -p daemon.info -i -t SnortStartup 'You must obtain an oinkid from snort.org and set its value in the Snort settings tab.'");
- exit;
-}
-
-if ($snortdownload != "on" && $emergingthreats != "on")
-{
- echo 'Snort Global Settings: download snort.org rules = off and download emergingthreat rules = off.\n';
- exec("/usr/bin/logger -p daemon.info -i -t SnortStartup 'No rules have been selected to download.'");
- exit;
-}
+?>
-conf_mount_rw();
-/* Time stamps define */
-$last_md5_download = $config['installedpackages']['snortglobal']['last_md5_download'];
-$last_rules_install = $config['installedpackages']['snortglobal']['last_rules_install'];
+<?php
$up_date_time = date('l jS \of F Y h:i:s A');
-echo "\n";
-echo "#########################\n";
-echo "$up_date_time\n";
-echo "#########################\n";
-echo "\n\n";
-
-exec("/usr/bin/logger -p daemon.info -i -t SnortStartup 'Checking for needed updates...'");
+echo "";
+echo "#########################";
+echo "$up_date_time";
+echo "#########################";
+echo "";
/* Begin main code */
/* Set user agent to Mozilla */
ini_set('user_agent','Mozilla/4.0 (compatible; MSIE 6.0)');
ini_set("memory_limit","125M");
-/* mark the time update started */
-$config['installedpackages']['snortglobal']['last_md5_download'] = date("Y-M-jS-h:i-A");
-
/* send current buffer */
ob_flush();
-conf_mount_rw();
+
+/* define oinkid */
+if($config['installedpackages']['snort'])
+ $oinkid = $config['installedpackages']['snort']['config'][0]['oinkmastercode'];
+
+/* if missing oinkid exit */
+if(!$oinkid) {
+ echo "Please add you oink code\n";
+ exit;
+}
/* premium_subscriber check */
//unset($config['installedpackages']['snort']['config'][0]['subscriber']);
//write_config(); // Will cause switch back to read-only on nanobsd
//conf_mount_rw(); // Uncomment this if the previous line is uncommented
+$premium_subscriber_chk = $config['installedpackages']['snort']['config'][0]['subscriber'];
-$premium_subscriber_chk = $config['installedpackages']['snortglobal']['snortdownload'];
-
-if ($premium_subscriber_chk == "premium") {
+if ($premium_subscriber_chk === on) {
$premium_subscriber = "_s";
}else{
$premium_subscriber = "";
}
-$premium_url_chk = $config['installedpackages']['snortglobal']['snortdownload'];
-if ($premium_url_chk == "premium") {
+$premium_url_chk = $config['installedpackages']['snort']['config'][0]['subscriber'];
+if ($premium_url_chk === on) {
$premium_url = "sub-rules";
}else{
$premium_url = "reg-rules";
@@ -111,23 +92,16 @@ if ($premium_url_chk == "premium") {
/* send current buffer */
ob_flush();
-conf_mount_rw();
+conf_mount_rw();
/* remove old $tmpfname files */
if (file_exists("{$tmpfname}")) {
- echo "Removing old tmp files...\n";
exec("/bin/rm -r {$tmpfname}");
apc_clear_cache();
}
-/* Make shure snortdir exits */
-exec("/bin/mkdir -p {$snortdir}");
-exec("/bin/mkdir -p {$snortdir}/rules");
-exec("/bin/mkdir -p {$snortdir}/signatures");
-
/* send current buffer */
ob_flush();
-conf_mount_rw();
/* If tmp dir does not exist create it */
if (file_exists($tmpfname)) {
@@ -151,7 +125,7 @@ if (file_exists("{$tmpfname}/{$snort_filename_md5}")) {
}
/* download md5 sig from emergingthreats.net */
-$emergingthreats_url_chk = $config['installedpackages']['snortglobal']['emergingthreats'];
+$emergingthreats_url_chk = $config['installedpackages']['snort']['config'][0]['emergingthreats'];
if ($emergingthreats_url_chk == on) {
echo "Downloading md5 file...\n";
ini_set('user_agent','Mozilla/4.0 (compatible; MSIE 6.0)');
@@ -177,11 +151,14 @@ if (file_exists("{$tmpfname}/{$pfsense_rules_filename_md5}")) {
echo "Done. downloading md5\n";
}
+/* Time stamps define */
+$last_md5_download = $config['installedpackages']['snort']['last_md5_download'];
+$last_rules_install = $config['installedpackages']['snort']['last_rules_install'];
+
/* If md5 file is empty wait 15min exit */
if (0 == filesize("{$tmpfname}/snortrules-snapshot-2.8.tar.gz.md5")){
echo "Please wait... You may only check for New Rules every 15 minutes...\n";
echo "Rules are released every month from snort.org. You may download the Rules at any time.\n";
- exec("/usr/bin/logger -p daemon.info -i -t SnortStartup 'Please wait... You may only check for New Rules every 15 minutes...'");
exit(0);
}
@@ -191,7 +168,6 @@ if (0 == filesize("{$tmpfname}/snortrules-snapshot-2.8.tar.gz.md5")){
if (0 == filesize("{$tmpfname}/$pfsense_rules_filename_md5")){
echo "Please wait... You may only check for New Pfsense Rules every 15 minutes...\n";
echo "Rules are released to support Pfsense packages.\n";
- exec("/usr/bin/logger -p daemon.info -i -t SnortStartup 'Please wait... You may only check for New Pfsense Rules every 15 minutes...'");
exit(0);
}
@@ -202,18 +178,18 @@ $md5_check_new = `/bin/echo "{$md5_check_new_parse}" | /usr/bin/awk '{ print $1
$md5_check_old_parse = file_get_contents("{$snortdir}/{$snort_filename_md5}");
$md5_check_old = `/bin/echo "{$md5_check_old_parse}" | /usr/bin/awk '{ print $1 }'`;
/* Write out time of last sucsessful md5 to cache */
+$config['installedpackages']['snort']['last_md5_download'] = date("Y-M-jS-h:i-A");
write_config(); // Will cause switch back to read-only on nanobsd
conf_mount_rw();
if ($md5_check_new == $md5_check_old) {
echo "Your rules are up to date...\n";
echo "You may start Snort now, check update.\n";
$snort_md5_check_ok = on;
- exec("/usr/bin/logger -p daemon.info -i -t SnortStartup 'Your snort rules are up to date...'");
}
}
/* Check if were up to date emergingthreats.net */
-$emergingthreats_url_chk = $config['installedpackages']['snortglobal']['emergingthreats'];
+$emergingthreats_url_chk = $config['installedpackages']['snort']['config'][0]['emergingthreats'];
if ($emergingthreats_url_chk == on) {
if (file_exists("{$snortdir}/version.txt")){
$emerg_md5_check_new_parse = file_get_contents("{$tmpfname}/version.txt");
@@ -221,13 +197,13 @@ $emerg_md5_check_new = `/bin/echo "{$emerg_md5_check_new_parse}" | /usr/bin/awk
$emerg_md5_check_old_parse = file_get_contents("{$snortdir}/version.txt");
$emerg_md5_check_old = `/bin/echo "{$emerg_md5_check_old_parse}" | /usr/bin/awk '{ print $1 }'`;
/* Write out time of last sucsessful md5 to cache */
+$config['installedpackages']['snort']['last_md5_download'] = date("Y-M-jS-h:i-A");
write_config(); // Will cause switch back to read-only on nanobsd
conf_mount_rw();
if ($emerg_md5_check_new == $emerg_md5_check_old) {
echo "Your emergingthreats rules are up to date...\n";
echo "You may start Snort now, check update.\n";
$emerg_md5_check_chk_ok = on;
- exec("/usr/bin/logger -p daemon.info -i -t SnortStartup 'Your emergingthreats rules are up to date...'");
}
}
}
@@ -240,65 +216,39 @@ $pfsense_md5_check_old_parse = file_get_contents("{$snortdir}/{$snort_filename_m
$pfsense_md5_check_old = `/bin/echo "{$md5_check_old_parse}" | /usr/bin/awk '{ print $1 }'`;
if ($pfsense_md5_check_new == $pfsense_md5_check_old) {
$pfsense_md5_check_ok = on;
- exec("/usr/bin/logger -p daemon.info -i -t SnortStartup 'Your pfsense rules are up to date...'");
}
}
/* Make Clean Snort Directory emergingthreats not checked */
if ($snort_md5_check_ok == on && $emergingthreats_url_chk != on) {
- update_status(gettext("Cleaning the snort Directory..."));
- update_output_window(gettext("removing..."));
- exec("/bin/rm {$snortdir}/rules/emerging*");
+ echo "Cleaning the snort Directory...\n";
+ echo "removing...\n";
+ exec("/bin/rm {$snortdir}/rules/emerging*\n");
exec("/bin/rm {$snortdir}/version.txt");
- exec("/bin/rm {$snortdir_wan}/rules/emerging*");
- exec("/bin/rm {$snortdir_wan}/version.txt");
echo "Done making cleaning emrg direcory.\n";
}
/* Check if were up to date exits */
if ($snort_md5_check_ok == on && $emerg_md5_check_chk_ok == on && $pfsense_md5_check_ok == on) {
- echo "Your emergingthreats rules are up to date...\n";
- exec("/usr/bin/logger -p daemon.info -i -t SnortStartup 'Your emergingthreats rules are up to date...'");
+ echo "Your rules are up to date...\n";
+ echo "You may start Snort now...\n";
exit(0);
}
if ($snort_md5_check_ok == on && $pfsense_md5_check_ok == on && $emergingthreats_url_chk != on) {
- echo "Your pfsense rules are up to date...\n";
- exec("/usr/bin/logger -p daemon.info -i -t SnortStartup 'Your pfsense rules are up to date...'");
+ echo "Your rules are up to date...\n";
+ echo "You may start Snort now...\n";
exit(0);
}
/* You are Not Up to date, always stop snort when updating rules for low end machines */;
echo "You are NOT up to date...\n";
-echo "Stopping All Snort Package services...\n";
-exec("/usr/bin/logger -p daemon.info -i -t SnortStartup 'SNORT RULES ARE OUT OF DATE, UPDATING...'");
-exec("/usr/bin/logger -p daemon.info -i -t SnortStartup 'Stopping All Snort Package Services...'");
+echo "Stopping Snort service...\n";
$chk_if_snort_up = exec("pgrep -x snort");
if ($chk_if_snort_up != "") {
-
-
- exec("/usr/bin/touch /tmp/snort_download_halt.pid");
-
- /* dont flood the syslog code */
- exec("/bin/cp /var/log/system.log /var/log/system.log.bk");
- sleep(3);
-
- exec("/usr/bin/killall snort");
- exec("/bin/rm /var/run/snort*");
- sleep(2);
- exec("/usr/bin/killall barnyard2");
- exec("/bin/rm /var/run/barnyard2*");
-
- /* stop syslog flood code */
- exec("/bin/cp /var/log/system.log /var/log/snort/snort_sys_rules_update.log");
- exec("/usr/bin/killall syslogd");
- exec("/usr/sbin/clog -i -s 262144 /var/log/system.log");
- exec("/usr/sbin/syslogd -c -ss -f /var/etc/syslog.conf");
- sleep(2);
- exec("/bin/cp /var/log/system.log.bk /var/log/system.log");
- $after_mem = exec("/usr/bin/top | /usr/bin/grep Wired | /usr/bin/awk '{ print $2 }'");
- exec("/usr/bin/logger -p daemon.info -i -t SnortStartup 'MEM after snort STOP {$after_mem}'");
-
+ exec("/usr/bin/touch /tmp/snort_download_halt.pid");
+ stop_service("snort");
+ sleep(2);
}
/* download snortrules file */
@@ -306,6 +256,7 @@ if ($snort_md5_check_ok != on) {
if (file_exists("{$tmpfname}/{$snort_filename}")) {
echo "Snortrule tar file exists...\n";
} else {
+
echo "There is a new set of Snort rules posted. Downloading...\n";
echo "May take 4 to 10 min...\n";
ini_set('user_agent','Mozilla/4.0 (compatible; MSIE 6.0)');
@@ -360,56 +311,28 @@ if (file_exists("{$tmpfname}/{$pfsense_rules_filename}")) {
}
}
-/* Compair md5 sig to file sig */
-
-//$premium_url_chk = $config['installedpackages']['snort']['config'][0]['subscriber'];
-//if ($premium_url_chk == on) {
-//$md5 = file_get_contents("{$tmpfname}/{$snort_filename_md5}");
-//$file_md5_ondisk = `/sbin/md5 {$tmpfname}/{$snort_filename} | /usr/bin/awk '{ print $4 }'`;
-// if ($md5 == $file_md5_ondisk) {
-// update_status(gettext("Valid md5 checksum pass..."));
-//} else {
-// update_status(gettext("The downloaded file does not match the md5 file...P is ON"));
-// update_output_window(gettext("Error md5 Mismatch..."));
-// exit(0);
-// }
-//}
-
-//$premium_url_chk = $config['installedpackages']['snort']['config'][0]['subscriber'];
-//if ($premium_url_chk != on) {
-//$md55 = `/bin/cat {$tmpfname}/{$snort_filename_md5} | /usr/bin/awk '{ print $4 }'`;
-//$file_md5_ondisk2 = `/sbin/md5 {$tmpfname}/{$snort_filename} | /usr/bin/awk '{ print $4 }'`;
-// if ($md55 == $file_md5_ondisk2) {
-// update_status(gettext("Valid md5 checksum pass..."));
-//} else {
-// update_status(gettext("The downloaded file does not match the md5 file...Not P"));
-// update_output_window(gettext("Error md5 Mismatch..."));
-// exit(0);
-// }
-//}
-
/* Untar snort rules file individually to help people with low system specs */
if ($snort_md5_check_ok != on) {
if (file_exists("{$tmpfname}/{$snort_filename}")) {
echo "Extracting rules...\n";
echo "May take a while...\n";
- exec("/usr/bin/tar xzf {$tmpfname}/{$snort_filename} -C {$snortdir} rules/" .
- " etc/" .
- " so_rules/precompiled/FreeBSD-7.0/i386/2.8.4" .
- " so_rules/bad-traffic.rules/" .
- " so_rules/chat.rules/" .
- " so_rules/dos.rules/" .
- " so_rules/exploit.rules/" .
- " so_rules/imap.rules/" .
- " so_rules/misc.rules/" .
- " so_rules/multimedia.rules/" .
- " so_rules/netbios.rules/" .
- " so_rules/nntp.rules/" .
- " so_rules/p2p.rules/" .
- " so_rules/smtp.rules/" .
- " so_rules/sql.rules/" .
- " so_rules/web-client.rules/" .
- " so_rules/web-misc.rules/");
+ exec("/usr/bin/tar xzf {$tmpfname}/{$snort_filename} -C {$snortdir} rules/");
+ exec("/usr/bin/tar xzf {$tmpfname}/{$snort_filename} -C {$snortdir} etc/");
+ exec("`/usr/bin/tar xzf {$tmpfname}/{$snort_filename} -C {$snortdir} so_rules/precompiled/FreeBSD-7.0/i386/2.8.4/*`");
+ exec("/usr/bin/tar xzf {$tmpfname}/{$snort_filename} -C {$snortdir} so_rules/bad-traffic.rules/");
+ exec("/usr/bin/tar xzf {$tmpfname}/{$snort_filename} -C {$snortdir} so_rules/chat.rules/");
+ exec("/usr/bin/tar xzf {$tmpfname}/{$snort_filename} -C {$snortdir} so_rules/dos.rules/");
+ exec("/usr/bin/tar xzf {$tmpfname}/{$snort_filename} -C {$snortdir} so_rules/exploit.rules/");
+ exec("/usr/bin/tar xzf {$tmpfname}/{$snort_filename} -C {$snortdir} so_rules/imap.rules/");
+ exec("/usr/bin/tar xzf {$tmpfname}/{$snort_filename} -C {$snortdir} so_rules/misc.rules/");
+ exec("/usr/bin/tar xzf {$tmpfname}/{$snort_filename} -C {$snortdir} so_rules/multimedia.rules/");
+ exec("/usr/bin/tar xzf {$tmpfname}/{$snort_filename} -C {$snortdir} so_rules/netbios.rules/");
+ exec("/usr/bin/tar xzf {$tmpfname}/{$snort_filename} -C {$snortdir} so_rules/nntp.rules/");
+ exec("/usr/bin/tar xzf {$tmpfname}/{$snort_filename} -C {$snortdir} so_rules/p2p.rules/");
+ exec("/usr/bin/tar xzf {$tmpfname}/{$snort_filename} -C {$snortdir} so_rules/smtp.rules/");
+ exec("/usr/bin/tar xzf {$tmpfname}/{$snort_filename} -C {$snortdir} so_rules/sql.rules/");
+ exec("/usr/bin/tar xzf {$tmpfname}/{$snort_filename} -C {$snortdir} so_rules/web-client.rules/");
+ exec("/usr/bin/tar xzf {$tmpfname}/{$snort_filename} -C {$snortdir} so_rules/web-misc.rules/");
echo "Done extracting Rules.\n";
} else {
echo "The Download rules file missing...\n";
@@ -441,7 +364,7 @@ if (file_exists("{$tmpfname}/{$pfsense_rules_filename}")) {
/* Untar snort signatures */
if ($snort_md5_check_ok != on) {
if (file_exists("{$tmpfname}/{$snort_filename}")) {
-$signature_info_chk = $config['installedpackages']['snortglobal']['signatureinfo'];
+$signature_info_chk = $config['installedpackages']['snortadvanced']['config'][0]['signatureinfo'];
if ($premium_url_chk == on) {
echo "Extracting Signatures...\n";
echo "May take a while...\n";
@@ -454,8 +377,8 @@ if ($premium_url_chk == on) {
/* Make Clean Snort Directory */
//if ($snort_md5_check_ok != on && $emerg_md5_check_chk_ok != on && $pfsense_md5_check_ok != on) {
//if (file_exists("{$snortdir}/rules")) {
-// update_status(gettext("Cleaning the snort Directory..."));
-// update_output_window(gettext("removing..."));
+// echo "Cleaning the snort Directory...\n";
+// echo "removing...\n";
// exec("/bin/mkdir -p {$snortdir}");
// exec("/bin/mkdir -p {$snortdir}/rules");
// exec("/bin/mkdir -p {$snortdir}/signatures");
@@ -463,49 +386,96 @@ if ($premium_url_chk == on) {
// exec("/bin/rm {$snortdir}/rules/*");
// exec("/bin/rm {$snortdir_wan}/*");
// exec("/bin/rm {$snortdir_wan}/rules/*");
-
// exec("/bin/rm /usr/local/lib/snort/dynamicrules/*");
//} else {
-// update_status(gettext("Making Snort Directory..."));
-// update_output_window(gettext("should be fast..."));
-// exec("/bin/mkdir -p {$snortdir}");
-// exec("/bin/mkdir -p {$snortdir}/rules");
-// exec("/bin/rm {$snortdir_wan}/*");
+// echo "Making Snort Directory...\n";
+// echo "should be fast...\n";
+// exec("/bin/mkdir {$snortdir}");
+// exec("/bin/mkdir {$snortdir}/rules");
+// exec("/bin/rm {$snortdir_wan}/\*");
// exec("/bin/rm {$snortdir_wan}/rules/*");
// exec("/bin/rm /usr/local/lib/snort/dynamicrules/\*");
-// update_status(gettext("Done making snort direcory."));
+// echo "Done making snort direcory.\n";
// }
//}
-/* Copy so_rules dir to snort lib dir */
-/* Disabled untill I figure out why there is a segment falut core dump on 2.8.5.3 */
-//if ($snort_md5_check_ok != on) {
-//if (file_exists("{$snortdir}/so_rules/precompiled/FreeBSD-7.0/i386/2.8.4/")) {
-// echo "Copying so_rules...\n";
-// echo "May take a while...\n";
-// exec("`/bin/cp -f {$snortdir}/so_rules/precompiled/FreeBSD-7.0/i386/2.8.4/* /usr/local/lib/snort/dynamicrules/`");
-// exec("/bin/cp {$snortdir}/so_rules/bad-traffic.rules {$snortdir}/rules/bad-traffic.so.rules");
-// exec("/bin/cp {$snortdir}/so_rules/chat.rules {$snortdir}/rules/chat.so.rules");
-// exec("/bin/cp {$snortdir}/so_rules/dos.rules {$snortdir}/rules/dos.so.rules");
-// exec("/bin/cp {$snortdir}/so_rules/exploit.rules {$snortdir}/rules/exploit.so.rules");
-// exec("/bin/cp {$snortdir}/so_rules/imap.rules {$snortdir}/rules/imap.so.rules");
-// exec("/bin/cp {$snortdir}/so_rules/misc.rules {$snortdir}/rules/misc.so.rules");
-// exec("/bin/cp {$snortdir}/so_rules/multimedia.rules {$snortdir}/rules/multimedia.so.rules");
-// exec("/bin/cp {$snortdir}/so_rules/netbios.rules {$snortdir}/rules/netbios.so.rules");
-// exec("/bin/cp {$snortdir}/so_rules/nntp.rules {$snortdir}/rules/nntp.so.rules");
-// exec("/bin/cp {$snortdir}/so_rules/p2p.rules {$snortdir}/rules/p2p.so.rules");
-// exec("/bin/cp {$snortdir}/so_rules/smtp.rules {$snortdir}/rules/smtp.so.rules");
-// exec("/bin/cp {$snortdir}/so_rules/sql.rules {$snortdir}/rules/sql.so.rules");
-// exec("/bin/cp {$snortdir}/so_rules/web-client.rules {$snortdir}/rules/web-client.so.rules");
-// exec("/bin/cp {$snortdir}/so_rules/web.misc.rules {$snortdir}/rules/web.misc.so.rules");
-// exec("/bin/rm -r {$snortdir}/so_rules");
-// echo "Done copying so_rules.\n";
-//} else {
-// echo "Directory so_rules does not exist...\n";
-// echo "Error copying so_rules...\n";
-// exit(0);
-// }
-//}
+/* Copy so_rules dir to snort lib dir */
+if ($snort_md5_check_ok != on) {
+if (file_exists("{$snortdir}/so_rules/precompiled/FreeBSD-7.0/i386/2.8.4/")) {
+ echo "Copying so_rules...\n";
+ echo "May take a while...\n";
+ sleep(2);
+ exec("`/bin/cp -f {$snortdir}/so_rules/precompiled/FreeBSD-7.0/i386/2.8.4/* /usr/local/lib/snort/dynamicrules/`");
+ exec("/bin/cp {$snortdir}/so_rules/bad-traffic.rules {$snortdir}/rules/bad-traffic.so.rules");
+ exec("/bin/cp {$snortdir}/so_rules/chat.rules {$snortdir}/rules/chat.so.rules");
+ exec("/bin/cp {$snortdir}/so_rules/dos.rules {$snortdir}/rules/dos.so.rules");
+ exec("/bin/cp {$snortdir}/so_rules/exploit.rules {$snortdir}/rules/exploit.so.rules");
+ exec("/bin/cp {$snortdir}/so_rules/imap.rules {$snortdir}/rules/imap.so.rules");
+ exec("/bin/cp {$snortdir}/so_rules/misc.rules {$snortdir}/rules/misc.so.rules");
+ exec("/bin/cp {$snortdir}/so_rules/multimedia.rules {$snortdir}/rules/multimedia.so.rules");
+ exec("/bin/cp {$snortdir}/so_rules/netbios.rules {$snortdir}/rules/netbios.so.rules");
+ exec("/bin/cp {$snortdir}/so_rules/nntp.rules {$snortdir}/rules/nntp.so.rules");
+ exec("/bin/cp {$snortdir}/so_rules/p2p.rules {$snortdir}/rules/p2p.so.rules");
+ exec("/bin/cp {$snortdir}/so_rules/smtp.rules {$snortdir}/rules/smtp.so.rules");
+ exec("/bin/cp {$snortdir}/so_rules/sql.rules {$snortdir}/rules/sql.so.rules");
+ exec("/bin/cp {$snortdir}/so_rules/web-client.rules {$snortdir}/rules/web-client.so.rules");
+ exec("/bin/cp {$snortdir}/so_rules/web-misc.rules {$snortdir}/rules/web-misc.so.rules");
+ exec("/bin/rm -r {$snortdir}/so_rules");
+ echo "Done copying so_rules.\n";
+} else {
+ echo "Directory so_rules does not exist...\n";
+ echo "Error copping so_rules...\n";
+ exit(0);
+ }
+}
+
+/* enable disable setting will carry over with updates */
+/* TODO carry signature changes with the updates */
+if ($snort_md5_check_ok != on || $emerg_md5_check_chk_ok != on || $pfsense_md5_check_ok != on) {
+
+if (!empty($config['installedpackages']['snort']['rule_sid_on'])) {
+$enabled_sid_on = $config['installedpackages']['snort']['rule_sid_on'];
+$enabled_sid_on_array = split('\|\|', $enabled_sid_on);
+foreach($enabled_sid_on_array as $enabled_item_on)
+$selected_sid_on_sections .= "$enabled_item_on\n";
+ }
+
+if (!empty($config['installedpackages']['snort']['rule_sid_off'])) {
+$enabled_sid_off = $config['installedpackages']['snort']['rule_sid_off'];
+$enabled_sid_off_array = split('\|\|', $enabled_sid_off);
+foreach($enabled_sid_off_array as $enabled_item_off)
+$selected_sid_off_sections .= "$enabled_item_off\n";
+ }
+
+$snort_sid_text = <<<EOD
+
+###########################################
+# #
+# this is auto generated on snort updates #
+# #
+###########################################
+
+path = /bin:/usr/bin:/usr/local/bin
+
+update_files = \.rules$|\.config$|\.conf$|\.txt$|\.map$
+
+url = dir:///usr/local/etc/snort_bkup/rules
+
+$selected_sid_on_sections
+
+$selected_sid_off_sections
+
+EOD;
+
+ /* open snort's threshold.conf for writing */
+ $oinkmasterlist = fopen("/usr/local/etc/snort_bkup/oinkmaster.conf", "w");
+
+ fwrite($oinkmasterlist, "$snort_sid_text");
+
+ /* close snort's threshold.conf file */
+ fclose($oinkmasterlist);
+
+}
/* Copy configs to snort dir */
if ($snort_md5_check_ok != on) {
@@ -513,10 +483,9 @@ if (file_exists("{$snortdir}/etc/Makefile.am")) {
echo "Copying configs to snort directory...\n";
exec("/bin/cp {$snortdir}/etc/* {$snortdir}");
exec("/bin/rm -r {$snortdir}/etc");
-
} else {
- echo "The snort config does not exist...\n";
- echo "Error copying config...\n";
+ echo "The snort configs does not exist...\n";
+ echo "Error copping config...\n";
exit(0);
}
}
@@ -528,7 +497,7 @@ if (file_exists("{$tmpfname}/$snort_filename_md5")) {
exec("/bin/cp {$tmpfname}/$snort_filename_md5 {$snortdir}/$snort_filename_md5");
} else {
echo "The md5 file does not exist...\n";
- echo "Error copying config...\n";
+ echo "Error copping config...\n";
exit(0);
}
}
@@ -541,7 +510,7 @@ if (file_exists("{$tmpfname}/$emergingthreats_filename_md5")) {
exec("/bin/cp {$tmpfname}/$emergingthreats_filename_md5 {$snortdir}/$emergingthreats_filename_md5");
} else {
echo "The emergingthreats md5 file does not exist...\n";
- echo "Error copying config...\n";
+ echo "Error copping config...\n";
exit(0);
}
}
@@ -554,14 +523,14 @@ if (file_exists("{$tmpfname}/$pfsense_rules_filename_md5")) {
exec("/bin/cp {$tmpfname}/$pfsense_rules_filename_md5 {$snortdir}/$pfsense_rules_filename_md5");
} else {
echo "The Pfsense md5 file does not exist...\n";
- echo "Error copying config...\n";
+ echo "Error copping config...\n";
exit(0);
}
}
-
+
/* Copy signatures dir to snort dir */
if ($snort_md5_check_ok != on) {
-$signature_info_chk = $config['installedpackages']['snortglobal']['signatureinfo'];
+$signature_info_chk = $config['installedpackages']['snort']['config'][0]['signatureinfo'];
if ($premium_url_chk == on) {
if (file_exists("{$snortdir}/doc/signatures")) {
echo "Copying signatures...\n";
@@ -571,22 +540,22 @@ if (file_exists("{$snortdir}/doc/signatures")) {
echo "Done copying signatures.\n";
} else {
echo "Directory signatures exist...\n";
- echo "Error copying signature...\n";
+ echo "Error copping signature...\n";
exit(0);
}
}
}
-/* double make shure cleanup emerg rules that dont belong */
-if (file_exists("/usr/local/etc/snort/rules/emerging-botcc-BLOCK.rules")) {
+/* double make shure clean up emerg rules that dont belong */
+if (file_exists("/usr/local/etc/snort_bkup/rules/emerging-botcc-BLOCK.rules")) {
apc_clear_cache();
- exec("/bin/rm /usr/local/etc/snort/rules/emerging-botcc-BLOCK.rules");
- exec("/bin/rm /usr/local/etc/snort/rules/emerging-botcc.rules");
- exec("/bin/rm /usr/local/etc/snort/rules/emerging-compromised-BLOCK.rules");
- exec("/bin/rm /usr/local/etc/snort/rules/emerging-drop-BLOCK.rules");
- exec("/bin/rm /usr/local/etc/snort/rules/emerging-dshield-BLOCK.rules");
- exec("/bin/rm /usr/local/etc/snort/rules/emerging-rbn-BLOCK.rules");
- exec("/bin/rm /usr/local/etc/snort/rules/emerging-tor-BLOCK.rules");
+ exec("/bin/rm /usr/local/etc/snort_bkup/rules/emerging-botcc-BLOCK.rules");
+ exec("/bin/rm /usr/local/etc/snort_bkup/rules/emerging-botcc.rules");
+ exec("/bin/rm /usr/local/etc/snort_bkup/rules/emerging-compromised-BLOCK.rules");
+ exec("/bin/rm /usr/local/etc/snort_bkup/rules/emerging-drop-BLOCK.rules");
+ exec("/bin/rm /usr/local/etc/snort_bkup/rules/emerging-dshield-BLOCK.rules");
+ exec("/bin/rm /usr/local/etc/snort_bkup/rules/emerging-rbn-BLOCK.rules");
+ exec("/bin/rm /usr/local/etc/snort_bkup/rules/emerging-tor-BLOCK.rules");
}
if (file_exists("/usr/local/lib/snort/dynamicrules/lib_sfdynamic_example_rule.so")) {
@@ -594,176 +563,72 @@ if (file_exists("/usr/local/lib/snort/dynamicrules/lib_sfdynamic_example_rule.so
exec("/bin/rm /usr/local/lib/snort/dynamicrules/lib_sfdynamic_example\*");
}
-/* make shure default rules are in the right format */
-exec("/usr/local/bin/perl -pi -e 's/#alert/# alert/g' /usr/local/etc/snort/rules/*.rules");
-exec("/usr/local/bin/perl -pi -e 's/##alert/# alert/g' /usr/local/etc/snort/rules/*.rules");
-exec("/usr/local/bin/perl -pi -e 's/## alert/# alert/g' /usr/local/etc/snort/rules/*.rules");
-
-/* create a msg-map for snort */
echo "Updating Alert Messages...\n";
echo "Please Wait...\n";
-exec("/usr/local/bin/perl /usr/local/bin/create-sidmap.pl /usr/local/etc/snort/rules > /usr/local/etc/snort/sid-msg.map");
-
-
-//////////////////
-
-/* Start the proccess for every interface rule */
-/* TODO: try to make the code smother */
-
-if (!empty($config['installedpackages']['snortglobal']['rule'])) {
-
-$rule_array = $config['installedpackages']['snortglobal']['rule'];
-$id = -1;
-foreach ($rule_array as $value) {
-
-$id += 1;
-
-$result_lan = $config['installedpackages']['snortglobal']['rule'][$id]['interface'];
-$if_real = convert_friendly_interface_to_real_interface_name($result_lan);
-
- /* make oinkmaster.conf for each interface rule */
- oinkmaster_conf();
-
- /* run oinkmaster for each interface rule */
- oinkmaster_run();
-
- }
-}
-
-/* open oinkmaster_conf for writing" function */
-function oinkmaster_conf() {
-
- global $config, $g, $id, $if_real, $snortdir_wan, $snortdir, $snort_md5_check_ok, $emerg_md5_check_chk_ok, $pfsense_md5_check_ok;
-
-/* enable disable setting will carry over with updates */
-/* TODO carry signature changes with the updates */
-if ($snort_md5_check_ok != on || $emerg_md5_check_chk_ok != on || $pfsense_md5_check_ok != on) {
-
-if (!empty($config['installedpackages']['snortglobal']['rule'][$id]['rule_sid_on'])) {
-$enabled_sid_on = $config['installedpackages']['snortglobal']['rule'][$id]['rule_sid_on'];
-$enabled_sid_on_array = split('\|\|', $enabled_sid_on);
-foreach($enabled_sid_on_array as $enabled_item_on)
-$selected_sid_on_sections .= "$enabled_item_on\n";
- }
-
-if (!empty($config['installedpackages']['snortglobal']['rule'][$id]['rule_sid_off'])) {
-$enabled_sid_off = $config['installedpackages']['snortglobal']['rule'][$id]['rule_sid_off'];
-$enabled_sid_off_array = split('\|\|', $enabled_sid_off);
-foreach($enabled_sid_off_array as $enabled_item_off)
-$selected_sid_off_sections .= "$enabled_item_off\n";
- }
-
-$snort_sid_text = <<<EOD
-
-###########################################
-# #
-# this is auto generated on snort updates #
-# #
-###########################################
-
-path = /bin:/usr/bin:/usr/local/bin
-
-update_files = \.rules$|\.config$|\.conf$|\.txt$|\.map$
-
-url = dir:///usr/local/etc/snort/rules
-
-$selected_sid_on_sections
-
-$selected_sid_off_sections
-
-EOD;
-
- /* open snort's oinkmaster.conf for writing */
- $oinkmasterlist = fopen("/usr/local/etc/snort/oinkmaster_$if_real.conf", "w");
-
- fwrite($oinkmasterlist, "$snort_sid_text");
-
- /* close snort's oinkmaster.conf file */
- fclose($oinkmasterlist);
-
- }
-}
+sleep(2);
+exec("/usr/local/bin/perl /usr/local/bin/create-sidmap.pl /usr/local/etc/snort_bkup/rules > /usr/local/etc/snort_bkup/sid-msg.map");
/* Run oinkmaster to snort_wan and cp configs */
/* If oinkmaster is not needed cp rules normally */
/* TODO add per interface settings here */
-function oinkmaster_run() {
-
- global $config, $g, $id, $if_real, $snortdir_wan, $snortdir, $snort_md5_check_ok, $emerg_md5_check_chk_ok, $pfsense_md5_check_ok;
-
if ($snort_md5_check_ok != on || $emerg_md5_check_chk_ok != on || $pfsense_md5_check_ok != on) {
- if (empty($config['installedpackages']['snortglobal']['rule'][$id]['rule_sid_on']) || empty($config['installedpackages']['snortglobal']['rule'][$id]['rule_sid_off'])) {
- echo "Your first set of rules are being copied...\n";
- echo "May take a while...\n";
- exec("/bin/echo \"test {$snortdir} {$snortdir_wan} $id$if_real\" >> /root/debug");
- exec("/bin/cp {$snortdir}/rules/* {$snortdir_wan}/snort_$id$if_real/rules/");
- exec("/bin/cp {$snortdir}/classification.config {$snortdir_wan}/snort_$id$if_real");
- exec("/bin/cp {$snortdir}/gen-msg.map {$snortdir_wan}/snort_$id$if_real");
- exec("/bin/cp {$snortdir}/generators {$snortdir_wan}/snort_$id$if_real");
- exec("/bin/cp {$snortdir}/reference.config {$snortdir_wan}/snort_$id$if_real");
- exec("/bin/cp {$snortdir}/sid {$snortdir_wan}/snort_$id$if_real");
- exec("/bin/cp {$snortdir}/sid-msg.map {$snortdir_wan}/snort_$id$if_real");
- exec("/bin/cp {$snortdir}/unicode.map {$snortdir_wan}/snort_$id$if_real");
+ if (empty($config['installedpackages']['snort']['rule_sid_on']) || empty($config['installedpackages']['snort']['rule_sid_off'])) {
+echo "Your first set of rules are being copied...\n";
+echo "May take a while...\n";
+
+ exec("/bin/cp {$snortdir}/rules/* {$snortdir_wan}/rules/");
+ exec("/bin/cp {$snortdir}/classification.config {$snortdir_wan}");
+ exec("/bin/cp {$snortdir}/gen-msg.map {$snortdir_wan}");
+ exec("/bin/cp {$snortdir}/generators {$snortdir_wan}");
+ exec("/bin/cp {$snortdir}/reference.config {$snortdir_wan}");
+ exec("/bin/cp {$snortdir}/sid {$snortdir_wan}");
+ exec("/bin/cp {$snortdir}/sid-msg.map {$snortdir_wan}");
+ exec("/bin/cp {$snortdir}/unicode.map {$snortdir_wan}");
} else {
echo "Your enable and disable changes are being applied to your fresh set of rules...\n";
echo "May take a while...\n";
- exec("/bin/echo \"test2 {$snortdir} {$snortdir_wan} $id$if_real\" > /root/debug");
- exec("/bin/cp {$snortdir}/rules/* {$snortdir_wan}/snort_$id$if_real/rules/");
- exec("/bin/cp {$snortdir}/classification.config {$snortdir_wan}/snort_$id$if_real");
- exec("/bin/cp {$snortdir}/gen-msg.map {$snortdir_wan}/snort_$id$if_real");
- exec("/bin/cp {$snortdir}/generators {$snortdir_wan}/snort_$id$if_real");
- exec("/bin/cp {$snortdir}/reference.config {$snortdir_wan}/snort_$id$if_real");
- exec("/bin/cp {$snortdir}/sid {$snortdir_wan}/snort_$id$if_real");
- exec("/bin/cp {$snortdir}/sid-msg.map {$snortdir_wan}/snort_$id$if_real");
- exec("/bin/cp {$snortdir}/unicode.map {$snortdir_wan}/snort_$id$if_real");
+ exec("/bin/cp {$snortdir}/rules/* {$snortdir_wan}/rules/");
+ exec("/bin/cp {$snortdir}/classification.config {$snortdir_wan}");
+ exec("/bin/cp {$snortdir}/gen-msg.map {$snortdir_wan}");
+ exec("/bin/cp {$snortdir}/generators {$snortdir_wan}");
+ exec("/bin/cp {$snortdir}/reference.config {$snortdir_wan}");
+ exec("/bin/cp {$snortdir}/sid {$snortdir_wan}");
+ exec("/bin/cp {$snortdir}/sid-msg.map {$snortdir_wan}");
+ exec("/bin/cp {$snortdir}/unicode.map {$snortdir_wan}");
/* oinkmaster.pl will convert saved changes for the new updates then we have to change #alert to # alert for the gui */
/* might have to add a sleep for 3sec for flash drives or old drives */
- exec("/usr/local/bin/perl /usr/local/bin/oinkmaster.pl -C /usr/local/etc/snort/oinkmaster_$id$if_real.conf -o /usr/local/etc/snort/snort_$id$if_real/rules > /usr/local/etc/snort/oinkmaster_$id$if_real.log");
-
- }
+ exec("/usr/local/bin/perl /usr/local/bin/oinkmaster.pl -C /usr/local/etc/snort_bkup/oinkmaster.conf -o /usr/local/etc/snort/rules > /usr/local/etc/snort_bkup/oinkmaster.log");
+ exec("/usr/local/bin/perl -pi -e 's/#alert/# alert/g' /usr/local/etc/snort/rules/*.rules");
+ exec("/usr/local/bin/perl -pi -e 's/##alert/# alert/g' /usr/local/etc/snort/rules/*.rules");
+ exec("/usr/local/bin/perl -pi -e 's/## alert/# alert/g' /usr/local/etc/snort/rules/*.rules");
+
}
}
-//////////////
-
-/* mark the time update finnished */
-$config['installedpackages']['snortglobal']['last_rules_install'] = date("Y-M-jS-h:i-A");
-
/* remove old $tmpfname files */
if (file_exists("{$tmpfname}")) {
echo "Cleaning up...\n";
- exec("/bin/rm -r /tmp/snort_rules_up");
-// apc_clear_cache();
+ exec("/bin/rm -r /root/snort_rules_up");
}
/* php code to flush out cache some people are reportting missing files this might help */
-sleep(2);
+sleep(5);
apc_clear_cache();
exec("/bin/sync ;/bin/sync ;/bin/sync ;/bin/sync ;/bin/sync ;/bin/sync ;/bin/sync ;/bin/sync");
- /* make snort the owner */
- exec("/usr/sbin/chown -R snort:snort /var/log/snort");
- exec("/usr/sbin/chown -R snort:snort /usr/local/etc/snort");
- exec("/usr/sbin/chown -R snort:snort /usr/local/lib/snort");
- exec("/bin/chmod -R 755 /var/log/snort");
- exec("/bin/chmod -R 755 /usr/local/etc/snort");
- exec("/bin/chmod -R 755 /usr/local/lib/snort");
-
/* if snort is running hardrestart, if snort is not running do nothing */
if (file_exists("/tmp/snort_download_halt.pid")) {
- exec("/bin/sh /usr/local/etc/rc.d/snort.sh start");
+ start_service("snort");
echo "The Rules update finished...\n";
echo "Snort has restarted with your new set of rules...\n";
- exec("/usr/bin/logger -p daemon.info -i -t SnortStartup 'SNORT RULE UPDATE FINNISHED...'");
exec("/bin/rm /tmp/snort_download_halt.pid");
} else {
echo "The Rules update finished...\n";
- exec("/usr/bin/logger -p daemon.info -i -t SnortStartup 'SNORT RULE UPDATE FINNISHED...'");
+ echo "You may start snort now...\n";
}
-
conf_mount_ro();
?>
diff --git a/config/snort/snort_define_servers.xml b/config/snort-old/snort_define_servers.xml
index 7df880d0..7df880d0 100644
--- a/config/snort/snort_define_servers.xml
+++ b/config/snort-old/snort_define_servers.xml
diff --git a/config/snort-old/snort_download_rules.php b/config/snort-old/snort_download_rules.php
new file mode 100644
index 00000000..9826ba2a
--- /dev/null
+++ b/config/snort-old/snort_download_rules.php
@@ -0,0 +1,790 @@
+<?php
+/* $Id$ */
+/*
+ snort_rulesets.php
+ Copyright (C) 2006 Scott Ullrich and Robert Zelaya
+ All rights reserved.
+
+ Redistribution and use in source and binary forms, with or without
+ modification, are permitted provided that the following conditions are met:
+
+ 1. Redistributions of source code must retain the above copyright notice,
+ this list of conditions and the following disclaimer.
+
+ 2. Redistributions in binary form must reproduce the above copyright
+ notice, this list of conditions and the following disclaimer in the
+ documentation and/or other materials provided with the distribution.
+
+ THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
+ INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+ AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
+ OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ POSSIBILITY OF SUCH DAMAGE.
+*/
+
+/* Setup enviroment */
+$tmpfname = "/root/snort_rules_up";
+$snortdir = "/usr/local/etc/snort_bkup";
+$snortdir_wan = "/usr/local/etc/snort";
+$snort_filename_md5 = "snortrules-snapshot-2.8.tar.gz.md5";
+$snort_filename = "snortrules-snapshot-2.8.tar.gz";
+$emergingthreats_filename_md5 = "version.txt";
+$emergingthreats_filename = "emerging.rules.tar.gz";
+$pfsense_rules_filename_md5 = "pfsense_rules.tar.gz.md5";
+$pfsense_rules_filename = "pfsense_rules.tar.gz";
+
+require_once("guiconfig.inc");
+require_once("functions.inc");
+require_once("service-utils.inc");
+require("/usr/local/pkg/snort.inc");
+
+$pgtitle = "Services: Snort: Update Rules";
+
+include("/usr/local/www/head.inc");
+
+?>
+
+<script src="/javascript/scriptaculous/prototype.js" type="text/javascript"></script>
+
+<body link="#0000CC" vlink="#0000CC" alink="#0000CC">
+
+<?php include("/usr/local/www/fbegin.inc"); ?>
+
+<?php
+if(!$pgtitle_output)
+ echo "<p class=\"pgtitle\"><?=$pgtitle?></p>";
+?>
+
+<form action="snort_download_rules.php" method="post">
+<div id="inputerrors"></div>
+
+<table width="100%" border="0" cellpadding="0" cellspacing="0">
+ <tr>
+ <td>
+<?php
+ $tab_array = array();
+ $tab_array[] = array(gettext("Settings"), false, "/pkg_edit.php?xml=snort.xml&id=0");
+ $tab_array[] = array(gettext("Update Rules"), true, "/snort_download_rules.php");
+ $tab_array[] = array(gettext("Categories"), false, "/snort_rulesets.php");
+ $tab_array[] = array(gettext("Rules"), false, "/snort_rules.php");
+ $tab_array[] = array(gettext("Servers"), false, "/pkg_edit.php?xml=snort_define_servers.xml&amp;id=0");
+ $tab_array[] = array(gettext("Blocked"), false, "/snort_blocked.php");
+ $tab_array[] = array(gettext("Whitelist"), false, "/pkg.php?xml=snort_whitelist.xml");
+ $tab_array[] = array(gettext("Threshold"), false, "/pkg.php?xml=snort_threshold.xml");
+ $tab_array[] = array(gettext("Alerts"), false, "/snort_alerts.php");
+ $tab_array[] = array(gettext("Advanced"), false, "/pkg_edit.php?xml=snort_advanced.xml&id=0");
+ display_top_tabs($tab_array);
+?>
+ </td>
+ </tr>
+ <tr>
+ <td>
+ <div id="mainarea">
+ <table class="tabcont" width="100%" border="0" cellpadding="6" cellspacing="0">
+ <tr>
+ <td align="center" valign="top">
+ <!-- progress bar -->
+ <table id="progholder" width='420' style='border-collapse: collapse; border: 1px solid #000000;' cellpadding='2' cellspacing='2'>
+ <tr>
+ <td>
+ <img border='0' src='./themes/<?= $g['theme']; ?>/images/misc/progress_bar.gif' width='280' height='23' name='progressbar' id='progressbar' alt='' />
+ </td>
+ </tr>
+ </table>
+ <br />
+ <!-- status box -->
+ <textarea cols="60" rows="2" name="status" id="status" wrap="hard">
+ <?=gettext("Initializing...");?>
+ </textarea>
+ <!-- command output box -->
+ <textarea cols="60" rows="2" name="output" id="output" wrap="hard">
+ </textarea>
+ </td>
+ </tr>
+ </table>
+ </div>
+ </td>
+ </tr>
+</table>
+</form>
+
+<?php include("fend.inc");?>
+
+<?php
+
+
+/* Begin main code */
+/* Set user agent to Mozilla */
+ini_set('user_agent','Mozilla/4.0 (compatible; MSIE 6.0)');
+ini_set("memory_limit","125M");
+
+/* send current buffer */
+ob_flush();
+
+/* define oinkid */
+if($config['installedpackages']['snort'])
+ $oinkid = $config['installedpackages']['snort']['config'][0]['oinkmastercode'];
+
+/* if missing oinkid exit */
+if(!$oinkid) {
+ $static_output = gettext("You must obtain an oinkid from snort.org and set its value in the Snort settings tab.");
+ update_all_status($static_output);
+ hide_progress_bar_status();
+ exit;
+}
+
+/* premium_subscriber check */
+//unset($config['installedpackages']['snort']['config'][0]['subscriber']);
+//write_config(); // Will cause switch back to read-only on nanobsd
+//conf_mount_rw(); // Uncomment this if the previous line is uncommented
+
+$premium_subscriber_chk = $config['installedpackages']['snort']['config'][0]['subscriber'];
+
+if ($premium_subscriber_chk === on) {
+ $premium_subscriber = "_s";
+}else{
+ $premium_subscriber = "";
+}
+
+$premium_url_chk = $config['installedpackages']['snort']['config'][0]['subscriber'];
+if ($premium_url_chk === on) {
+ $premium_url = "sub-rules";
+}else{
+ $premium_url = "reg-rules";
+}
+
+/* hide progress bar */
+hide_progress_bar_status();
+
+/* send current buffer */
+ob_flush();
+
+conf_mount_rw();
+
+/* remove old $tmpfname files */
+if (file_exists("{$tmpfname}")) {
+ update_status(gettext("Removing old tmp files..."));
+ exec("/bin/rm -r {$tmpfname}");
+ apc_clear_cache();
+}
+
+/* Make shure snortdir exits */
+exec("/bin/mkdir -p {$snortdir}");
+exec("/bin/mkdir -p {$snortdir}/rules");
+exec("/bin/mkdir -p {$snortdir}/signatures");
+
+/* send current buffer */
+ob_flush();
+
+/* If tmp dir does not exist create it */
+if (file_exists($tmpfname)) {
+ update_status(gettext("The directory tmp exists..."));
+} else {
+ mkdir("{$tmpfname}", 700);
+}
+
+/* unhide progress bar and lets end this party */
+unhide_progress_bar_status();
+
+/* download md5 sig from snort.org */
+if (file_exists("{$tmpfname}/{$snort_filename_md5}")) {
+ update_status(gettext("md5 temp file exists..."));
+} else {
+ update_status(gettext("Downloading md5 file..."));
+ ini_set('user_agent','Mozilla/4.0 (compatible; MSIE 6.0)');
+ $image = @file_get_contents("http://dl.snort.org/{$premium_url}/snortrules-snapshot-2.8{$premium_subscriber}.tar.gz.md5?oink_code={$oinkid}");
+// $image = @file_get_contents("http://www.mtest.local/pub-bin/oinkmaster.cgi/{$oinkid}/snortrules-snapshot-2.8{$premium_subscriber}.tar.gz.md5");
+ $f = fopen("{$tmpfname}/snortrules-snapshot-2.8.tar.gz.md5", 'w');
+ fwrite($f, $image);
+ fclose($f);
+ update_status(gettext("Done. downloading md5"));
+}
+
+/* download md5 sig from emergingthreats.net */
+$emergingthreats_url_chk = $config['installedpackages']['snort']['config'][0]['emergingthreats'];
+if ($emergingthreats_url_chk == on) {
+ update_status(gettext("Downloading md5 file..."));
+ ini_set('user_agent','Mozilla/4.0 (compatible; MSIE 6.0)');
+ $image = @file_get_contents("http://www.emergingthreats.net/version.txt");
+// $image = @file_get_contents("http://www.mtest.local/pub-bin/oinkmaster.cgi/{$oinkid}/version.txt");
+ $f = fopen("{$tmpfname}/version.txt", 'w');
+ fwrite($f, $image);
+ fclose($f);
+ update_status(gettext("Done. downloading md5"));
+}
+
+/* download md5 sig from pfsense.org */
+if (file_exists("{$tmpfname}/{$pfsense_rules_filename_md5}")) {
+ update_status(gettext("md5 temp file exists..."));
+} else {
+ update_status(gettext("Downloading pfsense md5 file..."));
+ ini_set('user_agent','Mozilla/4.0 (compatible; MSIE 6.0)');
+ $image = @file_get_contents("http://www.pfsense.com/packages/config/snort/pfsense_rules/pfsense_rules.tar.gz.md5");
+// $image = @file_get_contents("http://www.mtest.local/pub-bin/oinkmaster.cgi/{$oinkid}/pfsense_rules.tar.gz.md5");
+ $f = fopen("{$tmpfname}/pfsense_rules.tar.gz.md5", 'w');
+ fwrite($f, $image);
+ fclose($f);
+ update_status(gettext("Done. downloading md5"));
+}
+
+/* Time stamps define */
+$last_md5_download = $config['installedpackages']['snort']['last_md5_download'];
+$last_rules_install = $config['installedpackages']['snort']['last_rules_install'];
+
+/* If md5 file is empty wait 15min exit */
+if (0 == filesize("{$tmpfname}/snortrules-snapshot-2.8.tar.gz.md5")){
+ update_status(gettext("Please wait... You may only check for New Rules every 15 minutes..."));
+ update_output_window(gettext("Rules are released every month from snort.org. You may download the Rules at any time."));
+ hide_progress_bar_status();
+ /* Display last time of sucsessful md5 check from cache */
+ echo "\n<p align=center><b>You last checked for updates: </b>{$last_md5_download}</p>\n";
+ echo "\n<p align=center><b>You last installed for rules: </b>{$last_rules_install}</p>\n";
+ echo "\n\n</body>\n</html>\n";
+ exit(0);
+}
+
+/* If emergingthreats md5 file is empty wait 15min exit not needed */
+
+/* If pfsense md5 file is empty wait 15min exit */
+if (0 == filesize("{$tmpfname}/$pfsense_rules_filename_md5")){
+ update_status(gettext("Please wait... You may only check for New Pfsense Rules every 15 minutes..."));
+ update_output_window(gettext("Rules are released to support Pfsense packages."));
+ hide_progress_bar_status();
+ /* Display last time of sucsessful md5 check from cache */
+ echo "\n<p align=center><b>You last checked for updates: </b>{$last_md5_download}</p>\n";
+ echo "\n<p align=center><b>You last installed for rules: </b>{$last_rules_install}</p>\n";
+ echo "\n\n</body>\n</html>\n";
+ exit(0);
+}
+
+/* Check if were up to date snort.org */
+if (file_exists("{$snortdir}/snortrules-snapshot-2.8.tar.gz.md5")){
+$md5_check_new_parse = file_get_contents("{$tmpfname}/{$snort_filename_md5}");
+$md5_check_new = `/bin/echo "{$md5_check_new_parse}" | /usr/bin/awk '{ print $1 }'`;
+$md5_check_old_parse = file_get_contents("{$snortdir}/{$snort_filename_md5}");
+$md5_check_old = `/bin/echo "{$md5_check_old_parse}" | /usr/bin/awk '{ print $1 }'`;
+/* Write out time of last sucsessful md5 to cache */
+$config['installedpackages']['snort']['last_md5_download'] = date("Y-M-jS-h:i-A");
+write_config(); // Will cause switch back to read-only on nanobsd
+conf_mount_rw();
+if ($md5_check_new == $md5_check_old) {
+ update_status(gettext("Your rules are up to date..."));
+ update_output_window(gettext("You may start Snort now, check update."));
+ hide_progress_bar_status();
+ /* Timestamps to html */
+ echo "\n<p align=center><b>You last checked for updates: </b>{$last_md5_download}</p>\n";
+ echo "\n<p align=center><b>You last installed for rules: </b>{$last_rules_install}</p>\n";
+// echo "P is this code {$premium_subscriber}";
+ echo "\n\n</body>\n</html>\n";
+ $snort_md5_check_ok = on;
+ }
+}
+
+/* Check if were up to date emergingthreats.net */
+$emergingthreats_url_chk = $config['installedpackages']['snort']['config'][0]['emergingthreats'];
+if ($emergingthreats_url_chk == on) {
+if (file_exists("{$snortdir}/version.txt")){
+$emerg_md5_check_new_parse = file_get_contents("{$tmpfname}/version.txt");
+$emerg_md5_check_new = `/bin/echo "{$emerg_md5_check_new_parse}" | /usr/bin/awk '{ print $1 }'`;
+$emerg_md5_check_old_parse = file_get_contents("{$snortdir}/version.txt");
+$emerg_md5_check_old = `/bin/echo "{$emerg_md5_check_old_parse}" | /usr/bin/awk '{ print $1 }'`;
+/* Write out time of last sucsessful md5 to cache */
+$config['installedpackages']['snort']['last_md5_download'] = date("Y-M-jS-h:i-A");
+write_config(); // Will cause switch back to read-only on nanobsd
+conf_mount_rw();
+if ($emerg_md5_check_new == $emerg_md5_check_old) {
+ update_status(gettext("Your emergingthreats rules are up to date..."));
+ update_output_window(gettext("You may start Snort now, check update."));
+ hide_progress_bar_status();
+ $emerg_md5_check_chk_ok = on;
+ }
+ }
+}
+
+/* Check if were up to date pfsense.org */
+if (file_exists("{$snortdir}/$pfsense_rules_filename_md5")){
+$pfsense_md5_check_new_parse = file_get_contents("{$tmpfname}/{$snort_filename_md5}");
+$pfsense_md5_check_new = `/bin/echo "{$pfsense_md5_check_new_parse}" | /usr/bin/awk '{ print $1 }'`;
+$pfsense_md5_check_old_parse = file_get_contents("{$snortdir}/{$snort_filename_md5}");
+$pfsense_md5_check_old = `/bin/echo "{$md5_check_old_parse}" | /usr/bin/awk '{ print $1 }'`;
+if ($pfsense_md5_check_new == $pfsense_md5_check_old) {
+ $pfsense_md5_check_ok = on;
+ }
+}
+
+/* Make Clean Snort Directory emergingthreats not checked */
+if ($snort_md5_check_ok == on && $emergingthreats_url_chk != on) {
+ update_status(gettext("Cleaning the snort Directory..."));
+ update_output_window(gettext("removing..."));
+ exec("/bin/rm {$snortdir}/rules/emerging*");
+ exec("/bin/rm {$snortdir}/version.txt");
+ exec("/bin/rm {$snortdir_wan}/rules/emerging*");
+ exec("/bin/rm {$snortdir_wan}/version.txt");
+ update_status(gettext("Done making cleaning emrg direcory."));
+}
+
+/* Check if were up to date exits */
+if ($snort_md5_check_ok == on && $emerg_md5_check_chk_ok == on && $pfsense_md5_check_ok == on) {
+ update_status(gettext("Your rules are up to date..."));
+ update_output_window(gettext("You may start Snort now..."));
+ exit(0);
+}
+
+if ($snort_md5_check_ok == on && $pfsense_md5_check_ok == on && $emergingthreats_url_chk != on) {
+ update_status(gettext("Your rules are up to date..."));
+ update_output_window(gettext("You may start Snort now..."));
+ exit(0);
+}
+
+/* You are Not Up to date, always stop snort when updating rules for low end machines */;
+update_status(gettext("You are NOT up to date..."));
+update_output_window(gettext("Stopping Snort service..."));
+$chk_if_snort_up = exec("pgrep -x snort");
+if ($chk_if_snort_up != "") {
+ exec("/usr/bin/touch /tmp/snort_download_halt.pid");
+ stop_service("snort");
+ sleep(2);
+}
+
+/* download snortrules file */
+if ($snort_md5_check_ok != on) {
+if (file_exists("{$tmpfname}/{$snort_filename}")) {
+ update_status(gettext("Snortrule tar file exists..."));
+} else {
+ unhide_progress_bar_status();
+ update_status(gettext("There is a new set of Snort rules posted. Downloading..."));
+ update_output_window(gettext("May take 4 to 10 min..."));
+// download_file_with_progress_bar("http://www.mtest.local/pub-bin/oinkmaster.cgi/{$oinkid}/snortrules-snapshot-2.8{$premium_subscriber}.tar.gz", $tmpfname . "/{$snort_filename}", "read_body_firmware");
+ download_file_with_progress_bar("http://dl.snort.org/{$premium_url}/snortrules-snapshot-2.8{$premium_subscriber}.tar.gz?oink_code={$oinkid}", $tmpfname . "/{$snort_filename}", "read_body_firmware");
+ update_all_status($static_output);
+ update_status(gettext("Done downloading rules file."));
+ if (150000 > filesize("{$tmpfname}/$snort_filename")){
+ update_status(gettext("Error with the snort rules download..."));
+ update_output_window(gettext("Snort rules file downloaded failed..."));
+ exit(0);
+ }
+ }
+}
+
+/* download emergingthreats rules file */
+if ($emergingthreats_url_chk == on) {
+if ($emerg_md5_check_chk_ok != on) {
+if (file_exists("{$tmpfname}/{$emergingthreats_filename}")) {
+ update_status(gettext("Emergingthreats tar file exists..."));
+} else {
+ update_status(gettext("There is a new set of Emergingthreats rules posted. Downloading..."));
+ update_output_window(gettext("May take 4 to 10 min..."));
+// download_file_with_progress_bar("http://www.mtest.local/pub-bin/oinkmaster.cgi/{$oinkid}/emerging.rules.tar.gz", $tmpfname . "/{$emergingthreats_filename}", "read_body_firmware");
+ download_file_with_progress_bar("http://www.emergingthreats.net/rules/emerging.rules.tar.gz", $tmpfname . "/{$emergingthreats_filename}", "read_body_firmware");
+ update_all_status($static_output);
+ update_status(gettext("Done downloading Emergingthreats rules file."));
+ }
+ }
+ }
+
+/* download pfsense rules file */
+if ($pfsense_md5_check_ok != on) {
+if (file_exists("{$tmpfname}/{$pfsense_rules_filename}")) {
+ update_status(gettext("Snortrule tar file exists..."));
+} else {
+ unhide_progress_bar_status();
+ update_status(gettext("There is a new set of Pfsense rules posted. Downloading..."));
+ update_output_window(gettext("May take 4 to 10 min..."));
+// download_file_with_progress_bar("http://www.mtest.local/pub-bin/oinkmaster.cgi/{$oinkid}/pfsense_rules.tar.gz", $tmpfname . "/{$pfsense_rules_filename}", "read_body_firmware");
+ download_file_with_progress_bar("http://www.pfsense.com/packages/config/snort/pfsense_rules/pfsense_rules.tar.gz", $tmpfname . "/{$pfsense_rules_filename}", "read_body_firmware");
+ update_all_status($static_output);
+ update_status(gettext("Done downloading rules file."));
+ }
+}
+
+/* Compair md5 sig to file sig */
+
+//$premium_url_chk = $config['installedpackages']['snort']['config'][0]['subscriber'];
+//if ($premium_url_chk == on) {
+//$md5 = file_get_contents("{$tmpfname}/{$snort_filename_md5}");
+//$file_md5_ondisk = `/sbin/md5 {$tmpfname}/{$snort_filename} | /usr/bin/awk '{ print $4 }'`;
+// if ($md5 == $file_md5_ondisk) {
+// update_status(gettext("Valid md5 checksum pass..."));
+//} else {
+// update_status(gettext("The downloaded file does not match the md5 file...P is ON"));
+// update_output_window(gettext("Error md5 Mismatch..."));
+// exit(0);
+// }
+//}
+
+//$premium_url_chk = $config['installedpackages']['snort']['config'][0]['subscriber'];
+//if ($premium_url_chk != on) {
+//$md55 = `/bin/cat {$tmpfname}/{$snort_filename_md5} | /usr/bin/awk '{ print $4 }'`;
+//$file_md5_ondisk2 = `/sbin/md5 {$tmpfname}/{$snort_filename} | /usr/bin/awk '{ print $4 }'`;
+// if ($md55 == $file_md5_ondisk2) {
+// update_status(gettext("Valid md5 checksum pass..."));
+//} else {
+// update_status(gettext("The downloaded file does not match the md5 file...Not P"));
+// update_output_window(gettext("Error md5 Mismatch..."));
+// exit(0);
+// }
+//}
+
+/* Untar snort rules file individually to help people with low system specs */
+if ($snort_md5_check_ok != on) {
+if (file_exists("{$tmpfname}/{$snort_filename}")) {
+ update_status(gettext("Extracting rules..."));
+ update_output_window(gettext("May take a while..."));
+ exec("/usr/bin/tar xzf {$tmpfname}/{$snort_filename} -C {$snortdir} rules/");
+ exec("/usr/bin/tar xzf {$tmpfname}/{$snort_filename} -C {$snortdir} etc/");
+ exec("`/usr/bin/tar xzf {$tmpfname}/{$snort_filename} -C {$snortdir} so_rules/precompiled/FreeBSD-7.0/i386/2.8.4/*`");
+ exec("/usr/bin/tar xzf {$tmpfname}/{$snort_filename} -C {$snortdir} so_rules/bad-traffic.rules/");
+ exec("/usr/bin/tar xzf {$tmpfname}/{$snort_filename} -C {$snortdir} so_rules/chat.rules/");
+ exec("/usr/bin/tar xzf {$tmpfname}/{$snort_filename} -C {$snortdir} so_rules/dos.rules/");
+ exec("/usr/bin/tar xzf {$tmpfname}/{$snort_filename} -C {$snortdir} so_rules/exploit.rules/");
+ exec("/usr/bin/tar xzf {$tmpfname}/{$snort_filename} -C {$snortdir} so_rules/imap.rules/");
+ exec("/usr/bin/tar xzf {$tmpfname}/{$snort_filename} -C {$snortdir} so_rules/misc.rules/");
+ exec("/usr/bin/tar xzf {$tmpfname}/{$snort_filename} -C {$snortdir} so_rules/multimedia.rules/");
+ exec("/usr/bin/tar xzf {$tmpfname}/{$snort_filename} -C {$snortdir} so_rules/netbios.rules/");
+ exec("/usr/bin/tar xzf {$tmpfname}/{$snort_filename} -C {$snortdir} so_rules/nntp.rules/");
+ exec("/usr/bin/tar xzf {$tmpfname}/{$snort_filename} -C {$snortdir} so_rules/p2p.rules/");
+ exec("/usr/bin/tar xzf {$tmpfname}/{$snort_filename} -C {$snortdir} so_rules/smtp.rules/");
+ exec("/usr/bin/tar xzf {$tmpfname}/{$snort_filename} -C {$snortdir} so_rules/sql.rules/");
+ exec("/usr/bin/tar xzf {$tmpfname}/{$snort_filename} -C {$snortdir} so_rules/web-client.rules/");
+ exec("/usr/bin/tar xzf {$tmpfname}/{$snort_filename} -C {$snortdir} so_rules/web-misc.rules/");
+ update_status(gettext("Done extracting Rules."));
+} else {
+ update_status(gettext("The Download rules file missing..."));
+ update_output_window(gettext("Error rules extracting failed..."));
+ exit(0);
+ }
+}
+
+/* Untar emergingthreats rules to tmp */
+if ($emergingthreats_url_chk == on) {
+if ($emerg_md5_check_chk_ok != on) {
+if (file_exists("{$tmpfname}/{$emergingthreats_filename}")) {
+ update_status(gettext("Extracting rules..."));
+ update_output_window(gettext("May take a while..."));
+ exec("/usr/bin/tar xzf {$tmpfname}/{$emergingthreats_filename} -C {$snortdir} rules/");
+ }
+ }
+}
+
+/* Untar Pfsense rules to tmp */
+if ($pfsense_md5_check_ok != on) {
+if (file_exists("{$tmpfname}/{$pfsense_rules_filename}")) {
+ update_status(gettext("Extracting Pfsense rules..."));
+ update_output_window(gettext("May take a while..."));
+ exec("/usr/bin/tar xzf {$tmpfname}/{$pfsense_rules_filename} -C {$snortdir} rules/");
+ }
+}
+
+/* Untar snort signatures */
+if ($snort_md5_check_ok != on) {
+if (file_exists("{$tmpfname}/{$snort_filename}")) {
+$signature_info_chk = $config['installedpackages']['snortadvanced']['config'][0]['signatureinfo'];
+if ($premium_url_chk == on) {
+ update_status(gettext("Extracting Signatures..."));
+ update_output_window(gettext("May take a while..."));
+ exec("/usr/bin/tar xzf {$tmpfname}/{$snort_filename} -C {$snortdir} doc/signatures/");
+ update_status(gettext("Done extracting Signatures."));
+ }
+ }
+}
+
+/* Make Clean Snort Directory */
+//if ($snort_md5_check_ok != on && $emerg_md5_check_chk_ok != on && $pfsense_md5_check_ok != on) {
+//if (file_exists("{$snortdir}/rules")) {
+// update_status(gettext("Cleaning the snort Directory..."));
+// update_output_window(gettext("removing..."));
+// exec("/bin/mkdir -p {$snortdir}");
+// exec("/bin/mkdir -p {$snortdir}/rules");
+// exec("/bin/mkdir -p {$snortdir}/signatures");
+// exec("/bin/rm {$snortdir}/*");
+// exec("/bin/rm {$snortdir}/rules/*");
+// exec("/bin/rm {$snortdir_wan}/*");
+// exec("/bin/rm {$snortdir_wan}/rules/*");
+
+// exec("/bin/rm /usr/local/lib/snort/dynamicrules/*");
+//} else {
+// update_status(gettext("Making Snort Directory..."));
+// update_output_window(gettext("should be fast..."));
+// exec("/bin/mkdir -p {$snortdir}");
+// exec("/bin/mkdir -p {$snortdir}/rules");
+// exec("/bin/rm {$snortdir_wan}/*");
+// exec("/bin/rm {$snortdir_wan}/rules/*");
+// exec("/bin/rm /usr/local/lib/snort/dynamicrules/\*");
+// update_status(gettext("Done making snort direcory."));
+// }
+//}
+
+/* Copy so_rules dir to snort lib dir */
+if ($snort_md5_check_ok != on) {
+if (file_exists("{$snortdir}/so_rules/precompiled/FreeBSD-7.0/i386/2.8.4/")) {
+ update_status(gettext("Copying so_rules..."));
+ update_output_window(gettext("May take a while..."));
+ exec("`/bin/cp -f {$snortdir}/so_rules/precompiled/FreeBSD-7.0/i386/2.8.4/* /usr/local/lib/snort/dynamicrules/`");
+ exec("/bin/cp {$snortdir}/so_rules/bad-traffic.rules {$snortdir}/rules/bad-traffic.so.rules");
+ exec("/bin/cp {$snortdir}/so_rules/chat.rules {$snortdir}/rules/chat.so.rules");
+ exec("/bin/cp {$snortdir}/so_rules/dos.rules {$snortdir}/rules/dos.so.rules");
+ exec("/bin/cp {$snortdir}/so_rules/exploit.rules {$snortdir}/rules/exploit.so.rules");
+ exec("/bin/cp {$snortdir}/so_rules/imap.rules {$snortdir}/rules/imap.so.rules");
+ exec("/bin/cp {$snortdir}/so_rules/misc.rules {$snortdir}/rules/misc.so.rules");
+ exec("/bin/cp {$snortdir}/so_rules/multimedia.rules {$snortdir}/rules/multimedia.so.rules");
+ exec("/bin/cp {$snortdir}/so_rules/netbios.rules {$snortdir}/rules/netbios.so.rules");
+ exec("/bin/cp {$snortdir}/so_rules/nntp.rules {$snortdir}/rules/nntp.so.rules");
+ exec("/bin/cp {$snortdir}/so_rules/p2p.rules {$snortdir}/rules/p2p.so.rules");
+ exec("/bin/cp {$snortdir}/so_rules/smtp.rules {$snortdir}/rules/smtp.so.rules");
+ exec("/bin/cp {$snortdir}/so_rules/sql.rules {$snortdir}/rules/sql.so.rules");
+ exec("/bin/cp {$snortdir}/so_rules/web-client.rules {$snortdir}/rules/web-client.so.rules");
+ exec("/bin/cp {$snortdir}/so_rules/web.misc.rules {$snortdir}/rules/web.misc.so.rules");
+ exec("/bin/rm -r {$snortdir}/so_rules");
+ update_status(gettext("Done copying so_rules."));
+} else {
+ update_status(gettext("Directory so_rules does not exist..."));
+ update_output_window(gettext("Error copying so_rules..."));
+ exit(0);
+ }
+}
+
+/* enable disable setting will carry over with updates */
+/* TODO carry signature changes with the updates */
+if ($snort_md5_check_ok != on || $emerg_md5_check_chk_ok != on || $pfsense_md5_check_ok != on) {
+
+if (!empty($config['installedpackages']['snort']['rule_sid_on'])) {
+$enabled_sid_on = $config['installedpackages']['snort']['rule_sid_on'];
+$enabled_sid_on_array = split('\|\|', $enabled_sid_on);
+foreach($enabled_sid_on_array as $enabled_item_on)
+$selected_sid_on_sections .= "$enabled_item_on\n";
+ }
+
+if (!empty($config['installedpackages']['snort']['rule_sid_off'])) {
+$enabled_sid_off = $config['installedpackages']['snort']['rule_sid_off'];
+$enabled_sid_off_array = split('\|\|', $enabled_sid_off);
+foreach($enabled_sid_off_array as $enabled_item_off)
+$selected_sid_off_sections .= "$enabled_item_off\n";
+ }
+
+$snort_sid_text = <<<EOD
+
+###########################################
+# #
+# this is auto generated on snort updates #
+# #
+###########################################
+
+path = /bin:/usr/bin:/usr/local/bin
+
+update_files = \.rules$|\.config$|\.conf$|\.txt$|\.map$
+
+url = dir:///usr/local/etc/snort_bkup/rules
+
+$selected_sid_on_sections
+
+$selected_sid_off_sections
+
+EOD;
+
+ /* open snort's threshold.conf for writing */
+ $oinkmasterlist = fopen("/usr/local/etc/snort_bkup/oinkmaster.conf", "w");
+
+ fwrite($oinkmasterlist, "$snort_sid_text");
+
+ /* close snort's threshold.conf file */
+ fclose($oinkmasterlist);
+
+}
+
+/* Copy configs to snort dir */
+if ($snort_md5_check_ok != on) {
+if (file_exists("{$snortdir}/etc/Makefile.am")) {
+ update_status(gettext("Copying configs to snort directory..."));
+ exec("/bin/cp {$snortdir}/etc/* {$snortdir}");
+ exec("/bin/rm -r {$snortdir}/etc");
+
+} else {
+ update_status(gettext("The snort config does not exist..."));
+ update_output_window(gettext("Error copying config..."));
+ exit(0);
+ }
+}
+
+/* Copy md5 sig to snort dir */
+if ($snort_md5_check_ok != on) {
+if (file_exists("{$tmpfname}/$snort_filename_md5")) {
+ update_status(gettext("Copying md5 sig to snort directory..."));
+ exec("/bin/cp {$tmpfname}/$snort_filename_md5 {$snortdir}/$snort_filename_md5");
+} else {
+ update_status(gettext("The md5 file does not exist..."));
+ update_output_window(gettext("Error copying config..."));
+ exit(0);
+ }
+}
+
+/* Copy emergingthreats md5 sig to snort dir */
+if ($emergingthreats_url_chk == on) {
+if ($emerg_md5_check_chk_ok != on) {
+if (file_exists("{$tmpfname}/$emergingthreats_filename_md5")) {
+ update_status(gettext("Copying md5 sig to snort directory..."));
+ exec("/bin/cp {$tmpfname}/$emergingthreats_filename_md5 {$snortdir}/$emergingthreats_filename_md5");
+} else {
+ update_status(gettext("The emergingthreats md5 file does not exist..."));
+ update_output_window(gettext("Error copying config..."));
+ exit(0);
+ }
+ }
+}
+
+/* Copy Pfsense md5 sig to snort dir */
+if ($pfsense_md5_check_ok != on) {
+if (file_exists("{$tmpfname}/$pfsense_rules_filename_md5")) {
+ update_status(gettext("Copying Pfsense md5 sig to snort directory..."));
+ exec("/bin/cp {$tmpfname}/$pfsense_rules_filename_md5 {$snortdir}/$pfsense_rules_filename_md5");
+} else {
+ update_status(gettext("The Pfsense md5 file does not exist..."));
+ update_output_window(gettext("Error copying config..."));
+ exit(0);
+ }
+}
+
+/* Copy signatures dir to snort dir */
+if ($snort_md5_check_ok != on) {
+$signature_info_chk = $config['installedpackages']['snort']['config'][0]['signatureinfo'];
+if ($premium_url_chk == on) {
+if (file_exists("{$snortdir}/doc/signatures")) {
+ update_status(gettext("Copying signatures..."));
+ update_output_window(gettext("May take a while..."));
+ exec("/bin/mv -f {$snortdir}/doc/signatures {$snortdir}/signatures");
+ exec("/bin/rm -r {$snortdir}/doc/signatures");
+ update_status(gettext("Done copying signatures."));
+} else {
+ update_status(gettext("Directory signatures exist..."));
+ update_output_window(gettext("Error copying signature..."));
+ exit(0);
+ }
+ }
+}
+
+/* double make shure cleanup emerg rules that dont belong */
+if (file_exists("/usr/local/etc/snort_bkup/rules/emerging-botcc-BLOCK.rules")) {
+ apc_clear_cache();
+ exec("/bin/rm /usr/local/etc/snort_bkup/rules/emerging-botcc-BLOCK.rules");
+ exec("/bin/rm /usr/local/etc/snort_bkup/rules/emerging-botcc.rules");
+ exec("/bin/rm /usr/local/etc/snort_bkup/rules/emerging-compromised-BLOCK.rules");
+ exec("/bin/rm /usr/local/etc/snort_bkup/rules/emerging-drop-BLOCK.rules");
+ exec("/bin/rm /usr/local/etc/snort_bkup/rules/emerging-dshield-BLOCK.rules");
+ exec("/bin/rm /usr/local/etc/snort_bkup/rules/emerging-rbn-BLOCK.rules");
+ exec("/bin/rm /usr/local/etc/snort_bkup/rules/emerging-tor-BLOCK.rules");
+}
+
+if (file_exists("/usr/local/lib/snort/dynamicrules/lib_sfdynamic_example_rule.so")) {
+ exec("/bin/rm /usr/local/lib/snort/dynamicrules/lib_sfdynamic_example_rule.so");
+ exec("/bin/rm /usr/local/lib/snort/dynamicrules/lib_sfdynamic_example\*");
+}
+
+/* create a msg-map for snort */
+update_status(gettext("Updating Alert Messages..."));
+update_output_window(gettext("Please Wait..."));
+exec("/usr/local/bin/perl /usr/local/bin/create-sidmap.pl /usr/local/etc/snort_bkup/rules > /usr/local/etc/snort_bkup/sid-msg.map");
+
+/* Run oinkmaster to snort_wan and cp configs */
+/* If oinkmaster is not needed cp rules normally */
+/* TODO add per interface settings here */
+if ($snort_md5_check_ok != on || $emerg_md5_check_chk_ok != on || $pfsense_md5_check_ok != on) {
+
+ if (empty($config['installedpackages']['snort']['rule_sid_on']) || empty($config['installedpackages']['snort']['rule_sid_off'])) {
+ update_status(gettext("Your first set of rules are being copied..."));
+ update_output_window(gettext("May take a while..."));
+ exec("/bin/cp {$snortdir}/rules/* {$snortdir_wan}/rules/");
+ exec("/bin/cp {$snortdir}/classification.config {$snortdir_wan}");
+ exec("/bin/cp {$snortdir}/gen-msg.map {$snortdir_wan}");
+ exec("/bin/cp {$snortdir}/generators {$snortdir_wan}");
+ exec("/bin/cp {$snortdir}/reference.config {$snortdir_wan}");
+ exec("/bin/cp {$snortdir}/sid {$snortdir_wan}");
+ exec("/bin/cp {$snortdir}/sid-msg.map {$snortdir_wan}");
+ exec("/bin/cp {$snortdir}/unicode.map {$snortdir_wan}");
+
+} else {
+ update_status(gettext("Your enable and disable changes are being applied to your fresh set of rules..."));
+ update_output_window(gettext("May take a while..."));
+ exec("/bin/cp {$snortdir}/rules/* {$snortdir_wan}/rules/");
+ exec("/bin/cp {$snortdir}/classification.config {$snortdir_wan}");
+ exec("/bin/cp {$snortdir}/gen-msg.map {$snortdir_wan}");
+ exec("/bin/cp {$snortdir}/generators {$snortdir_wan}");
+ exec("/bin/cp {$snortdir}/reference.config {$snortdir_wan}");
+ exec("/bin/cp {$snortdir}/sid {$snortdir_wan}");
+ exec("/bin/cp {$snortdir}/sid-msg.map {$snortdir_wan}");
+ exec("/bin/cp {$snortdir}/unicode.map {$snortdir_wan}");
+
+ /* oinkmaster.pl will convert saved changes for the new updates then we have to change #alert to # alert for the gui */
+ /* might have to add a sleep for 3sec for flash drives or old drives */
+ exec("/usr/local/bin/perl /usr/local/bin/oinkmaster.pl -C /usr/local/etc/snort_bkup/oinkmaster.conf -o /usr/local/etc/snort/rules > /usr/local/etc/snort_bkup/oinkmaster.log");
+ exec("/usr/local/bin/perl -pi -e 's/#alert/# alert/g' /usr/local/etc/snort/rules/*.rules");
+ exec("/usr/local/bin/perl -pi -e 's/##alert/# alert/g' /usr/local/etc/snort/rules/*.rules");
+ exec("/usr/local/bin/perl -pi -e 's/## alert/# alert/g' /usr/local/etc/snort/rules/*.rules");
+
+
+ }
+}
+
+/* remove old $tmpfname files */
+if (file_exists("{$tmpfname}")) {
+ update_status(gettext("Cleaning up..."));
+ exec("/bin/rm -r /root/snort_rules_up");
+// apc_clear_cache();
+}
+
+/* php code to flush out cache some people are reportting missing files this might help */
+sleep(2);
+apc_clear_cache();
+exec("/bin/sync ;/bin/sync ;/bin/sync ;/bin/sync ;/bin/sync ;/bin/sync ;/bin/sync ;/bin/sync");
+
+/* if snort is running hardrestart, if snort is not running do nothing */
+if (file_exists("/tmp/snort_download_halt.pid")) {
+ start_service("snort");
+ update_status(gettext("The Rules update finished..."));
+ update_output_window(gettext("Snort has restarted with your new set of rules..."));
+ exec("/bin/rm /tmp/snort_download_halt.pid");
+} else {
+ update_status(gettext("The Rules update finished..."));
+ update_output_window(gettext("You may start snort now..."));
+}
+
+/* hide progress bar and lets end this party */
+hide_progress_bar_status();
+conf_mount_ro();
+?>
+
+<?php
+
+function read_body_firmware($ch, $string) {
+ global $fout, $file_size, $downloaded, $counter, $version, $latest_version, $current_installed_pfsense_version;
+ $length = strlen($string);
+ $downloaded += intval($length);
+ $downloadProgress = round(100 * (1 - $downloaded / $file_size), 0);
+ $downloadProgress = 100 - $downloadProgress;
+ $a = $file_size;
+ $b = $downloaded;
+ $c = $downloadProgress;
+ $text = " Snort download in progress\\n";
+ $text .= "----------------------------------------------------\\n";
+ $text .= " Downloaded : {$b}\\n";
+ $text .= "----------------------------------------------------\\n";
+ $counter++;
+ if($counter > 150) {
+ update_output_window($text);
+ update_progress_bar($downloadProgress);
+ flush();
+ $counter = 0;
+ }
+ conf_mount_rw();
+ fwrite($fout, $string);
+ conf_mount_ro();
+ return $length;
+}
+
+?>
+
+</body>
+</html>
diff --git a/config/snort-dev/snort_dynamic_ip_reload.php b/config/snort-old/snort_dynamic_ip_reload.php
index 98d9bcce..0fad085b 100644
--- a/config/snort-dev/snort_dynamic_ip_reload.php
+++ b/config/snort-old/snort_dynamic_ip_reload.php
@@ -3,7 +3,7 @@
/* $Id$ */
/*
snort_dynamic_ip_reload.php
- Copyright (C) 2009 Robert Zeleya
+ Copyright (C) 2006 Scott Ullrich and Robert Zeleya
All rights reserved.
Redistribution and use in source and binary forms, with or without
@@ -31,20 +31,19 @@
/* NOTE: this file gets included from the pfSense filter.inc plugin process */
/* NOTE: file location /usr/local/pkg/pf, all files in pf dir get exec on filter reloads */
-require_once("/usr/local/pkg/snort/snort.inc");
+require_once("/usr/local/pkg/snort.inc");
+require_once("service-utils.inc");
+require_once("config.inc");
-/* get the varibles from the command line */
-/* Note: snort.sh sould only be using this */
-//$id = $_SERVER["argv"][1];
-//$if_real = $_SERVER["argv"][2];
-//$test_iface = $config['installedpackages']['snortglobal']['rule'][$id]['interface'];
-
-//if ($id == "" || $if_real == "" || $test_iface == "") {
-// exec("/usr/bin/logger -p daemon.info -i -t SnortDynIP \"ERORR starting snort_dynamic_ip_reload.php\"");
-// exit;
-// }
-
-sync_snort_package_empty();
+if($config['interfaces']['wan']['ipaddr'] == "pppoe" or
+ $config['interfaces']['wan']['ipaddr'] == "dhcp") {
+ create_snort_conf();
+ exec("killall -HUP snort");
+ /* define snortbarnyardlog_chk */
+ $snortbarnyardlog_info_chk = $config['installedpackages']['snortadvanced']['config'][0]['snortbarnyardlog'];
+ if ($snortbarnyardlog_info_chk == on)
+ exec("killall -HUP barnyard2");
+}
?> \ No newline at end of file
diff --git a/config/snort-dev/snort_rules.php b/config/snort-old/snort_rules.php
index c95d76ca..94c99f0e 100644
--- a/config/snort-dev/snort_rules.php
+++ b/config/snort-old/snort_rules.php
@@ -2,8 +2,7 @@
/* $Id$ */
/*
edit_snortrule.php
- Copyright (C) 2004, 2005 Scott Ullrich
- Copyright (C) 2008, 2009 Robert Zelaya
+ Copyright (C) 2004, 2005 Scott Ullrich and Rober Zelaya
All rights reserved.
Redistribution and use in source and binary forms, with or without
@@ -27,45 +26,22 @@
ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
POSSIBILITY OF SUCH DAMAGE.
*/
+require("guiconfig.inc");
+require("config.inc");
-
-require_once("guiconfig.inc");
-require_once("/usr/local/pkg/snort/snort_gui.inc");
-require_once("/usr/local/pkg/snort/snort.inc");
-
-if (!is_array($config['installedpackages']['snortglobal']['rule'])) {
- $config['installedpackages']['snortglobal']['rule'] = array();
-}
-
-//nat_rules_sort();
-$a_nat = &$config['installedpackages']['snortglobal']['rule'];
-
-$id = $_GET['id'];
-if (isset($_POST['id']))
- $id = $_POST['id'];
-
-if (isset($id) && $a_nat[$id]) {
-
- $pconfig['enable'] = $a_nat[$id]['enable'];
- $pconfig['interface'] = $a_nat[$id]['interface'];
- $pconfig['rulesets'] = $a_nat[$id]['rulesets'];
+if(!is_dir("/usr/local/etc/snort/rules")) {
+ conf_mount_rw();
+ exec('mkdir /usr/local/etc/snort/rules/');
+ conf_mount_ro();
}
-/* convert fake interfaces to real */
-$if_real = convert_friendly_interface_to_real_interface_name($pconfig['interface']);
-
-$iface_uuid = $a_nat[$id]['uuid'];
-
-// if(!is_dir("/usr/local/etc/snort/rules"))
-// exec('mkdir /usr/local/etc/snort/rules/');
-
/* Check if the rules dir is empy if so warn the user */
/* TODO give the user the option to delete the installed rules rules */
-$isrulesfolderempty = exec("ls -A /usr/local/etc/snort/snort_{$iface_uuid}_{$if_real}/rules/*.rules");
+$isrulesfolderempty = exec('ls -A /usr/local/etc/snort/rules/*.rules');
if ($isrulesfolderempty == "") {
include("head.inc");
-include("./snort_fbegin.inc");
+include("fbegin.inc");
echo "<body link=\"#000000\" vlink=\"#000000\" alink=\"#000000\">";
@@ -75,15 +51,18 @@ echo "<script src=\"/row_toggle.js\" type=\"text/javascript\"></script>\n
<tr>\n
<td>\n";
- $tab_array = array();
- $tab_array[] = array("Snort Interfaces", false, "/snort/snort_interfaces.php");
- $tab_array[] = array("If Settings", false, "/snort/snort_interfaces_edit.php?id={$id}");
- $tab_array[] = array("Categories", false, "/snort/snort_rulesets.php?id={$id}");
- $tab_array[] = array("Rules", true, "/snort/snort_rules.php?id={$id}");
- $tab_array[] = array("Servers", false, "/snort/snort_define_servers.php?id={$id}");
- $tab_array[] = array("Preprocessors", false, "/snort/snort_preprocessors.php?id={$id}");
- $tab_array[] = array("Barnyard2", false, "/snort/snort_barnyard.php?id={$id}");
- display_top_tabs($tab_array);
+ $tab_array = array();
+ $tab_array[] = array(gettext("Settings"), false, "/pkg_edit.php?xml=snort.xml&id=0");
+ $tab_array[] = array(gettext("Update Rules"), false, "/snort_download_rules.php");
+ $tab_array[] = array(gettext("Categories"), false, "/snort_rulesets.php");
+ $tab_array[] = array(gettext("Rules"), true, "/snort_rules.php");
+ $tab_array[] = array(gettext("Servers"), false, "/pkg_edit.php?xml=snort_define_servers.xml&amp;id=0");
+ $tab_array[] = array(gettext("Blocked"), false, "/snort_blocked.php");
+ $tab_array[] = array(gettext("Whitelist"), false, "/pkg.php?xml=snort_whitelist.xml");
+ $tab_array[] = array(gettext("Threshold"), false, "/pkg.php?xml=snort_threshold.xml");
+ $tab_array[] = array(gettext("Alerts"), false, "/snort_alerts.php");
+ $tab_array[] = array(gettext("Advanced"), false, "/pkg_edit.php?xml=snort_advanced.xml&id=0");
+ display_top_tabs($tab_array);
echo "</td>\n
</tr>\n
@@ -126,6 +105,8 @@ function get_middle($source, $beginning, $ending, $init_pos) {
function write_rule_file($content_changed, $received_file)
{
+ conf_mount_rw();
+
//read snort file with writing enabled
$filehandle = fopen($received_file, "w");
@@ -141,6 +122,7 @@ function write_rule_file($content_changed, $received_file)
//close file handle
fclose($filehandle);
+ conf_mount_rw();
}
function load_rule_file($incoming_file)
@@ -155,9 +137,8 @@ function load_rule_file($incoming_file)
//close handler
fclose ($filehandle);
-
//string for populating category select
- $currentruleset = basename($rulefile);
+ $currentruleset = substr($file, 27);
//delimiter for each new rule is a new line
$delimiter = "\n";
@@ -169,13 +150,10 @@ function load_rule_file($incoming_file)
}
-$ruledir = "/usr/local/etc/snort/snort_{$iface_uuid}_{$if_real}/rules/";
+$ruledir = "/usr/local/etc/snort/rules/";
$dh = opendir($ruledir);
-if ($_GET['openruleset'] != '' && $_GET['ids'] != '')
-{
- header("Location: /snort/snort_rules.php?id=$id&openruleset={$_GET['openruleset']}&saved=yes");
-}
+$message_reload = "The Snort rule configuration has been changed.<br>You must apply the changes in order for them to take effect.";
while (false !== ($filename = readdir($dh)))
{
@@ -191,22 +169,19 @@ sort($files);
if ($_GET['openruleset'])
{
- $rulefile = $_GET['openruleset'];
+ $file = $_GET['openruleset'];
}
else
{
- $rulefile = $ruledir.$files[0];
+ $file = $ruledir.$files[0];
}
//Load the rule file
-$splitcontents = load_rule_file($rulefile);
+$splitcontents = load_rule_file($file);
if ($_POST)
{
-
- conf_mount_rw();
-
if (!$_POST['apply']) {
//retrieve POST data
$post_lineid = $_POST['lineid'];
@@ -283,20 +258,26 @@ if ($_POST)
$splitcontents[$post_lineid] = $tempstring;
//write the new .rules file
- write_rule_file($splitcontents, $rulefile);
+ write_rule_file($splitcontents, $file);
//once file has been written, reload file
- $splitcontents = load_rule_file($rulefile);
+ $splitcontents = load_rule_file($file);
$stopMsg = true;
}
+
+ if ($_POST['apply']) {
+// stop_service("snort");
+// sleep(2);
+// start_service("snort");
+ $savemsg = "The snort rules selections have been saved. Please restart snort by clicking save on the settings tab.";
+ $stopMsg = false;
+ }
+
}
else if ($_GET['act'] == "toggle")
{
-
- conf_mount_rw();
-
- $toggleid = $_GET['ids'];
+ $toggleid = $_GET['id'];
//copy rule contents from array into string
$tempstring = $splitcontents[$toggleid];
@@ -330,10 +311,10 @@ else if ($_GET['act'] == "toggle")
$splitcontents[$toggleid] = $tempstring;
//write the new .rules file
- write_rule_file($splitcontents, $rulefile);
+ write_rule_file($splitcontents, $file);
//once file has been written, reload file
- $splitcontents = load_rule_file($rulefile);
+ $splitcontents = load_rule_file($file);
$stopMsg = true;
@@ -345,22 +326,20 @@ else if ($_GET['act'] == "toggle")
// sid being turned off
$sid_off = str_replace("sid:", "", $sid_off_cut);
// rule_sid_on registers
- $sid_on_pieces = $a_nat[$id]['rule_sid_on'];
+ $sid_on_pieces = $config['installedpackages']['snort']['rule_sid_on'];
// if off sid is the same as on sid remove it
$sid_on_old = str_replace("||enablesid $sid_off", "", "$sid_on_pieces");
// write the replace sid back as empty
- $a_nat[$id]['rule_sid_on'] = $sid_on_old;
+ $config['installedpackages']['snort']['rule_sid_on'] = $sid_on_old;
// rule sid off registers
- $sid_off_pieces = $a_nat[$id]['rule_sid_off'];
+ $sid_off_pieces = $config['installedpackages']['snort']['rule_sid_off'];
// if off sid is the same as off sid remove it
$sid_off_old = str_replace("||disablesid $sid_off", "", "$sid_off_pieces");
// write the replace sid back as empty
- $a_nat[$id]['rule_sid_off'] = $sid_off_old;
+ $config['installedpackages']['snort']['rule_sid_off'] = $sid_off_old;
// add sid off registers to new off sid
- $a_nat[$id]['rule_sid_off'] = "||disablesid $sid_off" . $a_nat[$id]['rule_sid_off'];
+ $config['installedpackages']['snort']['rule_sid_off'] = "||disablesid $sid_off" . $config['installedpackages']['snort']['rule_sid_off'];
write_config();
- conf_mount_rw();
-
}
else
{
@@ -370,55 +349,39 @@ else if ($_GET['act'] == "toggle")
// sid being turned off
$sid_on = str_replace("sid:", "", $sid_on_cut);
// rule_sid_off registers
- $sid_off_pieces = $a_nat[$id]['rule_sid_off'];
+ $sid_off_pieces = $config['installedpackages']['snort']['rule_sid_off'];
// if off sid is the same as on sid remove it
$sid_off_old = str_replace("||disablesid $sid_on", "", "$sid_off_pieces");
// write the replace sid back as empty
- $a_nat[$id]['rule_sid_off'] = $sid_off_old;
+ $config['installedpackages']['snort']['rule_sid_off'] = $sid_off_old;
// rule sid on registers
- $sid_on_pieces = $a_nat[$id]['rule_sid_on'];
+ $sid_on_pieces = $config['installedpackages']['snort']['rule_sid_on'];
// if on sid is the same as on sid remove it
$sid_on_old = str_replace("||enablesid $sid_on", "", "$sid_on_pieces");
// write the replace sid back as empty
- $a_nat[$id]['rule_sid_on'] = $sid_on_old;
+ $config['installedpackages']['snort']['rule_sid_on'] = $sid_on_old;
// add sid on registers to new on sid
- $a_nat[$id]['rule_sid_on'] = "||enablesid $sid_on" . $a_nat[$id]['rule_sid_on'];
+ $config['installedpackages']['snort']['rule_sid_on'] = "||enablesid $sid_on" . $config['installedpackages']['snort']['rule_sid_on'];
write_config();
- conf_mount_rw();
}
}
-if ($_GET['saved'] == 'yes')
-{
- $message = "The Snort rule configuration has been changed.<br>You must restart this snort interface in order for the changes to take effect.";
-
-// stop_service("snort");
-// sleep(2);
-// start_service("snort");
-// $savemsg = "";
-// $stopMsg = false;
-}
-
-$currentruleset = basename($rulefile);
-
-$ifname = strtoupper($pconfig['interface']);
+$pgtitle = "Snort: Rules";
require("guiconfig.inc");
include("head.inc");
-
-$pgtitle = "Snort: $id $iface_uuid $if_real Category: $currentruleset";
-
?>
<body link="#0000CC" vlink="#0000CC" alink="#0000CC">
-<?php include("./snort_fbegin.inc"); ?>
-<p class="pgtitle"><?if($pfsense_stable == 'yes'){echo $pgtitle;}?></p>
-
+<?php include("fbegin.inc"); ?>
<?php
-echo "<form action=\"snort_rules.php?id={$id}\" method=\"post\" name=\"iform\" id=\"iform\">";
+if(!$pgtitle_output)
+ echo "<p class=\"pgtitle\"><?=$pgtitle?></p>";
?>
-<?php if ($_GET['saved'] == 'yes') {print_info_box_np2($message);}?>
+<form action="snort_rules.php" method="post" name="iform" id="iform">
+<?php if ($savemsg){print_info_box($savemsg);} else if ($stopMsg){print_info_box_np($message_reload);}?>
+<br>
</form>
<script type="text/javascript" language="javascript" src="row_toggle.js">
<script src="/javascript/sorttable.js" type="text/javascript">
@@ -440,40 +403,28 @@ function go()
}
// -->
</script>
-<script type="text/javascript">
-<!--
-function popup(url)
-{
- params = 'width='+screen.width;
- params += ', height='+screen.height;
- params += ', top=0, left=0'
- params += ', fullscreen=yes';
-
- newwin=window.open(url,'windowname4', params);
- if (window.focus) {newwin.focus()}
- return false;
-}
-// -->
-</script>
<table width="99%" border="0" cellpadding="0" cellspacing="0">
<tr>
<td>
<?php
- $tab_array = array();
- $tab_array[] = array("Snort Interfaces", false, "/snort/snort_interfaces.php");
- $tab_array[] = array("If Settings", false, "/snort/snort_interfaces_edit.php?id={$id}");
- $tab_array[] = array("Categories", false, "/snort/snort_rulesets.php?id={$id}");
- $tab_array[] = array("Rules", true, "/snort/snort_rules.php?id={$id}");
- $tab_array[] = array("Servers", false, "/snort/snort_define_servers.php?id={$id}");
- $tab_array[] = array("Preprocessors", false, "/snort/snort_preprocessors.php?id={$id}");
- $tab_array[] = array("Barnyard2", false, "/snort/snort_barnyard.php?id={$id}");
+ $tab_array = array();
+ $tab_array[] = array(gettext("Settings"), false, "/pkg_edit.php?xml=snort.xml&id=0");
+ $tab_array[] = array(gettext("Update Rules"), false, "/snort_download_rules.php");
+ $tab_array[] = array(gettext("Categories"), false, "/snort_rulesets.php");
+ $tab_array[] = array(gettext("Rules"), true, "/snort_rules.php");
+ $tab_array[] = array(gettext("Servers"), false, "/pkg_edit.php?xml=snort_define_servers.xml&amp;id=0");
+ $tab_array[] = array(gettext("Blocked"), false, "/snort_blocked.php");
+ $tab_array[] = array(gettext("Whitelist"), false, "/pkg.php?xml=snort_whitelist.xml");
+ $tab_array[] = array(gettext("Threshold"), false, "/pkg.php?xml=snort_threshold.xml");
+ $tab_array[] = array(gettext("Alerts"), false, "/snort_alerts.php");
+ $tab_array[] = array(gettext("Advanced"), false, "/pkg_edit.php?xml=snort_advanced.xml&id=0");
display_top_tabs($tab_array);
?>
- </td>
- </tr>
- <tr>
- <td>
+ </td>
+ </tr>
+ <tr>
+ <td>
<div id="mainarea">
<table id="maintable" class="tabcont" width="100%" border="0" cellpadding="0" cellspacing="0">
<tr>
@@ -496,8 +447,7 @@ function popup(url)
echo "<br>Category: ";
//string for populating category select
- $currentruleset = basename($rulefile);
-
+ $currentruleset = substr($file, 27);
?>
<form name="forms">
<select name="selectbox" class="formfld" onChange="go()">
@@ -509,7 +459,7 @@ function popup(url)
if ($files[$i] === $currentruleset)
$selectedruleset = "selected";
?>
- <option value="?id=<?=$id;?>&openruleset=<?=$ruledir;?><?=$files[$i];?>" <?=$selectedruleset;?>><?=$files[$i];?></option>"
+ <option value="?&openruleset=<?=$ruledir;?><?=$files[$i];?>" <?=$selectedruleset;?>><?=$files[$i];?></option>"
<?php
$i++;
@@ -562,13 +512,7 @@ function popup(url)
$textss = $textse = "";
$iconb = "icon_block.gif";
}
-
- if ($disabled_pos !== false){
- $ischecked = "";
- }else{
- $ischecked = "checked";
- }
-
+
$rule_content = explode(' ', $tempstring);
$protocol = $rule_content[$counter2];//protocol location
@@ -581,93 +525,87 @@ function popup(url)
$counter2++;
$destination_port = $rule_content[$counter2];//destination port location
- if (strstr($tempstring, 'msg: "'))
- $message = get_middle($tempstring, 'msg: "', '";', 0);
- if (strstr($tempstring, 'msg:"'))
- $message = get_middle($tempstring, 'msg:"', '";', 0);
+ $message = get_middle($tempstring, 'msg:"', '";', 0);
- echo "<tr>
- <td class=\"listt\">
- $textss\n";
+ echo "<tr>";
+ echo "<td class=\"listt\">";
+ echo $textss;
?>
- <a href="?id=<?=$id;?>&openruleset=<?=$rulefile;?>&act=toggle&ids=<?=$counter;?>"><img src="../themes/<?= $g['theme']; ?>/images/icons/<?=$iconb;?>" width="10" height="10" border="0" title="click to toggle enabled/disabled status"></a>
- <!-- <input name="enable" type="checkbox" value="yes" <?= $ischecked; ?> onClick="enable_change(false)"> -->
- <!-- TODO: add checkbox and save so that that disabling is nicer -->
+ <a href="?&openruleset=<?=$file;?>&act=toggle&id=<?=$counter;?>"><img src="./themes/<?= $g['theme']; ?>/images/icons/<?=$iconb;?>" width="11" height="11" border="0" title="click to toggle enabled/disabled status"></a>
<?php
- echo "$textse
- </td>
- <td class=\"listlr\">
- $textss
- $sid
- $textse
- </td>
- <td class=\"listlr\">
- $textss
- $protocol";
- ?>
- <?php
+ echo $textse;
+ echo "</td>";
+
+
+ echo "<td class=\"listlr\">";
+ echo $textss;
+ echo $sid;
+ echo $textse;
+ echo "</td>";
+
+ echo "<td class=\"listlr\">";
+ echo $textss;
+ echo $protocol;
$printcounter++;
- echo "$textse
- </td>
- <td class=\"listlr\">
- $textss
- $source
- $textse
- </td>
- <td class=\"listlr\">
- $textss
- $source_port
- $textse
- </td>
- <td class=\"listlr\">
- $textss
- $destination
- $textse
- </td>
- <td class=\"listlr\">
- $textss
- $destination_port
- $textse
- </td>";
+ echo $textse;
+ echo "</td>";
+ echo "<td class=\"listlr\">";
+ echo $textss;
+ echo $source;
+ echo $textse;
+ echo "</td>";
+ echo "<td class=\"listlr\">";
+ echo $textss;
+ echo $source_port;
+ echo $textse;
+ echo "</td>";
+ echo "<td class=\"listlr\">";
+ echo $textss;
+ echo $destination;
+ echo $textse;
+ echo "</td>";
+ echo "<td class=\"listlr\">";
+ echo $textss;
+ echo $destination_port;
+ echo $textse;
+ echo "</td>";
?>
<td class="listbg"><font color="white">
<?php
- echo "$textss
- $message
- $textse
- </td>";
+ echo $textss;
+ echo $message;
+ echo $textse;
+ echo "</td>";
?>
<td valign="middle" nowrap class="list">
<table border="0" cellspacing="0" cellpadding="1">
<tr>
- <td><a href="javascript: void(0)"onclick="popup('snort_rules_edit.php?id=<?=$id;?>&openruleset=<?=$rulefile;?>&ids=<?=$counter;?>')"><img src="../themes/<?= $g['theme']; ?>/images/icons/icon_e.gif" title="edit rule" width="17" height="17" border="0"></a></td>
- <!-- Codes by Quackit.com -->
+ <td><a href="snort_rules_edit.php?openruleset=<?=$file;?>&id=<?=$counter;?>"><img src="./themes/<?= $g['theme']; ?>/images/icons/icon_e.gif" title="edit rule" width="17" height="17" border="0"></a></td>
</tr>
</table>
</td>
<?php
}
}
- echo " There are $printcounter rules in this category. <br><br>";
+ echo " ";
+ echo "There are ";
+ echo $printcounter;
+ echo " rules in this category. <br><br>";
?>
</table>
</td>
</tr>
<table class="tabcont" width="100%" border="0" cellspacing="0" cellpadding="0">
<tr>
- <td width="16"><img src="../themes/<?= $g['theme']; ?>/images/icons/icon_block.gif" width="11" height="11"></td>
+ <td width="16"><img src="./themes/<?= $g['theme']; ?>/images/icons/icon_block.gif" width="11" height="11"></td>
<td>Rule Enabled</td>
</tr>
<tr>
- <td><img src="../themes/<?= $g['theme']; ?>/images/icons/icon_block_d.gif" width="11" height="11"></td>
+ <td><img src="./themes/<?= $g['theme']; ?>/images/icons/icon_block_d.gif" width="11" height="11"></td>
<td nowrap>Rule Disabled</td>
- </tr>
- <table class="tabcont" width="100%" border="0" cellspacing="0" cellpadding="0">
- <tr>
- <!-- TODO: add save and cancel for checkbox options -->
- <!-- <td><pre><input name="Submit" type="submit" class="formbtn" value="Save"> <input type="button" class="formbtn" value="Cancel" onclick="history.back()"><pre></td> -->
+
+
</tr>
- </table>
<tr>
<td colspan="10">
<p>
@@ -677,11 +615,12 @@ function popup(url)
</tr>
</table>
</table>
+
</td>
</tr>
-
</table>
+
<?php include("fend.inc"); ?>
</div></body>
-</html>
+</html> \ No newline at end of file
diff --git a/config/snort-old/snort_rules_edit.php b/config/snort-old/snort_rules_edit.php
new file mode 100644
index 00000000..cbabce73
--- /dev/null
+++ b/config/snort-old/snort_rules_edit.php
@@ -0,0 +1,207 @@
+<?php
+/* $Id$ */
+/*
+ snort_rules_edit.php
+ Copyright (C) 2004, 2005 Scott Ullrich
+ All rights reserved.
+
+ Redistribution and use in source and binary forms, with or without
+ modification, are permitted provided that the following conditions are met:
+
+ 1. Redistributions of source code must retain the above copyright notice,
+ this list of conditions and the following disclaimer.
+
+ 2. Redistributions in binary form must reproduce the above copyright
+ notice, this list of conditions and the following disclaimer in the
+ documentation and/or other materials provided with the distribution.
+
+ THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
+ INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+ AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
+ OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ POSSIBILITY OF SUCH DAMAGE.
+*/
+
+function get_middle($source, $beginning, $ending, $init_pos) {
+ $beginning_pos = strpos($source, $beginning, $init_pos);
+ $middle_pos = $beginning_pos + strlen($beginning);
+ $ending_pos = strpos($source, $ending, $beginning_pos);
+ $middle = substr($source, $middle_pos, $ending_pos - $middle_pos);
+ return $middle;
+}
+
+
+$file = $_GET['openruleset'];
+
+//read snort file
+$filehandle = fopen($file, "r");
+
+//get rule id
+$lineid = $_GET['id'];
+
+//read file into string, and get filesize
+$contents = fread($filehandle, filesize($file));
+
+//close handler
+fclose ($filehandle);
+
+//delimiter for each new rule is a new line
+$delimiter = "\n";
+
+//split the contents of the string file into an array using the delimiter
+$splitcontents = explode($delimiter, $contents);
+
+//copy rule contents from array into string
+$tempstring = $splitcontents[$lineid];
+
+//explode rule contents into an array, (delimiter is space)
+$rule_content = explode(' ', $tempstring);
+
+//search string
+$findme = "# alert"; //find string for disabled alerts
+
+//find if alert is disabled
+$disabled = strstr($tempstring, $findme);
+
+//get sid
+$sid = get_middle($tempstring, 'sid:', ';', 0);
+
+
+//if find alert is false, then rule is disabled
+if ($disabled !== false)
+{
+ //move counter up 1, so we do not retrieve the # in the rule_content array
+ $counter2 = 2;
+}
+else
+{
+ $counter2 = 1;
+}
+
+
+$protocol = $rule_content[$counter2];//protocol location
+$counter2++;
+$source = $rule_content[$counter2];//source location
+$counter2++;
+$source_port = $rule_content[$counter2];//source port location
+$counter2++;
+$direction = $rule_content[$counter2];
+$counter2++;
+$destination = $rule_content[$counter2];//destination location
+$counter2++;
+$destination_port = $rule_content[$counter2];//destination port location
+$message = get_middle($tempstring, 'msg:"', '";', 0);
+
+$content = get_middle($tempstring, 'content:"', '";', 0);
+$classtype = get_middle($tempstring, 'classtype:', ';', 0);
+$revision = get_middle($tempstring, 'rev:', ';',0);
+
+$pgtitle = "Snort: Edit Rule";
+require("guiconfig.inc");
+include("head.inc");
+?>
+
+<body link="#0000CC" vlink="#0000CC" alink="#0000CC">
+
+<?php include("fbegin.inc"); ?>
+<?php
+if(!$pgtitle_output)
+ echo "<p class=\"pgtitle\"><?=$pgtitle?></p>";
+?>
+<table width="99%" border="0" cellpadding="0" cellspacing="0">
+ <tr>
+ <td>
+<?php
+ $tab_array = array();
+ $tab_array[] = array(gettext("Settings"), false, "/pkg_edit.php?xml=snort.xml&id=0");
+ $tab_array[] = array(gettext("Update Rules"), false, "/snort_download_rules.php");
+ $tab_array[] = array(gettext("Categories"), false, "/snort_rulesets.php");
+ $tab_array[] = array(gettext("Rules"), true, "/snort_rules.php?openruleset=/usr/local/etc/snort/rules/attack-responses.rules");
+ $tab_array[] = array(gettext("Servers"), false, "/pkg_edit.php?xml=snort_define_servers.xml&amp;id=0");
+ $tab_array[] = array(gettext("Blocked"), false, "/snort_blocked.php");
+ $tab_array[] = array(gettext("Whitelist"), false, "/pkg.php?xml=snort_whitelist.xml");
+ $tab_array[] = array(gettext("Threshold"), false, "/pkg.php?xml=snort_threshold.xml");
+ $tab_array[] = array(gettext("Alerts"), false, "/snort_alerts.php");
+ $tab_array[] = array(gettext("Advanced"), false, "/pkg_edit.php?xml=snort_advanced.xml&id=0");
+ display_top_tabs($tab_array);
+?>
+ </td>
+ </tr>
+ <tr>
+ <td>
+ <div id="mainarea">
+ <table id="maintable" class="tabcont" width="100%" border="0" cellpadding="0" cellspacing="0">
+ <tr>
+ <td>
+ <form action="snort_rules.php?openruleset=<?=$file;?>&id=<?=$lineid;?>" target="" method="post" name="editform" id="editform">
+ <table id="edittable" class="sortable" width="100%" border="0" cellpadding="0" cellspacing="0">
+ <tr>
+ <td class="listhdr" width="10%">Enabled: </td>
+ <td class="listlr" width="30%"><input name="enabled" type="checkbox" id="enabled" value="yes" <?php if ($disabled === false) echo "checked";?>></td>
+ </tr>
+ <tr>
+ <td class="listhdr" width="10%">SID: </td>
+ <td class="listlr" width="30%"><?php echo $sid; ?></td>
+ </tr>
+ <tr>
+ <td class="listhdr" width="10%">Protocol: </td>
+ <td class="listlr" width="30%"><?php echo $protocol; ?></td>
+ </tr>
+ <tr>
+ <td class="listhdr" width="10%">Source: </td>
+ <td class="listlr" width="30%"><input name="src" type="text" id="src" size="20" value="<?php echo $source;?>"></td>
+ </tr>
+ <tr>
+ <td class="listhdr" width="10%">Source Port: </td>
+ <td class="listlr" width="30%"><input name="srcport" type="text" id="srcport" size="20" value="<?php echo $source_port;?>"></td>
+ </tr>
+ <tr>
+ <td class="listhdr" width="10%">Direction:</td>
+ <td class="listlr" width="30%"><?php echo $direction;?></td>
+ </tr>
+ <tr>
+ <td class="listhdr" width="10%">Destination:</td>
+ <td class="listlr" width="30%"><input name="dest" type="text" id="dest" size="20" value="<?php echo $destination;?>"></td>
+ </tr>
+ <tr>
+ <td class="listhdr" width="10%">Destination Port: </td>
+ <td class="listlr" width="30%"><input name="destport" type="text" id="destport" size="20" value="<?php echo $destination_port;?>"></td>
+ </tr>
+ <tr>
+ <td class="listhdr" width="10%">Message: </td>
+ <td class="listlr" width="30%"><?php echo $message; ?></td>
+ </tr>
+ <tr>
+ <td class="listhdr" width="10%">Content: </td>
+ <td class="listlr" width="30%"><?php echo $content; ?></td>
+ </tr>
+ <tr>
+ <td class="listhdr" width="10%">Classtype: </td>
+ <td class="listlr" width="30%"><?php echo $classtype; ?></td>
+ </tr>
+ <tr>
+ <td class="listhdr" width="10%">Revision: </td>
+ <td class="listlr" width="30%"><?php echo $revision; ?></td>
+ </tr>
+ <tr><td>&nbsp</td></tr>
+ <tr>
+ <td><input name="lineid" type="hidden" value="<?=$lineid;?>"></td>
+ <td><input class="formbtn" value="Save" type="submit" name="editsave" id="editsave">&nbsp&nbsp&nbsp<input type="button" class="formbtn" value="Cancel" onclick="history.back()"></td>
+ </tr>
+ </table>
+ </form>
+ </td>
+ </tr>
+ </table>
+ </td>
+</tr>
+</table>
+
+<?php include("fend.inc"); ?>
+</div></body>
+</html> \ No newline at end of file
diff --git a/config/snort-old/snort_rulesets.php b/config/snort-old/snort_rulesets.php
new file mode 100644
index 00000000..d839ae7a
--- /dev/null
+++ b/config/snort-old/snort_rulesets.php
@@ -0,0 +1,230 @@
+<?php
+/* $Id$ */
+/*
+ snort_rulesets.php
+ Copyright (C) 2006 Scott Ullrich
+ All rights reserved.
+
+ Redistribution and use in source and binary forms, with or without
+ modification, are permitted provided that the following conditions are met:
+
+ 1. Redistributions of source code must retain the above copyright notice,
+ this list of conditions and the following disclaimer.
+
+ 2. Redistributions in binary form must reproduce the above copyright
+ notice, this list of conditions and the following disclaimer in the
+ documentation and/or other materials provided with the distribution.
+
+ THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
+ INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+ AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
+ OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ POSSIBILITY OF SUCH DAMAGE.
+*/
+
+require("guiconfig.inc");
+require_once("service-utils.inc");
+require("/usr/local/pkg/snort.inc");
+
+if(!is_dir("/usr/local/etc/snort/rules")) {
+ conf_mount_rw();
+ exec('mkdir /usr/local/etc/snort/rules/');
+ conf_mount_ro();
+}
+
+/* Check if the rules dir is empy if so warn the user */
+/* TODO give the user the option to delete the installed rules rules */
+$isrulesfolderempty = exec('ls -A /usr/local/etc/snort/rules/*.rules');
+if ($isrulesfolderempty == "") {
+
+include("head.inc");
+include("fbegin.inc");
+
+echo "<body link=\"#000000\" vlink=\"#000000\" alink=\"#000000\">";
+
+echo "<script src=\"/row_toggle.js\" type=\"text/javascript\"></script>\n
+<script src=\"/javascript/sorttable.js\" type=\"text/javascript\"></script>\n
+<table width=\"99%\" border=\"0\" cellpadding=\"0\" cellspacing=\"0\">\n
+ <tr>\n
+ <td>\n";
+
+ $tab_array = array();
+ $tab_array[] = array(gettext("Settings"), false, "/pkg_edit.php?xml=snort.xml&id=0");
+ $tab_array[] = array(gettext("Update Rules"), false, "/snort_download_rules.php");
+ $tab_array[] = array(gettext("Categories"), true, "/snort_rulesets.php");
+ $tab_array[] = array(gettext("Rules"), false, "/snort_rules.php");
+ $tab_array[] = array(gettext("Servers"), false, "/pkg_edit.php?xml=snort_define_servers.xml&amp;id=0");
+ $tab_array[] = array(gettext("Blocked"), false, "/snort_blocked.php");
+ $tab_array[] = array(gettext("Whitelist"), false, "/pkg.php?xml=snort_whitelist.xml");
+ $tab_array[] = array(gettext("Threshold"), false, "/pkg.php?xml=snort_threshold.xml");
+ $tab_array[] = array(gettext("Alerts"), false, "/snort_alerts.php");
+ $tab_array[] = array(gettext("Advanced"), false, "/pkg_edit.php?xml=snort_advanced.xml&id=0");
+ display_top_tabs($tab_array);
+
+echo "</td>\n
+ </tr>\n
+ <tr>\n
+ <td>\n
+ <div id=\"mainarea\">\n
+ <table id=\"maintable\" class=\"tabcont\" width=\"100%\" border=\"0\" cellpadding=\"0\" cellspacing=\"0\">\n
+ <tr>\n
+ <td>\n
+# The rules directory is empty.\n
+ </td>\n
+ </tr>\n
+ </table>\n
+ </div>\n
+ </td>\n
+ </tr>\n
+</table>\n
+\n
+</form>\n
+\n
+<p>\n\n";
+
+echo "Please click on the Update Rules tab to install your selected rule sets.";
+include("fend.inc");
+
+echo "</body>";
+echo "</html>";
+
+exit(0);
+
+}
+
+if($_POST) {
+ $enabled_items = "";
+ $isfirst = true;
+ foreach($_POST['toenable'] as $toenable) {
+ if(!$isfirst)
+ $enabled_items .= "||";
+ $enabled_items .= "{$toenable}";
+ $isfirst = false;
+ }
+ $config['installedpackages']['snort']['rulesets'] = $enabled_items;
+ write_config();
+ stop_service("snort");
+ create_snort_conf();
+ sleep(2);
+ start_service("snort");
+ $savemsg = "The snort ruleset selections have been saved.";
+}
+
+$enabled_rulesets = $config['installedpackages']['snort']['rulesets'];
+if($enabled_rulesets)
+ $enabled_rulesets_array = split("\|\|", $enabled_rulesets);
+
+$pgtitle = "Snort: Categories";
+include("head.inc");
+
+?>
+
+<body link="#000000" vlink="#000000" alink="#000000">
+<?php include("fbegin.inc"); ?>
+
+<?php
+if(!$pgtitle_output)
+ echo "<p class=\"pgtitle\"><?=$pgtitle?></p>";
+?>
+
+<form action="snort_rulesets.php" method="post" name="iform" id="iform">
+<script src="/row_toggle.js" type="text/javascript"></script>
+<script src="/javascript/sorttable.js" type="text/javascript"></script>
+<?php if ($savemsg) print_info_box($savemsg); ?>
+<table width="99%" border="0" cellpadding="0" cellspacing="0">
+ <tr>
+ <td>
+<?php
+ $tab_array = array();
+ $tab_array[] = array(gettext("Settings"), false, "/pkg_edit.php?xml=snort.xml&id=0");
+ $tab_array[] = array(gettext("Update Rules"), false, "/snort_download_rules.php");
+ $tab_array[] = array(gettext("Categories"), true, "/snort_rulesets.php");
+ $tab_array[] = array(gettext("Rules"), false, "/snort_rules.php");
+ $tab_array[] = array(gettext("Servers"), false, "/pkg_edit.php?xml=snort_define_servers.xml&amp;id=0");
+ $tab_array[] = array(gettext("Blocked"), false, "/snort_blocked.php");
+ $tab_array[] = array(gettext("Whitelist"), false, "/pkg.php?xml=snort_whitelist.xml");
+ $tab_array[] = array(gettext("Threshold"), false, "/pkg.php?xml=snort_threshold.xml");
+ $tab_array[] = array(gettext("Alerts"), false, "/snort_alerts.php");
+ $tab_array[] = array(gettext("Advanced"), false, "/pkg_edit.php?xml=snort_advanced.xml&id=0");
+ display_top_tabs($tab_array);
+?>
+ </td>
+ </tr>
+ <tr>
+ <td>
+ <div id="mainarea">
+ <table id="maintable" class="tabcont" width="100%" border="0" cellpadding="0" cellspacing="0">
+ <tr>
+ <td>
+ <table id="sortabletable1" class="sortable" width="100%" border="0" cellpadding="0" cellspacing="0">
+ <tr id="frheader">
+ <td width="5%" class="listhdrr">Enabled</td>
+ <td class="listhdrr">Ruleset: Rules that end with "so.rules" are shared object rules.</td>
+ <!-- <td class="listhdrr">Description</td> -->
+ </tr>
+<?php
+ $dir = "/usr/local/etc/snort/rules/";
+ $dh = opendir($dir);
+ while (false !== ($filename = readdir($dh))) {
+ $files[] = $filename;
+ }
+ sort($files);
+ foreach($files as $file) {
+ if(!stristr($file, ".rules"))
+ continue;
+ echo "<tr>";
+ echo "<td align=\"center\" valign=\"top\">";
+ if(is_array($enabled_rulesets_array))
+ if(in_array($file, $enabled_rulesets_array)) {
+ $CHECKED = " checked=\"checked\"";
+ } else {
+ $CHECKED = "";
+ }
+ else
+ $CHECKED = "";
+ echo " <input type='checkbox' name='toenable[]' value='$file' {$CHECKED} />";
+ echo "</td>";
+ echo "<td>";
+ echo "<a href='snort_rules.php?openruleset=/usr/local/etc/snort/rules/" . urlencode($file) . "'>{$file}</a>";
+ echo "</td>";
+ //echo "<td>";
+ //echo "description";
+ //echo "</td>";
+ }
+
+?>
+ </table>
+ </td>
+ </tr>
+ <tr><td>&nbsp;</td></tr>
+ <tr><td>Check the rulesets that you would like Snort to load at startup.</td></tr>
+ <tr><td>&nbsp;</td></tr>
+ <tr><td><input value="Save" type="submit" name="save" id="save" /></td></tr>
+ </table>
+ </div>
+ </td>
+ </tr>
+</table>
+
+</form>
+
+<p><b>NOTE:</b> You can click on a ruleset name to edit the ruleset.
+
+<?php include("fend.inc"); ?>
+
+</body>
+</html>
+
+<?php
+
+ function get_snort_rule_file_description($filename) {
+ $filetext = file_get_contents($filename);
+
+ }
+
+?> \ No newline at end of file
diff --git a/config/snort/snort_threshold.xml b/config/snort-old/snort_threshold.xml
index f9075d3d..f9075d3d 100644
--- a/config/snort/snort_threshold.xml
+++ b/config/snort-old/snort_threshold.xml
diff --git a/config/snort-dev/snort_whitelist.xml b/config/snort-old/snort_whitelist.xml
index d98f83fa..42769e4e 100644
--- a/config/snort-dev/snort_whitelist.xml
+++ b/config/snort-old/snort_whitelist.xml
@@ -45,40 +45,52 @@
<description>Describe your package here</description>
<requirements>Describe your package requirements here</requirements>
<faq>Currently there are no FAQ items provided.</faq>
- <name>snortglobal</name>
+ <name>snort-whitelist</name>
<version>0.1.0</version>
<title>Snort: Whitelist</title>
- <include_file>/usr/local/pkg/snort/snort.inc</include_file>
+ <include_file>/usr/local/pkg/snort.inc</include_file>
<!-- Menu is where this packages menu will appear -->
<tabs>
<tab>
- <text>Snort Interfaces</text>
- <url>/snort/snort_interfaces.php</url>
+ <text>Settings</text>
+ <url>/pkg_edit.php?xml=snort.xml&amp;id=0</url>
</tab>
<tab>
- <text>Global Settings</text>
- <url>/snort/snort_interfaces_global.php</url>
+ <text>Update Rules</text>
+ <url>/snort_download_rules.php</url>
</tab>
<tab>
- <text>Rule Updates</text>
- <url>/snort/snort_download_rules.php</url>
+ <text>Categories</text>
+ <url>/snort_rulesets.php</url>
</tab>
<tab>
- <text>Alerts</text>
- <url>/snort/snort_alerts.php</url>
+ <text>Rules</text>
+ <url>/snort_rules.php</url>
+ </tab>
+ <tab>
+ <text>Servers</text>
+ <url>/pkg_edit.php?xml=snort_define_servers.xml&amp;id=0</url>
</tab>
<tab>
<text>Blocked</text>
- <url>/snort/snort_blocked.php</url>
+ <url>/snort_blocked.php</url>
</tab>
<tab>
<text>Whitelist</text>
- <url>/pkg.php?xml=/snort/snort_whitelist.xml</url>
+ <url>/pkg.php?xml=snort_whitelist.xml</url>
<active/>
</tab>
<tab>
- <text>Help Info</text>
- <url>/snort/snort_help_info.php</url>
+ <text>Threshold</text>
+ <url>/pkg.php?xml=snort_threshold.xml</url>
+ </tab>
+ <tab>
+ <text>Alerts</text>
+ <url>/snort_alerts.php</url>
+ </tab>
+ <tab>
+ <text>Advanced</text>
+ <url>/pkg_edit.php?xml=snort_advanced.xml&amp;id=0</url>
</tab>
</tabs>
<adddeleteeditpagefields>
@@ -112,6 +124,6 @@
<custom_delete_php_command>
</custom_delete_php_command>
<custom_php_resync_config_command>
- sync_snort_package_empty();
+ create_snort_conf();
</custom_php_resync_config_command>
-</packagegui>
+</packagegui> \ No newline at end of file
diff --git a/config/snort/snort_xmlrpc_sync.php b/config/snort-old/snort_xmlrpc_sync.php
index db8b3f3e..db8b3f3e 100644
--- a/config/snort/snort_xmlrpc_sync.php
+++ b/config/snort-old/snort_xmlrpc_sync.php
diff --git a/config/snort-dev/NOTES.txt b/config/snort/NOTES.txt
index b8c61c39..b8c61c39 100644
--- a/config/snort-dev/NOTES.txt
+++ b/config/snort/NOTES.txt
diff --git a/config/snort-dev/bin/7.2.x86/barnyard2 b/config/snort/bin/7.2.x86/barnyard2
index 9266051c..9266051c 100644
--- a/config/snort-dev/bin/7.2.x86/barnyard2
+++ b/config/snort/bin/7.2.x86/barnyard2
Binary files differ
diff --git a/config/snort-dev/bin/8.0.x86/barnyard2 b/config/snort/bin/8.0.x86/barnyard2
index 43476338..43476338 100755
--- a/config/snort-dev/bin/8.0.x86/barnyard2
+++ b/config/snort/bin/8.0.x86/barnyard2
Binary files differ
diff --git a/config/snort-dev/bin/8.0.x86/md5_files b/config/snort/bin/8.0.x86/md5_files
index 3b283d80..3b283d80 100644
--- a/config/snort-dev/bin/8.0.x86/md5_files
+++ b/config/snort/bin/8.0.x86/md5_files
diff --git a/config/snort-dev/bin/8.0.x86/md5_files~ b/config/snort/bin/8.0.x86/md5_files~
index 3b283d80..3b283d80 100644
--- a/config/snort-dev/bin/8.0.x86/md5_files~
+++ b/config/snort/bin/8.0.x86/md5_files~
diff --git a/config/snort-dev/bin/oinkmaster_contrib/snort_rename.pl b/config/snort/bin/oinkmaster_contrib/snort_rename.pl
index e5f0d39e..e5f0d39e 100644
--- a/config/snort-dev/bin/oinkmaster_contrib/snort_rename.pl
+++ b/config/snort/bin/oinkmaster_contrib/snort_rename.pl
diff --git a/config/snort/bin/snort2c b/config/snort/bin/snort2c
index fdc91ac8..fdc91ac8 100755..100644
--- a/config/snort/bin/snort2c
+++ b/config/snort/bin/snort2c
Binary files differ
diff --git a/config/snort-dev/css/style.css b/config/snort/css/style.css
index 44568873..44568873 100644
--- a/config/snort-dev/css/style.css
+++ b/config/snort/css/style.css
diff --git a/config/snort-dev/css/style2.css b/config/snort/css/style2.css
index d7a1616c..d7a1616c 100644
--- a/config/snort-dev/css/style2.css
+++ b/config/snort/css/style2.css
diff --git a/config/snort-dev/help_and_info.php b/config/snort/help_and_info.php
index 0f4a0c9f..0f4a0c9f 100644
--- a/config/snort-dev/help_and_info.php
+++ b/config/snort/help_and_info.php
diff --git a/config/snort-dev/images/alert.jpg b/config/snort/images/alert.jpg
index 96c24e35..96c24e35 100644
--- a/config/snort-dev/images/alert.jpg
+++ b/config/snort/images/alert.jpg
Binary files differ
diff --git a/config/snort-dev/images/down.gif b/config/snort/images/down.gif
index 2b3c99fc..2b3c99fc 100644
--- a/config/snort-dev/images/down.gif
+++ b/config/snort/images/down.gif
Binary files differ
diff --git a/config/snort-dev/images/down2.gif b/config/snort/images/down2.gif
index 71bf92eb..71bf92eb 100644
--- a/config/snort-dev/images/down2.gif
+++ b/config/snort/images/down2.gif
Binary files differ
diff --git a/config/snort-dev/images/footer.jpg b/config/snort/images/footer.jpg
index 4af05707..4af05707 100644
--- a/config/snort-dev/images/footer.jpg
+++ b/config/snort/images/footer.jpg
Binary files differ
diff --git a/config/snort-dev/images/footer2.jpg b/config/snort/images/footer2.jpg
index 3332e085..3332e085 100644
--- a/config/snort-dev/images/footer2.jpg
+++ b/config/snort/images/footer2.jpg
Binary files differ
diff --git a/config/snort-dev/images/icon-table-sort-asc.png b/config/snort/images/icon-table-sort-asc.png
index 0c127919..0c127919 100644
--- a/config/snort-dev/images/icon-table-sort-asc.png
+++ b/config/snort/images/icon-table-sort-asc.png
Binary files differ
diff --git a/config/snort-dev/images/icon-table-sort-desc.png b/config/snort/images/icon-table-sort-desc.png
index 5c52f2d0..5c52f2d0 100644
--- a/config/snort-dev/images/icon-table-sort-desc.png
+++ b/config/snort/images/icon-table-sort-desc.png
Binary files differ
diff --git a/config/snort-dev/images/icon-table-sort.png b/config/snort/images/icon-table-sort.png
index 3cae604b..3cae604b 100644
--- a/config/snort-dev/images/icon-table-sort.png
+++ b/config/snort/images/icon-table-sort.png
Binary files differ
diff --git a/config/snort-dev/images/icon_excli.png b/config/snort/images/icon_excli.png
index 4b54fa31..4b54fa31 100644
--- a/config/snort-dev/images/icon_excli.png
+++ b/config/snort/images/icon_excli.png
Binary files differ
diff --git a/config/snort-dev/images/logo.jpg b/config/snort/images/logo.jpg
index fa01d818..fa01d818 100644
--- a/config/snort-dev/images/logo.jpg
+++ b/config/snort/images/logo.jpg
Binary files differ
diff --git a/config/snort-dev/images/up.gif b/config/snort/images/up.gif
index 89596771..89596771 100644
--- a/config/snort-dev/images/up.gif
+++ b/config/snort/images/up.gif
Binary files differ
diff --git a/config/snort-dev/images/up2.gif b/config/snort/images/up2.gif
index 21c5a254..21c5a254 100644
--- a/config/snort-dev/images/up2.gif
+++ b/config/snort/images/up2.gif
Binary files differ
diff --git a/config/snort-dev/javascript/jquery-1.3.2.js b/config/snort/javascript/jquery-1.3.2.js
index 59b71d25..59b71d25 100644
--- a/config/snort-dev/javascript/jquery-1.3.2.js
+++ b/config/snort/javascript/jquery-1.3.2.js
diff --git a/config/snort-dev/javascript/jquery.blockUI.js b/config/snort/javascript/jquery.blockUI.js
index 57318334..57318334 100644
--- a/config/snort-dev/javascript/jquery.blockUI.js
+++ b/config/snort/javascript/jquery.blockUI.js
diff --git a/config/snort-dev/javascript/mootools.js b/config/snort/javascript/mootools.js
index e058db83..e058db83 100644
--- a/config/snort-dev/javascript/mootools.js
+++ b/config/snort/javascript/mootools.js
diff --git a/config/snort-dev/javascript/sortableTable.js b/config/snort/javascript/sortableTable.js
index 096f8d4c..096f8d4c 100644
--- a/config/snort-dev/javascript/sortableTable.js
+++ b/config/snort/javascript/sortableTable.js
diff --git a/config/snort-dev/javascript/tabs.js b/config/snort/javascript/tabs.js
index 40e54f0e..40e54f0e 100644
--- a/config/snort-dev/javascript/tabs.js
+++ b/config/snort/javascript/tabs.js
diff --git a/config/snort/pfsense_rules/pfsense_rules.tar.gz.md5 b/config/snort/pfsense_rules/pfsense_rules.tar.gz.md5
index 83d5bdae..0aede4a0 100644
--- a/config/snort/pfsense_rules/pfsense_rules.tar.gz.md5
+++ b/config/snort/pfsense_rules/pfsense_rules.tar.gz.md5
@@ -1 +1 @@
-10002 \ No newline at end of file
+102 \ No newline at end of file
diff --git a/config/snort/snort.inc b/config/snort/snort.inc
index 00a86c35..eef238a0 100755..100644
--- a/config/snort/snort.inc
+++ b/config/snort/snort.inc
@@ -3,6 +3,7 @@
/*
snort.inc
Copyright (C) 2006 Scott Ullrich
+ Copyright (C) 2009 Robert Zelaya
part of pfSense
All rights reserved.
@@ -29,215 +30,982 @@
*/
require_once("pfsense-utils.inc");
+require_once("config.inc");
+require_once("functions.inc");
-// Needed on 2.0 because of get_vpns_list()
-require_once("filter.inc");
+// Needed on 2.0 because of filter_get_vpns_list()
+require_once("filter.inc");
+
+/* find out if were in 1.2.3-RELEASE */
+
+$pfsense_ver_chk = exec('/bin/cat /etc/version');
+if ($pfsense_ver_chk == '1.2.3-RELEASE')
+{
+ $pfsense_stable = 'yes';
+}else{
+ $pfsense_stable = 'no';
+}
+
+/* checks to see if snort is running yes/no and stop/start */
+ function Running_Ck($snort_uuid, $if_real, $id) {
+ global $config;
+
+ $snort_up_ck = exec("/bin/ps -auwx | /usr/bin/grep -v grep | /usr/bin/grep snort | /usr/bin/awk '{print \$2;}' | sed 1q");
+
+ if(snort_up_ck == ''){
+ $snort_up = 'no';
+ return $snort_up;
+ }
+
+ if(snort_up_ck != ''){
+
+ //$snort_up_pre = exec("/usr/bin/top -a -U snort -u | grep -v grep | grep \"R {$snort_uuid}_{$if_real}\" | awk '{print \$1;}'");
+ //$snort_up_s = exec("/usr/bin/top -U snort -u | grep snort | grep {$snort_up_pre} | /usr/bin/awk '{print \$1;}'");
+ //$snort_up_r = exec("/usr/bin/top -U root -u | grep snort | grep {$snort_up_pre} | /usr/bin/awk '{print \$1;}'");
+
+ /* use ob_clean to clear output buffer, this code needs to be watched */
+ ob_clean();
+ $snort_up_prell = exec("/usr/bin/top -a -U snort -u | grep -v grep | grep \"R {$snort_uuid}_{$if_real}\" | awk '{print \$1;}'", $retval);
+
+ if ($snort_up_prell != "") {
+ $snort_uph = 'yes';
+ }else{
+ $snort_uph = 'no';
+ }
+ }
+
+ return $snort_uph;
+ }
+
+/* checks to see if barnyard2 is running yes/no */
+ function Running_Ck_b($snort_uuid, $if_real, $id) {
+ global $config;
+
+ $snort_up_ck_b = exec("/bin/ps -auwx | /usr/bin/grep -v grep | /usr/bin/grep barnyard2 | /usr/bin/awk '{print \$2;}' | sed 1q");
+
+ if($snort_up_ck_b == ''){
+ $snort_up_b = 'no';
+ return $snort_up_b;
+ }
+
+ if(snort_up_ck_b != ''){
+
+ //$snort_up_pre_b = exec("/usr/bin/top -a -U snort -u | grep -v grep | grep \"f snort_{$snort_uuid}_{$if_real}.u2\" | awk '{print \$1;}'");
+ //$snort_up_s_b = exec("/usr/bin/top -U snort -u | grep barnyard2 | grep {$snort_up_pre_b} | /usr/bin/awk '{print \$1;}'");
+ //$snort_up_r_b = exec("/usr/bin/top -U root -u | grep barnyard2 | grep {$snort_up_pre_b} | /usr/bin/awk '{print \$1;}'");
+
+ /* use ob_clean to clear output buffer, this code needs to be watched */
+ ob_clean();
+ $snort_up_pre_b = exec("/usr/bin/top -a -U snort -u | grep -v grep | grep \"f snort_{$snort_uuid}_{$if_real}.u2\" | awk '{print \$1;}'");
+
+ if ($snort_up_pre_b != '') {
+ $snort_up_b = 'yes';
+ }else{
+ $snort_up_b = 'no';
+ }
+ }
+
+ return $snort_up_b;
+ }
+
+ function Running_Stop($snort_uuid, $if_real, $id) {
+ global $config;
+
+ $start_up_pre = exec("/usr/bin/top -a -U snort -u | grep -v grep | grep \"R {$snort_uuid}_{$if_real}\" | awk '{print \$1;}'");
+ $start_up_s = exec("/usr/bin/top -U snort -u | grep snort | grep {$start_up_pre} | awk '{ print $1; }'");
+ $start_up_r = exec("/usr/bin/top -U root -u | grep snort | grep {$start_up_pre} | awk '{ print $1; }'");
+
+ $start2_upb_pre = exec("/usr/bin/top -a -U snort -u | grep -v grep | grep \"snort_{$snort_uuid}_{$if_real}.u2\" | awk '{print \$1;}'");
+ $start2_upb_s = exec("/usr/bin/top -U snort -u | grep barnyard2 | grep {$start2_upb_pre} | awk '{ print $1; }'");
+ $start2_upb_r = exec("/usr/bin/top -U root -u | grep barnyard2 | grep {$start2_upb_pre} | awk '{ print $1; }'");
+
+ if ($start_up_s != "" || $start_up_r != "" || $start2_upb_s != "" || $start2_upb_r != "")
+ {
+ if ($start_up_s != "")
+ {
+ exec("/bin/kill {$start_up_s}");
+ exec("/bin/rm /var/run/snort_{$snort_uuid}_{$if_real}*");
+ }
+
+ if ($start2_upb_s != "")
+ {
+ exec("/bin/kill {$start2_upb_s}");
+ exec("/bin/rm /var/run/barnyard2_{$snort_uuid}_{$if_real}*");
+ }
+
+ if ($start_up_r != "")
+ {
+ exec("/bin/kill {$start_up_r}");
+ exec("/bin/rm /var/run/snort_{$snort_uuid}_{$if_real}*");
+ }
+
+ if ($start2_upb_r != "")
+ {
+ exec("/bin/kill {$start2_upb_r}");
+ exec("/bin/rm /var/run/barnyard2_{$snort_uuid}_{$if_real}*");
+ }
+
+ /* Log Iface stop */
+ exec("/usr/bin/logger -p daemon.info -i -t SnortStartup 'Interface Rule STOP for {$snort_uuid}_{$if_real}...'");
+ }
+ }
+
+
+ function Running_Start($snort_uuid, $if_real, $id) {
+ global $config;
+
+ $snort_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['enable'];
+ if ($snort_info_chk == 'on') {
+ exec("/usr/local/bin/snort -u snort -g snort -R \"{$snort_uuid}_{$if_real}\" -D -q -l /var/log/snort -G {$snort_uuid} -c /usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/snort.conf -i {$if_real}");
+ }
+ /* define snortbarnyardlog_chk */
+ /* top will have trouble if the uuid is to far back */
+ $snortbarnyardlog_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['barnyard_enable'];
+ $snortbarnyardlog_mysql_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['barnyard_mysql'];
+ if ($snortbarnyardlog_info_chk == 'on' && $snortbarnyardlog_mysql_info_chk != '' && $snort_info_chk == 'on') {
+ exec("/usr/local/bin/barnyard2 -f \"snort_{$snort_uuid}_{$if_real}.u2\" -u snort -g snort -c /usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/barnyard2.conf -w /usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/barnyard2.waldo -D -q");
+ }
+
+ /* Log Iface stop */
+ exec("/usr/bin/logger -p daemon.info -i -t SnortStartup 'Interface Rule START for {$id}_{$snort_uuid}_{$if_real}...'");
+ }
+
+/* get the real iface name of wan */
+function convert_friendly_interface_to_real_interface_name2($interface)
+{
+ global $config;
+
+ $lc_interface = strtolower($interface);
+ if($lc_interface == "lan") return $config['interfaces']['lan']['if'];
+ if($lc_interface == "wan") return $config['interfaces']['wan']['if'];
+ $ifdescrs = array();
+ for ($j = 1; isset($config['interfaces']['opt' . $j]); $j++)
+ $ifdescrs['opt' . $j] = "opt" . $j;
+ foreach ($ifdescrs as $ifdescr => $ifname)
+ {
+ if(strtolower($ifname) == $lc_interface)
+ return $config['interfaces'][$ifname]['if'];
+ if(strtolower($config['interfaces'][$ifname]['descr']) == $lc_interface)
+ return $config['interfaces'][$ifname]['if'];
+ }
+
+ return $interface;
+}
+
+$if_real_wan = convert_friendly_interface_to_real_interface_name2($interface_fake);
/* Allow additional execution time 0 = no limit. */
ini_set('max_execution_time', '9999');
ini_set('max_input_time', '9999');
/* define oinkid */
-if($config['installedpackages']['snort'])
- $oinkid = $config['installedpackages']['snort']['config'][0]['oinkmastercode'];
+if($config['installedpackages']['snortglobal'])
+ $oinkid = $config['installedpackages']['snortglobal']['oinkmastercode'];
+
+function snort_postinstall()
+{
+ global $config;
+ conf_mount_rw();
+
+ if(!file_exists("/var/log/snort/")) {
+ mwexec("mkdir -p /var/log/snort/");
+ mwexec("mkdir -p /var/log/snort/barnyard2");
+ }
+
+ if(!file_exists("/var/log/snort/alert"))
+ touch("/var/log/snort/alert");
+
+ /* snort -> advanced features */
+ $bpfbufsize = $config['installedpackages']['snortglobal']['bpfbufsize'];
+ $bpfmaxbufsize = $config['installedpackages']['snortglobal']['bpfmaxbufsize'];
+ $bpfmaxinsns = $config['installedpackages']['snortglobal']['bpfmaxinsns'];
+
+
+ /* create a few directories and ensure the sample files are in place */
+ exec("/bin/mkdir -p /usr/local/etc/snort");
+ exec("/bin/mkdir -p /var/log/snort");
+ exec("/bin/mkdir -p /usr/local/etc/snort/rules");
+ if(file_exists("/usr/local/etc/snort/snort.conf-sample"))
+ {
+ exec("/bin/rm /usr/local/etc/snort/snort.conf-sample");
+ exec("/bin/rm /usr/local/etc/snort/threshold.conf-sample");
+ exec("/bin/rm /usr/local/etc/snort/sid-msg.map-sample");
+ exec("/bin/rm /usr/local/etc/snort/unicode.map-sample");
+ exec("/bin/rm /usr/local/etc/snort/classification.config-sample");
+ exec("/bin/rm /usr/local/etc/snort/generators-sample");
+ exec("/bin/rm /usr/local/etc/snort/reference.config-sample");
+ exec("/bin/rm /usr/local/etc/snort/gen-msg.map-sample");
+ exec("/bin/rm /usr/local/etc/snort/sid");
+ exec("/bin/rm /usr/local/etc/rc.d/snort");
+ exec("/bin/rm /usr/local/etc/rc.d/bardyard2");
+ }
+
+ if(!file_exists("/usr/local/etc/snort/custom_rules"))
+ {
+ exec("/bin/mkdir -p /usr/local/etc/snort/custom_rules/");
+ }
+
+ exec("/usr/sbin/pw groupadd snort");
+ exec('/usr/sbin/pw useradd snort -c "SNORT USER" -d /nonexistent -g snort -s /sbin/nologin');
+ exec("/usr/sbin/chown -R snort:snort /var/log/snort");
+ exec("/usr/sbin/chown -R snort:snort /usr/local/etc/snort");
+ exec("/usr/sbin/chown -R snort:snort /usr/local/lib/snort");
+ exec("/bin/chmod -R 755 /var/log/snort");
+ exec("/bin/chmod -R 755 /usr/local/etc/snort");
+ exec("/bin/chmod -R 755 /usr/local/lib/snort");
+
+
+ /* remove example files */
+ if(file_exists("/usr/local/lib/snort/dynamicrules/lib_sfdynamic_example_rule.so.0"))
+ {
+ exec('/bin/rm /usr/local/lib/snort/dynamicrules/lib_sfdynamic_example*');
+ }
+
+ if(file_exists("/usr/local/lib/snort/dynamicpreprocessor/lib_sfdynamic_preprocessor_example.so"))
+ {
+ exec('/bin/rm /usr/local/lib/snort/dynamicpreprocessor/lib_sfdynamic_preprocessor_example*');
+ }
+
+ /* find out if were in 1.2.3-RELEASE */
+ $pfsense_ver_chk = exec('/bin/cat /etc/version');
+ if ($pfsense_ver_chk == '1.2.3-RELEASE')
+ {
+ $pfsense_stable = 'yes';
+ }else{
+ $pfsense_stable = 'no';
+ }
+
+ /* move files around, make it look clean */
+ exec('/bin/mkdir -p /usr/local/www/snort/css');
+ exec('/bin/mkdir -p /usr/local/www/snort/images');
+ exec('/bin/mkdir -p /usr/local/www/snort/javascript');
+
+ chdir ("/usr/local/www/snort/css/");
+ exec('/usr/bin/fetch http://www.pfsense.com/packages/config/snort/css/style.css');
+ exec('/usr/bin/fetch http://www.pfsense.com/packages/config/snort/css/style2.css');
+ chdir ("/usr/local/www/snort/images/");
+ exec('/usr/bin/fetch http://www.pfsense.com/packages/config/snort/images/alert.jpg');
+ exec('/usr/bin/fetch http://www.pfsense.com/packages/config/snort/images/down.gif');
+ exec('/usr/bin/fetch http://www.pfsense.com/packages/config/snort/images/down2.gif');
+ exec('/usr/bin/fetch http://www.pfsense.com/packages/config/snort/images/icon-table-sort.png');
+ exec('/usr/bin/fetch http://www.pfsense.com/packages/config/snort/images/icon-table-sort-asc.png');
+ exec('/usr/bin/fetch http://www.pfsense.com/packages/config/snort/images/icon-table-sort-desc.png');
+ exec('/usr/bin/fetch http://www.pfsense.com/packages/config/snort/images/up.gif');
+ exec('/usr/bin/fetch http://www.pfsense.com/packages/config/snort/images/up2.gif');
+ exec('/usr/bin/fetch http://www.pfsense.com/packages/config/snort/images/logo.jpg');
+ exec('/usr/bin/fetch http://www.pfsense.com/packages/config/snort/images/footer.jpg');
+ exec('/usr/bin/fetch http://www.pfsense.com/packages/config/snort/images/footer2.jpg');
+ exec('/usr/bin/fetch http://www.pfsense.com/packages/config/snort/images/icon_excli.png');
+ chdir ("/usr/local/www/snort/javascript/");
+ exec('/usr/bin/fetch http://www.pfsense.com/packages/config/snort/javascript/jquery.blockUI.js');
+ exec('/usr/bin/fetch http://www.pfsense.com/packages/config/snort/javascript/jquery-1.3.2.js');
+ exec('/usr/bin/fetch http://www.pfsense.com/packages/config/snort/javascript/mootools.js');
+ exec('/usr/bin/fetch http://www.pfsense.com/packages/config/snort/javascript/sortableTable.js');
+ exec('/usr/bin/fetch http://www.pfsense.com/packages/config/snort/javascript/tabs.js');
+
+ /* install barnyard2 for 2.0 and 1.2.3 */
+ chdir ("/usr/local/bin/");
+ if ($pfsense_stable == 'yes') {
+ exec('/usr/bin/fetch http://www.pfsense.com/packages/config/snort/bin/7.2.x86/barnyard2');
+ }else{
+ exec('/usr/bin/fetch http://www.pfsense.com/packages/config/snort/bin/8.0.x86/barnyard2');
+ }
+ exec('/bin/chmod 077 /usr/local/bin/barnyard2');
+
+ /* back to default */
+ chdir ("/root/");
+
+ conf_mount_ro();
+
+}
+
function sync_package_snort_reinstall()
{
global $config;
- if(!$config['installedpackages']['snort'])
+ conf_mount_rw();
+
+ if(!$config['installedpackages']['snortglobal'])
return;
/* create snort configuration file */
create_snort_conf();
/* start snort service */
- start_service("snort");
+ // start_service("snort"); // do not start, may be needed latter.
+
+ conf_mount_ro();
}
-function sync_package_snort()
+
+/* func for updating cron */
+function snort_rm_blocked_install_cron($should_install)
+{
+ global $config, $g;
+
+ if ($g['booting']==true)
+ return;
+
+ $is_installed = false;
+
+ if(!$config['cron']['item'])
+ return;
+
+ $x=0;
+ foreach($config['cron']['item'] as $item)
+ {
+ if (strstr($item['command'], "snort2c"))
+ {
+ $is_installed = true;
+ break;
+ }
+ $x++;
+ }
+
+ $snort_rm_blocked_info_ck = $config['installedpackages']['snortglobal']['rm_blocked'];
+ if ($snort_rm_blocked_info_ck == "1h_b")
+ {
+ $snort_rm_blocked_min = "*/5";
+ $snort_rm_blocked_hr = "*";
+ $snort_rm_blocked_mday = "*";
+ $snort_rm_blocked_month = "*";
+ $snort_rm_blocked_wday = "*";
+ $snort_rm_blocked_expire = "3600";
+ }
+ if ($snort_rm_blocked_info_ck == "3h_b")
+ {
+ $snort_rm_blocked_min = "*/15";
+ $snort_rm_blocked_hr = "*";
+ $snort_rm_blocked_mday = "*";
+ $snort_rm_blocked_month = "*";
+ $snort_rm_blocked_wday = "*";
+ $snort_rm_blocked_expire = "10800";
+ }
+ if ($snort_rm_blocked_info_ck == "6h_b")
+ {
+ $snort_rm_blocked_min = "*/30";
+ $snort_rm_blocked_hr = "*";
+ $snort_rm_blocked_mday = "*";
+ $snort_rm_blocked_month = "*";
+ $snort_rm_blocked_wday = "*";
+ $snort_rm_blocked_expire = "21600";
+ }
+ if ($snort_rm_blocked_info_ck == "12h_b")
+ {
+ $snort_rm_blocked_min = "2";
+ $snort_rm_blocked_hr = "*/1";
+ $snort_rm_blocked_mday = "*";
+ $snort_rm_blocked_month = "*";
+ $snort_rm_blocked_wday = "*";
+ $snort_rm_blocked_expire = "43200";
+ }
+ if ($snort_rm_blocked_info_ck == "1d_b")
+ {
+ $snort_rm_blocked_min = "2";
+ $snort_rm_blocked_hr = "*/2";
+ $snort_rm_blocked_mday = "*";
+ $snort_rm_blocked_month = "*";
+ $snort_rm_blocked_wday = "*";
+ $snort_rm_blocked_expire = "86400";
+ }
+ if ($snort_rm_blocked_info_ck == "4d_b")
+ {
+ $snort_rm_blocked_min = "2";
+ $snort_rm_blocked_hr = "*/8";
+ $snort_rm_blocked_mday = "*";
+ $snort_rm_blocked_month = "*";
+ $snort_rm_blocked_wday = "*";
+ $snort_rm_blocked_expire = "345600";
+ }
+ if ($snort_rm_blocked_info_ck == "7d_b")
+ {
+ $snort_rm_blocked_min = "2";
+ $snort_rm_blocked_hr = "*/14";
+ $snort_rm_blocked_mday = "*";
+ $snort_rm_blocked_month = "*";
+ $snort_rm_blocked_wday = "*";
+ $snort_rm_blocked_expire = "604800";
+ }
+ if ($snort_rm_blocked_info_ck == "28d_b")
+ {
+ $snort_rm_blocked_min = "2";
+ $snort_rm_blocked_hr = "0";
+ $snort_rm_blocked_mday = "*/2";
+ $snort_rm_blocked_month = "*";
+ $snort_rm_blocked_wday = "*";
+ $snort_rm_blocked_expire = "2419200";
+ }
+ switch($should_install)
+ {
+ case true:
+ if(!$is_installed)
+ {
+ $cron_item = array();
+ $cron_item['minute'] = "$snort_rm_blocked_min";
+ $cron_item['hour'] = "$snort_rm_blocked_hr";
+ $cron_item['mday'] = "$snort_rm_blocked_mday";
+ $cron_item['month'] = "$snort_rm_blocked_month";
+ $cron_item['wday'] = "$snort_rm_blocked_wday";
+ $cron_item['who'] = "root";
+ $cron_item['command'] = "/usr/bin/nice -n20 /usr/local/sbin/expiretable -t $snort_rm_blocked_expire snort2c";
+ $config['cron']['item'][] = $cron_item;
+ write_config("Installed $snort_rm_blocked_info_ck minute filter reload for Time Based Rules");
+ configure_cron();
+ }
+ break;
+ case false:
+ if($is_installed == true)
+ {
+ if($x > 0)
+ {
+ unset($config['cron']['item'][$x]);
+ write_config();
+ conf_mount_rw();
+ }
+ configure_cron();
+ }
+ break;
+ }
+}
+
+/* func to install snort update */
+function snort_rules_up_install_cron($should_install) {
+ global $config, $g;
+
+ if ($g['booting']==true)
+ return;
+
+ $is_installed = false;
+
+ if(!$config['cron']['item'])
+ return;
+
+ $x=0;
+ foreach($config['cron']['item'] as $item) {
+ if (strstr($item['command'], "snort_check_for_rule_updates.php")) {
+ $is_installed = true;
+ break;
+ }
+ $x++;
+ }
+ $snort_rules_up_info_ck = $config['installedpackages']['snortglobal']['autorulesupdate7'];
+ if ($snort_rules_up_info_ck == "6h_up") {
+ $snort_rules_up_min = "3";
+ $snort_rules_up_hr = "*/6";
+ $snort_rules_up_mday = "*";
+ $snort_rules_up_month = "*";
+ $snort_rules_up_wday = "*";
+ }
+ if ($snort_rules_up_info_ck == "12h_up") {
+ $snort_rules_up_min = "3";
+ $snort_rules_up_hr = "*/12";
+ $snort_rules_up_mday = "*";
+ $snort_rules_up_month = "*";
+ $snort_rules_up_wday = "*";
+ }
+ if ($snort_rules_up_info_ck == "1d_up") {
+ $snort_rules_up_min = "3";
+ $snort_rules_up_hr = "0";
+ $snort_rules_up_mday = "*/1";
+ $snort_rules_up_month = "*";
+ $snort_rules_up_wday = "*";
+ }
+ if ($snort_rules_up_info_ck == "4d_up") {
+ $snort_rules_up_min = "3";
+ $snort_rules_up_hr = "0";
+ $snort_rules_up_mday = "*/4";
+ $snort_rules_up_month = "*";
+ $snort_rules_up_wday = "*";
+ }
+ if ($snort_rules_up_info_ck == "7d_up") {
+ $snort_rules_up_min = "3";
+ $snort_rules_up_hr = "0";
+ $snort_rules_up_mday = "*/7";
+ $snort_rules_up_month = "*";
+ $snort_rules_up_wday = "*";
+ }
+ if ($snort_rules_up_info_ck == "28d_up") {
+ $snort_rules_up_min = "3";
+ $snort_rules_up_hr = "0";
+ $snort_rules_up_mday = "*/28";
+ $snort_rules_up_month = "*";
+ $snort_rules_up_wday = "*";
+ }
+ switch($should_install) {
+ case true:
+ if(!$is_installed) {
+ $cron_item = array();
+ $cron_item['minute'] = "$snort_rules_up_min";
+ $cron_item['hour'] = "$snort_rules_up_hr";
+ $cron_item['mday'] = "$snort_rules_up_mday";
+ $cron_item['month'] = "$snort_rules_up_month";
+ $cron_item['wday'] = "$snort_rules_up_wday";
+ $cron_item['who'] = "root";
+ $cron_item['command'] = "/usr/bin/nice -n20 /usr/local/bin/php -f /usr/local/pkg/snort/snort_check_for_rule_updates.php >> /usr/local/etc/snort/snort_update.log";
+ $config['cron']['item'][] = $cron_item;
+ write_config("Installed 15 minute filter reload for Time Based Rules");
+ configure_cron();
+ }
+ break;
+ case false:
+ if($is_installed == true) {
+ if($x > 0) {
+ unset($config['cron']['item'][$x]);
+ write_config();
+ conf_mount_rw();
+ }
+ configure_cron();
+ }
+ break;
+ }
+}
+
+function sync_snort_package_remove_old()
+{
+
+ global $config, $g;
+
+$snort_dir_scan = '/usr/local/etc/snort';
+
+// scan dirm might have to make this into a funtion
+$dh_scan = opendir($snort_dir_scan);
+while (false !== ($dir_filename = readdir($dh_scan))) {
+ $list_dir_files[] = $dir_filename;
+}
+
+// find patern in a array, very cool code
+class array_ereg {
+ function array_ereg($pattern) { $this->pattern = $pattern; }
+ function ereg($string) {
+ return ereg($this->pattern, $string);
+ }
+}
+
+ $rule_array2 = $config['installedpackages']['snortglobal']['rule'];
+ $id2 = -1;
+ foreach ($rule_array2 as $value)
+ {
+
+ $id += 1;
+
+ $result_lan = $config['installedpackages']['snortglobal']['rule'][$id]['interface'];
+ $if_real = convert_friendly_interface_to_real_interface_name2($result_lan);
+
+ $snort_rules_list[] = "snort_$id$if_real";
+
+ }
+
+
+$snort_dir_filter = array_filter($list_dir_files, array(new array_ereg("snort_"), 'ereg'));
+$snort_dir_filter_search_result = array_diff($snort_dir_filter, $snort_rules_list);
+
+ foreach ($snort_dir_filter_search_result as $value)
+ {
+ exec("rm -r /usr/local/etc/snort/$value");
+ }
+
+}
+
+/* make sure this func on writes to files and does not start snort */
+function sync_snort_package()
{
global $config, $g;
conf_mount_rw();
- mwexec("mkdir -p /var/log/snort/");
+ /* all new files are for the user snort nologin */
+ if(!file_exists("/var/log/snort"))
+ {
+ exec("/bin/mkdir -p /var/log/snort");
+ }
+
+ exec("/usr/sbin/chown -R snort:snort /var/log/snort");
+ exec("/usr/sbin/chown -R snort:snort /usr/local/etc/snort");
+ exec("/usr/sbin/chown -R snort:snort /usr/local/lib/snort");
+ exec("/bin/chmod -R 755 /var/log/snort");
+ exec("/bin/chmod -R 755 /usr/local/etc/snort");
+ exec("/bin/chmod -R 755 /usr/local/lib/snort");
- if(!file_exists("/var/log/snort/alert"))
- touch("/var/log/snort/alert");
- /* snort -> advanced features */
- $bpfbufsize = $config['installedpackages']['snortadvanced']['config'][0]['bpfbufsize'];
- $bpfmaxbufsize = $config['installedpackages']['snortadvanced']['config'][0]['bpfmaxbufsize'];
- $bpfmaxinsns = $config['installedpackages']['snortadvanced']['config'][0]['bpfmaxinsns'];
+ conf_mount_ro();
+}
- /* set the snort performance model */
- if($config['installedpackages']['snort']['config'][0]['performance'])
- $snort_performance = $config['installedpackages']['snort']['config'][0]['performance'];
- else
- $snort_performance = "ac-bnfa";
+/* make sure this func on writes to files and does not start snort */
+function sync_snort_package_all($id, $if_real, $snort_uuid)
+{
+ //global $config, $g, $id, $if_real, $snort_uuid, $interface_fake;
+ global $config, $g;
- /* create a few directories and ensure the sample files are in place */
- exec("/bin/mkdir -p /usr/local/etc/snort");
- exec("/bin/mkdir -p /var/log/snort");
- exec("/bin/mkdir -p /usr/local/etc/snort/rules");
- exec("/bin/rm /usr/local/etc/snort/snort.conf-sample");
- exec("/bin/rm /usr/local/etc/snort/threshold.conf-sample");
- exec("/bin/rm /usr/local/etc/snort/sid-msg.map-sample");
- exec("/bin/rm /usr/local/etc/snort/unicode.map-sample");
- exec("/bin/rm /usr/local/etc/snort/classification.config-sample");
- exec("/bin/rm /usr/local/etc/snort/generators-sample");
- exec("/bin/rm /usr/local/etc/snort/reference.config-sample");
- exec("/bin/rm /usr/local/etc/snort/gen-msg.map-sample");
- exec("/bin/rm /usr/local/etc/snort/sid");
- exec("/bin/rm -f /usr/local/etc/rc.d/snort");
-
- $first = 0;
- $snortInterfaces = array(); /* -gtm */
-
- $if_list = $config['installedpackages']['snort']['config'][0]['iface_array'];
- $if_array = split(',', $if_list);
- //print_r($if_array);
- if($if_array) {
- foreach($if_array as $iface) {
- $if = convert_friendly_interface_to_real_interface_name($iface);
-
- if($config['interfaces'][$iface]['ipaddr'] == "pppoe") {
- $if = "ng0";
- }
-
- /* build a list of user specified interfaces -gtm */
- if($if){
- array_push($snortInterfaces, $if);
- $first = 1;
+/* RedDevil suggested code */
+/* TODO: more testing needs to be done */
+exec("/sbin/sysctl net.bpf.bufsize=8388608");
+exec("/sbin/sysctl net.bpf.maxbufsize=4194304");
+exec("/sbin/sysctl net.bpf.maxinsns=512");
+exec("/sbin/sysctl net.inet.tcp.rfc1323=1");
+
+# Error checking
+if ($id != '' && $if_real != '') //new
+{
+ /* do not start config build if rules is empty */
+ if (!empty($config['installedpackages']['snortglobal']['rule']))
+ {
+
+ conf_mount_rw();
+
+ $snort_uuid = $config['installedpackages']['snortglobal']['rule'][$id]['uuid'];
+ $result_lan = $config['installedpackages']['snortglobal']['rule'][$id]['interface'];
+ $if_real = convert_friendly_interface_to_real_interface_name2($result_lan);
+
+ /* create snort configuration file */
+ create_snort_conf($id, $if_real, $snort_uuid);
+
+ /* if rules exist cp rules to each iface */
+ create_rules_iface($id, $if_real, $snort_uuid);
+
+ /* create snort bootup file snort.sh only create once */
+ create_snort_sh();
+
+ /* create barnyard2 configuration file */
+ $snortbarnyardlog_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['barnyard_enable'];
+ if ($snortbarnyardlog_info_chk == 'on')
+ create_barnyard2_conf($id, $if_real, $snort_uuid);
+
+ sync_snort_package();
+
+ conf_mount_ro();
+ }
+ }
+}
+
+/* only be run on new iface create, bootup and ip refresh */
+function sync_snort_package_empty()
+{
+ global $config, $g;
+ conf_mount_rw();
+
+ /* do not start config build if rules is empty */
+ if (!empty($config['installedpackages']['snortglobal']['rule']))
+ {
+ if ($id == "")
+ {
+
+ $rule_array = $config['installedpackages']['snortglobal']['rule'];
+ $id = -1;
+ foreach ($rule_array as $value)
+ {
+
+ if ($id == '') {
+ $id = 0;
+ }
+
+ $id += 1;
+
+ $result_lan = $config['installedpackages']['snortglobal']['rule'][$id]['interface'];
+ $if_real = convert_friendly_interface_to_real_interface_name2($result_lan);
+ $snort_uuid = $config['installedpackages']['snortglobal']['rule'][$id]['uuid'];
+
+ if ($if_real != '' && $snort_uuid != '') {
+ /* create snort configuration file */
+ create_snort_conf($id, $if_real, $snort_uuid);
+
+ /* if rules exist cp rules to each iface */
+ create_rules_iface($id, $if_real, $snort_uuid);
+
+ /* create barnyard2 configuration file */
+ $snortbarnyardlog_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['barnyard_enable'];
+ if ($snortbarnyardlog_info_chk == 'on')
+ create_barnyard2_conf($id, $if_real, $snort_uuid);
+ }
}
- }
-
- if (count($snortInterfaces) < 1) {
- log_error("Snort will not start. You must select an interface for it to listen on.");
- return;
+
+ /* create snort bootup file snort.sh only create once */
+ create_snort_sh();
+
+ sync_snort_package();
+
}
}
- //print_r($snortInterfaces);
-
- /* create log directory */
- $start = "/bin/mkdir -p /var/log/snort\n";
-
- /* snort advanced features - bpf tuning */
- if($bpfbufsize)
- $start .= "sysctl net.bpf.bufsize={$bpfbufsize}\n";
- if($bpfmaxbufsize)
- $start .= "sysctl net.bpf.maxbufsize={$bpfmaxbufsize}\n";
- if($bpfmaxinsns)
- $start .= "sysctl net.bpf.maxinsns={$bpfmaxinsns}\n";
-
- /* go ahead and issue bpf changes */
- if($bpfbufsize)
- mwexec_bg("sysctl net.bpf.bufsize={$bpfbufsize}");
- if($bpfmaxbufsize)
- mwexec_bg("sysctl net.bpf.maxbufsize={$bpfmaxbufsize}");
- if($bpfmaxinsns)
- mwexec_bg("sysctl net.bpf.maxinsns={$bpfmaxinsns}");
-
- /* always stop barnyard2 before starting snort -gtm */
- $start .= "/usr/bin/killall barnyard2\n";
-
- /* start a snort process for each interface -gtm */
- /* Note the sleep delay. Seems to help getting mult interfaces to start -gtm */
- /* snort start options are; config file, log file, demon, interface, packet flow, alert type, quiet */
- /* TODO; get snort to start under nologin shell */
- foreach($snortInterfaces as $snortIf)
+}
+
+/* Start of main config files */
+/* Start of main config files */
+
+
+/* open snort.sh for writing" */
+function create_snort_sh()
+{
+ # Don not add $id or this will break
+
+ global $config, $g;
+ conf_mount_rw();
+
+ /* do not start config build if rules is empty */
+ if (!empty($config['installedpackages']['snortglobal']['rule']))
{
- $start .= "sleep 4\n";
- $start .= "/usr/local/bin/snort -c /usr/local/etc/snort/snort.conf -l /var/log/snort -D -i {$snortIf} -q\n";
- /* define snortbarnyardlog_chk */
- $snortbarnyardlog_info_chk = $config['installedpackages']['snortadvanced']['config'][0]['snortbarnyardlog'];
- if ($snortbarnyardlog_info_chk == on)
- $start .= "\nsleep 4;/usr/local/bin/barnyard2 -c /usr/local/etc/barnyard2.conf -d /var/log/snort -f snort.u2 -w /usr/local/etc/snort/barnyard2.waldo -D -q\n";
- }
- $check_if_snort_runs = "\n\tif [ \"`ls -A /usr/local/etc/snort/rules`\" ] ; then\n\techo \"rules exist\"\n\telse\n\techo \"rules DONT exist\"\n\texit 2\n\tfi \n\n\tif [ \"`pgrep -x snort`\" = \"\" ] ; then\n\t/bin/rm /tmp/snort.sh.pid\n\tfi \n\n\tif [ \"`pgrep -x snort`\" != \"\" ] ; then\n\tlogger -p daemon.info -i -t SnortStartup \"Snort already running...\"\n\t/usr/local/bin/php -f /usr/local/pkg/pf/snort_dynamic_ip_reload.php\n\texit 1\n\tfi\n\n";
- $if_snort_pid = "\nif ls /tmp/snort.sh.pid > /dev/null\nthen\n echo \"snort.sh is running\"\n exit 0\nelse\n echo \"snort.sh is not running\"\nfi\n";
- $echo_snort_sh_pid = "\necho \"snort.sh run\" > /tmp/snort.sh.pid\n";
- $echo_snort_sh_startup_log = "\necho \"snort.sh run\" >> /tmp/snort.sh_startup.log\n";
- $del_old_pids = "\nrm -f /var/run/snort_*\n";
- $sample_before = "BEFORE_MEM=`top | grep Wired | awk '{print \$12}'`\n";
- $sample_after = "\n\tAFTER_MEM=`top | grep Wired | awk '{print \$12}'`\n";
- if ($snort_performance == "ac-bnfa")
- $sleep_before_final = "\necho \"Sleeping before final memory sampling...\"\nWAITSECURE=60\n";
- else
- $sleep_before_final = "\necho \"Sleeping before final memory sampling...\"\nWAITSECURE=300\n";
- $sleep_before_final .= "while [ \"\$MYSNORTLOG\" = \"\" -a \$WAITSECURE -gt 0 ] ; do\n\tsleep 2\n\tMYSNORTLOG=`/usr/sbin/clog /var/log/system.log | grep snort | tail | grep 'Snort initialization completed successfully'`\n\tWAITSECURE=`expr \$WAITSECURE - 1`\ndone\n";
- $total_used_after = "TOTAL_USAGE=`top | grep snort | grep -v grep | awk '{ print \$6 }'`\n";
- $echo_usage .= $sample_after . "\t" . $total_used_after . "\techo \"Ram free BEFORE starting Snort: \$BEFORE_MEM -- Ram free AFTER starting Snort: \$AFTER_MEM -- Mode " . $snort_performance . " -- Snort memory usage: \$TOTAL_USAGE\" | logger -p daemon.info -i -t SnortStartup\n\n";
+ if ($id == "")
+ {
+
+ $rule_array = $config['installedpackages']['snortglobal']['rule'];
+ $id = -1;
+ foreach ($rule_array as $value)
+ {
+
+ $id += 1;
+
+ $snort_uuid = $config['installedpackages']['snortglobal']['rule'][$id]['uuid'];
+ $result_lan = $config['installedpackages']['snortglobal']['rule'][$id]['interface'];
+ $if_real = convert_friendly_interface_to_real_interface_name2($result_lan);
+
+ /* define snortbarnyardlog_chk */
+ $snortbarnyardlog_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['barnyard_enable'];
+ $snortbarnyardlog_mysql_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['barnyard_mysql'];
+
+ if ($snortbarnyardlog_info_chk == 'on' && $snortbarnyardlog_mysql_info_chk != '') {
+ $start_barnyard2 = "sleep 4;/usr/local/bin/barnyard2 -f snort_{$snort_uuid}_{$if_real}.u2 -u snort -g snort -c /usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/barnyard2.conf -w /usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/barnyard2.waldo -D -q";
+ }
+
+/* Get all interface startup commands ready */
+
+$snort_sh_text2[] = <<<EOD
+###### For Each Iface
+
+ # If Snort proc is NOT running
+ if [ "`/bin/ps -auwx | grep -v grep | grep "R {$snort_uuid}_{$if_real}" | awk '{print $2;}'`" = "" ]; then
+
+ /bin/echo "snort.sh run" > /tmp/snort.sh.pid
- /* write out rc.d start/stop file */
- write_rcfile(array(
- "file" => "snort.sh",
- "start" => "{$check_if_snort_runs}{$if_snort_pid}{$echo_snort_sh_pid}{$echo_snort_sh_startup_log}{$del_old_pids}{$sample_before}{$start}{$sleep_before_final}{$echo_usage}",
- "stop" => "/usr/bin/killall snort; killall barnyard2"
- )
- );
+ # Start snort and barnyard2
+ /bin/rm /var/run/snort_{$snort_uuid}_{$if_real}.pid
+ /bin/rm /var/run/snort_{$snort_uuid}_{$if_real}.pid.lck
- /* create snort configuration file */
- create_snort_conf();
+ /usr/local/bin/snort -u snort -g snort -R {$snort_uuid}_{$if_real} -D -q -l /var/log/snort -G {$snort_uuid} -c /usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/snort.conf -i {$if_real}
+ $start_barnyard2
-/* create barnyard2 configuration file */
-$snortbarnyardlog_info_chk = $config['installedpackages']['snortadvanced']['config'][0]['snortbarnyardlog'];
-if ($snortbarnyardlog_info_chk == on)
- create_barnyard2_conf();
+ /usr/bin/logger -p daemon.info -i -t SnortStartup "Snort HARD Reload For {$snort_uuid}_{$if_real}..."
- /* snort will not start on install untill setting are set */
-if ($config['installedpackages']['snort']['config'][0]['autorulesupdate7'] != "") {
- /* start snort service */
- conf_mount_ro();
- start_service("snort");
+ fi
+EOD;
+
+$snort_sh_text3[] = <<<EOE
+
+###### For Each Iface
+
+ #### Fake start only used on bootup and Pfsense IP changes
+ #### Only try to restart if snort is running on Iface
+ if [ "`/bin/ps -auwx | /usr/bin/grep -v grep | /usr/bin/grep "R {$snort_uuid}_{$if_real}" | /usr/bin/awk '{print $2;}'`" != "" ]; then
+
+ snort_pid="`/bin/ps -auwx | /usr/bin/grep -v grep | /usr/bin/grep "R {$snort_uuid}_{$if_real}" | /usr/bin/awk '{print $2;}'`"
+ /usr/bin/logger -p daemon.info -i -t SnortStartup "Snort already running, soft restart"
+
+ #### Restart Iface
+ /bin/kill -HUP \${snort_pid}
+ /usr/bin/logger -p daemon.info -i -t SnortStartup "Snort Soft Reload For {$snort_uuid}_{$if_real}..."
+
+ fi
+
+EOE;
+
+$snort_sh_text4[] = <<<EOF
+
+ pid_s=`/bin/ps -auwx | /usr/bin/grep -v grep | /usr/bin/grep "R {$snort_uuid}_{$if_real}" | /usr/bin/awk '{print \$2;}'`
+ sleep 3
+ pid_b=`/bin/ps -auwx | /usr/bin/grep -v grep | /usr/bin/grep "snort_{$snort_uuid}_{$if_real}.u2" | /usr/bin/awk '{print \$2;}'`
+
+ if [ \${pid_s} ] ; then
+
+ /bin/echo "snort.sh run" > /tmp/snort.sh.pid
+ /usr/bin/logger -p daemon.info -i -t SnortStartup "Snort HARD STOP For {$snort_uuid}_{$if_real}..."
+
+ /bin/kill \${pid_s}
+ sleep 3
+ /bin/kill \${pid_b}
+
+ /bin/rm /var/run/snort_{$snort_uuid}_{$if_real}.pid.lck
+ /bin/rm /var/run/snort_{$snort_uuid}_{$if_real}.pid
+
+ fi
+
+EOF;
+
+ }
+ }
}
+
+
+$start_snort_iface_start = implode("\n\n", $snort_sh_text2);
+
+$start_snort_iface_restart = implode("\n\n", $snort_sh_text3);
+
+$start_snort_iface_stop = implode("\n\n", $snort_sh_text4);
+
+/* open snort.sh for writing" */
+conf_mount_rw();
+
+$snort_sh_text = <<<EOD
+#!/bin/sh
+########
+# This file was automatically generated
+# by the pfSense service handler.
+# Code added to protect from double starts on pfSense bootup
+######## Begining of Main snort.sh
+
+rc_start() {
+
+ #### Check for double starts, Pfsense has problems with that
+ if /bin/ls /tmp/snort.sh.pid > /dev/null ; then
+
+ /usr/bin/logger -p daemon.info -i -t SnortStartup "Error: snort.sh IS running"
+ exit 0
+
+ fi
+
+ /bin/echo "snort.sh run" > /tmp/snort.sh.pid
+
+ #### Remake the configs on boot Important!
+ /usr/local/bin/php -f /usr/local/pkg/pf/snort_dynamic_ip_reload.php
+ /usr/bin/logger -p daemon.info -i -t SnortStartup "Snort Startup files Sync..."
+
+$start_snort_iface_restart
+
+ /bin/rm /tmp/snort.sh.pid
+
+ #### If on Fake start snort is NOT running DO a real start.
+ if [ "`/bin/ps -auwx | grep -v grep | grep "R {$snort_uuid}_{$if_real}" | awk '{print $2;}'`" = "" ]; then
+
+ rc_start_real
+
+ fi
+}
+
+rc_start_real() {
+
+ #### Check for double starts, Pfsense has problems with that
+ if /bin/ls /tmp/snort.sh.pid > /dev/null ; then
+ /usr/bin/logger -p daemon.info -i -t SnortStartup "Error: snort.sh IS running"
+ exit 0
+ fi
+
+$start_snort_iface_start
+
+ /bin/rm /tmp/snort.sh.pid
+
+}
+
+rc_stop() {
+
+ #### Check for double starts, Pfsense has problems with that
+ if /bin/ls /tmp/snort.sh.pid > /dev/null ; then
+ /usr/bin/logger -p daemon.info -i -t SnortStartup "Error: snort.sh IS running"
+ exit 0
+ fi
+
+$start_snort_iface_stop
+
+ /bin/rm /tmp/snort.sh.pid
+ /bin/rm /var/run/snort*
+
+}
+
+case $1 in
+ start)
+ rc_start
+ ;;
+ start_real)
+ rc_start_real
+ ;;
+ stop)
+ rc_stop
+ ;;
+ restart)
+ rc_stop
+ rc_start_real
+ ;;
+esac
+
+EOD;
+
+ /* write out snort.sh */
+ $bconf = fopen("/usr/local/etc/rc.d/snort.sh", "w");
+ if(!$bconf) {
+ log_error("Could not open /usr/local/etc/rc.d/snort.sh for writing.");
+ exit;
+ }
+ /* write snort.sh */
+ fwrite($bconf, $snort_sh_text);
+ fclose($bconf);
+
+}
+
+
+///////////////////////// >>>>>>>>>>>>
+
+/* if rules exist copy to new interfaces */
+function create_rules_iface($id, $if_real, $snort_uuid)
+{
+
+ global $config, $g;
+ conf_mount_rw();
+
+ $if_rule_dir = "/usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/rules";
+ $folder_chk = (count(glob("$if_rule_dir/*")) === 0) ? 'empty' : 'full';
+
+ if ($folder_chk == "empty")
+ {
+ exec("/bin/cp -R /usr/local/etc/snort/rules /usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}");
+ if (file_exists("/usr/local/etc/snort/custom_rules/local_{$snort_uuid}_{$if_real}.rules"))
+ {
+ exec("/bin/cp /usr/local/etc/snort/custom_rules/local_{$snort_uuid}_{$if_real}.rules /usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/rules/local_{$snort_uuid}_{$if_real}.rules");
+ }
+ }
+
}
/* open barnyard2.conf for writing */
-function create_barnyard2_conf() {
- global $bconfig, $bg;
+function create_barnyard2_conf($id, $if_real, $snort_uuid) {
+ global $bconfig, $g;
/* write out barnyard2_conf */
- conf_mount_rw();
- $barnyard2_conf_text = generate_barnyard2_conf();
- $bconf = fopen("/usr/local/etc/barnyard2.conf", "w");
+
+ if(!file_exists("/usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/barnyard2.conf"))
+ {
+ exec("/bin//usr/bin/touch /usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/barnyard2.conf");
+ }
+
+ $barnyard2_conf_text = generate_barnyard2_conf($id, $if_real, $snort_uuid);
+ $bconf = fopen("/usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/barnyard2.conf", "w");
if(!$bconf) {
- log_error("Could not open /usr/local/etc/barnyard2.conf for writing.");
+ log_error("Could not open /usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/barnyard2.conf for writing.");
exit;
}
fwrite($bconf, $barnyard2_conf_text);
fclose($bconf);
- conf_mount_ro();
}
+
/* open barnyard2.conf for writing" */
-function generate_barnyard2_conf() {
+function generate_barnyard2_conf($id, $if_real, $snort_uuid) {
global $config, $g;
conf_mount_rw();
/* define snortbarnyardlog */
-/* TODO add support for the other 5 output plugins */
+/* TODO: add support for the other 5 output plugins */
-$snortbarnyardlog_database_info_chk = $config['installedpackages']['snortadvanced']['config'][0]['snortbarnyardlog_database'];
-$snortbarnyardlog_hostname_info_chk = $config['installedpackages']['snortadvanced']['config'][0]['snortbarnyardlog_hostname'];
-$snortbarnyardlog_interface_info_chk = $config['installedpackages']['snortadvanced']['config'][0]['snortbarnyardlog_interface'];
+$snortbarnyardlog_database_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['barnyard_mysql'];
+$snortbarnyardlog_hostname_info_chk = exec("/bin/hostname");
$barnyard2_conf_text = <<<EOD
# barnyard2.conf
# barnyard2 can be found at http://www.securixlive.com/barnyard2/index.php
-
+#
# Copyright (C) 2006 Robert Zelaya
# part of pfSense
# All rights reserved.
-
-# Redistribution and use in source and binary forms, with or without
-# modification, are permitted provided that the following conditions are met:
-
+#
# 1. Redistributions of source code must retain the above copyright notice,
# this list of conditions and the following disclaimer.
-
+#
# 2. Redistributions in binary form must reproduce the above copyright
# notice, this list of conditions and the following disclaimer in the
# documentation and/or other materials provided with the distribution.
-
+#
# THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
# INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
# AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
@@ -248,93 +1016,125 @@ $barnyard2_conf_text = <<<EOD
# CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
# ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
# POSSIBILITY OF SUCH DAMAGE.
+#
# set the appropriate paths to the file(s) your Snort process is using
-config reference-map: /usr/local/etc/snort/reference.config
-config class-map: /usr/local/etc/snort/classification.config
-config gen-msg-map: /usr/local/etc/snort/gen-msg.map
-config sid-msg-map: /usr/local/etc/snort/sid-msg.map
+
+config reference_file: /usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/reference.config
+config classification_file: /usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/classification.config
+config gen_file: /usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/gen-msg.map
+config sid_file: /usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/sid-msg.map
config hostname: $snortbarnyardlog_hostname_info_chk
-config interface: $snortbarnyardlog_interface_info_chk
+config interface: {$snort_uuid}_{$if_real}
# Step 2: setup the input plugins
input unified2
+config logdir: /var/log/snort
+
# database: log to a variety of databases
# output database: log, mysql, user=xxxx password=xxxxxx dbname=xxxx host=xxx.xxx.xxx.xxxx
$snortbarnyardlog_database_info_chk
EOD;
- conf_mount_rw();
+
return $barnyard2_conf_text;
}
-function create_snort_conf() {
+function create_snort_conf($id, $if_real, $snort_uuid)
+{
global $config, $g;
/* write out snort.conf */
- $snort_conf_text = generate_snort_conf();
+
+ if ($if_real != '' && $snort_uuid != '') {
+
+ $snort_conf_text = generate_snort_conf($id, $if_real, $snort_uuid);
conf_mount_rw();
- $conf = fopen("/usr/local/etc/snort/snort.conf", "w");
+ $conf = fopen("/usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/snort.conf", "w");
if(!$conf) {
- log_error("Could not open /usr/local/etc/snort/snort.conf for writing.");
+ log_error("Could not open /usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/snort.conf for writing.");
exit;
}
fwrite($conf, $snort_conf_text);
fclose($conf);
conf_mount_ro();
+ }
}
-function snort_deinstall() {
+function snort_deinstall()
+{
- global $config, $g;
+ global $config, $g, $id, $if_real;
+ conf_mount_rw();
/* remove custom sysctl */
remove_text_from_file("/etc/sysctl.conf", "sysctl net.bpf.bufsize=20480");
/* decrease bpf buffers back to 4096, from 20480 */
exec("/sbin/sysctl net.bpf.bufsize=4096");
- exec("/usr/bin/killall snort");
- sleep(5);
- exec("/usr/bin/killall -9 snort");
- exec("rm -f /usr/local/etc/rc.d/snort*");
+ exec("/usr/usr/bin/killall snort");
+ sleep(2);
+ exec("/usr/usr/bin/killall -9 snort");
+ sleep(2);
+ exec("/usr/usr/bin/killall barnyard2");
+ sleep(2);
+ exec("/usr/usr/bin/killall -9 barnyard2");
+ sleep(2);
+ exec("/usr/sbin/pw userdel snort");
+ exec("/usr/sbin/pw groupdel snort");
exec("rm -rf /usr/local/etc/snort*");
+ //exec("cd /var/db/pkg && pkg_delete `ls | grep barnyard2`");
exec("cd /var/db/pkg && pkg_delete `ls | grep snort`");
- exec("cd /var/db/pkg && pkg_delete `ls | grep mysql-client`");
- exec("cd /var/db/pkg && pkg_delete `ls | grep libdnet`");
- exec("/usr/bin/killall -9 snort");
- exec("/usr/bin/killall snort");
+ exec("cd /var/db/pkg && pkg_delete `ls | grep mysql`");
+ exec("cd /var/db/pkg && pkg_delete `ls | grep pcre`");
+ exec("cd /var/db/pkg && pkg_delete `ls | grep perl`");
/* Remove snort cron entries Ugly code needs smoothness*/
-
- function snort_rm_blocked_deinstall_cron($should_install) {
+
+function snort_rm_blocked_deinstall_cron($should_install)
+{
global $config, $g;
+ conf_mount_rw();
$is_installed = false;
if(!$config['cron']['item'])
- return;
+ return;
$x=0;
- foreach($config['cron']['item'] as $item) {
- if (strstr($item['command'], "snort2c")) {
- $is_installed = true;
- break;
- }
- $x++;
- }
- if($is_installed == true) {
- if($x > 0) {
- unset($config['cron']['item'][$x]);
- write_config();
- }
- configure_cron();
- }
+ foreach($config['cron']['item'] as $item)
+ {
+ if (strstr($item['command'], "snort2c"))
+ {
+ $is_installed = true;
+ break;
+ }
+
+ $x++;
+
}
-
- function snort_rules_up_deinstall_cron($should_install) {
+ if($is_installed == true)
+ {
+ if($x > 0)
+ {
+ unset($config['cron']['item'][$x]);
+ write_config();
+ conf_mount_rw();
+ }
+
+ configure_cron();
+
+ }
+ conf_mount_ro();
+
+}
+
+ function snort_rules_up_deinstall_cron($should_install)
+{
global $config, $g;
+ conf_mount_rw();
$is_installed = false;
@@ -353,10 +1153,11 @@ function snort_deinstall() {
if($x > 0) {
unset($config['cron']['item'][$x]);
write_config();
+ conf_mount_rw();
}
configure_cron();
}
- }
+}
snort_rm_blocked_deinstall_cron("");
snort_rules_up_deinstall_cron("");
@@ -364,177 +1165,200 @@ snort_rules_up_deinstall_cron("");
/* Unset snort registers in conf.xml IMPORTANT snort will not start with out this */
/* Keep this as a last step */
- unset($config['installedpackages']['snort']['config'][0]['autorulesupdate7']);
- unset($config['installedpackages']['snort']['config'][0]['rm_blocked']);
+ unset($config['installedpackages']['snortglobal']);
write_config();
+ conf_mount_rw();
+
+ exec("rm -r /usr/local/www/snort");
+ exec("rm -r /usr/local/pkg/snort");
+ exec("rm -r /usr/local/lib/snort/");
+ exec("rm -r /var/log/snort/");
+ conf_mount_ro();
+
}
-function generate_snort_conf() {
+function generate_snort_conf($id, $if_real, $snort_uuid)
+{
global $config, $g;
+
conf_mount_rw();
+
/* obtain external interface */
/* XXX: make multi wan friendly */
- $snort_ext_int = $config['installedpackages']['snort']['config'][0]['iface_array'][0];
+ $snort_ext_int = $config['installedpackages']['snortglobal']['rule'][$id]['interface'];
- $snort_config_pass_thru = $config['installedpackages']['snortadvanced']['config'][0]['configpassthru'];
+ /* create basic files */
+ if(!file_exists("/usr/local/etc/snort/snort/snort_{$snort_uuid}_{$if_real}"))
+ {
+ exec("/bin/mkdir -p /usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/");
+ exec("/bin/mkdir -p /usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/rules");
+
+ if(!file_exists("/usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/gen-msg.map"))
+ {
+ exec("/bin/cp /usr/local/etc/snort/classification.config /usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/classification.config");
+ exec("/bin/cp /usr/local/etc/snort/gen-msg.map /usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/gen-msg.map");
+ exec("/bin/cp /usr/local/etc/snort/reference.config /usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/reference.config");
+ exec("/bin/cp /usr/local/etc/snort/sid-msg.map /usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/sid-msg.map");
+ exec("/bin/cp /usr/local/etc/snort/unicode.map /usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/unicode.map");
+ exec("/bin/cp /usr/local/etc/snort/threshold.conf /usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/threshold.conf");
+ exec("/bin/cp /usr/local/etc/snort/snort.conf /usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/snort.conf");
+ exec("/bin/cp/usr/bin/touch /usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/barnyard2.conf");
+ exec("/bin/mkdir -p /usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/rules");
+ }
+ }
/* define snortalertlogtype */
-$snortalertlogtype = $config['installedpackages']['snortadvanced']['config'][0]['snortalertlogtype'];
+$snortalertlogtype = $config['installedpackages']['snortglobal']['snortalertlogtype'];
if ($snortalertlogtype == fast)
$snortalertlogtype_type = "output alert_fast: alert";
else
$snortalertlogtype_type = "output alert_full: alert";
/* define alertsystemlog */
-$alertsystemlog_info_chk = $config['installedpackages']['snortadvanced']['config'][0]['alertsystemlog'];
+$alertsystemlog_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['alertsystemlog'];
if ($alertsystemlog_info_chk == on)
$alertsystemlog_type = "output alert_syslog: log_alert";
/* define tcpdumplog */
-$tcpdumplog_info_chk = $config['installedpackages']['snortadvanced']['config'][0]['tcpdumplog'];
+$tcpdumplog_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['tcpdumplog'];
if ($tcpdumplog_info_chk == on)
$tcpdumplog_type = "output log_tcpdump: snorttcpd.log";
-/* define snortbarnyardlog_chk */
-$snortbarnyardlog_info_chk = $config['installedpackages']['snortadvanced']['config'][0]['snortbarnyardlog'];
-if ($snortbarnyardlog_info_chk == on)
- $snortbarnyardlog_type = "barnyard2 -c /usr/local/etc/barnyard2.conf -d /var/log/snort -f snort.u2 -w /usr/local/etc/snort/barnyard2.waldo -D";
-
/* define snortunifiedlog */
-$snortunifiedlog_info_chk = $config['installedpackages']['snortadvanced']['config'][0]['snortunifiedlog'];
+$snortunifiedlog_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['snortunifiedlog'];
if ($snortunifiedlog_info_chk == on)
- $snortunifiedlog_type = "output unified2: filename snort.u2, limit 128";
+ $snortunifiedlog_type = "output unified2: filename snort_{$snort_uuid}_{$if_real}.u2, limit 128";
-/* define spoink */
-$spoink_info_chk = $config['installedpackages']['snort']['config'][0]['blockoffenders7'];
+/* define spoink (DISABLED)*/
+$spoink_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['blockoffenders7'];
if ($spoink_info_chk == on)
$spoink_type = "output alert_pf: /var/db/whitelist,snort2c";
/* define servers and ports snortdefservers */
/* def DNS_SERVSERS */
-$def_dns_servers_info_chk = $config['installedpackages']['snortdefservers']['config'][0]['def_dns_servers'];
+$def_dns_servers_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['def_dns_servers'];
if ($def_dns_servers_info_chk == "")
$def_dns_servers_type = "\$HOME_NET";
else
$def_dns_servers_type = "$def_dns_servers_info_chk";
/* def DNS_PORTS */
-$def_dns_ports_info_chk = $config['installedpackages']['snortdefservers']['config'][0]['def_dns_ports'];
+$def_dns_ports_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['def_dns_ports'];
if ($def_dns_ports_info_chk == "")
$def_dns_ports_type = "53";
else
$def_dns_ports_type = "$def_dns_ports_info_chk";
/* def SMTP_SERVSERS */
-$def_smtp_servers_info_chk = $config['installedpackages']['snortdefservers']['config'][0]['def_smtp_servers'];
+$def_smtp_servers_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['def_smtp_servers'];
if ($def_smtp_servers_info_chk == "")
$def_smtp_servers_type = "\$HOME_NET";
else
$def_smtp_servers_type = "$def_smtp_servers_info_chk";
/* def SMTP_PORTS */
-$def_smtp_ports_info_chk = $config['installedpackages']['snortdefservers']['config'][0]['def_smtp_ports'];
+$def_smtp_ports_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['def_smtp_ports'];
if ($def_smtp_ports_info_chk == "")
$def_smtp_ports_type = "25";
else
$def_smtp_ports_type = "$def_smtp_ports_info_chk";
/* def MAIL_PORTS */
-$def_mail_ports_info_chk = $config['installedpackages']['snortdefservers']['config'][0]['def_mail_ports'];
+$def_mail_ports_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['def_mail_ports'];
if ($def_mail_ports_info_chk == "")
$def_mail_ports_type = "25,143,465,691";
else
$def_mail_ports_type = "$def_mail_ports_info_chk";
/* def HTTP_SERVSERS */
-$def_http_servers_info_chk = $config['installedpackages']['snortdefservers']['config'][0]['def_http_servers'];
+$def_http_servers_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['def_http_servers'];
if ($def_http_servers_info_chk == "")
$def_http_servers_type = "\$HOME_NET";
else
$def_http_servers_type = "$def_http_servers_info_chk";
/* def WWW_SERVSERS */
-$def_www_servers_info_chk = $config['installedpackages']['snortdefservers']['config'][0]['def_www_servers'];
+$def_www_servers_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['def_www_servers'];
if ($def_www_servers_info_chk == "")
$def_www_servers_type = "\$HOME_NET";
else
$def_www_servers_type = "$def_www_servers_info_chk";
/* def HTTP_PORTS */
-$def_http_ports_info_chk = $config['installedpackages']['snortdefservers']['config'][0]['def_http_ports'];
+$def_http_ports_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['def_http_ports'];
if ($def_http_ports_info_chk == "")
$def_http_ports_type = "80";
else
$def_http_ports_type = "$def_http_ports_info_chk";
/* def SQL_SERVSERS */
-$def_sql_servers_info_chk = $config['installedpackages']['snortdefservers']['config'][0]['def_sql_servers'];
+$def_sql_servers_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['def_sql_servers'];
if ($def_sql_servers_info_chk == "")
$def_sql_servers_type = "\$HOME_NET";
else
$def_sql_servers_type = "$def_sql_servers_info_chk";
/* def ORACLE_PORTS */
-$def_oracle_ports_info_chk = $config['installedpackages']['snortdefservers']['config'][0]['def_oracle_ports'];
+$def_oracle_ports_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['def_oracle_ports'];
if ($def_oracle_ports_info_chk == "")
$def_oracle_ports_type = "1521";
else
$def_oracle_ports_type = "$def_oracle_ports_info_chk";
/* def MSSQL_PORTS */
-$def_mssql_ports_info_chk = $config['installedpackages']['snortdefservers']['config'][0]['def_mssql_ports'];
+$def_mssql_ports_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['def_mssql_ports'];
if ($def_mssql_ports_info_chk == "")
$def_mssql_ports_type = "1433";
else
$def_mssql_ports_type = "$def_mssql_ports_info_chk";
/* def TELNET_SERVSERS */
-$def_telnet_servers_info_chk = $config['installedpackages']['snortdefservers']['config'][0]['def_telnet_servers'];
+$def_telnet_servers_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['def_telnet_servers'];
if ($def_telnet_servers_info_chk == "")
$def_telnet_servers_type = "\$HOME_NET";
else
$def_telnet_servers_type = "$def_telnet_servers_info_chk";
/* def TELNET_PORTS */
-$def_telnet_ports_info_chk = $config['installedpackages']['snortdefservers']['config'][0]['def_telnet_ports'];
+$def_telnet_ports_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['def_telnet_ports'];
if ($def_telnet_ports_info_chk == "")
$def_telnet_ports_type = "23";
else
$def_telnet_ports_type = "$def_telnet_ports_info_chk";
/* def SNMP_SERVSERS */
-$def_snmp_servers_info_chk = $config['installedpackages']['snortdefservers']['config'][0]['def_snmp_servers'];
+$def_snmp_servers_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['def_snmp_servers'];
if ($def_snmp_servers_info_chk == "")
$def_snmp_servers_type = "\$HOME_NET";
else
$def_snmp_servers_type = "$def_snmp_servers_info_chk";
/* def SNMP_PORTS */
-$def_snmp_ports_info_chk = $config['installedpackages']['snortdefservers']['config'][0]['def_snmp_ports'];
+$def_snmp_ports_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['def_snmp_ports'];
if ($def_snmp_ports_info_chk == "")
$def_snmp_ports_type = "161";
else
$def_snmp_ports_type = "$def_snmp_ports_info_chk";
/* def FTP_SERVSERS */
-$def_ftp_servers_info_chk = $config['installedpackages']['snortdefservers']['config'][0]['def_ftp_servers'];
+$def_ftp_servers_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['def_ftp_servers'];
if ($def_ftp_servers_info_chk == "")
$def_ftp_servers_type = "\$HOME_NET";
else
$def_ftp_servers_type = "$def_ftp_servers_info_chk";
/* def FTP_PORTS */
-$def_ftp_ports_info_chk = $config['installedpackages']['snortdefservers']['config'][0]['def_ftp_ports'];
+$def_ftp_ports_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['def_ftp_ports'];
if ($def_ftp_ports_info_chk == "")
$def_ftp_ports_type = "21";
else
$def_ftp_ports_type = "$def_ftp_ports_info_chk";
/* def SSH_SERVSERS */
-$def_ssh_servers_info_chk = $config['installedpackages']['snortdefservers']['config'][0]['def_ssh_servers'];
+$def_ssh_servers_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['def_ssh_servers'];
if ($def_ssh_servers_info_chk == "")
$def_ssh_servers_type = "\$HOME_NET";
else
@@ -547,360 +1371,124 @@ else
$ssh_port = "22";
/* def SSH_PORTS */
-$def_ssh_ports_info_chk = $config['installedpackages']['snortdefservers']['config'][0]['def_ssh_ports'];
+$def_ssh_ports_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['def_ssh_ports'];
if ($def_ssh_ports_info_chk == "")
$def_ssh_ports_type = "{$ssh_port}";
else
$def_ssh_ports_type = "$def_ssh_ports_info_chk";
/* def POP_SERVSERS */
-$def_pop_servers_info_chk = $config['installedpackages']['snortdefservers']['config'][0]['def_pop_servers'];
+$def_pop_servers_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['def_pop_servers'];
if ($def_pop_servers_info_chk == "")
$def_pop_servers_type = "\$HOME_NET";
else
$def_pop_servers_type = "$def_pop_servers_info_chk";
/* def POP2_PORTS */
-$def_pop2_ports_info_chk = $config['installedpackages']['snortdefservers']['config'][0]['def_pop2_ports'];
+$def_pop2_ports_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['def_pop2_ports'];
if ($def_pop2_ports_info_chk == "")
$def_pop2_ports_type = "109";
else
$def_pop2_ports_type = "$def_pop2_ports_info_chk";
/* def POP3_PORTS */
-$def_pop3_ports_info_chk = $config['installedpackages']['snortdefservers']['config'][0]['def_pop3_ports'];
+$def_pop3_ports_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['def_pop3_ports'];
if ($def_pop3_ports_info_chk == "")
$def_pop3_ports_type = "110";
else
$def_pop3_ports_type = "$def_pop3_ports_info_chk";
/* def IMAP_SERVSERS */
-$def_imap_servers_info_chk = $config['installedpackages']['snortdefservers']['config'][0]['def_imap_servers'];
+$def_imap_servers_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['def_imap_servers'];
if ($def_imap_servers_info_chk == "")
$def_imap_servers_type = "\$HOME_NET";
else
$def_imap_servers_type = "$def_imap_servers_info_chk";
/* def IMAP_PORTS */
-$def_imap_ports_info_chk = $config['installedpackages']['snortdefservers']['config'][0]['def_imap_ports'];
+$def_imap_ports_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['def_imap_ports'];
if ($def_imap_ports_info_chk == "")
$def_imap_ports_type = "143";
else
$def_imap_ports_type = "$def_imap_ports_info_chk";
/* def SIP_PROXY_IP */
-$def_sip_proxy_ip_info_chk = $config['installedpackages']['snortdefservers']['config'][0]['def_sip_proxy_ip'];
+$def_sip_proxy_ip_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['def_sip_proxy_ip'];
if ($def_sip_proxy_ip_info_chk == "")
$def_sip_proxy_ip_type = "\$HOME_NET";
else
$def_sip_proxy_ip_type = "$def_sip_proxy_ip_info_chk";
/* def SIP_PROXY_PORTS */
-$def_sip_proxy_ports_info_chk = $config['installedpackages']['snortdefservers']['config'][0]['def_sip_proxy_ports'];
+$def_sip_proxy_ports_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['def_sip_proxy_ports'];
if ($def_sip_proxy_ports_info_chk == "")
$def_sip_proxy_ports_type = "5060:5090,16384:32768";
else
$def_sip_proxy_ports_type = "$def_sip_proxy_ports_info_chk";
/* def AUTH_PORTS */
-$def_auth_ports_info_chk = $config['installedpackages']['snortdefservers']['config'][0]['def_auth_ports'];
+$def_auth_ports_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['def_auth_ports'];
if ($def_auth_ports_info_chk == "")
$def_auth_ports_type = "113";
else
$def_auth_ports_type = "$def_auth_ports_info_chk";
/* def FINGER_PORTS */
-$def_finger_ports_info_chk = $config['installedpackages']['snortdefservers']['config'][0]['def_finger_ports'];
+$def_finger_ports_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['def_finger_ports'];
if ($def_finger_ports_info_chk == "")
$def_finger_ports_type = "79";
else
$def_finger_ports_type = "$def_finger_ports_info_chk";
/* def IRC_PORTS */
-$def_irc_ports_info_chk = $config['installedpackages']['snortdefservers']['config'][0]['def_irc_ports'];
+$def_irc_ports_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['def_irc_ports'];
if ($def_irc_ports_info_chk == "")
$def_irc_ports_type = "6665,6666,6667,6668,6669,7000";
else
$def_irc_ports_type = "$def_irc_ports_info_chk";
/* def NNTP_PORTS */
-$def_nntp_ports_info_chk = $config['installedpackages']['snortdefservers']['config'][0]['def_nntp_ports'];
+$def_nntp_ports_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['def_nntp_ports'];
if ($def_nntp_ports_info_chk == "")
$def_nntp_ports_type = "119";
else
$def_nntp_ports_type = "$def_nntp_ports_info_chk";
/* def RLOGIN_PORTS */
-$def_rlogin_ports_info_chk = $config['installedpackages']['snortdefservers']['config'][0]['def_rlogin_ports'];
+$def_rlogin_ports_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['def_rlogin_ports'];
if ($def_rlogin_ports_info_chk == "")
$def_rlogin_ports_type = "513";
else
$def_rlogin_ports_type = "$def_rlogin_ports_info_chk";
/* def RSH_PORTS */
-$def_rsh_ports_info_chk = $config['installedpackages']['snortdefservers']['config'][0]['def_rsh_ports'];
+$def_rsh_ports_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['def_rsh_ports'];
if ($def_rsh_ports_info_chk == "")
$def_rsh_ports_type = "514";
else
$def_rsh_ports_type = "$def_rsh_ports_info_chk";
/* def SSL_PORTS */
-$def_ssl_ports_info_chk = $config['installedpackages']['snortdefservers']['config'][0]['def_ssl_ports'];
+$def_ssl_ports_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['def_ssl_ports'];
if ($def_ssl_ports_info_chk == "")
- $def_ssl_ports_type = "25,443,465,636,993,995";
+ $def_ssl_ports_type = "443,465,563,636,989,990,992,993,994,995";
else
$def_ssl_ports_type = "$def_ssl_ports_info_chk";
- /* add auto update scripts to /etc/crontab */
-// $text_ww = "*/60\t* \t 1\t *\t *\t root\t /usr/bin/nice -n20 /usr/local/pkg/snort_check_for_rule_updates.php";
-// $filenamea = "/etc/crontab";
-// remove_text_from_file($filenamea, $text_ww);
-// add_text_to_file($filenamea, $text_ww);
-// exec("killall -HUP cron"); */
-
/* should we install a automatic update crontab entry? */
- $automaticrulesupdate = $config['installedpackages']['snort']['config'][0]['automaticrulesupdate'];
+ $automaticrulesupdate = $config['installedpackages']['snortglobal']['automaticrulesupdate7'];
/* if user is on pppoe, we really want to use ng0 interface */
if($config['interfaces'][$snort_ext_int]['ipaddr'] == "pppoe")
$snort_ext_int = "ng0";
/* set the snort performance model */
- if($config['installedpackages']['snort']['config'][0]['performance'])
- $snort_performance = $config['installedpackages']['snort']['config'][0]['performance'];
+ if($config['installedpackages']['snortglobal']['rule'][$id]['performance'])
+ $snort_performance = $config['installedpackages']['snortglobal']['rule'][$id]['performance'];
else
$snort_performance = "ac-bnfa";
- /* set the snort block hosts time IMPORTANT snort has trouble installing if snort_rm_blocked_info_ck != "" */
- $snort_rm_blocked_info_ck = $config['installedpackages']['snort']['config'][0]['rm_blocked'];
- if ($snort_rm_blocked_info_ck == "never_b")
- $snort_rm_blocked_false = "";
- else
- $snort_rm_blocked_false = "true";
-
-if ($snort_rm_blocked_info_ck != "") {
-function snort_rm_blocked_install_cron($should_install) {
- global $config, $g;
- conf_mount_rw();
- if ($g['booting']==true)
- return;
-
- $is_installed = false;
-
- if(!$config['cron']['item'])
- return;
-
- $x=0;
- foreach($config['cron']['item'] as $item) {
- if (strstr($item['command'], "snort2c")) {
- $is_installed = true;
- break;
- }
- $x++;
- }
- $snort_rm_blocked_info_ck = $config['installedpackages']['snort']['config'][0]['rm_blocked'];
- if ($snort_rm_blocked_info_ck == "1h_b") {
- $snort_rm_blocked_min = "*/5";
- $snort_rm_blocked_hr = "*";
- $snort_rm_blocked_mday = "*";
- $snort_rm_blocked_month = "*";
- $snort_rm_blocked_wday = "*";
- $snort_rm_blocked_expire = "3600";
- }
- if ($snort_rm_blocked_info_ck == "3h_b") {
- $snort_rm_blocked_min = "*/15";
- $snort_rm_blocked_hr = "*";
- $snort_rm_blocked_mday = "*";
- $snort_rm_blocked_month = "*";
- $snort_rm_blocked_wday = "*";
- $snort_rm_blocked_expire = "10800";
- }
- if ($snort_rm_blocked_info_ck == "6h_b") {
- $snort_rm_blocked_min = "*/30";
- $snort_rm_blocked_hr = "*";
- $snort_rm_blocked_mday = "*";
- $snort_rm_blocked_month = "*";
- $snort_rm_blocked_wday = "*";
- $snort_rm_blocked_expire = "21600";
- }
- if ($snort_rm_blocked_info_ck == "12h_b") {
- $snort_rm_blocked_min = "2";
- $snort_rm_blocked_hr = "*/1";
- $snort_rm_blocked_mday = "*";
- $snort_rm_blocked_month = "*";
- $snort_rm_blocked_wday = "*";
- $snort_rm_blocked_expire = "43200";
- }
- if ($snort_rm_blocked_info_ck == "1d_b") {
- $snort_rm_blocked_min = "2";
- $snort_rm_blocked_hr = "*/2";
- $snort_rm_blocked_mday = "*";
- $snort_rm_blocked_month = "*";
- $snort_rm_blocked_wday = "*";
- $snort_rm_blocked_expire = "86400";
- }
- if ($snort_rm_blocked_info_ck == "4d_b") {
- $snort_rm_blocked_min = "2";
- $snort_rm_blocked_hr = "*/8";
- $snort_rm_blocked_mday = "*";
- $snort_rm_blocked_month = "*";
- $snort_rm_blocked_wday = "*";
- $snort_rm_blocked_expire = "345600";
- }
- if ($snort_rm_blocked_info_ck == "7d_b") {
- $snort_rm_blocked_min = "2";
- $snort_rm_blocked_hr = "*/14";
- $snort_rm_blocked_mday = "*";
- $snort_rm_blocked_month = "*";
- $snort_rm_blocked_wday = "*";
- $snort_rm_blocked_expire = "604800";
- }
- if ($snort_rm_blocked_info_ck == "28d_b") {
- $snort_rm_blocked_min = "2";
- $snort_rm_blocked_hr = "0";
- $snort_rm_blocked_mday = "*/2";
- $snort_rm_blocked_month = "*";
- $snort_rm_blocked_wday = "*";
- $snort_rm_blocked_expire = "2419200";
- }
- switch($should_install) {
- case true:
- if(!$is_installed) {
- $cron_item = array();
- $cron_item['minute'] = "$snort_rm_blocked_min";
- $cron_item['hour'] = "$snort_rm_blocked_hr";
- $cron_item['mday'] = "$snort_rm_blocked_mday";
- $cron_item['month'] = "$snort_rm_blocked_month";
- $cron_item['wday'] = "$snort_rm_blocked_wday";
- $cron_item['who'] = "root";
- $cron_item['command'] = "/usr/bin/nice -n20 /usr/local/sbin/expiretable -t $snort_rm_blocked_expire snort2c";
- $config['cron']['item'][] = $cron_item;
- write_config("Installed 15 minute filter reload for Time Based Rules");
- conf_mount_rw();
- configure_cron();
- }
- break;
- case false:
- if($is_installed == true) {
- if($x > 0) {
- unset($config['cron']['item'][$x]);
- write_config();
- conf_mount_rw();
- }
- configure_cron();
- }
- break;
- }
- }
- snort_rm_blocked_install_cron("");
- snort_rm_blocked_install_cron($snort_rm_blocked_false);
-}
-
- /* set the snort rules update time */
- $snort_rules_up_info_ck = $config['installedpackages']['snort']['config'][0]['autorulesupdate7'];
- if ($snort_rules_up_info_ck == "never_up")
- $snort_rules_up_false = "";
- else
- $snort_rules_up_false = "true";
-
-if ($snort_rules_up_info_ck != "") {
-function snort_rules_up_install_cron($should_install) {
- global $config, $g;
- conf_mount_rw();
- if ($g['booting']==true)
- return;
-
- $is_installed = false;
-
- if(!$config['cron']['item'])
- return;
-
- $x=0;
- foreach($config['cron']['item'] as $item) {
- if (strstr($item['command'], "snort_check_for_rule_updates.php")) {
- $is_installed = true;
- break;
- }
- $x++;
- }
- $snort_rules_up_info_ck = $config['installedpackages']['snort']['config'][0]['autorulesupdate7'];
- if ($snort_rules_up_info_ck == "6h_up") {
- $snort_rules_up_min = "3";
- $snort_rules_up_hr = "*/6";
- $snort_rules_up_mday = "*";
- $snort_rules_up_month = "*";
- $snort_rules_up_wday = "*";
- }
- if ($snort_rules_up_info_ck == "12h_up") {
- $snort_rules_up_min = "3";
- $snort_rules_up_hr = "*/12";
- $snort_rules_up_mday = "*";
- $snort_rules_up_month = "*";
- $snort_rules_up_wday = "*";
- }
- if ($snort_rules_up_info_ck == "1d_up") {
- $snort_rules_up_min = "3";
- $snort_rules_up_hr = "0";
- $snort_rules_up_mday = "*/1";
- $snort_rules_up_month = "*";
- $snort_rules_up_wday = "*";
- }
- if ($snort_rules_up_info_ck == "4d_up") {
- $snort_rules_up_min = "3";
- $snort_rules_up_hr = "0";
- $snort_rules_up_mday = "*/4";
- $snort_rules_up_month = "*";
- $snort_rules_up_wday = "*";
- }
- if ($snort_rules_up_info_ck == "7d_up") {
- $snort_rules_up_min = "3";
- $snort_rules_up_hr = "0";
- $snort_rules_up_mday = "*/7";
- $snort_rules_up_month = "*";
- $snort_rules_up_wday = "*";
- }
- if ($snort_rules_up_info_ck == "28d_up") {
- $snort_rules_up_min = "3";
- $snort_rules_up_hr = "0";
- $snort_rules_up_mday = "*/28";
- $snort_rules_up_month = "*";
- $snort_rules_up_wday = "*";
- }
- switch($should_install) {
- case true:
- if(!$is_installed) {
- $cron_item = array();
- $cron_item['minute'] = "$snort_rules_up_min";
- $cron_item['hour'] = "$snort_rules_up_hr";
- $cron_item['mday'] = "$snort_rules_up_mday";
- $cron_item['month'] = "$snort_rules_up_month";
- $cron_item['wday'] = "$snort_rules_up_wday";
- $cron_item['who'] = "root";
- $cron_item['command'] = "/usr/bin/nice -n20 /usr/local/bin/php -f /usr/local/pkg/snort_check_for_rule_updates.php >> /usr/local/etc/snort_bkup/snort_update.log";
- $config['cron']['item'][] = $cron_item;
- write_config("Installed 15 minute filter reload for Time Based Rules");
- conf_mount_rw();
- configure_cron();
- }
- break;
- case false:
- if($is_installed == true) {
- if($x > 0) {
- unset($config['cron']['item'][$x]);
- write_config();
- conf_mount_rw();
- }
- configure_cron();
- }
- break;
- }
- }
- snort_rules_up_install_cron("");
- snort_rules_up_install_cron($snort_rules_up_false);
-}
- /* Be sure we're really rw before writing */
- conf_mount_rw();
- /* open snort2c's whitelist for writing */
+ /* open snort's whitelist for writing */
$whitelist = fopen("/var/db/whitelist", "w");
if(!$whitelist) {
log_error("Could not open /var/db/whitelist for writing.");
@@ -940,7 +1528,7 @@ function snort_rules_up_install_cron($should_install) {
$home_net .= "{$ip} ";
/* Add Gateway on WAN interface to whitelist (For RRD graphs) */
- $int = convert_friendly_interface_to_real_interface_name("WAN");
+ $int = convert_friendly_interface_to_real_interface_name2("WAN");
$gw = get_interface_gateway($int);
if($gw)
$home_net .= "{$gw} ";
@@ -956,13 +1544,14 @@ function snort_rules_up_install_cron($should_install) {
$home_net .= "127.0.0.1 ";
/* iterate all vips and add to whitelist */
+
if($config['virtualip'])
foreach($config['virtualip']['vip'] as $vip)
if($vip['subnet'])
$home_net .= $vip['subnet'] . " ";
- if($config['installedpackages']['snortwhitelist'])
- foreach($config['installedpackages']['snortwhitelist']['config'] as $snort)
+ if($config['installedpackages']['snortglobal']['config'])
+ foreach($config['installedpackages']['snortglobal']['config'] as $snort)
if($snort['ip'])
$home_net .= $snort['ip'] . " ";
@@ -982,11 +1571,19 @@ function snort_rules_up_install_cron($should_install) {
fwrite($whitelist, trim($wl) . "\n");
/* should we whitelist vpns? */
- $whitelistvpns = $config['installedpackages']['snort']['config'][0]['whitelistvpns'];
+ $whitelistvpns = $config['installedpackages']['snortglobal']['whitelistvpns'];
/* grab a list of vpns and whitelist if user desires added by nestorfish 954 */
if($whitelistvpns) {
- $vpns_list = get_vpns_list();
+ if ($pfsense_stable == 'yes') // chk what pfsense version were on
+ {
+ $vpns_list = get_vpns_list();
+ }
+ if ($pfsense_stable == 'no') // chk what pfsense version were on
+ {
+ $vpns_list = filter_get_vpns_list();
+ }
+
$whitelist_vpns = split(" ", $vpns_list);
foreach($whitelist_vpns as $wl)
if(trim($wl))
@@ -995,34 +1592,9 @@ function snort_rules_up_install_cron($should_install) {
/* close file */
fclose($whitelist);
-
- /* Be sure we're really rw before writing */
- conf_mount_rw();
- /* open snort's threshold.conf for writing */
- $threshlist = fopen("/usr/local/etc/snort/threshold.conf", "w");
- if(!$threshlist) {
- log_error("Could not open /usr/local/etc/snort/threshold.conf for writing.");
- return;
- }
-
- /* list all entries to new lines */
- if($config['installedpackages']['snortthreshold'])
- foreach($config['installedpackages']['snortthreshold']['config'] as $snortthreshlist)
- if($snortthreshlist['threshrule'])
- $snortthreshlist_r .= $snortthreshlist['threshrule'] . "\n";
-
-
- /* foreach through threshlist, writing out to file */
- $threshlist_split = split("\n", $snortthreshlist_r);
- foreach($threshlist_split as $wl)
- if(trim($wl))
- fwrite($threshlist, trim($wl) . "\n");
-
- /* close snort's threshold.conf file */
- fclose($threshlist);
-
+
/* generate rule sections to load */
- $enabled_rulesets = $config['installedpackages']['snort']['rulesets'];
+ $enabled_rulesets = $config['installedpackages']['snortglobal']['rule'][$id]['rulesets'];
if($enabled_rulesets) {
$selected_rules_sections = "";
$enabled_rulesets_array = split("\|\|", $enabled_rulesets);
@@ -1032,6 +1604,256 @@ function snort_rules_up_install_cron($should_install) {
conf_mount_ro();
+/////////////////////////////
+
+/* preprocessor code */
+
+/* def perform_stat */
+$snort_perform_stat = <<<EOD
+##########################
+ #
+# NEW #
+# Performance Statistics #
+ #
+##########################
+
+preprocessor perfmonitor: time 300 file /var/log/snort/snort_{$snort_uuid}_{$if_real}.stats pktcnt 10000
+
+EOD;
+
+$def_perform_stat_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['perform_stat'];
+if ($def_perform_stat_info_chk == "on")
+ $def_perform_stat_type = "$snort_perform_stat";
+else
+ $def_perform_stat_type = "";
+
+$def_flow_depth_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['flow_depth'];
+if ($def_flow_depth_info_chk == '')
+ $def_flow_depth_type = '0';
+else
+ $def_flow_depth_type = $config['installedpackages']['snortglobal']['rule'][$id]['flow_depth'];
+
+/* def http_inspect */
+$snort_http_inspect = <<<EOD
+#################
+ #
+# HTTP Inspect #
+ #
+#################
+
+preprocessor http_inspect: global iis_unicode_map unicode.map 1252
+
+preprocessor http_inspect_server: server default \
+ ports { 80 8080 } \
+ non_strict \
+ non_rfc_char { 0x00 0x01 0x02 0x03 0x04 0x05 0x06 0x07 } \
+ flow_depth {$def_flow_depth_type} \
+ apache_whitespace no \
+ directory no \
+ iis_backslash no \
+ u_encode yes \
+ ascii no \
+ chunk_length 500000 \
+ bare_byte yes \
+ double_decode yes \
+ iis_unicode no \
+ iis_delimiter no \
+ multi_slash no
+
+EOD;
+
+$def_http_inspect_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['http_inspect'];
+if ($def_http_inspect_info_chk == "on")
+ $def_http_inspect_type = "$snort_http_inspect";
+else
+ $def_http_inspect_type = "";
+
+/* def other_preprocs */
+$snort_other_preprocs = <<<EOD
+##################
+ #
+# Other preprocs #
+ #
+##################
+
+preprocessor rpc_decode: 111 32770 32771 32772 32773 32774 32775 32776 32777 32778 32779
+preprocessor bo
+
+EOD;
+
+$def_other_preprocs_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['other_preprocs'];
+if ($def_other_preprocs_info_chk == "on")
+ $def_other_preprocs_type = "$snort_other_preprocs";
+else
+ $def_other_preprocs_type = "";
+
+/* def ftp_preprocessor */
+$snort_ftp_preprocessor = <<<EOD
+#####################
+ #
+# ftp preprocessor #
+ #
+#####################
+
+preprocessor ftp_telnet: global \
+inspection_type stateless
+
+preprocessor ftp_telnet_protocol: telnet \
+ normalize \
+ ayt_attack_thresh 200
+
+preprocessor ftp_telnet_protocol: \
+ ftp server default \
+ def_max_param_len 100 \
+ ports { 21 } \
+ ftp_cmds { USER PASS ACCT CWD SDUP SMNT QUIT REIN PORT PASV TYPE STRU MODE } \
+ ftp_cmds { RETR STOR STOU APPE ALLO REST RNFR RNTO ABOR DELE RMD MKD PWD } \
+ ftp_cmds { LIST NLST SITE SYST STAT HELP NOOP } \
+ ftp_cmds { AUTH ADAT PROT PBSZ CONF ENC } \
+ ftp_cmds { FEAT CEL CMD MACB } \
+ ftp_cmds { MDTM REST SIZE MLST MLSD } \
+ ftp_cmds { XPWD XCWD XCUP XMKD XRMD TEST CLNT } \
+ alt_max_param_len 0 { CDUP QUIT REIN PASV STOU ABOR PWD SYST NOOP } \
+ alt_max_param_len 100 { MDTM CEL XCWD SITE USER PASS REST DELE RMD SYST TEST STAT MACB EPSV CLNT LPRT } \
+ alt_max_param_len 200 { XMKD NLST ALLO STOU APPE RETR STOR CMD RNFR HELP } \
+ alt_max_param_len 256 { RNTO CWD } \
+ alt_max_param_len 400 { PORT } \
+ alt_max_param_len 512 { SIZE } \
+ chk_str_fmt { USER PASS ACCT CWD SDUP SMNT PORT TYPE STRU MODE } \
+ chk_str_fmt { RETR STOR STOU APPE ALLO REST RNFR RNTO DELE RMD MKD } \
+ chk_str_fmt { LIST NLST SITE SYST STAT HELP } \
+ chk_str_fmt { AUTH ADAT PROT PBSZ CONF ENC } \
+ chk_str_fmt { FEAT CEL CMD } \
+ chk_str_fmt { MDTM REST SIZE MLST MLSD } \
+ chk_str_fmt { XPWD XCWD XCUP XMKD XRMD TEST CLNT } \
+ cmd_validity MODE < char ASBCZ > \
+ cmd_validity STRU < char FRP > \
+ cmd_validity ALLO < int [ char R int ] > \
+ cmd_validity TYPE < { char AE [ char NTC ] | char I | char L [ number ] } > \
+ cmd_validity MDTM < [ date nnnnnnnnnnnnnn[.n[n[n]]] ] string > \
+ cmd_validity PORT < host_port >
+
+preprocessor ftp_telnet_protocol: ftp client default \
+ max_resp_len 256 \
+ bounce yes \
+ telnet_cmds yes
+
+EOD;
+
+$def_ftp_preprocessor_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['ftp_preprocessor'];
+if ($def_ftp_preprocessor_info_chk == "on")
+ $def_ftp_preprocessor_type = "$snort_ftp_preprocessor";
+else
+ $def_ftp_preprocessor_type = "";
+
+/* def smtp_preprocessor */
+$snort_smtp_preprocessor = <<<EOD
+#####################
+ #
+# SMTP preprocessor #
+ #
+#####################
+
+preprocessor SMTP: \
+ ports { 25 465 691 } \
+ inspection_type stateful \
+ normalize cmds \
+ valid_cmds { MAIL RCPT HELP HELO ETRN EHLO EXPN VRFY ATRN SIZE BDAT DEBUG EMAL ESAM ESND ESOM EVFY IDENT NOOP RSET SEND SAML SOML AUTH TURN ETRN PIPELINING \
+CHUNKING DATA DSN RSET QUIT ONEX QUEU STARTTLS TICK TIME TURNME VERB X-EXPS X-LINK2STATE XADR XAUTH XCIR XEXCH50 XGEN XLICENSE XQUEU XSTA XTRN XUSR } \
+ normalize_cmds { MAIL RCPT HELP HELO ETRN EHLO EXPN VRFY ATRN SIZE BDAT DEBUG EMAL ESAM ESND ESOM EVFY IDENT NOOP RSET SEND SAML SOML AUTH TURN ETRN \
+PIPELINING CHUNKING DATA DSN RSET QUIT ONEX QUEU STARTTLS TICK TIME TURNME VERB X-EXPS X-LINK2STATE XADR XAUTH XCIR XEXCH50 XGEN XLICENSE XQUEU XSTA XTRN XUSR } \
+ max_header_line_len 1000 \
+ max_response_line_len 512 \
+ alt_max_command_line_len 260 { MAIL } \
+ alt_max_command_line_len 300 { RCPT } \
+ alt_max_command_line_len 500 { HELP HELO ETRN EHLO } \
+ alt_max_command_line_len 255 { EXPN VRFY ATRN SIZE BDAT DEBUG EMAL ESAM ESND ESOM EVFY IDENT NOOP RSET } \
+ alt_max_command_line_len 246 { SEND SAML SOML AUTH TURN ETRN PIPELINING CHUNKING DATA DSN RSET QUIT ONEX } \
+ alt_max_command_line_len 246 { QUEU STARTTLS TICK TIME TURNME VERB X-EXPS X-LINK2STATE XADR } \
+ alt_max_command_line_len 246 { XAUTH XCIR XEXCH50 XGEN XLICENSE XQUEU XSTA XTRN XUSR } \
+ xlink2state { enable }
+
+EOD;
+
+$def_smtp_preprocessor_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['smtp_preprocessor'];
+if ($def_smtp_preprocessor_info_chk == "on")
+ $def_smtp_preprocessor_type = "$snort_smtp_preprocessor";
+else
+ $def_smtp_preprocessor_type = "";
+
+/* def sf_portscan */
+$snort_sf_portscan = <<<EOD
+################
+ #
+# sf Portscan #
+ #
+################
+
+preprocessor sfportscan: scan_type { all } \
+ proto { all } \
+ memcap { 10000000 } \
+ sense_level { medium } \
+ ignore_scanners { \$HOME_NET }
+
+EOD;
+
+$def_sf_portscan_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['sf_portscan'];
+if ($def_sf_portscan_info_chk == "on")
+ $def_sf_portscan_type = "$snort_sf_portscan";
+else
+ $def_sf_portscan_type = "";
+
+/* def dce_rpc_2 */
+$snort_dce_rpc_2 = <<<EOD
+###############
+ #
+# NEW #
+# DCE/RPC 2 #
+ #
+###############
+
+preprocessor dcerpc2: memcap 102400, events [smb, co, cl]
+preprocessor dcerpc2_server: default, policy WinXP, \
+ detect [smb [139,445], tcp 135, udp 135, rpc-over-http-server 593], \
+ autodetect [tcp 1025:, udp 1025:, rpc-over-http-server 1025:], \
+ smb_max_chain 3
+
+EOD;
+
+$def_dce_rpc_2_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['dce_rpc_2'];
+if ($def_dce_rpc_2_info_chk == "on")
+ $def_dce_rpc_2_type = "$snort_dce_rpc_2";
+else
+ $def_dce_rpc_2_type = "";
+
+/* def dns_preprocessor */
+$snort_dns_preprocessor = <<<EOD
+####################
+ #
+# DNS preprocessor #
+ #
+####################
+
+preprocessor dns: \
+ ports { 53 } \
+ enable_rdata_overflow
+
+EOD;
+
+$def_dns_preprocessor_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['dns_preprocessor'];
+if ($def_dns_preprocessor_info_chk == "on")
+ $def_dns_preprocessor_type = "$snort_dns_preprocessor";
+else
+ $def_dns_preprocessor_type = "";
+
+/* def SSL_PORTS IGNORE */
+$def_ssl_ports_ignore_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['def_ssl_ports_ignore'];
+if ($def_ssl_ports_ignore_info_chk == "")
+ $def_ssl_ports_ignore_type = "443 465 563 636 989 990 992 993 994 995";
+else
+ $def_ssl_ports_ignore_type = "$def_ssl_ports_ignore_info_chk";
+
+//////////////////////////////////////////////////////////////////
/* build snort configuration file */
/* TODO; feed back from pfsense users to reduce false positives */
$snort_conf_text = <<<EOD
@@ -1043,21 +1865,21 @@ function snort_rules_up_install_cron($should_install) {
# for more information
# snort.conf
# Snort can be found at http://www.snort.org/
-
-# Copyright (C) 2006 Robert Zelaya
+#
+# Copyright (C) 2009 Robert Zelaya
# part of pfSense
# All rights reserved.
-
+#
# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions are met:
-
+#
# 1. Redistributions of source code must retain the above copyright notice,
# this list of conditions and the following disclaimer.
-
+#
# 2. Redistributions in binary form must reproduce the above copyright
# notice, this list of conditions and the following disclaimer in the
# documentation and/or other materials provided with the distribution.
-
+#
# THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
# INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
# AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
@@ -1146,7 +1968,7 @@ portvar DCERPC_BRIGHTSTORE [6503,6504]
#
#####################
-var RULE_PATH /usr/local/etc/snort/rules
+var RULE_PATH /usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/rules
# var PREPROC_RULE_PATH ./preproc_rules
################################
@@ -1171,8 +1993,7 @@ config disable_decode_drops
#
###################################
-config detection: search-method {$snort_performance}
-config detection: max_queue_events 5
+config detection: search-method {$snort_performance} max_queue_events 5
config event_queue: max_queue 8 log 3 order_events content_length
#Configure dynamic loaded libraries
@@ -1187,150 +2008,25 @@ dynamicdetection directory /usr/local/lib/snort/dynamicrules/
###################
preprocessor frag3_global: max_frags 8192
-preprocessor frag3_engine: policy windows
-preprocessor frag3_engine: policy linux
-preprocessor frag3_engine: policy first
preprocessor frag3_engine: policy bsd detect_anomalies
preprocessor stream5_global: max_tcp 8192, track_tcp yes, \
track_udp yes, track_icmp yes
-preprocessor stream5_tcp: bind_to any, policy windows
-preprocessor stream5_tcp: bind_to any, policy linux
-preprocessor stream5_tcp: bind_to any, policy vista
-preprocessor stream5_tcp: bind_to any, policy macos
preprocessor stream5_tcp: policy BSD, ports both all, use_static_footprint_sizes
-preprocessor stream5_udp
-preprocessor stream5_icmp
-
-##########################
- #
-# NEW #
-# Performance Statistics #
- #
-##########################
-
-preprocessor perfmonitor: time 300 file /var/log/snort/snort.stats pktcnt 10000
-
-#################
- #
-# HTTP Inspect #
- #
-#################
+preprocessor stream5_udp:
+preprocessor stream5_icmp:
-preprocessor http_inspect: global iis_unicode_map unicode.map 1252
+{$def_perform_stat_type}
-preprocessor http_inspect_server: server default \
- ports { 80 8080 } \
- no_alerts \
- non_strict \
- non_rfc_char { 0x00 0x01 0x02 0x03 0x04 0x05 0x06 0x07 } \
- flow_depth 0 \
- apache_whitespace yes \
- directory no \
- iis_backslash no \
- u_encode yes \
- ascii yes \
- chunk_length 500000 \
- bare_byte yes \
- double_decode yes \
- iis_unicode yes \
- iis_delimiter yes \
- multi_slash no
+{$def_http_inspect_type}
-##################
- #
-# Other preprocs #
- #
-##################
-
-preprocessor rpc_decode: 111 32770 32771 32772 32773 32774 32775 32776 32777 32778 32779
-preprocessor bo
-
-#####################
- #
-# ftp preprocessor #
- #
-#####################
+{$def_other_preprocs_type}
-preprocessor ftp_telnet: global \
-inspection_type stateless
+{$def_ftp_preprocessor_type}
-preprocessor ftp_telnet_protocol: telnet \
- normalize \
- ayt_attack_thresh 200
+{$def_smtp_preprocessor_type}
-preprocessor ftp_telnet_protocol: \
- ftp server default \
- def_max_param_len 100 \
- ports { 21 } \
- ftp_cmds { USER PASS ACCT CWD SDUP SMNT QUIT REIN PORT PASV TYPE STRU MODE } \
- ftp_cmds { RETR STOR STOU APPE ALLO REST RNFR RNTO ABOR DELE RMD MKD PWD } \
- ftp_cmds { LIST NLST SITE SYST STAT HELP NOOP } \
- ftp_cmds { AUTH ADAT PROT PBSZ CONF ENC } \
- ftp_cmds { FEAT CEL CMD MACB } \
- ftp_cmds { MDTM REST SIZE MLST MLSD } \
- ftp_cmds { XPWD XCWD XCUP XMKD XRMD TEST CLNT } \
- alt_max_param_len 0 { CDUP QUIT REIN PASV STOU ABOR PWD SYST NOOP } \
- alt_max_param_len 100 { MDTM CEL XCWD SITE USER PASS REST DELE RMD SYST TEST STAT MACB EPSV CLNT LPRT } \
- alt_max_param_len 200 { XMKD NLST ALLO STOU APPE RETR STOR CMD RNFR HELP } \
- alt_max_param_len 256 { RNTO CWD } \
- alt_max_param_len 400 { PORT } \
- alt_max_param_len 512 { SIZE } \
- chk_str_fmt { USER PASS ACCT CWD SDUP SMNT PORT TYPE STRU MODE } \
- chk_str_fmt { RETR STOR STOU APPE ALLO REST RNFR RNTO DELE RMD MKD } \
- chk_str_fmt { LIST NLST SITE SYST STAT HELP } \
- chk_str_fmt { AUTH ADAT PROT PBSZ CONF ENC } \
- chk_str_fmt { FEAT CEL CMD } \
- chk_str_fmt { MDTM REST SIZE MLST MLSD } \
- chk_str_fmt { XPWD XCWD XCUP XMKD XRMD TEST CLNT } \
- cmd_validity MODE < char ASBCZ > \
- cmd_validity STRU < char FRP > \
- cmd_validity ALLO < int [ char R int ] > \
- cmd_validity TYPE < { char AE [ char NTC ] | char I | char L [ number ] } > \
- cmd_validity MDTM < [ date nnnnnnnnnnnnnn[.n[n[n]]] ] string > \
- cmd_validity PORT < host_port >
-
-preprocessor ftp_telnet_protocol: ftp client default \
- max_resp_len 256 \
- bounce yes \
- telnet_cmds yes
-
-#####################
- #
-# SMTP preprocessor #
- #
-#####################
-
-preprocessor SMTP: \
- ports { 25 465 691 } \
- inspection_type stateful \
- normalize cmds \
- valid_cmds { MAIL RCPT HELP HELO ETRN EHLO EXPN VRFY ATRN SIZE BDAT DEBUG EMAL ESAM ESND ESOM EVFY IDENT NOOP RSET SEND SAML SOML AUTH TURN ETRN PIPELINING \
-CHUNKING DATA DSN RSET QUIT ONEX QUEU STARTTLS TICK TIME TURNME VERB X-EXPS X-LINK2STATE XADR XAUTH XCIR XEXCH50 XGEN XLICENSE XQUEU XSTA XTRN XUSR } \
- normalize_cmds { MAIL RCPT HELP HELO ETRN EHLO EXPN VRFY ATRN SIZE BDAT DEBUG EMAL ESAM ESND ESOM EVFY IDENT NOOP RSET SEND SAML SOML AUTH TURN ETRN \
-PIPELINING CHUNKING DATA DSN RSET QUIT ONEX QUEU STARTTLS TICK TIME TURNME VERB X-EXPS X-LINK2STATE XADR XAUTH XCIR XEXCH50 XGEN XLICENSE XQUEU XSTA XTRN XUSR } \
- max_header_line_len 1000 \
- max_response_line_len 512 \
- alt_max_command_line_len 260 { MAIL } \
- alt_max_command_line_len 300 { RCPT } \
- alt_max_command_line_len 500 { HELP HELO ETRN EHLO } \
- alt_max_command_line_len 255 { EXPN VRFY ATRN SIZE BDAT DEBUG EMAL ESAM ESND ESOM EVFY IDENT NOOP RSET } \
- alt_max_command_line_len 246 { SEND SAML SOML AUTH TURN ETRN PIPELINING CHUNKING DATA DSN RSET QUIT ONEX } \
- alt_max_command_line_len 246 { QUEU STARTTLS TICK TIME TURNME VERB X-EXPS X-LINK2STATE XADR } \
- alt_max_command_line_len 246 { XAUTH XCIR XEXCH50 XGEN XLICENSE XQUEU XSTA XTRN XUSR } \
- xlink2state { enable }
-
-################
- #
-# sf Portscan #
- #
-################
-
-preprocessor sfportscan: scan_type { all } \
- proto { all } \
- memcap { 10000000 } \
- sense_level { medium } \
- ignore_scanners { \$HOME_NET }
+{$def_sf_portscan_type}
############################
#
@@ -1342,28 +2038,9 @@ preprocessor sfportscan: scan_type { all } \
#
############################
-###############
- #
-# NEW #
-# DCE/RPC 2 #
- #
-###############
-
-preprocessor dcerpc2: memcap 102400, events [smb, co, cl]
-preprocessor dcerpc2_server: default, policy WinXP, \
- detect [smb [139,445], tcp 135, udp 135, rpc-over-http-server 593], \
- autodetect [tcp 1025:, udp 1025:, rpc-over-http-server 1025:], \
- smb_max_chain 3
-
-####################
- #
-# DNS preprocessor #
- #
-####################
+{$def_dce_rpc_2_type}
-preprocessor dns: \
- ports { 53 } \
- enable_rdata_overflow
+{$def_dns_preprocessor_type}
##############################
#
@@ -1372,7 +2049,7 @@ preprocessor dns: \
#
##############################
-preprocessor ssl: ports { 443 465 563 636 989 992 993 994 995 }, trustservers, noinspect_encrypted
+preprocessor ssl: ports { {$def_ssl_ports_ignore_type} }, trustservers, noinspect_encrypted
#####################
#
@@ -1393,9 +2070,9 @@ $spoink_type
#
#################
-include /usr/local/etc/snort/reference.config
-include /usr/local/etc/snort/classification.config
-include /usr/local/etc/snort/threshold.conf
+include /usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/reference.config
+include /usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/classification.config
+include /usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/threshold.conf
# Snort user pass through configuration
{$snort_config_pass_thru}
@@ -1409,17 +2086,19 @@ include /usr/local/etc/snort/threshold.conf
{$selected_rules_sections}
EOD;
- conf_mount_ro();
+
return $snort_conf_text;
}
/* check downloaded text from snort.org to make sure that an error did not occur
* for example, if you are not a premium subscriber you can only download rules
- * so often, etc.
+ * so often, etc. TO BE: Removed unneeded.
*/
+
function check_for_common_errors($filename) {
global $snort_filename, $snort_filename_md5, $console_mode;
- ob_flush();
+
+// ob_flush();
$contents = file_get_contents($filename);
if(stristr($contents, "You don't have permission")) {
if(!$console_mode) {
@@ -1427,7 +2106,6 @@ function check_for_common_errors($filename) {
hide_progress_bar_status();
} else {
log_error("An error occured. Scroll down to inspect it's contents.");
- echo "An error occured. Scroll down to inspect it's contents.";
}
if(!$console_mode) {
update_output_window(strip_tags("$contents"));
@@ -1470,14 +2148,12 @@ function verify_downloaded_file($filename) {
}
exit;
}
- update_all_status("Verifyied {$filename}.");
+ update_all_status("Verified {$filename}.");
}
/* extract rules */
function extract_snort_rules_md5($tmpfname) {
global $snort_filename, $snort_filename_md5, $console_mode;
- ini_set("memory_limit","64M");
- conf_mount_rw();
ob_flush();
if(!$console_mode) {
$static_output = gettext("Extracting snort rules...");
@@ -1500,7 +2176,6 @@ function extract_snort_rules_md5($tmpfname) {
log_error("Snort rules extracted.");
echo "Snort rules extracted.";
}
- conf_mount_ro();
}
/* verify MD5 against downloaded item */
@@ -1513,7 +2188,7 @@ function verify_snort_rules_md5($tmpfname) {
}
$md555 = file_get_contents("{$tmpfname}/{$snort_filename_md5}");
- $md5 = `/bin/echo "{$md555}" | /usr/bin/awk '{ print $4 }'`;
+ $md5 = `echo "{$md555}" | /usr/bin/awk '{ print $4 }'`;
$file_md5_ondisk = `/sbin/md5 {$tmpfname}/{$snort_filename} | /usr/bin/awk '{ print $4 }'`;
if($md5 == $file_md5_ondisk) {
if(!$console_mode) {
@@ -1569,7 +2244,7 @@ function get_snort_alert($ip) {
if (preg_match("/\[\*\*\] (\[.*\]) (.*) (\[\*\*\])/", $fileline, $matches))
$alert_title = $matches[2];
if (preg_match("/(\b(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\b)/", $fileline, $matches))
- $alert_ip = $matches[0];
+ $alert_ip = $matches[$id];
if($alert_ip == $ip) {
if(!$snort_config[$ip])
$snort_config[$ip] = $alert_title;
@@ -1582,7 +2257,7 @@ function get_snort_alert($ip) {
function make_clickable($buffer) {
global $config, $g;
/* if clickable urls is disabled, simply return buffer back to caller */
- $clickablalerteurls = $config['installedpackages']['snort']['config'][0]['oinkmastercode'];
+ $clickablalerteurls = $config['installedpackages']['snort']['config'][$id]['oinkmastercode'];
if(!$clickablalerteurls)
return $buffer;
$buffer = eregi_replace("(^|[ \n\r\t])((http(s?)://)(www\.)?([a-z0-9_-]+(\.[a-z0-9_-]+)+)(/[^/ \n\r]*)*)","\\1<a href=\"\\2\" target=\"_blank\">\\2</a>", $buffer);
diff --git a/config/snort-dev/snort.sh b/config/snort/snort.sh
index 5b725cfe..5b725cfe 100644
--- a/config/snort-dev/snort.sh
+++ b/config/snort/snort.sh
diff --git a/config/snort/snort.xml b/config/snort/snort.xml
index 763f65eb..502438c2 100644
--- a/config/snort/snort.xml
+++ b/config/snort/snort.xml
@@ -46,73 +46,32 @@
<requirements>Describe your package requirements here</requirements>
<faq>Currently there are no FAQ items provided.</faq>
<name>Snort</name>
- <version>2.8.4.1_5</version>
- <title>Services: Snort 2.8.4.1_5 pkg v. 1.6</title>
- <include_file>/usr/local/pkg/snort.inc</include_file>
+ <version>2.8.5.3</version>
+ <title>Services: Snort 2.8.5.2 pkg v. 1.19</title>
+ <include_file>/usr/local/pkg/snort/snort.inc</include_file>
<menu>
<name>Snort</name>
<tooltiptext>Setup snort specific settings</tooltiptext>
<section>Services</section>
- <url>/pkg_edit.php?xml=snort.xml&amp;id=0</url>
+ <url>/snort/snort_interfaces.php</url>
</menu>
<service>
<name>snort</name>
- <rcfile>snort.sh</rcfile>
+ <rcfile></rcfile>
<executable>snort</executable>
- <description>Snort is the most widely deployed IDS/IPS technology worldwide..</description>
+ <description>Snort is the most widely deployed IDS/IPS technology worldwide.</description>
</service>
<tabs>
- <tab>
- <text>Settings</text>
- <url>/pkg_edit.php?xml=snort.xml&amp;id=0</url>
- <active/>
- </tab>
- <tab>
- <text>Update Rules</text>
- <url>/snort_download_rules.php</url>
- </tab>
- <tab>
- <text>Categories</text>
- <url>/snort_rulesets.php</url>
- </tab>
- <tab>
- <text>Rules</text>
- <url>/snort_rules.php</url>
- </tab>
- <tab>
- <text>Servers</text>
- <url>/pkg_edit.php?xml=snort_define_servers.xml&amp;id=0</url>
- </tab>
- <tab>
- <text>Blocked</text>
- <url>/snort_blocked.php</url>
- </tab>
- <tab>
- <text>Whitelist</text>
- <url>/pkg.php?xml=snort_whitelist.xml</url>
- </tab>
- <tab>
- <text>Threshold</text>
- <url>/pkg.php?xml=snort_threshold.xml</url>
- </tab>
- <tab>
- <text>Alerts</text>
- <url>/snort_alerts.php</url>
- </tab>
- <tab>
- <text>Advanced</text>
- <url>/pkg_edit.php?xml=snort_advanced.xml&amp;id=0</url>
- </tab>
</tabs>
<additional_files_needed>
- <prefix>/usr/local/pkg/</prefix>
+ <prefix>/usr/local/pkg/snort/</prefix>
<chmod>077</chmod>
<item>http://www.pfsense.com/packages/config/snort/snort.inc</item>
</additional_files_needed>
<additional_files_needed>
- <prefix>/usr/local/bin/</prefix>
+ <prefix>/usr/local/www/snort/</prefix>
<chmod>077</chmod>
- <item>http://www.pfsense.com/packages/config/snort/bin/barnyard2</item>
+ <item>http://www.pfsense.com/packages/config/snort/snort_fbegin.inc</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/bin/</prefix>
@@ -123,256 +82,118 @@
<prefix>/usr/local/bin/</prefix>
<chmod>077</chmod>
<item>http://www.pfsense.com/packages/config/snort/bin/oinkmaster_contrib/oinkmaster.pl</item>
- </additional_files_needed>
+ </additional_files_needed>
<additional_files_needed>
- <prefix>/usr/local/www/</prefix>
+ <prefix>/usr/local/bin/</prefix>
<chmod>077</chmod>
- <item>http://www.pfsense.com/packages/config/snort/snort_download_rules.php</item>
+ <item>http://www.pfsense.com/packages/config/snort/bin/oinkmaster_contrib/snort_rename.pl</item>
</additional_files_needed>
<additional_files_needed>
- <prefix>/usr/local/www/</prefix>
+ <prefix>/usr/local/pkg/snort/</prefix>
<chmod>077</chmod>
- <item>http://www.pfsense.com/packages/config/snort/snort_rules.php</item>
+ <item>http://www.pfsense.com/packages/config/snort/snort_gui.inc</item>
</additional_files_needed>
<additional_files_needed>
- <prefix>/usr/local/www/</prefix>
+ <prefix>/usr/local/pkg/pf/</prefix>
<chmod>077</chmod>
- <item>http://www.pfsense.com/packages/config/snort/snort_rules_edit.php</item>
+ <item>http://www.pfsense.com/packages/config/snort/snort_dynamic_ip_reload.php</item>
</additional_files_needed>
<additional_files_needed>
- <prefix>/usr/local/www/</prefix>
+ <prefix>/usr/local/pkg/snort/</prefix>
<chmod>077</chmod>
- <item>http://www.pfsense.com/packages/config/snort/snort_rulesets.php</item>
+ <item>http://www.pfsense.com/packages/config/snort/snort_whitelist.xml</item>
</additional_files_needed>
<additional_files_needed>
- <prefix>/usr/local/pkg/</prefix>
+ <prefix>/usr/local/www/snort/</prefix>
<chmod>077</chmod>
- <item>http://www.pfsense.com/packages/config/snort/snort_whitelist.xml</item>
+ <item>http://www.pfsense.com/packages/config/snort/snort_alerts.php</item>
+ </additional_files_needed>
+ <additional_files_needed>
+ <prefix>/usr/local/www/snort/</prefix>
+ <chmod>077</chmod>
+ <item>http://www.pfsense.com/packages/config/snort/snort_barnyard.php</item>
</additional_files_needed>
<additional_files_needed>
- <prefix>/usr/local/www/</prefix>
+ <prefix>/usr/local/www/snort/</prefix>
<chmod>077</chmod>
<item>http://www.pfsense.com/packages/config/snort/snort_blocked.php</item>
</additional_files_needed>
<additional_files_needed>
- <prefix>/usr/local/pkg/</prefix>
+ <prefix>/usr/local/www/snort/</prefix>
+ <chmod>077</chmod>
+ <item>http://www.pfsense.com/packages/config/snort/snort_define_servers.php</item>
+ </additional_files_needed>
+ <additional_files_needed>
+ <prefix>/usr/local/www/snort/</prefix>
+ <chmod>077</chmod>
+ <item>http://www.pfsense.com/packages/config/snort/snort_download_rules.php</item>
+ </additional_files_needed>
+ <additional_files_needed>
+ <prefix>/usr/local/pkg/snort/</prefix>
<chmod>077</chmod>
<item>http://www.pfsense.com/packages/config/snort/snort_check_for_rule_updates.php</item>
</additional_files_needed>
<additional_files_needed>
- <prefix>/usr/local/www/</prefix>
+ <prefix>/usr/local/www/snort/</prefix>
<chmod>077</chmod>
- <item>http://www.pfsense.com/packages/config/snort/snort_alerts.php</item>
+ <item>http://www.pfsense.com/packages/config/snort/snort_help_info.php</item>
</additional_files_needed>
<additional_files_needed>
- <prefix>/usr/local/pkg/pf/</prefix>
+ <prefix>/usr/local/www/snort/</prefix>
<chmod>077</chmod>
- <item>http://www.pfsense.com/packages/config/snort/snort_dynamic_ip_reload.php</item>
+ <item>http://www.pfsense.com/packages/config/snort/help_and_info.php</item>
+ </additional_files_needed>
+ <additional_files_needed>
+ <prefix>/usr/local/www/snort/</prefix>
+ <chmod>077</chmod>
+ <item>http://www.pfsense.com/packages/config/snort/snort_interfaces.php</item>
+ </additional_files_needed>
+ <additional_files_needed>
+ <prefix>/usr/local/www/snort/</prefix>
+ <chmod>077</chmod>
+ <item>http://www.pfsense.com/packages/config/snort/snort_interfaces_edit.php</item>
+ </additional_files_needed>
+ <additional_files_needed>
+ <prefix>/usr/local/www/snort/</prefix>
+ <chmod>077</chmod>
+ <item>http://www.pfsense.com/packages/config/snort/snort_interfaces_global.php</item>
</additional_files_needed>
<additional_files_needed>
- <prefix>/usr/local/pkg/</prefix>
+ <prefix>/usr/local/www/snort/</prefix>
<chmod>077</chmod>
- <item>http://www.pfsense.com/packages/config/snort/snort_advanced.xml</item>
+ <item>http://www.pfsense.com/packages/config/snort/snort_rules.php</item>
</additional_files_needed>
<additional_files_needed>
- <prefix>/usr/local/pkg/</prefix>
+ <prefix>/usr/local/www/snort/</prefix>
<chmod>077</chmod>
- <item>http://www.pfsense.com/packages/config/snort/snort_define_servers.xml</item>
+ <item>http://www.pfsense.com/packages/config/snort/snort_rules_edit.php</item>
</additional_files_needed>
<additional_files_needed>
- <prefix>/usr/local/pkg/</prefix>
+ <prefix>/usr/local/www/snort/</prefix>
<chmod>077</chmod>
- <item>http://www.pfsense.com/packages/config/snort/snort_threshold.xml</item>
+ <item>http://www.pfsense.com/packages/config/snort/snort_rulesets.php</item>
</additional_files_needed>
<additional_files_needed>
- <prefix>/usr/local/pkg/</prefix>
+ <prefix>/usr/local/www/snort/</prefix>
<chmod>077</chmod>
- <item>http://www.pfsense.com/packages/config/snort/pfsense_rules/local.rules</item>
+ <item>http://www.pfsense.com/packages/config/snort/snort_preprocessors.php</item>
+ </additional_files_needed>
+ <additional_files_needed>
+ <prefix>/usr/local/etc/rc.d/</prefix>
+ <chmod>755</chmod>
+ <item>http://www.pfsense.com/packages/config/snort/snort.sh</item>
</additional_files_needed>
<fields>
- <field>
- <fielddescr>Interface</fielddescr>
- <fieldname>iface_array</fieldname>
- <description>Select the interface(s) Snort will listen on.</description>
- <type>interfaces_selection</type>
- <size>3</size>
- <value>lan</value>
- <multiple>true</multiple>
- </field>
- <field>
- <fielddescr>Memory Performance</fielddescr>
- <fieldname>performance</fieldname>
- <description>Lowmem and ac-bnfa are recommended for low end systems, Ac: high memory, best performance, ac-std: moderate memory,high performance, acs: small memory, moderateperformance, ac-banded: small memory,moderate performance, ac-sparsebands: small memory, high performance.</description>
- <type>select</type>
- <options>
- <option>
- <name>ac-bnfa</name>
- <value>ac-bnfa</value>
- </option>
- <option>
- <name>lowmem</name>
- <value>lowmem</value>
- </option>
- <option>
- <name>ac-std</name>
- <value>ac-std</value>
- </option>
- <option>
- <name>ac</name>
- <value>ac</value>
- </option>
- <option>
- <name>ac-banded</name>
- <value>ac-banded</value>
- </option>
- <option>
- <name>ac-sparsebands</name>
- <value>ac-sparsebands</value>
- </option>
- <option>
- <name>acs</name>
- <value>acs</value>
- </option>
- </options>
- </field>
- <field>
- <fielddescr>Oinkmaster code</fielddescr>
- <fieldname>oinkmastercode</fieldname>
- <description>Obtain a snort.org Oinkmaster code and paste here.</description>
- <type>input</type>
- <size>60</size>
- <value></value>
- </field>
- <field>
- <fielddescr>Snort.org subscriber</fielddescr>
- <fieldname>subscriber</fieldname>
- <description>Check this box if you are a Snort.org subscriber (premium rules).</description>
- <type>checkbox</type>
- <size>60</size>
- </field>
- <field>
- <fielddescr>Block offenders</fielddescr>
- <fieldname>blockoffenders7</fieldname>
- <description>Checking this option will automatically block hosts that generate a snort alert.</description>
- <type>checkbox</type>
- <size>60</size>
- </field>
- <field>
- <fielddescr>Remove blocked hosts every</fielddescr>
- <fieldname>rm_blocked</fieldname>
- <description>Please select the amount of time hosts are blocked</description>
- <type>select</type>
- <options>
- <option>
- <name>never</name>
- <value>never_b</value>
- </option>
- <option>
- <name>1 hour</name>
- <value>1h_b</value>
- </option>
- <option>
- <name>3 hours</name>
- <value>3h_b</value>
- </option>
- <option>
- <name>6 hours</name>
- <value>6h_b</value>
- </option>
- <option>
- <name>12 hours</name>
- <value>12h_b</value>
- </option>
- <option>
- <name>1 day</name>
- <value>1d_b</value>
- </option>
- <option>
- <name>4 days</name>
- <value>4d_b</value>
- </option>
- <option>
- <name>7 days</name>
- <value>7d_b</value>
- </option>
- <option>
- <name>28 days</name>
- <value>28d_b</value>
- </option>
- </options>
- </field>
- <field>
- </field>
- <field>
- <fielddescr>Update rules automatically</fielddescr>
- <fieldname>autorulesupdate7</fieldname>
- <description>Please select the update times for rules.</description>
- <type>select</type>
- <options>
- <option>
- <name>never</name>
- <value>never_up</value>
- </option>
- <option>
- <name>6 hours</name>
- <value>6h_up</value>
- </option>
- <option>
- <name>12 hours</name>
- <value>12h_up</value>
- </option>
- <option>
- <name>1 day</name>
- <value>1d_up</value>
- </option>
- <option>
- <name>4 days</name>
- <value>4d_up</value>
- </option>
- <option>
- <name>7 days</name>
- <value>7d_up</value>
- </option>
- <option>
- <name>28 days</name>
- <value>28d_up</value>
- </option>
- </options>
- </field>
- <field>
- <fielddescr>Whitelist VPNs automatically</fielddescr>
- <fieldname>whitelistvpns</fieldname>
- <description>Checking this option will install whitelists for all VPNs.</description>
- <type>checkbox</type>
- </field>
- <field>
- <fielddescr>Convert Snort alerts urls to clickable links</fielddescr>
- <fieldname>clickablalerteurls</fieldname>
- <description>Checking this option will automatically convert URLs in the Snort alerts tab to clickable links.</description>
- <type>checkbox</type>
- </field>
- <field>
- <fielddescr>Associate events on Blocked tab</fielddescr>
- <fieldname>associatealertip</fieldname>
- <description>Checking this option will automatically associate the blocked reason from the snort alerts file.</description>
- <type>checkbox</type>
- </field>
- <field>
- <fielddescr>Install emergingthreats rules.</fielddescr>
- <fieldname>emergingthreats</fieldname>
- <description>Emerging Threats is an open source community that produces fastest moving and diverse Snort Rules.</description>
- <type>checkbox</type>
- </field>
- </fields>
- <custom_php_resync_config_command>
- sync_package_snort();
- </custom_php_resync_config_command>
+ </fields>
<custom_add_php_command>
</custom_add_php_command>
- <custom_php_install_command>
- sync_package_snort_reinstall();
- </custom_php_install_command>
+ <custom_php_resync_config_command>
+ sync_snort_package();
+ </custom_php_resync_config_command>
+ <custom_php_install_command>
+ snort_postinstall();
+ </custom_php_install_command>
<custom_php_deinstall_command>
snort_deinstall();
</custom_php_deinstall_command>
-</packagegui> \ No newline at end of file
+</packagegui>
diff --git a/config/snort/snort_alerts.php b/config/snort/snort_alerts.php
index e67b9b5f..4f0ddb03 100644
--- a/config/snort/snort_alerts.php
+++ b/config/snort/snort_alerts.php
@@ -6,7 +6,11 @@
Copyright (C) 2005 Bill Marquette <bill.marquette@gmail.com>.
Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>.
+ Copyright (C) 2006 Scott Ullrich
All rights reserved.
+
+ Modified for the Pfsense snort package v. 1.8+
+ Copyright (C) 2009 Robert Zelaya Sr. Developer
Redistribution and use in source and binary forms, with or without
modification, are permitted provided that the following conditions are met:
@@ -30,95 +34,597 @@
POSSIBILITY OF SUCH DAMAGE.
*/
-require("globals.inc");
-require("guiconfig.inc");
-require("/usr/local/pkg/snort.inc");
+require_once("globals.inc");
+require_once("guiconfig.inc");
+require_once("/usr/local/pkg/snort/snort.inc");
-$snort_logfile = "{$g['varlog_path']}/snort/alert";
+$snortalertlogt = $config['installedpackages']['snortglobal']['snortalertlogtype'];
+$snort_logfile = '/var/log/snort/alert';
-$nentries = $config['syslog']['nentries'];
-if (!$nentries)
- $nentries = 50;
+$pconfig['arefresh'] = $config['installedpackages']['snortglobal']['alertsblocks']['arefresh'];
+$pconfig['alertnumber'] = $config['installedpackages']['snortglobal']['alertsblocks']['alertnumber'];
+
+if ($pconfig['alertnumber'] == '' || $pconfig['alertnumber'] == '0')
+{
+ $anentries = '250';
+}else{
+ $anentries = $pconfig['alertnumber'];
+}
+
+if ($_POST['save'])
+{
+
+ //unset($input_errors);
+ //$pconfig = $_POST;
+
+ /* input validation */
+ if ($_POST['save'])
+ {
+
+ // if (($_POST['radiusacctport'] && !is_port($_POST['radiusacctport']))) {
+ // $input_errors[] = "A valid port number must be specified. [".$_POST['radiusacctport']."]";
+ // }
+
+ }
+
+ /* no errors */
+ if (!$input_errors)
+ {
+
+ $config['installedpackages']['snortglobal']['alertsblocks']['arefresh'] = $_POST['arefresh'] ? on : off;
+ $config['installedpackages']['snortglobal']['alertsblocks']['alertnumber'] = $_POST['alertnumber'];
+
+ conf_mount_rw();
+ write_config();
+ //conf_mount_ro();
+ sleep(2);
+
+ header("Location: /snort/snort_alerts.php");
+
+ }
+
+}
+
+
+if ($_POST['delete'])
+{
-if ($_POST['clear']) {
exec("killall syslogd");
conf_mount_rw();
- exec("rm {$snort_logfile}; touch {$snort_logfile}");
+ if(file_exists("/var/log/snort/alert"))
+ {
+ exec('/bin/rm /var/log/snort/*');
+ exec('/usr/bin/touch /var/log/snort/alert');
+ }
conf_mount_ro();
system_syslogd_start();
- exec("/usr/bin/killall -HUP snort");
- exec("/usr/bin/killall snort2c");
- if ($config['installedpackages']['snort']['config'][0]['blockoffenders'] == 'on')
- exec("/usr/local/bin/snort2c -w /var/db/whitelist -a /var/log/snort/alert");
+ //exec("/usr/bin/killall -HUP snort");
+
+}
+
+if ($_POST['download'])
+{
+
+ ob_start(); //importanr or other post will fail
+ $save_date = exec('/bin/date "+%Y-%m-%d-%H-%M-%S"');
+ $file_name = "snort_logs_{$save_date}.tar.gz";
+ exec("/usr/bin/tar cfz /tmp/snort_logs_{$save_date}.tar.gz /var/log/snort");
+
+ if(file_exists("/tmp/snort_logs_{$save_date}.tar.gz"))
+ {
+ $file = "/tmp/snort_logs_{$save_date}.tar.gz";
+ header("Expires: Mon, 26 Jul 1997 05:00:00 GMT\n");
+ header("Pragma: private"); // needed for IE
+ header("Cache-Control: private, must-revalidate"); // needed for IE
+ header('Content-type: application/force-download');
+ header('Content-Transfer-Encoding: Binary');
+ header("Content-length: ".filesize($file));
+ header("Content-disposition: attachment; filename = {$file_name}");
+ readfile("$file");
+ exec("/bin/rm /tmp/snort_logs_{$save_date}.tar.gz");
+ od_end_clean(); //importanr or other post will fail
+ }else{
+ echo 'Error no saved file.';
+ }
+
+}
+
+
+/* WARNING: took me forever to figure reg expression, dont lose */
+// $fileline = '12/09-18:12:02.086733 [**] [122:6:0] (portscan) TCP Filtered Decoy Portscan [**] [Priority: 3] {PROTO:255} 125.135.214.166 -> 70.61.243.50';
+
+function get_snort_alert_date($fileline)
+{
+ /* date full date \d+\/\d+-\d+:\d+:\d+\.\d+\s */
+ if (preg_match("/\d+\/\d+-\d+:\d+:\d\d/", $fileline, $matches1))
+ {
+ $alert_date = "$matches1[0]";
+ }
+
+return $alert_date;
+
+}
+
+function get_snort_alert_disc($fileline)
+{
+ /* disc */
+ if (preg_match("/\[\*\*\] (\[.*\]) (.*) (\[\*\*\])/", $fileline, $matches))
+ {
+ $alert_disc = "$matches[2]";
+ }
+
+return $alert_disc;
+
+}
+
+function get_snort_alert_class($fileline)
+{
+ /* class */
+ if (preg_match('/\[Classification:\s.+[^\d]\]/', $fileline, $matches2))
+ {
+ $alert_class = "$matches2[0]";
+ }
+
+return $alert_class;
+
+}
+
+function get_snort_alert_priority($fileline)
+{
+ /* Priority */
+ if (preg_match('/Priority:\s\d/', $fileline, $matches3))
+ {
+ $alert_priority = "$matches3[0]";
+ }
+
+return $alert_priority;
+
+}
+
+function get_snort_alert_proto($fileline)
+{
+ /* Priority */
+ if (preg_match('/\{.+\}/', $fileline, $matches3))
+ {
+ $alert_proto = "$matches3[0]";
+ }
+
+return $alert_proto;
+
+}
+
+function get_snort_alert_proto_full($fileline)
+{
+ /* Protocal full */
+ if (preg_match('/.+\sTTL/', $fileline, $matches2))
+ {
+ $alert_proto_full = "$matches2[0]";
+ }
+
+return $alert_proto_full;
+
+}
+
+function get_snort_alert_ip_src($fileline)
+{
+ /* SRC IP */
+ $re1='.*?'; # Non-greedy match on filler
+ $re2='((?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?))(?![\\d])'; # IPv4 IP Address 1
+
+ if ($c=preg_match_all ("/".$re1.$re2."/is", $fileline, $matches4))
+ {
+ $alert_ip_src = $matches4[1][0];
+ }
+
+return $alert_ip_src;
+
+}
+
+function get_snort_alert_src_p($fileline)
+{
+ /* source port */
+ if (preg_match('/:\d+\s-/', $fileline, $matches5))
+ {
+ $alert_src_p = "$matches5[0]";
+ }
+
+return $alert_src_p;
+
+}
+
+function get_snort_alert_flow($fileline)
+{
+ /* source port */
+ if (preg_match('/(->|<-)/', $fileline, $matches5))
+ {
+ $alert_flow = "$matches5[0]";
+ }
+
+return $alert_flow;
+
+}
+
+function get_snort_alert_ip_dst($fileline)
+{
+ /* DST IP */
+ $re1dp='.*?'; # Non-greedy match on filler
+ $re2dp='(?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)(?![\\d])'; # Uninteresting: ipaddress
+ $re3dp='.*?'; # Non-greedy match on filler
+ $re4dp='((?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?))(?![\\d])'; # IPv4 IP Address 1
+
+ if ($c=preg_match_all ("/".$re1dp.$re2dp.$re3dp.$re4dp."/is", $fileline, $matches6))
+ {
+ $alert_ip_dst = $matches6[1][0];
+ }
+
+return $alert_ip_dst;
+
}
+
+function get_snort_alert_dst_p($fileline)
+{
+ /* dst port */
+ if (preg_match('/:\d+$/', $fileline, $matches7))
+ {
+ $alert_dst_p = "$matches7[0]";
+ }
+
+return $alert_dst_p;
+
+}
+
+function get_snort_alert_dst_p_full($fileline)
+{
+ /* dst port full */
+ if (preg_match('/:\d+\n[A-Z]+\sTTL/', $fileline, $matches7))
+ {
+ $alert_dst_p = "$matches7[0]";
+ }
+
+return $alert_dst_p;
+
+}
+
+function get_snort_alert_sid($fileline)
+{
+ /* SID */
+ if (preg_match('/\[\d+:\d+:\d+\]/', $fileline, $matches8))
+ {
+ $alert_sid = "$matches8[0]";
+ }
+
+return $alert_sid;
+
+}
+
+//
$pgtitle = "Services: Snort: Snort Alerts";
include("head.inc");
?>
+<link rel="stylesheet" href="/snort/css/style.css" type="text/css" media="all">
+<script type="text/javascript" src="/snort/javascript/mootools.js"></script>
+<script type="text/javascript" src="/snort/javascript/sortableTable.js"></script>
+
<body link="#0000CC" vlink="#0000CC" alink="#0000CC">
-<?php include("fbegin.inc"); ?>
-<?php
-if(!$pgtitle_output)
- echo "<p class=\"pgtitle\"><?=$pgtitle?></p>";
+<?php
+
+include("./snort_fbegin.inc");
+
+echo "<p class=\"pgtitle\">";
+if($pfsense_stable == 'yes'){echo $pgtitle;}
+echo "</p>\n";
+
+/* refresh every 60 secs */
+if ($pconfig['arefresh'] == 'on' || $pconfig['arefresh'] == '')
+{
+ echo "<meta http-equiv=\"refresh\" content=\"60;url=/snort/snort_alerts.php\" />\n";
+}
?>
<table width="100%" border="0" cellpadding="0" cellspacing="0">
<tr><td>
<?php
$tab_array = array();
- $tab_array[] = array(gettext("Settings"), false, "/pkg_edit.php?xml=snort.xml&id=0");
- $tab_array[] = array(gettext("Update Rules"), false, "/snort_download_rules.php");
- $tab_array[] = array(gettext("Categories"), false, "/snort_rulesets.php");
- $tab_array[] = array(gettext("Rules"), false, "/snort_rules.php");
- $tab_array[] = array(gettext("Servers"), false, "/pkg_edit.php?xml=snort_define_servers.xml&amp;id=0");
- $tab_array[] = array(gettext("Blocked"), false, "/snort_blocked.php");
- $tab_array[] = array(gettext("Whitelist"),false, "/pkg.php?xml=snort_whitelist.xml");
- $tab_array[] = array(gettext("Threshold"), false, "/pkg.php?xml=snort_threshold.xml");
- $tab_array[] = array(gettext("Alerts"), true, "/snort_alerts.php");
- $tab_array[] = array(gettext("Advanced"), false, "/pkg_edit.php?xml=snort_advanced.xml&id=0");
+ $tab_array[] = array("Snort Interfaces", false, "/snort/snort_interfaces.php");
+ $tab_array[] = array("Global Settings", false, "/snort/snort_interfaces_global.php");
+ $tab_array[] = array("Rule Updates", false, "/snort/snort_download_rules.php");
+ $tab_array[] = array("Alerts", true, "/snort/snort_alerts.php");
+ $tab_array[] = array("Blocked", false, "/snort/snort_blocked.php");
+ $tab_array[] = array("Whitelists", false, "/pkg.php?xml=/snort/snort_whitelist.xml");
+ $tab_array[] = array("Help & Info", false, "/snort/snort_help_info.php");
display_top_tabs($tab_array);
?>
- </td></tr>
- <tr>
- <td>
+</td>
+</tr>
+ <tr>
+ <td>
<div id="mainarea">
- <table class="tabcont" width="100%" border="0" cellspacing="0" cellpadding="0">
+ <table class="tabcont" width="100%" border="1" cellspacing="0" cellpadding="0">
<tr>
- <td colspan="2" class="listtopic">
- Last <?=$nentries;?> Snort Alert entries</td>
+ <td width="22%" colspan="0" class="listtopic">
+ Last <?=$anentries;?> Alert Entries.
+ </td>
+ <td width="78%" class="listtopic">
+ Latest Alert Entries Are Listed First.
+ </td>
</tr>
- <?php dump_log_file($snort_logfile, $nentries); ?>
- <tr><td><br><form action="snort_alerts.php" method="post">
- <input name="clear" type="submit" class="formbtn" value="Clear log"></td></tr>
+ <tr>
+ <td width="22%" class="vncell">Save or Remove Logs</td>
+ <td width="78%" class="vtable">
+ <form action="/snort/snort_alerts.php" method="post">
+ <input name="download" type="submit" class="formbtn" value="Download">
+ All log files will be saved.
+ <input name="delete" type="submit" class="formbtn" value="Clear">
+ <span class="red"><strong>Warning:</strong></span> all log files will be deleted.
+ </form>
+ </td>
+ </tr>
+ <tr>
+ <td width="22%" class="vncell">Auto Refresh and Log View</td>
+ <td width="78%" class="vtable">
+ <form action="/snort/snort_alerts.php" method="post">
+ <input name="save" type="submit" class="formbtn" value="Save">
+ Refresh
+ <input name="arefresh" type="checkbox" value="on" <?php if ($config['installedpackages']['snortglobal']['alertsblocks']['arefresh']=="on") echo "checked"; ?>>
+ <strong>Default</strong> is <strong>ON</strong>.
+ <input name="alertnumber" type="text" class="formfld" id="alertnumber" size="5" value="<?=htmlspecialchars($anentries);?>">
+ Enter the number of log entries to view. <strong>Default</strong> is <strong>250</strong>.
+ </form>
+ </td>
+ </tr>
</table>
</div>
- </form>
</td>
</tr>
</table>
+<table width="100%" border="0" cellpadding="0" cellspacing="0">
+ <td width="100%">
+ <br>
+ <div class="tableFilter">
+ <form id="tableFilter" onsubmit="myTable.filter(this.id); return false;">Filter:
+ <select id="column">
+ <option value="1">PRIORITY</option>
+ <option value="2">PROTO</option>
+ <option value="3">DESCRIPTION</option>
+ <option value="4">CLASS</option>
+ <option value="5">SRC</option>
+ <option value="6">SRC PORT</option>
+ <option value="7">FLOW</option>
+ <option value="8">DST</option>
+ <option value="9">DST PORT</option>
+ <option value="10">SID</option>
+ <option value="11">Date</option>
+ </select>
+ <input type="text" id="keyword" />
+ <input type="submit" value="Submit" />
+ <input type="reset" value="Clear" />
+ </form>
+ </div>
+<table class="allRow" id="myTable" width="100%" border="2" cellpadding="1" cellspacing="1">
+ <thead>
+ <th axis="number">#</th>
+ <th axis="string">PRI</th>
+ <th axis="string">PROTO</th>
+ <th axis="string">DESCRIPTION</th>
+ <th axis="string">CLASS</th>
+ <th axis="string">SRC</th>
+ <th axis="string">SPORT</th>
+ <th axis="string">FLOW</th>
+ <th axis="string">DST</th>
+ <th axis="string">DPORT</th>
+ <th axis="string">SID</th>
+ <th axis="date">Date</th>
+ </thead>
+ <tbody>
+<?php
+
+ /* make sure alert file exists */
+ if(!file_exists('/var/log/snort/alert'))
+ {
+ conf_mount_rw();
+ exec('/usr/bin/touch /var/log/snort/alert');
+ conf_mount_ro();
+ }
+
+ $logent = $anentries;
+
+ /* detect the alert file type */
+ if ($snortalertlogt == 'full')
+ {
+ $alerts_array = array_reverse(array_filter(explode("\n\n", file_get_contents('/var/log/snort/alert'))));
+ }else{
+ $alerts_array = array_reverse(array_filter(split("\n", file_get_contents('/var/log/snort/alert'))));
+ }
+
+
+
+if (is_array($alerts_array))
+{
+
+ $counter = 0;
+ foreach($alerts_array as $fileline)
+ {
+
+ if($logent <= $counter)
+ continue;
+
+ $counter++;
+
+ /* Date */
+ $alert_date_str = get_snort_alert_date($fileline);
+
+ if($alert_date_str != '')
+ {
+ $alert_date = $alert_date_str;
+ }else{
+ $alert_date = 'empty';
+ }
+
+ /* Discription */
+ $alert_disc_str = get_snort_alert_disc($fileline);
+
+ if($alert_disc_str != '')
+ {
+ $alert_disc = $alert_disc_str;
+ }else{
+ $alert_disc = 'empty';
+ }
+
+ /* Classification */
+ $alert_class_str = get_snort_alert_class($fileline);
+
+ if($alert_class_str != '')
+ {
+
+ $alert_class_match = array('[Classification:',']');
+ $alert_class = str_replace($alert_class_match, '', "$alert_class_str");
+ }else{
+ $alert_class = 'Prep';
+ }
+
+ /* Priority */
+ $alert_priority_str = get_snort_alert_priority($fileline);
+
+ if($alert_priority_str != '')
+ {
+ $alert_priority_match = array('Priority: ',']');
+ $alert_priority = str_replace($alert_priority_match, '', "$alert_priority_str");
+ }else{
+ $alert_priority = 'empty';
+ }
+
+ /* Protocol */
+ /* Detect alert file type */
+ if ($snortalertlogt == 'full')
+ {
+ $alert_proto_str = get_snort_alert_proto_full($fileline);
+ }else{
+ $alert_proto_str = get_snort_alert_proto($fileline);
+ }
+
+ if($alert_proto_str != '')
+ {
+ $alert_proto_match = array(" TTL",'{','}');
+ $alert_proto = str_replace($alert_proto_match, '', "$alert_proto_str");
+ }else{
+ $alert_proto = 'empty';
+ }
+
+ /* IP SRC */
+ $alert_ip_src_str = get_snort_alert_ip_src($fileline);
+
+ if($alert_ip_src_str != '')
+ {
+ $alert_ip_src = $alert_ip_src_str;
+ }else{
+ $alert_ip_src = 'empty';
+ }
+
+ /* IP SRC Port */
+ $alert_src_p_str = get_snort_alert_src_p($fileline);
+
+ if($alert_src_p_str != '')
+ {
+ $alert_src_p_match = array(' -',':');
+ $alert_src_p = str_replace($alert_src_p_match, '', "$alert_src_p_str");
+ }else{
+ $alert_src_p = 'empty';
+ }
+
+ /* Flow */
+ $alert_flow_str = get_snort_alert_flow($fileline);
+
+ if($alert_flow_str != '')
+ {
+ $alert_flow = $alert_flow_str;
+ }else{
+ $alert_flow = 'empty';
+ }
+
+ /* IP Destination */
+ $alert_ip_dst_str = get_snort_alert_ip_dst($fileline);
+
+ if($alert_ip_dst_str != '')
+ {
+ $alert_ip_dst = $alert_ip_dst_str;
+ }else{
+ $alert_ip_dst = 'empty';
+ }
+
+ /* IP DST Port */
+ if ($snortalertlogt == 'full')
+ {
+ $alert_dst_p_str = get_snort_alert_dst_p_full($fileline);
+ }else{
+ $alert_dst_p_str = get_snort_alert_dst_p($fileline);
+ }
+
+ if($alert_dst_p_str != '')
+ {
+ $alert_dst_p_match = array(':',"\n"," TTL");
+ $alert_dst_p_str2 = str_replace($alert_dst_p_match, '', "$alert_dst_p_str");
+ $alert_dst_p_match2 = array('/[A-Z]/');
+ $alert_dst_p = preg_replace($alert_dst_p_match2, '', "$alert_dst_p_str2");
+ }else{
+ $alert_dst_p = 'empty';
+ }
+
+ /* SID */
+ $alert_sid_str = get_snort_alert_sid($fileline);
+
+ if($alert_sid_str != '')
+ {
+ $alert_sid_match = array('[',']');
+ $alert_sid = str_replace($alert_sid_match, '', "$alert_sid_str");
+ }else{
+ $alert_sid_str = 'empty';
+ }
+
+ /* NOTE: using one echo improves performance by 2x */
+ if ($alert_disc != 'empty')
+ {
+ echo "<tr id=\"{$counter}\">
+ <td class=\"centerAlign\">{$counter}</td>
+ <td class=\"centerAlign\">{$alert_priority}</td>
+ <td class=\"centerAlign\">{$alert_proto}</td>
+ <td>{$alert_disc}</td>
+ <td class=\"centerAlign\">{$alert_class}</td>
+ <td>{$alert_ip_src}</td>
+ <td class=\"centerAlign\">{$alert_src_p}</td>
+ <td class=\"centerAlign\">{$alert_flow}</td>
+ <td>{$alert_ip_dst}</td>
+ <td class=\"centerAlign\">{$alert_dst_p}</td>
+ <td class=\"centerAlign\">{$alert_sid}</td>
+ <td>{$alert_date}</td>
+ </tr>\n";
+ }
+
+// <script type="text/javascript">
+// var myTable = {};
+// window.addEvent('domready', function(){
+// myTable = new sortableTable('myTable', {overCls: 'over', onClick: function(){alert(this.id)}});
+// });
+// </script>
+
+ }
+}
+
+?>
+ </tbody>
+ </table>
+ </td>
+</table>
+
<?php include("fend.inc"); ?>
-<meta http-equiv="refresh" content="60;url=<?php print $_SERVER['SCRIPT_NAME']; ?>">
-</body>
-</html>
-<!-- <?php echo $snort_logfile; ?> -->
-<?php
+ <script type="text/javascript">
+ var myTable = {};
+ window.addEvent('domready', function(){
+ myTable = new sortableTable('myTable', {overCls: 'over'});
+ });
+ </script>
-function dump_log_file($logfile, $tail, $withorig = true, $grepfor = "", $grepinvert = "") {
- global $g, $config;
- $logarr = "";
- exec("cat {$logfile} | /usr/bin/tail -n {$tail}", $logarr);
- foreach ($logarr as $logent) {
- if(!logent)
- continue;
- $ww_logent = $logent;
- $ww_logent = str_replace("[", " [ ", $ww_logent);
- $ww_logent = str_replace("]", " ] ", $ww_logent);
- echo "<tr valign=\"top\">\n";
- echo "<td colspan=\"2\" class=\"listr\">" . make_clickable($ww_logent) . "&nbsp;</td>\n";
- echo "</tr>\n";
- }
-}
-
-?> \ No newline at end of file
+</body>
+</html>
diff --git a/config/snort-dev/snort_barnyard.php b/config/snort/snort_barnyard.php
index b8f05c47..7a587330 100644
--- a/config/snort-dev/snort_barnyard.php
+++ b/config/snort/snort_barnyard.php
@@ -128,7 +128,7 @@ if (isset($id) && $a_nat[$id]) {
if (isset($_GET['dup']))
unset($id);
-$if_real = convert_friendly_interface_to_real_interface_name($pconfig['interface']);
+$if_real = convert_friendly_interface_to_real_interface_name2($pconfig['interface']);
$snort_uuid = $config['installedpackages']['snortglobal']['rule'][$id]['uuid'];
@@ -142,7 +142,7 @@ $d_snortconfdirty_path = "/var/run/snort_conf_{$snort_uuid}_{$if_real}.dirty";
write_config();
- sync_snort_package_all();
+ sync_snort_package_all($id, $if_real, $snort_uuid);
sync_snort_package();
unlink($d_snortconfdirty_path);
diff --git a/config/snort/snort_blocked.php b/config/snort/snort_blocked.php
index ff158853..293679d9 100644
--- a/config/snort/snort_blocked.php
+++ b/config/snort/snort_blocked.php
@@ -5,6 +5,9 @@
Copyright (C) 2006 Scott Ullrich
All rights reserved.
+ Modified for the Pfsense snort package v. 1.8+
+ Copyright (C) 2009 Robert Zelaya Sr. Developer
+
Redistribution and use in source and binary forms, with or without
modification, are permitted provided that the following conditions are met:
@@ -27,8 +30,19 @@
POSSIBILITY OF SUCH DAMAGE.
*/
-require("guiconfig.inc");
-require("/usr/local/pkg/snort.inc");
+require_once("globals.inc");
+require_once("guiconfig.inc");
+require_once("/usr/local/pkg/snort/snort.inc");
+
+$pconfig['brefresh'] = $config['installedpackages']['snortglobal']['alertsblocks']['brefresh'];
+$pconfig['blertnumber'] = $config['installedpackages']['snortglobal']['alertsblocks']['blertnumber'];
+
+if ($pconfig['blertnumber'] == '' || $pconfig['blertnumber'] == '0')
+{
+ $bnentries = '500';
+}else{
+ $bnentries = $pconfig['blertnumber'];
+}
if($_POST['todelete'] or $_GET['todelete']) {
if($_POST['todelete'])
@@ -38,100 +52,147 @@ if($_POST['todelete'] or $_GET['todelete']) {
exec("/sbin/pfctl -t snort2c -T delete {$ip}");
}
-$pgtitle = "Snort: Snort Blocked";
-include("head.inc");
+if ($_POST['remove']) {
-?>
+exec("/sbin/pfctl -t snort2c -T flush");
+sleep(1);
+header("Location: /snort/snort_blocked.php");
-<body link="#000000" vlink="#000000" alink="#000000">
-<?php include("fbegin.inc"); ?>
+}
-<?php
-if(!$pgtitle_output)
- echo "<p class=\"pgtitle\"><?=$pgtitle?></p>";
-?>
+/* TODO: build a file with block ip and disc */
+if ($_POST['download'])
+{
-<form action="snort_rulesets.php" method="post" name="iform" id="iform">
-<script src="/row_toggle.js" type="text/javascript"></script>
-<script src="/javascript/sorttable.js" type="text/javascript"></script>
-<?php if ($savemsg) print_info_box($savemsg); ?>
-<table width="99%" border="0" cellpadding="0" cellspacing="0">
- <tr>
- <td>
-<?php
- $tab_array = array();
- $tab_array[] = array(gettext("Settings"), false, "/pkg_edit.php?xml=snort.xml&id=0");
- $tab_array[] = array(gettext("Update Rules"), false, "/snort_download_rules.php");
- $tab_array[] = array(gettext("Categories"), false, "/snort_rulesets.php");
- $tab_array[] = array(gettext("Rules"), false, "/snort_rules.php");
- $tab_array[] = array(gettext("Servers"), false, "/pkg_edit.php?xml=snort_define_servers.xml&amp;id=0");
- $tab_array[] = array(gettext("Blocked"), true, "/snort_blocked.php");
- $tab_array[] = array(gettext("Whitelist"), false, "/pkg.php?xml=snort_whitelist.xml");
- $tab_array[] = array(gettext("Threshold"), false, "/pkg.php?xml=snort_threshold.xml");
- $tab_array[] = array(gettext("Alerts"), false, "/snort_alerts.php");
- $tab_array[] = array(gettext("Advanced"), false, "/pkg_edit.php?xml=snort_advanced.xml&id=0");
- display_top_tabs($tab_array);
-?>
- </td>
- </tr>
- <tr>
- <td>
- <div id="mainarea">
- <table id="maintable" class="tabcont" width="100%" border="0" cellpadding="0" cellspacing="0">
- <tr>
- <td>
- <table id="sortabletable1" class="sortable" width="100%" border="0" cellpadding="0" cellspacing="0">
- <tr id="frheader">
- <td width="5%" class="listhdrr">Remove</td>
- <td class="listhdrr">IP</td>
- <td class="listhdrr">Alert Description</td>
- </tr>
-<?php
+ ob_start(); //important or other posts will fail
+ $save_date = exec('/bin/date "+%Y-%m-%d-%H-%M-%S"');
+ $file_name = "snort_blocked_{$save_date}.tar.gz";
+ exec('/bin/mkdir /tmp/snort_blocked');
+ exec('/sbin/pfctl -t snort2c -T show > /tmp/snort_block.pf');
+
+ $blocked_ips_array_save = str_replace(' ', '', array_filter(explode("\n", file_get_contents('/tmp/snort_block.pf'))));
+
+ if ($blocked_ips_array_save[0] != '')
+ {
- $associatealertip = $config['installedpackages']['snort']['config'][0]['associatealertip'];
- $ips = `/sbin/pfctl -t snort2c -T show`;
- $ips_array = split("\n", $ips);
- $counter = 0;
- foreach($ips_array as $ip) {
- if(!$ip)
- continue;
- $ww_ip = str_replace(" ", "", $ip);
- $counter++;
- if($associatealertip)
- $alert_description = get_snort_alert($ww_ip);
- else
- $alert_description = "";
- echo "\n<tr>";
- echo "\n<td align=\"center\" valign=\"top\"'><a href='snort_blocked.php?todelete=" . trim(urlencode($ww_ip)) . "'>";
- echo "\n<img title=\"Delete\" border=\"0\" name='todelete' id='todelete' alt=\"Delete\" src=\"./themes/{$g['theme']}/images/icons/icon_x.gif\"></a></td>";
- echo "\n<td>&nbsp;{$ww_ip}</td>";
- echo "\n<td>&nbsp;{$alert_description}<!-- |{$ww_ip}| get_snort_alert($ww_ip); --></td>";
- echo "\n</tr>";
+ /* build the list */
+ $counter = 0;
+ foreach($blocked_ips_array_save as $fileline3)
+ {
+
+ $counter++;
+
+ exec("/bin/echo $fileline3 >> /tmp/snort_blocked/snort_block.pf");
+
+ }
}
- echo "\n<tr><td colspan='3'>&nbsp;</td></tr>";
- if($counter < 1)
- echo "\n<tr><td colspan='3' align=\"center\" valign=\"top\">There are currently no items being blocked by snort.</td></tr>";
- else
- echo "\n<tr><td colspan='3' align=\"center\" valign=\"top\">{$counter} items listed.</td></tr>";
-?>
+ exec("/usr/bin/tar cfz /tmp/snort_blocked_{$save_date}.tar.gz /tmp/snort_blocked");
- </table>
- </td>
- </tr>
- </table>
- </div>
- </td>
- </tr>
-</table>
+ if(file_exists("/tmp/snort_blocked_{$save_date}.tar.gz"))
+ {
+ $file = "/tmp/snort_blocked_{$save_date}.tar.gz";
+ header("Expires: Mon, 26 Jul 1997 05:00:00 GMT\n");
+ header("Pragma: private"); // needed for IE
+ header("Cache-Control: private, must-revalidate"); // needed for IE
+ header('Content-type: application/force-download');
+ header('Content-Transfer-Encoding: Binary');
+ header("Content-length: ".filesize($file));
+ header("Content-disposition: attachment; filename = {$file_name}");
+ readfile("$file");
+ exec("/bin/rm /tmp/snort_blocked_{$save_date}.tar.gz");
+ exec("/bin/rm /tmp/snort_block.pf");
+ exec("/bin/rm /tmp/snort_blocked/snort_block.pf");
+ od_end_clean(); //importanr or other post will fail
+ }else{
+ echo 'Error no saved file.';
+ }
-</form>
+}
-<p>
+if ($_POST['save'])
+{
-<?php
+ /* input validation */
+ if ($_POST['save'])
+ {
+
+
+ }
+
+ /* no errors */
+ if (!$input_errors)
+ {
+
+ $config['installedpackages']['snortglobal']['alertsblocks']['brefresh'] = $_POST['brefresh'] ? on : off;
+ $config['installedpackages']['snortglobal']['alertsblocks']['blertnumber'] = $_POST['blertnumber'];
+
+ conf_mount_rw();
+ write_config();
+ //conf_mount_ro();
+ sleep(2);
+
+ header("Location: /snort/snort_blocked.php");
+
+ }
+
+}
+
+/* build filter funcs */
+function get_snort_alert_ip_src($fileline)
+{
+ /* SRC IP */
+ $re1='.*?'; # Non-greedy match on filler
+ $re2='((?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?))(?![\\d])'; # IPv4 IP Address 1
+
+ if ($c=preg_match_all ("/".$re1.$re2."/is", $fileline, $matches4))
+ {
+ $alert_ip_src = $matches4[1][0];
+ }
+
+return $alert_ip_src;
+
+}
-$blockedtab_msg_chk = $config['installedpackages']['snort']['config'][0]['rm_blocked'];
+function get_snort_alert_disc($fileline)
+{
+ /* disc */
+ if (preg_match("/\[\*\*\] (\[.*\]) (.*) (\[\*\*\])/", $fileline, $matches))
+ {
+ $alert_disc = "$matches[2]";
+ }
+
+return $alert_disc;
+
+}
+
+/* build sec filters */
+function get_snort_block_ip($fileline)
+{
+ /* ip */
+ if (preg_match("/\[\d+\.\d+\.\d+\.\d+\]/", $fileline, $matches))
+ {
+ $alert_block_ip = "$matches[0]";
+ }
+
+return $alert_block_ip;
+
+}
+
+function get_snort_block_disc($fileline)
+{
+ /* disc */
+ if (preg_match("/\]\s\[.+\]$/", $fileline, $matches))
+ {
+ $alert_block_disc = "$matches[0]";
+ }
+
+return $alert_block_disc;
+
+}
+
+/* tell the user what settings they have */
+$blockedtab_msg_chk = $config['installedpackages']['snortglobal']['rm_blocked'];
if ($blockedtab_msg_chk == "1h_b") {
$blocked_msg = "hour";
}
@@ -157,18 +218,228 @@ $blockedtab_msg_chk = $config['installedpackages']['snort']['config'][0]['rm_blo
$blocked_msg = "28 days";
}
-echo "This page lists hosts that have been blocked by Snort. Hosts are automatically deleted every $blocked_msg.";
+if ($blockedtab_msg_chk != "never_b")
+{
+$blocked_msg_txt = "Hosts are removed every <strong>$blocked_msg</strong>.";
+}else{
+$blocked_msg_txt = "Settings are set to never <strong>remove</strong> hosts.";
+}
+
+$pgtitle = "Services: Snort Blocked Hosts";
+include("head.inc");
?>
-<?php include("fend.inc"); ?>
+<body link="#000000" vlink="#000000" alink="#000000">
+<?php
-</body>
-</html>
+include("./snort_fbegin.inc");
+
+echo "<p class=\"pgtitle\">";
+if($pfsense_stable == 'yes'){echo $pgtitle;}
+echo "</p>\n";
+
+/* refresh every 60 secs */
+if ($pconfig['brefresh'] == 'on' || $pconfig['brefresh'] == '')
+{
+ echo "<meta http-equiv=\"refresh\" content=\"60;url=/snort/snort_blocked.php\" />\n";
+}
+?>
+
+<script src="/row_toggle.js" type="text/javascript"></script>
+<script src="/javascript/sorttable.js" type="text/javascript"></script>
+<?php if ($savemsg) print_info_box($savemsg); ?>
+<table width="99%" border="0" cellpadding="0" cellspacing="0">
+ <tr>
+ <td>
+<?php
+ $tab_array = array();
+ $tab_array[] = array("Snort Interfaces", false, "/snort/snort_interfaces.php");
+ $tab_array[] = array("Global Settings", false, "/snort/snort_interfaces_global.php");
+ $tab_array[] = array("Rule Updates", false, "/snort/snort_download_rules.php");
+ $tab_array[] = array("Alerts", false, "/snort/snort_alerts.php");
+ $tab_array[] = array("Blocked", true, "/snort/snort_blocked.php");
+ $tab_array[] = array("Whitelists", false, "/pkg.php?xml=/snort/snort_whitelist.xml");
+ $tab_array[] = array("Help & Info", false, "/snort/snort_help_info.php");
+ display_top_tabs($tab_array);
+?>
+ </td>
+ </tr>
+ <tr>
+ <td>
+ <div id="mainarea">
+
+ <table id="maintable" class="tabcont" width="100%" border="0" cellpadding="0" cellspacing="0">
+ <tr>
+ <td width="22%" colspan="0" class="listtopic">
+ Last <?=$bnentries;?> Blocked.
+ </td>
+ <td width="78%" class="listtopic">
+ This page lists hosts that have been blocked by Snort.&nbsp;&nbsp;<?=$blocked_msg_txt;?>
+ </td>
+ </tr>
+ <tr>
+ <td width="22%" class="vncell">Save or Remove Hosts</td>
+ <td width="78%" class="vtable">
+ <form action="/snort/snort_blocked.php" method="post">
+ <input name="download" type="submit" class="formbtn" value="Download">
+ All blocked hosts will be saved.
+ <input name="remove" type="submit" class="formbtn" value="Clear">
+ <span class="red"><strong>Warning:</strong></span> all hosts will be removed.
+ </form>
+ </td>
+ </tr>
+ <tr>
+ <td width="22%" class="vncell">Auto Refresh and Log View</td>
+ <td width="78%" class="vtable">
+ <form action="/snort/snort_blocked.php" method="post">
+ <input name="save" type="submit" class="formbtn" value="Save">
+ Refresh
+ <input name="brefresh" type="checkbox" value="on" <?php if ($config['installedpackages']['snortglobal']['alertsblocks']['brefresh']=="on" || $config['installedpackages']['snortglobal']['alertsblocks']['brefresh']=='') echo "checked"; ?>>
+ <strong>Default</strong> is <strong>ON</strong>.
+ <input name="blertnumber" type="text" class="formfld" id="blertnumber" size="5" value="<?=htmlspecialchars($bnentries);?>">
+ Enter the number of blocked entries to view. <strong>Default</strong> is <strong>500</strong>.
+ </form>
+ </td>
+ </tr>
+ </table>
+
+ </div>
+ </td>
+ </tr>
+ <table class="tabcont" width="100%" border="0" cellspacing="0" cellpadding="0">
+ <tr>
+ <td>
+ <table id="sortabletable1" class="sortable" width="100%" border="0" cellpadding="0" cellspacing="0">
+ <tr id="frheader">
+ <td width="5%" class="listhdrr">Remove</td>
+ <td class="listhdrr">#</td>
+ <td class="listhdrr">IP</td>
+ <td class="listhdrr">Alert Description</td>
+ </tr>
<?php
-/* write out snort cache */
-write_snort_config_cache($snort_config);
+/* set the arrays */
+exec('/sbin/pfctl -t snort2c -T show > /tmp/snort_block.cache');
+$alerts_array = array_reverse(array_filter(explode("\n\n", file_get_contents('/var/log/snort/alert'))));
+$blocked_ips_array = str_replace(' ', '', array_filter(explode("\n", file_get_contents('/tmp/snort_block.cache'))));
+
+$logent = $bnentries;
+
+if ($blocked_ips_array[0] != '' && $alerts_array[0] != '')
+{
+
+ /* build the list and compare blocks to alerts */
+ $counter = 0;
+ foreach($alerts_array as $fileline)
+ {
+
+ $counter++;
-?> \ No newline at end of file
+ $alert_ip_src = get_snort_alert_ip_src($fileline);
+ $alert_ip_disc = get_snort_alert_disc($fileline);
+ $alert_ip_src_array[] = get_snort_alert_ip_src($fileline);
+
+ if (in_array("$alert_ip_src", $blocked_ips_array))
+ {
+ $input[] = "[$alert_ip_src] " . "[$alert_ip_disc]\n";
+ }
+ }
+
+ foreach($blocked_ips_array as $alert_block_ip)
+ {
+
+ if (!in_array($alert_block_ip, $alert_ip_src_array))
+ {
+ $input[] = "[$alert_block_ip] " . "[N\A]\n";
+ }
+ }
+
+ /* reduce double occurrences */
+ $result = array_unique($input);
+
+ /* buil final list, preg_match, buld html */
+ $counter2 = 0;
+
+ foreach($result as $fileline2)
+ {
+ if($logent <= $counter2)
+ continue;
+
+ $counter2++;
+
+ $alert_block_ip_str = get_snort_block_ip($fileline2);
+
+ if($alert_block_ip_str != '')
+ {
+ $alert_block_ip_match = array('[',']');
+ $alert_block_ip = str_replace($alert_block_ip_match, '', "$alert_block_ip_str");
+ }else{
+ $alert_block_ip = 'empty';
+ }
+
+ $alert_block_disc_str = get_snort_block_disc($fileline2);
+
+ if($alert_block_disc_str != '')
+ {
+ $alert_block_disc_match = array('] [',']');
+ $alert_block_disc = str_replace($alert_block_disc_match, '', "$alert_block_disc_str");
+ }else{
+ $alert_block_disc = 'empty';
+ }
+
+ /* use one echo to do the magic*/
+ echo "<tr>
+ <td align=\"center\" valign=\"top\"'><a href='snort_blocked.php?todelete=" . trim(urlencode($alert_block_ip)) . "'>
+ <img title=\"Delete\" border=\"0\" name='todelete' id='todelete' alt=\"Delete\" src=\"../themes/{$g['theme']}/images/icons/icon_x.gif\"></a></td>
+ <td>&nbsp;{$counter2}</td>
+ <td>&nbsp;{$alert_block_ip}</td>
+ <td>&nbsp;{$alert_block_disc}</td>
+ </tr>\n";
+
+ }
+
+}else{
+
+ /* if alerts file is empty and blocked table is not empty */
+ $counter2 = 0;
+
+ foreach($blocked_ips_array as $alert_block_ip)
+ {
+ if($logent <= $counter2)
+ continue;
+
+ $counter2++;
+
+ $alert_block_disc = 'N/A';
+
+ /* use one echo to do the magic*/
+ echo "<tr>
+ <td align=\"center\" valign=\"top\"'><a href='snort_blocked.php?todelete=" . trim(urlencode($alert_block_ip)) . "'>
+ <img title=\"Delete\" border=\"0\" name='todelete' id='todelete' alt=\"Delete\" src=\"../themes/{$g['theme']}/images/icons/icon_x.gif\"></a></td>
+ <td>&nbsp;{$counter2}</td>
+ <td>&nbsp;{$alert_block_ip}</td>
+ <td>&nbsp;{$alert_block_disc}</td>
+ </tr>\n";
+ }
+}
+
+if ($blocked_ips_array[0] == '')
+{
+ echo "\n<tr><td colspan='3' align=\"center\" valign=\"top\"><br><strong>There are currently no items being blocked by snort.</strong></td></tr>";
+}else{
+ echo "\n<tr><td colspan='3' align=\"center\" valign=\"top\">{$counter2} items listed.</td></tr>";
+}
+
+?>
+ </table>
+ </td>
+ </tr>
+ </table>
+ </td>
+ </tr>
+</table>
+<?php include("fend.inc"); ?>
+</body>
+</html>
diff --git a/config/snort/snort_check_for_rule_updates.php b/config/snort/snort_check_for_rule_updates.php
index 8d308245..6f95b101 100644
--- a/config/snort/snort_check_for_rule_updates.php
+++ b/config/snort/snort_check_for_rule_updates.php
@@ -3,6 +3,7 @@
/*
snort_rulesets.php
Copyright (C) 2006 Scott Ullrich
+ Copyright (C) 2009 Robert Zelaya
All rights reserved.
Redistribution and use in source and binary forms, with or without
@@ -28,8 +29,8 @@
*/
/* Setup enviroment */
-$tmpfname = "/root/snort_rules_up";
-$snortdir = "/usr/local/etc/snort_bkup";
+$tmpfname = "/tmp/snort_rules_up";
+$snortdir = "/usr/local/etc/snort";
$snortdir_wan = "/usr/local/etc/snort";
$snort_filename_md5 = "snortrules-snapshot-2.8.tar.gz.md5";
$snort_filename = "snortrules-snapshot-2.8.tar.gz";
@@ -38,53 +39,71 @@ $emergingthreats_filename = "emerging.rules.tar.gz";
$pfsense_rules_filename_md5 = "pfsense_rules.tar.gz.md5";
$pfsense_rules_filename = "pfsense_rules.tar.gz";
-require("/usr/local/pkg/snort.inc");
-require_once("config.inc");
+require_once("globals.inc");
+require_once("guiconfig.inc");
+require_once("/usr/local/pkg/snort/snort.inc");
-?>
+/* define checks */
+$oinkid = $config['installedpackages']['snortglobal']['oinkmastercode'];
+$snortdownload = $config['installedpackages']['snortglobal']['snortdownload'];
+$emergingthreats = $config['installedpackages']['snortglobal']['emergingthreats'];
+if ($oinkid == "" && $snortdownload != "off")
+{
+ echo "You must obtain an oinkid from snort.org and set its value in the Snort settings tab.\n";
+ exec("/usr/bin/logger -p daemon.info -i -t SnortStartup 'You must obtain an oinkid from snort.org and set its value in the Snort settings tab.'");
+ exit;
+}
-<?php
+if ($snortdownload != "on" && $emergingthreats != "on")
+{
+ echo 'Snort Global Settings: download snort.org rules = off and download emergingthreat rules = off.\n';
+ exec("/usr/bin/logger -p daemon.info -i -t SnortStartup 'No rules have been selected to download.'");
+ exit;
+}
+
+conf_mount_rw();
+
+/* Time stamps define */
+$last_md5_download = $config['installedpackages']['snortglobal']['last_md5_download'];
+$last_rules_install = $config['installedpackages']['snortglobal']['last_rules_install'];
$up_date_time = date('l jS \of F Y h:i:s A');
-echo "";
-echo "#########################";
-echo "$up_date_time";
-echo "#########################";
-echo "";
+echo "\n";
+echo "#########################\n";
+echo "$up_date_time\n";
+echo "#########################\n";
+echo "\n\n";
+
+exec("/usr/bin/logger -p daemon.info -i -t SnortStartup 'Checking for needed updates...'");
/* Begin main code */
/* Set user agent to Mozilla */
ini_set('user_agent','Mozilla/4.0 (compatible; MSIE 6.0)');
ini_set("memory_limit","125M");
+/* mark the time update started */
+$config['installedpackages']['snortglobal']['last_md5_download'] = date("Y-M-jS-h:i-A");
+
/* send current buffer */
ob_flush();
-
-/* define oinkid */
-if($config['installedpackages']['snort'])
- $oinkid = $config['installedpackages']['snort']['config'][0]['oinkmastercode'];
-
-/* if missing oinkid exit */
-if(!$oinkid) {
- echo "Please add you oink code\n";
- exit;
-}
+conf_mount_rw();
/* premium_subscriber check */
//unset($config['installedpackages']['snort']['config'][0]['subscriber']);
//write_config(); // Will cause switch back to read-only on nanobsd
//conf_mount_rw(); // Uncomment this if the previous line is uncommented
-$premium_subscriber_chk = $config['installedpackages']['snort']['config'][0]['subscriber'];
-if ($premium_subscriber_chk === on) {
+$premium_subscriber_chk = $config['installedpackages']['snortglobal']['snortdownload'];
+
+if ($premium_subscriber_chk == "premium") {
$premium_subscriber = "_s";
}else{
$premium_subscriber = "";
}
-$premium_url_chk = $config['installedpackages']['snort']['config'][0]['subscriber'];
-if ($premium_url_chk === on) {
+$premium_url_chk = $config['installedpackages']['snortglobal']['snortdownload'];
+if ($premium_url_chk == "premium") {
$premium_url = "sub-rules";
}else{
$premium_url = "reg-rules";
@@ -92,16 +111,23 @@ if ($premium_url_chk === on) {
/* send current buffer */
ob_flush();
-
conf_mount_rw();
+
/* remove old $tmpfname files */
if (file_exists("{$tmpfname}")) {
+ echo "Removing old tmp files...\n";
exec("/bin/rm -r {$tmpfname}");
apc_clear_cache();
}
+/* Make shure snortdir exits */
+exec("/bin/mkdir -p {$snortdir}");
+exec("/bin/mkdir -p {$snortdir}/rules");
+exec("/bin/mkdir -p {$snortdir}/signatures");
+
/* send current buffer */
ob_flush();
+conf_mount_rw();
/* If tmp dir does not exist create it */
if (file_exists($tmpfname)) {
@@ -125,7 +151,7 @@ if (file_exists("{$tmpfname}/{$snort_filename_md5}")) {
}
/* download md5 sig from emergingthreats.net */
-$emergingthreats_url_chk = $config['installedpackages']['snort']['config'][0]['emergingthreats'];
+$emergingthreats_url_chk = $config['installedpackages']['snortglobal']['emergingthreats'];
if ($emergingthreats_url_chk == on) {
echo "Downloading md5 file...\n";
ini_set('user_agent','Mozilla/4.0 (compatible; MSIE 6.0)');
@@ -151,14 +177,11 @@ if (file_exists("{$tmpfname}/{$pfsense_rules_filename_md5}")) {
echo "Done. downloading md5\n";
}
-/* Time stamps define */
-$last_md5_download = $config['installedpackages']['snort']['last_md5_download'];
-$last_rules_install = $config['installedpackages']['snort']['last_rules_install'];
-
/* If md5 file is empty wait 15min exit */
if (0 == filesize("{$tmpfname}/snortrules-snapshot-2.8.tar.gz.md5")){
echo "Please wait... You may only check for New Rules every 15 minutes...\n";
echo "Rules are released every month from snort.org. You may download the Rules at any time.\n";
+ exec("/usr/bin/logger -p daemon.info -i -t SnortStartup 'Please wait... You may only check for New Rules every 15 minutes...'");
exit(0);
}
@@ -168,6 +191,7 @@ if (0 == filesize("{$tmpfname}/snortrules-snapshot-2.8.tar.gz.md5")){
if (0 == filesize("{$tmpfname}/$pfsense_rules_filename_md5")){
echo "Please wait... You may only check for New Pfsense Rules every 15 minutes...\n";
echo "Rules are released to support Pfsense packages.\n";
+ exec("/usr/bin/logger -p daemon.info -i -t SnortStartup 'Please wait... You may only check for New Pfsense Rules every 15 minutes...'");
exit(0);
}
@@ -178,18 +202,18 @@ $md5_check_new = `/bin/echo "{$md5_check_new_parse}" | /usr/bin/awk '{ print $1
$md5_check_old_parse = file_get_contents("{$snortdir}/{$snort_filename_md5}");
$md5_check_old = `/bin/echo "{$md5_check_old_parse}" | /usr/bin/awk '{ print $1 }'`;
/* Write out time of last sucsessful md5 to cache */
-$config['installedpackages']['snort']['last_md5_download'] = date("Y-M-jS-h:i-A");
write_config(); // Will cause switch back to read-only on nanobsd
conf_mount_rw();
if ($md5_check_new == $md5_check_old) {
echo "Your rules are up to date...\n";
echo "You may start Snort now, check update.\n";
$snort_md5_check_ok = on;
+ exec("/usr/bin/logger -p daemon.info -i -t SnortStartup 'Your snort rules are up to date...'");
}
}
/* Check if were up to date emergingthreats.net */
-$emergingthreats_url_chk = $config['installedpackages']['snort']['config'][0]['emergingthreats'];
+$emergingthreats_url_chk = $config['installedpackages']['snortglobal']['emergingthreats'];
if ($emergingthreats_url_chk == on) {
if (file_exists("{$snortdir}/version.txt")){
$emerg_md5_check_new_parse = file_get_contents("{$tmpfname}/version.txt");
@@ -197,13 +221,13 @@ $emerg_md5_check_new = `/bin/echo "{$emerg_md5_check_new_parse}" | /usr/bin/awk
$emerg_md5_check_old_parse = file_get_contents("{$snortdir}/version.txt");
$emerg_md5_check_old = `/bin/echo "{$emerg_md5_check_old_parse}" | /usr/bin/awk '{ print $1 }'`;
/* Write out time of last sucsessful md5 to cache */
-$config['installedpackages']['snort']['last_md5_download'] = date("Y-M-jS-h:i-A");
write_config(); // Will cause switch back to read-only on nanobsd
conf_mount_rw();
if ($emerg_md5_check_new == $emerg_md5_check_old) {
echo "Your emergingthreats rules are up to date...\n";
echo "You may start Snort now, check update.\n";
$emerg_md5_check_chk_ok = on;
+ exec("/usr/bin/logger -p daemon.info -i -t SnortStartup 'Your emergingthreats rules are up to date...'");
}
}
}
@@ -216,39 +240,65 @@ $pfsense_md5_check_old_parse = file_get_contents("{$snortdir}/{$snort_filename_m
$pfsense_md5_check_old = `/bin/echo "{$md5_check_old_parse}" | /usr/bin/awk '{ print $1 }'`;
if ($pfsense_md5_check_new == $pfsense_md5_check_old) {
$pfsense_md5_check_ok = on;
+ exec("/usr/bin/logger -p daemon.info -i -t SnortStartup 'Your pfsense rules are up to date...'");
}
}
/* Make Clean Snort Directory emergingthreats not checked */
if ($snort_md5_check_ok == on && $emergingthreats_url_chk != on) {
- echo "Cleaning the snort Directory...\n";
- echo "removing...\n";
- exec("/bin/rm {$snortdir}/rules/emerging*\n");
+ update_status(gettext("Cleaning the snort Directory..."));
+ update_output_window(gettext("removing..."));
+ exec("/bin/rm {$snortdir}/rules/emerging*");
exec("/bin/rm {$snortdir}/version.txt");
+ exec("/bin/rm {$snortdir_wan}/rules/emerging*");
+ exec("/bin/rm {$snortdir_wan}/version.txt");
echo "Done making cleaning emrg direcory.\n";
}
/* Check if were up to date exits */
if ($snort_md5_check_ok == on && $emerg_md5_check_chk_ok == on && $pfsense_md5_check_ok == on) {
- echo "Your rules are up to date...\n";
- echo "You may start Snort now...\n";
+ echo "Your emergingthreats rules are up to date...\n";
+ exec("/usr/bin/logger -p daemon.info -i -t SnortStartup 'Your emergingthreats rules are up to date...'");
exit(0);
}
if ($snort_md5_check_ok == on && $pfsense_md5_check_ok == on && $emergingthreats_url_chk != on) {
- echo "Your rules are up to date...\n";
- echo "You may start Snort now...\n";
+ echo "Your pfsense rules are up to date...\n";
+ exec("/usr/bin/logger -p daemon.info -i -t SnortStartup 'Your pfsense rules are up to date...'");
exit(0);
}
/* You are Not Up to date, always stop snort when updating rules for low end machines */;
echo "You are NOT up to date...\n";
-echo "Stopping Snort service...\n";
+echo "Stopping All Snort Package services...\n";
+exec("/usr/bin/logger -p daemon.info -i -t SnortStartup 'SNORT RULES ARE OUT OF DATE, UPDATING...'");
+exec("/usr/bin/logger -p daemon.info -i -t SnortStartup 'Stopping All Snort Package Services...'");
$chk_if_snort_up = exec("pgrep -x snort");
if ($chk_if_snort_up != "") {
- exec("/usr/bin/touch /tmp/snort_download_halt.pid");
- stop_service("snort");
- sleep(2);
+
+
+ exec("/usr/bin/touch /tmp/snort_download_halt.pid");
+
+ /* dont flood the syslog code */
+ exec("/bin/cp /var/log/system.log /var/log/system.log.bk");
+ sleep(3);
+
+ exec("/usr/bin/killall snort");
+ exec("/bin/rm /var/run/snort*");
+ sleep(2);
+ exec("/usr/bin/killall barnyard2");
+ exec("/bin/rm /var/run/barnyard2*");
+
+ /* stop syslog flood code */
+ exec("/bin/cp /var/log/system.log /var/log/snort/snort_sys_rules_update.log");
+ exec("/usr/bin/killall syslogd");
+ exec("/usr/sbin/clog -i -s 262144 /var/log/system.log");
+ exec("/usr/sbin/syslogd -c -ss -f /var/etc/syslog.conf");
+ sleep(2);
+ exec("/bin/cp /var/log/system.log.bk /var/log/system.log");
+ $after_mem = exec("/usr/bin/top | /usr/bin/grep Wired | /usr/bin/awk '{ print $2 }'");
+ exec("/usr/bin/logger -p daemon.info -i -t SnortStartup 'MEM after snort STOP {$after_mem}'");
+
}
/* download snortrules file */
@@ -256,7 +306,6 @@ if ($snort_md5_check_ok != on) {
if (file_exists("{$tmpfname}/{$snort_filename}")) {
echo "Snortrule tar file exists...\n";
} else {
-
echo "There is a new set of Snort rules posted. Downloading...\n";
echo "May take 4 to 10 min...\n";
ini_set('user_agent','Mozilla/4.0 (compatible; MSIE 6.0)');
@@ -311,28 +360,56 @@ if (file_exists("{$tmpfname}/{$pfsense_rules_filename}")) {
}
}
+/* Compair md5 sig to file sig */
+
+//$premium_url_chk = $config['installedpackages']['snort']['config'][0]['subscriber'];
+//if ($premium_url_chk == on) {
+//$md5 = file_get_contents("{$tmpfname}/{$snort_filename_md5}");
+//$file_md5_ondisk = `/sbin/md5 {$tmpfname}/{$snort_filename} | /usr/bin/awk '{ print $4 }'`;
+// if ($md5 == $file_md5_ondisk) {
+// update_status(gettext("Valid md5 checksum pass..."));
+//} else {
+// update_status(gettext("The downloaded file does not match the md5 file...P is ON"));
+// update_output_window(gettext("Error md5 Mismatch..."));
+// exit(0);
+// }
+//}
+
+//$premium_url_chk = $config['installedpackages']['snort']['config'][0]['subscriber'];
+//if ($premium_url_chk != on) {
+//$md55 = `/bin/cat {$tmpfname}/{$snort_filename_md5} | /usr/bin/awk '{ print $4 }'`;
+//$file_md5_ondisk2 = `/sbin/md5 {$tmpfname}/{$snort_filename} | /usr/bin/awk '{ print $4 }'`;
+// if ($md55 == $file_md5_ondisk2) {
+// update_status(gettext("Valid md5 checksum pass..."));
+//} else {
+// update_status(gettext("The downloaded file does not match the md5 file...Not P"));
+// update_output_window(gettext("Error md5 Mismatch..."));
+// exit(0);
+// }
+//}
+
/* Untar snort rules file individually to help people with low system specs */
if ($snort_md5_check_ok != on) {
if (file_exists("{$tmpfname}/{$snort_filename}")) {
echo "Extracting rules...\n";
echo "May take a while...\n";
- exec("/usr/bin/tar xzf {$tmpfname}/{$snort_filename} -C {$snortdir} rules/");
- exec("/usr/bin/tar xzf {$tmpfname}/{$snort_filename} -C {$snortdir} etc/");
- exec("`/usr/bin/tar xzf {$tmpfname}/{$snort_filename} -C {$snortdir} so_rules/precompiled/FreeBSD-7.0/i386/2.8.4/*`");
- exec("/usr/bin/tar xzf {$tmpfname}/{$snort_filename} -C {$snortdir} so_rules/bad-traffic.rules/");
- exec("/usr/bin/tar xzf {$tmpfname}/{$snort_filename} -C {$snortdir} so_rules/chat.rules/");
- exec("/usr/bin/tar xzf {$tmpfname}/{$snort_filename} -C {$snortdir} so_rules/dos.rules/");
- exec("/usr/bin/tar xzf {$tmpfname}/{$snort_filename} -C {$snortdir} so_rules/exploit.rules/");
- exec("/usr/bin/tar xzf {$tmpfname}/{$snort_filename} -C {$snortdir} so_rules/imap.rules/");
- exec("/usr/bin/tar xzf {$tmpfname}/{$snort_filename} -C {$snortdir} so_rules/misc.rules/");
- exec("/usr/bin/tar xzf {$tmpfname}/{$snort_filename} -C {$snortdir} so_rules/multimedia.rules/");
- exec("/usr/bin/tar xzf {$tmpfname}/{$snort_filename} -C {$snortdir} so_rules/netbios.rules/");
- exec("/usr/bin/tar xzf {$tmpfname}/{$snort_filename} -C {$snortdir} so_rules/nntp.rules/");
- exec("/usr/bin/tar xzf {$tmpfname}/{$snort_filename} -C {$snortdir} so_rules/p2p.rules/");
- exec("/usr/bin/tar xzf {$tmpfname}/{$snort_filename} -C {$snortdir} so_rules/smtp.rules/");
- exec("/usr/bin/tar xzf {$tmpfname}/{$snort_filename} -C {$snortdir} so_rules/sql.rules/");
- exec("/usr/bin/tar xzf {$tmpfname}/{$snort_filename} -C {$snortdir} so_rules/web-client.rules/");
- exec("/usr/bin/tar xzf {$tmpfname}/{$snort_filename} -C {$snortdir} so_rules/web-misc.rules/");
+ exec("/usr/bin/tar xzf {$tmpfname}/{$snort_filename} -C {$snortdir} rules/" .
+ " etc/" .
+ " so_rules/precompiled/FreeBSD-7.0/i386/2.8.4" .
+ " so_rules/bad-traffic.rules/" .
+ " so_rules/chat.rules/" .
+ " so_rules/dos.rules/" .
+ " so_rules/exploit.rules/" .
+ " so_rules/imap.rules/" .
+ " so_rules/misc.rules/" .
+ " so_rules/multimedia.rules/" .
+ " so_rules/netbios.rules/" .
+ " so_rules/nntp.rules/" .
+ " so_rules/p2p.rules/" .
+ " so_rules/smtp.rules/" .
+ " so_rules/sql.rules/" .
+ " so_rules/web-client.rules/" .
+ " so_rules/web-misc.rules/");
echo "Done extracting Rules.\n";
} else {
echo "The Download rules file missing...\n";
@@ -364,7 +441,7 @@ if (file_exists("{$tmpfname}/{$pfsense_rules_filename}")) {
/* Untar snort signatures */
if ($snort_md5_check_ok != on) {
if (file_exists("{$tmpfname}/{$snort_filename}")) {
-$signature_info_chk = $config['installedpackages']['snortadvanced']['config'][0]['signatureinfo'];
+$signature_info_chk = $config['installedpackages']['snortglobal']['signatureinfo'];
if ($premium_url_chk == on) {
echo "Extracting Signatures...\n";
echo "May take a while...\n";
@@ -377,8 +454,8 @@ if ($premium_url_chk == on) {
/* Make Clean Snort Directory */
//if ($snort_md5_check_ok != on && $emerg_md5_check_chk_ok != on && $pfsense_md5_check_ok != on) {
//if (file_exists("{$snortdir}/rules")) {
-// echo "Cleaning the snort Directory...\n";
-// echo "removing...\n";
+// update_status(gettext("Cleaning the snort Directory..."));
+// update_output_window(gettext("removing..."));
// exec("/bin/mkdir -p {$snortdir}");
// exec("/bin/mkdir -p {$snortdir}/rules");
// exec("/bin/mkdir -p {$snortdir}/signatures");
@@ -386,96 +463,49 @@ if ($premium_url_chk == on) {
// exec("/bin/rm {$snortdir}/rules/*");
// exec("/bin/rm {$snortdir_wan}/*");
// exec("/bin/rm {$snortdir_wan}/rules/*");
+
// exec("/bin/rm /usr/local/lib/snort/dynamicrules/*");
//} else {
-// echo "Making Snort Directory...\n";
-// echo "should be fast...\n";
-// exec("/bin/mkdir {$snortdir}");
-// exec("/bin/mkdir {$snortdir}/rules");
-// exec("/bin/rm {$snortdir_wan}/\*");
+// update_status(gettext("Making Snort Directory..."));
+// update_output_window(gettext("should be fast..."));
+// exec("/bin/mkdir -p {$snortdir}");
+// exec("/bin/mkdir -p {$snortdir}/rules");
+// exec("/bin/rm {$snortdir_wan}/*");
// exec("/bin/rm {$snortdir_wan}/rules/*");
// exec("/bin/rm /usr/local/lib/snort/dynamicrules/\*");
-// echo "Done making snort direcory.\n";
+// update_status(gettext("Done making snort direcory."));
// }
//}
-/* Copy so_rules dir to snort lib dir */
-if ($snort_md5_check_ok != on) {
-if (file_exists("{$snortdir}/so_rules/precompiled/FreeBSD-7.0/i386/2.8.4/")) {
- echo "Copying so_rules...\n";
- echo "May take a while...\n";
- sleep(2);
- exec("`/bin/cp -f {$snortdir}/so_rules/precompiled/FreeBSD-7.0/i386/2.8.4/* /usr/local/lib/snort/dynamicrules/`");
- exec("/bin/cp {$snortdir}/so_rules/bad-traffic.rules {$snortdir}/rules/bad-traffic.so.rules");
- exec("/bin/cp {$snortdir}/so_rules/chat.rules {$snortdir}/rules/chat.so.rules");
- exec("/bin/cp {$snortdir}/so_rules/dos.rules {$snortdir}/rules/dos.so.rules");
- exec("/bin/cp {$snortdir}/so_rules/exploit.rules {$snortdir}/rules/exploit.so.rules");
- exec("/bin/cp {$snortdir}/so_rules/imap.rules {$snortdir}/rules/imap.so.rules");
- exec("/bin/cp {$snortdir}/so_rules/misc.rules {$snortdir}/rules/misc.so.rules");
- exec("/bin/cp {$snortdir}/so_rules/multimedia.rules {$snortdir}/rules/multimedia.so.rules");
- exec("/bin/cp {$snortdir}/so_rules/netbios.rules {$snortdir}/rules/netbios.so.rules");
- exec("/bin/cp {$snortdir}/so_rules/nntp.rules {$snortdir}/rules/nntp.so.rules");
- exec("/bin/cp {$snortdir}/so_rules/p2p.rules {$snortdir}/rules/p2p.so.rules");
- exec("/bin/cp {$snortdir}/so_rules/smtp.rules {$snortdir}/rules/smtp.so.rules");
- exec("/bin/cp {$snortdir}/so_rules/sql.rules {$snortdir}/rules/sql.so.rules");
- exec("/bin/cp {$snortdir}/so_rules/web-client.rules {$snortdir}/rules/web-client.so.rules");
- exec("/bin/cp {$snortdir}/so_rules/web-misc.rules {$snortdir}/rules/web-misc.so.rules");
- exec("/bin/rm -r {$snortdir}/so_rules");
- echo "Done copying so_rules.\n";
-} else {
- echo "Directory so_rules does not exist...\n";
- echo "Error copping so_rules...\n";
- exit(0);
- }
-}
-
-/* enable disable setting will carry over with updates */
-/* TODO carry signature changes with the updates */
-if ($snort_md5_check_ok != on || $emerg_md5_check_chk_ok != on || $pfsense_md5_check_ok != on) {
-
-if (!empty($config['installedpackages']['snort']['rule_sid_on'])) {
-$enabled_sid_on = $config['installedpackages']['snort']['rule_sid_on'];
-$enabled_sid_on_array = split('\|\|', $enabled_sid_on);
-foreach($enabled_sid_on_array as $enabled_item_on)
-$selected_sid_on_sections .= "$enabled_item_on\n";
- }
-
-if (!empty($config['installedpackages']['snort']['rule_sid_off'])) {
-$enabled_sid_off = $config['installedpackages']['snort']['rule_sid_off'];
-$enabled_sid_off_array = split('\|\|', $enabled_sid_off);
-foreach($enabled_sid_off_array as $enabled_item_off)
-$selected_sid_off_sections .= "$enabled_item_off\n";
- }
-
-$snort_sid_text = <<<EOD
-
-###########################################
-# #
-# this is auto generated on snort updates #
-# #
-###########################################
-
-path = /bin:/usr/bin:/usr/local/bin
-
-update_files = \.rules$|\.config$|\.conf$|\.txt$|\.map$
-
-url = dir:///usr/local/etc/snort_bkup/rules
-
-$selected_sid_on_sections
-
-$selected_sid_off_sections
-
-EOD;
-
- /* open snort's threshold.conf for writing */
- $oinkmasterlist = fopen("/usr/local/etc/snort_bkup/oinkmaster.conf", "w");
-
- fwrite($oinkmasterlist, "$snort_sid_text");
-
- /* close snort's threshold.conf file */
- fclose($oinkmasterlist);
-
-}
+/* Copy so_rules dir to snort lib dir */
+/* Disabled untill I figure out why there is a segment falut core dump on 2.8.5.3 */
+//if ($snort_md5_check_ok != on) {
+//if (file_exists("{$snortdir}/so_rules/precompiled/FreeBSD-7.0/i386/2.8.4/")) {
+// echo "Copying so_rules...\n";
+// echo "May take a while...\n";
+// exec("`/bin/cp -f {$snortdir}/so_rules/precompiled/FreeBSD-7.0/i386/2.8.4/* /usr/local/lib/snort/dynamicrules/`");
+// exec("/bin/cp {$snortdir}/so_rules/bad-traffic.rules {$snortdir}/rules/bad-traffic.so.rules");
+// exec("/bin/cp {$snortdir}/so_rules/chat.rules {$snortdir}/rules/chat.so.rules");
+// exec("/bin/cp {$snortdir}/so_rules/dos.rules {$snortdir}/rules/dos.so.rules");
+// exec("/bin/cp {$snortdir}/so_rules/exploit.rules {$snortdir}/rules/exploit.so.rules");
+// exec("/bin/cp {$snortdir}/so_rules/imap.rules {$snortdir}/rules/imap.so.rules");
+// exec("/bin/cp {$snortdir}/so_rules/misc.rules {$snortdir}/rules/misc.so.rules");
+// exec("/bin/cp {$snortdir}/so_rules/multimedia.rules {$snortdir}/rules/multimedia.so.rules");
+// exec("/bin/cp {$snortdir}/so_rules/netbios.rules {$snortdir}/rules/netbios.so.rules");
+// exec("/bin/cp {$snortdir}/so_rules/nntp.rules {$snortdir}/rules/nntp.so.rules");
+// exec("/bin/cp {$snortdir}/so_rules/p2p.rules {$snortdir}/rules/p2p.so.rules");
+// exec("/bin/cp {$snortdir}/so_rules/smtp.rules {$snortdir}/rules/smtp.so.rules");
+// exec("/bin/cp {$snortdir}/so_rules/sql.rules {$snortdir}/rules/sql.so.rules");
+// exec("/bin/cp {$snortdir}/so_rules/web-client.rules {$snortdir}/rules/web-client.so.rules");
+// exec("/bin/cp {$snortdir}/so_rules/web.misc.rules {$snortdir}/rules/web.misc.so.rules");
+// exec("/bin/rm -r {$snortdir}/so_rules");
+// echo "Done copying so_rules.\n";
+//} else {
+// echo "Directory so_rules does not exist...\n";
+// echo "Error copying so_rules...\n";
+// exit(0);
+// }
+//}
/* Copy configs to snort dir */
if ($snort_md5_check_ok != on) {
@@ -483,9 +513,10 @@ if (file_exists("{$snortdir}/etc/Makefile.am")) {
echo "Copying configs to snort directory...\n";
exec("/bin/cp {$snortdir}/etc/* {$snortdir}");
exec("/bin/rm -r {$snortdir}/etc");
+
} else {
- echo "The snort configs does not exist...\n";
- echo "Error copping config...\n";
+ echo "The snort config does not exist...\n";
+ echo "Error copying config...\n";
exit(0);
}
}
@@ -497,7 +528,7 @@ if (file_exists("{$tmpfname}/$snort_filename_md5")) {
exec("/bin/cp {$tmpfname}/$snort_filename_md5 {$snortdir}/$snort_filename_md5");
} else {
echo "The md5 file does not exist...\n";
- echo "Error copping config...\n";
+ echo "Error copying config...\n";
exit(0);
}
}
@@ -510,7 +541,7 @@ if (file_exists("{$tmpfname}/$emergingthreats_filename_md5")) {
exec("/bin/cp {$tmpfname}/$emergingthreats_filename_md5 {$snortdir}/$emergingthreats_filename_md5");
} else {
echo "The emergingthreats md5 file does not exist...\n";
- echo "Error copping config...\n";
+ echo "Error copying config...\n";
exit(0);
}
}
@@ -523,14 +554,14 @@ if (file_exists("{$tmpfname}/$pfsense_rules_filename_md5")) {
exec("/bin/cp {$tmpfname}/$pfsense_rules_filename_md5 {$snortdir}/$pfsense_rules_filename_md5");
} else {
echo "The Pfsense md5 file does not exist...\n";
- echo "Error copping config...\n";
+ echo "Error copying config...\n";
exit(0);
}
}
-
+
/* Copy signatures dir to snort dir */
if ($snort_md5_check_ok != on) {
-$signature_info_chk = $config['installedpackages']['snort']['config'][0]['signatureinfo'];
+$signature_info_chk = $config['installedpackages']['snortglobal']['signatureinfo'];
if ($premium_url_chk == on) {
if (file_exists("{$snortdir}/doc/signatures")) {
echo "Copying signatures...\n";
@@ -540,22 +571,22 @@ if (file_exists("{$snortdir}/doc/signatures")) {
echo "Done copying signatures.\n";
} else {
echo "Directory signatures exist...\n";
- echo "Error copping signature...\n";
+ echo "Error copying signature...\n";
exit(0);
}
}
}
-/* double make shure clean up emerg rules that dont belong */
-if (file_exists("/usr/local/etc/snort_bkup/rules/emerging-botcc-BLOCK.rules")) {
+/* double make shure cleanup emerg rules that dont belong */
+if (file_exists("/usr/local/etc/snort/rules/emerging-botcc-BLOCK.rules")) {
apc_clear_cache();
- exec("/bin/rm /usr/local/etc/snort_bkup/rules/emerging-botcc-BLOCK.rules");
- exec("/bin/rm /usr/local/etc/snort_bkup/rules/emerging-botcc.rules");
- exec("/bin/rm /usr/local/etc/snort_bkup/rules/emerging-compromised-BLOCK.rules");
- exec("/bin/rm /usr/local/etc/snort_bkup/rules/emerging-drop-BLOCK.rules");
- exec("/bin/rm /usr/local/etc/snort_bkup/rules/emerging-dshield-BLOCK.rules");
- exec("/bin/rm /usr/local/etc/snort_bkup/rules/emerging-rbn-BLOCK.rules");
- exec("/bin/rm /usr/local/etc/snort_bkup/rules/emerging-tor-BLOCK.rules");
+ exec("/bin/rm /usr/local/etc/snort/rules/emerging-botcc-BLOCK.rules");
+ exec("/bin/rm /usr/local/etc/snort/rules/emerging-botcc.rules");
+ exec("/bin/rm /usr/local/etc/snort/rules/emerging-compromised-BLOCK.rules");
+ exec("/bin/rm /usr/local/etc/snort/rules/emerging-drop-BLOCK.rules");
+ exec("/bin/rm /usr/local/etc/snort/rules/emerging-dshield-BLOCK.rules");
+ exec("/bin/rm /usr/local/etc/snort/rules/emerging-rbn-BLOCK.rules");
+ exec("/bin/rm /usr/local/etc/snort/rules/emerging-tor-BLOCK.rules");
}
if (file_exists("/usr/local/lib/snort/dynamicrules/lib_sfdynamic_example_rule.so")) {
@@ -563,72 +594,176 @@ if (file_exists("/usr/local/lib/snort/dynamicrules/lib_sfdynamic_example_rule.so
exec("/bin/rm /usr/local/lib/snort/dynamicrules/lib_sfdynamic_example\*");
}
+/* make shure default rules are in the right format */
+exec("/usr/local/bin/perl -pi -e 's/#alert/# alert/g' /usr/local/etc/snort/rules/*.rules");
+exec("/usr/local/bin/perl -pi -e 's/##alert/# alert/g' /usr/local/etc/snort/rules/*.rules");
+exec("/usr/local/bin/perl -pi -e 's/## alert/# alert/g' /usr/local/etc/snort/rules/*.rules");
+
+/* create a msg-map for snort */
echo "Updating Alert Messages...\n";
echo "Please Wait...\n";
-sleep(2);
-exec("/usr/local/bin/perl /usr/local/bin/create-sidmap.pl /usr/local/etc/snort_bkup/rules > /usr/local/etc/snort_bkup/sid-msg.map");
+exec("/usr/local/bin/perl /usr/local/bin/create-sidmap.pl /usr/local/etc/snort/rules > /usr/local/etc/snort/sid-msg.map");
+
+
+//////////////////
+
+/* Start the proccess for every interface rule */
+/* TODO: try to make the code smother */
+
+if (!empty($config['installedpackages']['snortglobal']['rule'])) {
+
+$rule_array = $config['installedpackages']['snortglobal']['rule'];
+$id = -1;
+foreach ($rule_array as $value) {
+
+$id += 1;
+
+$result_lan = $config['installedpackages']['snortglobal']['rule'][$id]['interface'];
+$if_real = convert_friendly_interface_to_real_interface_name($result_lan);
+
+ /* make oinkmaster.conf for each interface rule */
+ oinkmaster_conf();
+
+ /* run oinkmaster for each interface rule */
+ oinkmaster_run();
+
+ }
+}
+
+/* open oinkmaster_conf for writing" function */
+function oinkmaster_conf() {
+
+ global $config, $g, $id, $if_real, $snortdir_wan, $snortdir, $snort_md5_check_ok, $emerg_md5_check_chk_ok, $pfsense_md5_check_ok;
+
+/* enable disable setting will carry over with updates */
+/* TODO carry signature changes with the updates */
+if ($snort_md5_check_ok != on || $emerg_md5_check_chk_ok != on || $pfsense_md5_check_ok != on) {
+
+if (!empty($config['installedpackages']['snortglobal']['rule'][$id]['rule_sid_on'])) {
+$enabled_sid_on = $config['installedpackages']['snortglobal']['rule'][$id]['rule_sid_on'];
+$enabled_sid_on_array = split('\|\|', $enabled_sid_on);
+foreach($enabled_sid_on_array as $enabled_item_on)
+$selected_sid_on_sections .= "$enabled_item_on\n";
+ }
+
+if (!empty($config['installedpackages']['snortglobal']['rule'][$id]['rule_sid_off'])) {
+$enabled_sid_off = $config['installedpackages']['snortglobal']['rule'][$id]['rule_sid_off'];
+$enabled_sid_off_array = split('\|\|', $enabled_sid_off);
+foreach($enabled_sid_off_array as $enabled_item_off)
+$selected_sid_off_sections .= "$enabled_item_off\n";
+ }
+
+$snort_sid_text = <<<EOD
+
+###########################################
+# #
+# this is auto generated on snort updates #
+# #
+###########################################
+
+path = /bin:/usr/bin:/usr/local/bin
+
+update_files = \.rules$|\.config$|\.conf$|\.txt$|\.map$
+
+url = dir:///usr/local/etc/snort/rules
+
+$selected_sid_on_sections
+
+$selected_sid_off_sections
+
+EOD;
+
+ /* open snort's oinkmaster.conf for writing */
+ $oinkmasterlist = fopen("/usr/local/etc/snort/oinkmaster_$if_real.conf", "w");
+
+ fwrite($oinkmasterlist, "$snort_sid_text");
+
+ /* close snort's oinkmaster.conf file */
+ fclose($oinkmasterlist);
+
+ }
+}
/* Run oinkmaster to snort_wan and cp configs */
/* If oinkmaster is not needed cp rules normally */
/* TODO add per interface settings here */
-if ($snort_md5_check_ok != on || $emerg_md5_check_chk_ok != on || $pfsense_md5_check_ok != on) {
+function oinkmaster_run() {
- if (empty($config['installedpackages']['snort']['rule_sid_on']) || empty($config['installedpackages']['snort']['rule_sid_off'])) {
-echo "Your first set of rules are being copied...\n";
-echo "May take a while...\n";
+ global $config, $g, $id, $if_real, $snortdir_wan, $snortdir, $snort_md5_check_ok, $emerg_md5_check_chk_ok, $pfsense_md5_check_ok;
- exec("/bin/cp {$snortdir}/rules/* {$snortdir_wan}/rules/");
- exec("/bin/cp {$snortdir}/classification.config {$snortdir_wan}");
- exec("/bin/cp {$snortdir}/gen-msg.map {$snortdir_wan}");
- exec("/bin/cp {$snortdir}/generators {$snortdir_wan}");
- exec("/bin/cp {$snortdir}/reference.config {$snortdir_wan}");
- exec("/bin/cp {$snortdir}/sid {$snortdir_wan}");
- exec("/bin/cp {$snortdir}/sid-msg.map {$snortdir_wan}");
- exec("/bin/cp {$snortdir}/unicode.map {$snortdir_wan}");
+if ($snort_md5_check_ok != on || $emerg_md5_check_chk_ok != on || $pfsense_md5_check_ok != on) {
+
+ if (empty($config['installedpackages']['snortglobal']['rule'][$id]['rule_sid_on']) || empty($config['installedpackages']['snortglobal']['rule'][$id]['rule_sid_off'])) {
+ echo "Your first set of rules are being copied...\n";
+ echo "May take a while...\n";
+ exec("/bin/echo \"test {$snortdir} {$snortdir_wan} $id$if_real\" >> /root/debug");
+ exec("/bin/cp {$snortdir}/rules/* {$snortdir_wan}/snort_$id$if_real/rules/");
+ exec("/bin/cp {$snortdir}/classification.config {$snortdir_wan}/snort_$id$if_real");
+ exec("/bin/cp {$snortdir}/gen-msg.map {$snortdir_wan}/snort_$id$if_real");
+ exec("/bin/cp {$snortdir}/generators {$snortdir_wan}/snort_$id$if_real");
+ exec("/bin/cp {$snortdir}/reference.config {$snortdir_wan}/snort_$id$if_real");
+ exec("/bin/cp {$snortdir}/sid {$snortdir_wan}/snort_$id$if_real");
+ exec("/bin/cp {$snortdir}/sid-msg.map {$snortdir_wan}/snort_$id$if_real");
+ exec("/bin/cp {$snortdir}/unicode.map {$snortdir_wan}/snort_$id$if_real");
} else {
echo "Your enable and disable changes are being applied to your fresh set of rules...\n";
echo "May take a while...\n";
- exec("/bin/cp {$snortdir}/rules/* {$snortdir_wan}/rules/");
- exec("/bin/cp {$snortdir}/classification.config {$snortdir_wan}");
- exec("/bin/cp {$snortdir}/gen-msg.map {$snortdir_wan}");
- exec("/bin/cp {$snortdir}/generators {$snortdir_wan}");
- exec("/bin/cp {$snortdir}/reference.config {$snortdir_wan}");
- exec("/bin/cp {$snortdir}/sid {$snortdir_wan}");
- exec("/bin/cp {$snortdir}/sid-msg.map {$snortdir_wan}");
- exec("/bin/cp {$snortdir}/unicode.map {$snortdir_wan}");
+ exec("/bin/echo \"test2 {$snortdir} {$snortdir_wan} $id$if_real\" > /root/debug");
+ exec("/bin/cp {$snortdir}/rules/* {$snortdir_wan}/snort_$id$if_real/rules/");
+ exec("/bin/cp {$snortdir}/classification.config {$snortdir_wan}/snort_$id$if_real");
+ exec("/bin/cp {$snortdir}/gen-msg.map {$snortdir_wan}/snort_$id$if_real");
+ exec("/bin/cp {$snortdir}/generators {$snortdir_wan}/snort_$id$if_real");
+ exec("/bin/cp {$snortdir}/reference.config {$snortdir_wan}/snort_$id$if_real");
+ exec("/bin/cp {$snortdir}/sid {$snortdir_wan}/snort_$id$if_real");
+ exec("/bin/cp {$snortdir}/sid-msg.map {$snortdir_wan}/snort_$id$if_real");
+ exec("/bin/cp {$snortdir}/unicode.map {$snortdir_wan}/snort_$id$if_real");
/* oinkmaster.pl will convert saved changes for the new updates then we have to change #alert to # alert for the gui */
/* might have to add a sleep for 3sec for flash drives or old drives */
- exec("/usr/local/bin/perl /usr/local/bin/oinkmaster.pl -C /usr/local/etc/snort_bkup/oinkmaster.conf -o /usr/local/etc/snort/rules > /usr/local/etc/snort_bkup/oinkmaster.log");
- exec("/usr/local/bin/perl -pi -e 's/#alert/# alert/g' /usr/local/etc/snort/rules/*.rules");
- exec("/usr/local/bin/perl -pi -e 's/##alert/# alert/g' /usr/local/etc/snort/rules/*.rules");
- exec("/usr/local/bin/perl -pi -e 's/## alert/# alert/g' /usr/local/etc/snort/rules/*.rules");
-
+ exec("/usr/local/bin/perl /usr/local/bin/oinkmaster.pl -C /usr/local/etc/snort/oinkmaster_$id$if_real.conf -o /usr/local/etc/snort/snort_$id$if_real/rules > /usr/local/etc/snort/oinkmaster_$id$if_real.log");
+
+ }
}
}
+//////////////
+
+/* mark the time update finnished */
+$config['installedpackages']['snortglobal']['last_rules_install'] = date("Y-M-jS-h:i-A");
+
/* remove old $tmpfname files */
if (file_exists("{$tmpfname}")) {
echo "Cleaning up...\n";
- exec("/bin/rm -r /root/snort_rules_up");
+ exec("/bin/rm -r /tmp/snort_rules_up");
+// apc_clear_cache();
}
/* php code to flush out cache some people are reportting missing files this might help */
-sleep(5);
+sleep(2);
apc_clear_cache();
exec("/bin/sync ;/bin/sync ;/bin/sync ;/bin/sync ;/bin/sync ;/bin/sync ;/bin/sync ;/bin/sync");
+ /* make snort the owner */
+ exec("/usr/sbin/chown -R snort:snort /var/log/snort");
+ exec("/usr/sbin/chown -R snort:snort /usr/local/etc/snort");
+ exec("/usr/sbin/chown -R snort:snort /usr/local/lib/snort");
+ exec("/bin/chmod -R 755 /var/log/snort");
+ exec("/bin/chmod -R 755 /usr/local/etc/snort");
+ exec("/bin/chmod -R 755 /usr/local/lib/snort");
+
/* if snort is running hardrestart, if snort is not running do nothing */
if (file_exists("/tmp/snort_download_halt.pid")) {
- start_service("snort");
+ exec("/bin/sh /usr/local/etc/rc.d/snort.sh start");
echo "The Rules update finished...\n";
echo "Snort has restarted with your new set of rules...\n";
+ exec("/usr/bin/logger -p daemon.info -i -t SnortStartup 'SNORT RULE UPDATE FINNISHED...'");
exec("/bin/rm /tmp/snort_download_halt.pid");
} else {
echo "The Rules update finished...\n";
- echo "You may start snort now...\n";
+ exec("/usr/bin/logger -p daemon.info -i -t SnortStartup 'SNORT RULE UPDATE FINNISHED...'");
}
+
conf_mount_ro();
?>
diff --git a/config/snort-dev/snort_define_servers.php b/config/snort/snort_define_servers.php
index dfda630b..04984300 100644
--- a/config/snort-dev/snort_define_servers.php
+++ b/config/snort/snort_define_servers.php
@@ -126,7 +126,7 @@ if (isset($_GET['dup']))
}
/* convert fake interfaces to real */
-$if_real = convert_friendly_interface_to_real_interface_name($pconfig['interface']);
+$if_real = convert_friendly_interface_to_real_interface_name2($pconfig['interface']);
if ($_POST["Submit"]) {
@@ -227,9 +227,10 @@ $if_real = convert_friendly_interface_to_real_interface_name($pconfig['interface
}
}
+$snort_uuid = $pconfig['uuid'];
/* alert file */
-$d_snortconfdirty_path = "/var/run/snort_conf_{$pconfig['uuid']}_{$if_real}.dirty";
+$d_snortconfdirty_path = "/var/run/snort_conf_{$snort_uuid }_{$if_real}.dirty";
/* this will exec when alert says apply */
if ($_POST['apply']) {
@@ -238,7 +239,7 @@ $d_snortconfdirty_path = "/var/run/snort_conf_{$pconfig['uuid']}_{$if_real}.dirt
write_config();
- sync_snort_package_all();
+ sync_snort_package_all($id, $if_real, $snort_uuid);
sync_snort_package();
unlink($d_snortconfdirty_path);
diff --git a/config/snort/snort_download_rules.php b/config/snort/snort_download_rules.php
index 9826ba2a..b2bcb748 100644
--- a/config/snort/snort_download_rules.php
+++ b/config/snort/snort_download_rules.php
@@ -2,7 +2,8 @@
/* $Id$ */
/*
snort_rulesets.php
- Copyright (C) 2006 Scott Ullrich and Robert Zelaya
+ Copyright (C) 2006 Scott Ullrich
+ Copyright (C) 2009 Robert Zelaya
All rights reserved.
Redistribution and use in source and binary forms, with or without
@@ -28,8 +29,15 @@
*/
/* Setup enviroment */
-$tmpfname = "/root/snort_rules_up";
-$snortdir = "/usr/local/etc/snort_bkup";
+
+/* TODO: review if include files are needed */
+require_once("guiconfig.inc");
+require_once("functions.inc");
+require_once("service-utils.inc");
+require_once("/usr/local/pkg/snort/snort.inc");
+
+$tmpfname = "/tmp/snort_rules_up";
+$snortdir = "/usr/local/etc/snort";
$snortdir_wan = "/usr/local/etc/snort";
$snort_filename_md5 = "snortrules-snapshot-2.8.tar.gz.md5";
$snort_filename = "snortrules-snapshot-2.8.tar.gz";
@@ -38,27 +46,213 @@ $emergingthreats_filename = "emerging.rules.tar.gz";
$pfsense_rules_filename_md5 = "pfsense_rules.tar.gz.md5";
$pfsense_rules_filename = "pfsense_rules.tar.gz";
-require_once("guiconfig.inc");
-require_once("functions.inc");
-require_once("service-utils.inc");
-require("/usr/local/pkg/snort.inc");
+$id_d = $_GET['id_d'];
+if (isset($_POST['id_d']))
+ $id_d = $_POST['id_d'];
+
+/* Time stamps define */
+$last_md5_download = $config['installedpackages']['snortglobal']['last_md5_download'];
+$last_rules_install = $config['installedpackages']['snortglobal']['last_rules_install'];
+
+/* define checks */
+$oinkid = $config['installedpackages']['snortglobal']['oinkmastercode'];
+$snortdownload = $config['installedpackages']['snortglobal']['snortdownload'];
+$emergingthreats = $config['installedpackages']['snortglobal']['emergingthreats'];
+
+
+ if ($snortdownload == "off" && $emergingthreats != "on")
+ {
+ $snort_emrging_info = "stop";
+ }
+
+ if ($oinkid == "" && $snortdownload != "off")
+ {
+ $snort_oinkid_info = "stop";
+ }
+
+
+ /* check if main rule directory is empty */
+ $if_mrule_dir = "/usr/local/etc/snort/rules";
+ $mfolder_chk = (count(glob("$if_mrule_dir/*")) === 0) ? 'empty' : 'full';
+
+
+if (file_exists('/var/run/snort.conf.dirty')) {
+ $snort_dirty_d = 'stop';
+}
+
+
+
+/* If no id show the user a button */
+if ($id_d == "" || $snort_emrging_info == "stop" || $snort_oinkid_info == "stop" || $snort_dirty_d == 'stop') {
+
+$pgtitle = "Services: Snort: Rule Updates";
+
+include("head.inc");
+include("./snort_fbegin.inc");
+echo "<p class=\"pgtitle\">";
+if($pfsense_stable == 'yes'){echo $pgtitle;}
+echo "</p>\n";
+
+ echo "<table height=\"32\" width=\"100%\">\n";
+ echo " <tr>\n";
+ echo " <td>\n";
+ echo " <div style='background-color:#E0E0E0' id='redbox'>\n";
+ echo " <table width='100%'><tr><td width='8%'>\n";
+ echo " &nbsp;&nbsp;&nbsp;<img style='vertical-align:middle' src=\"/snort/images/icon_excli.png\" width=\"40\" height=\"32\">\n";
+ echo " </td>\n";
+ echo " <td width='70%'><font color='#FF850A'><b>NOTE:</b></font><font color='#000000'>&nbsp;&nbsp;Snort.org and Emergingthreats.net will go down from time to time. Please be patient.</font>\n";
+ echo " </td>";
+ echo " </tr></table>\n";
+ echo " </div>\n";
+ echo " </td>\n";
+ echo "</table>\n";
+ echo "<script type=\"text/javascript\">\n";
+ echo "NiftyCheck();\n";
+ echo "Rounded(\"div#redbox\",\"all\",\"#FFF\",\"#E0E0E0\",\"smooth\");\n";
+ echo "Rounded(\"td#blackbox\",\"all\",\"#FFF\",\"#000000\",\"smooth\");\n";
+ echo "</script>\n";
+ echo "\n<br>\n";
+
+/* make sure user has javascript on */
+echo "<style type=\"text/css\">
+.alert {
+ position:absolute;
+ top:10px;
+ left:0px;
+ width:94%;
+background:#FCE9C0;
+background-position: 15px;
+border-top:2px solid #DBAC48;
+border-bottom:2px solid #DBAC48;
+padding: 15px 10px 85% 50px;
+}
+</style>
+<noscript><div class=\"alert\" ALIGN=CENTER><img src=\"/themes/nervecenter/images/icons/icon_alert.gif\"/><strong>Please enable JavaScript to view this content</CENTER></div></noscript>\n";
+echo "<body link=\"#000000\" vlink=\"#000000\" alink=\"#000000\">\n";
+
+echo "<script src=\"/row_toggle.js\" type=\"text/javascript\"></script>\n
+<script src=\"/javascript/sorttable.js\" type=\"text/javascript\"></script>\n
+<table width=\"99%\" border=\"0\" cellpadding=\"0\" cellspacing=\"0\">\n
+ <tr>\n
+ <td>\n";
+
+ $tab_array = array();
+ $tab_array[] = array("Snort Interfaces", false, "/snort/snort_interfaces.php");
+ $tab_array[] = array("Global Settings", false, "/snort/snort_interfaces_global.php");
+ $tab_array[] = array("Rule Updates", true, "/snort/snort_download_rules.php");
+ $tab_array[] = array("Alerts", false, "/snort/snort_alerts.php");
+ $tab_array[] = array("Blocked", false, "/snort/snort_blocked.php");
+ $tab_array[] = array("Whitelists", false, "/pkg.php?xml=/snort/snort_whitelist.xml");
+ $tab_array[] = array("Help & Info", false, "/snort/snort_help_info.php");
+ display_top_tabs($tab_array);
+
+if ($snort_emrging_info == "stop" && $snort_oinkid_info == "stop") {
+$disable_enable_button = 'onclick="this.disabled=true"';
+}else{
+$disable_enable_button = "onClick=\"parent.location='/snort/snort_download_rules.php?id_d=up'\"";
+}
+echo "</td>\n
+ </tr>\n
+ <tr>\n
+ <td>\n
+ <div id=\"mainarea\">\n
+ <table id=\"maintable\" class=\"tabcont\" width=\"100%\" border=\"0\" cellpadding=\"0\" cellspacing=\"0\">\n
+ <tr>\n
+ <td>\n
+<input name=\"Submit\" type=\"submit\" class=\"formbtn\" $disable_enable_button value=\"Update Rules\" $disable_button> <br><br> \n";
+
+if ($mfolder_chk == "empty")
+{
+echo "<span class=\"red\"><strong>WARNING:</strong></span> &nbsp;&nbsp;The main rules <strong>directory</strong> is <strong>empty</strong>. /usr/local/etc/snort/rules <br><br>\n";
+}
+
+if ($snort_emrging_info == "stop") {
+echo "<span class=\"red\"><strong>WARNING:</strong></span> &nbsp;&nbsp;Click on the <strong>\"Global Settings\"</strong> tab and select ether snort.org or enmergingthreats.net rules to download. <br><br> \n";
+}
+
+if ($snort_oinkid_info == "stop") {
+echo "<span class=\"red\"><strong>WARNING:</strong></span> &nbsp;&nbsp;Click on the <strong>\"Global Settings\"</strong> tab and enter a <strong>oinkmaster</strong> code. <br><br> \n";
+}
+
+if ($snort_dirty_d == "stop") {
+echo "<span class=\"red\"><strong>WARNING:</span> CHANGES HAVE NOT BEEN APPLIED</strong> &nbsp;&nbsp;Click on the <strong>\"Apply Settings\"</strong> button at the main interface tab.<br><br> \n";
+}
+
+echo " </td>\n
+ </tr>\n
+ </table>\n
+ </div>\n
+ </td>\n
+ </tr>\n
+</table>\n
+\n
+</form>\n
+\n
+<p>\n\n";
+
+if ($id_d == "")
+echo "Click on the <strong>\"Update Rules\"</strong> button to start the updates. <br><br> \n";
+
+if ($config['installedpackages']['snortglobal']['last_md5_download'] != "")
+echo "The last time the updates were started <strong>$last_md5_download</strong>. <br><br> \n";
+
+if ($config['installedpackages']['snortglobal']['last_rules_install'] != "")
+echo "The last time the updates were installed <strong>$last_rules_install</strong>. <br><br> \n";
+
+include("fend.inc");
+
+echo "</body>";
+echo "</html>";
+
+exit(0);
+
+}
$pgtitle = "Services: Snort: Update Rules";
include("/usr/local/www/head.inc");
?>
-
<script src="/javascript/scriptaculous/prototype.js" type="text/javascript"></script>
+<script type="text/javascript" src="/snort/javascript/jquery-1.3.2.js"></script>
+<script type="text/javascript" src="/snort/javascript/jquery.blockUI.js?v2.28"></script>
+
+<script type="text/javascript">
+<!--
+
+function displaymessage()
+{
+
+ $.blockUI.defaults.message = "Please be patient....";
+
+ $.blockUI({
+
+ css: {
+ border: 'none',
+ padding: '15px',
+ backgroundColor: '#000',
+ '-webkit-border-radius': '10px',
+ '-moz-border-radius': '10px',
+ opacity: .5,
+ color: '#fff',
+ }
+ });
+
+}
-<body link="#0000CC" vlink="#0000CC" alink="#0000CC">
+function displaymessagestop()
+{
-<?php include("/usr/local/www/fbegin.inc"); ?>
+setTimeout($.unblockUI, 2000);
-<?php
-if(!$pgtitle_output)
- echo "<p class=\"pgtitle\"><?=$pgtitle?></p>";
-?>
+}
+
+// -->
+</script>
+
+<body link="#0000CC" vlink="#0000CC" alink="#0000CC">
+<?php include("./snort_fbegin.inc"); ?>
+<p class="pgtitle"><?if($pfsense_stable == 'yes'){echo $pgtitle;}?></p>
<form action="snort_download_rules.php" method="post">
<div id="inputerrors"></div>
@@ -67,23 +261,28 @@ if(!$pgtitle_output)
<tr>
<td>
<?php
- $tab_array = array();
- $tab_array[] = array(gettext("Settings"), false, "/pkg_edit.php?xml=snort.xml&id=0");
- $tab_array[] = array(gettext("Update Rules"), true, "/snort_download_rules.php");
- $tab_array[] = array(gettext("Categories"), false, "/snort_rulesets.php");
- $tab_array[] = array(gettext("Rules"), false, "/snort_rules.php");
- $tab_array[] = array(gettext("Servers"), false, "/pkg_edit.php?xml=snort_define_servers.xml&amp;id=0");
- $tab_array[] = array(gettext("Blocked"), false, "/snort_blocked.php");
- $tab_array[] = array(gettext("Whitelist"), false, "/pkg.php?xml=snort_whitelist.xml");
- $tab_array[] = array(gettext("Threshold"), false, "/pkg.php?xml=snort_threshold.xml");
- $tab_array[] = array(gettext("Alerts"), false, "/snort_alerts.php");
- $tab_array[] = array(gettext("Advanced"), false, "/pkg_edit.php?xml=snort_advanced.xml&id=0");
- display_top_tabs($tab_array);
+ $tab_array = array();
+ $tab_array[] = array("Snort Interfaces", false, "/snort/snort_interfaces.php");
+ $tab_array[] = array("Global Settings", false, "/snort/snort_interfaces_global.php");
+ $tab_array[] = array("Rule Updates", true, "/snort/snort_download_rules.php");
+ $tab_array[] = array("Alerts", false, "/snort/snort_alerts.php");
+ $tab_array[] = array("Blocked", false, "/snort/snort_blocked.php");
+ $tab_array[] = array("Whitelists", false, "/pkg.php?xml=/snort/snort_whitelist.xml");
+ $tab_array[] = array("Help & Info", false, "/snort/snort_help_info.php");
+ display_top_tabs($tab_array);
?>
- </td>
- </tr>
- <tr>
- <td>
+
+<script type="text/javascript">
+<!--
+ displaymessage();
+// -->
+</script>
+
+</td>
+</tr>
+ <br>
+ <tr>
+ <td>
<div id="mainarea">
<table class="tabcont" width="100%" border="0" cellpadding="6" cellspacing="0">
<tr>
@@ -92,7 +291,7 @@ if(!$pgtitle_output)
<table id="progholder" width='420' style='border-collapse: collapse; border: 1px solid #000000;' cellpadding='2' cellspacing='2'>
<tr>
<td>
- <img border='0' src='./themes/<?= $g['theme']; ?>/images/misc/progress_bar.gif' width='280' height='23' name='progressbar' id='progressbar' alt='' />
+ <img border='0' src='../themes/<?= $g['theme']; ?>/images/misc/progress_bar.gif' width='280' height='23' name='progressbar' id='progressbar' alt='' />
</td>
</tr>
</table>
@@ -112,47 +311,34 @@ if(!$pgtitle_output)
</tr>
</table>
</form>
-
<?php include("fend.inc");?>
<?php
+conf_mount_rw();
/* Begin main code */
/* Set user agent to Mozilla */
ini_set('user_agent','Mozilla/4.0 (compatible; MSIE 6.0)');
ini_set("memory_limit","125M");
+/* mark the time update started */
+$config['installedpackages']['snortglobal']['last_md5_download'] = date("Y-M-jS-h:i-A");
+
/* send current buffer */
ob_flush();
+conf_mount_rw();
-/* define oinkid */
-if($config['installedpackages']['snort'])
- $oinkid = $config['installedpackages']['snort']['config'][0]['oinkmastercode'];
-
-/* if missing oinkid exit */
-if(!$oinkid) {
- $static_output = gettext("You must obtain an oinkid from snort.org and set its value in the Snort settings tab.");
- update_all_status($static_output);
- hide_progress_bar_status();
- exit;
-}
-
-/* premium_subscriber check */
-//unset($config['installedpackages']['snort']['config'][0]['subscriber']);
-//write_config(); // Will cause switch back to read-only on nanobsd
-//conf_mount_rw(); // Uncomment this if the previous line is uncommented
-
-$premium_subscriber_chk = $config['installedpackages']['snort']['config'][0]['subscriber'];
+$premium_subscriber_chk = $config['installedpackages']['snortglobal']['snortdownload'];
-if ($premium_subscriber_chk === on) {
+if ($premium_subscriber_chk == "premium") {
$premium_subscriber = "_s";
}else{
$premium_subscriber = "";
}
-$premium_url_chk = $config['installedpackages']['snort']['config'][0]['subscriber'];
-if ($premium_url_chk === on) {
+$premium_url_chk = $config['installedpackages']['snortglobal']['snortdownload'];
+if ($premium_url_chk == "premium") {
$premium_url = "sub-rules";
}else{
$premium_url = "reg-rules";
@@ -163,7 +349,6 @@ hide_progress_bar_status();
/* send current buffer */
ob_flush();
-
conf_mount_rw();
/* remove old $tmpfname files */
@@ -177,9 +362,11 @@ if (file_exists("{$tmpfname}")) {
exec("/bin/mkdir -p {$snortdir}");
exec("/bin/mkdir -p {$snortdir}/rules");
exec("/bin/mkdir -p {$snortdir}/signatures");
+exec("/bin/mkdir -p /usr/local/lib/snort/dynamicrules/");
/* send current buffer */
ob_flush();
+conf_mount_rw();
/* If tmp dir does not exist create it */
if (file_exists($tmpfname)) {
@@ -192,35 +379,39 @@ if (file_exists($tmpfname)) {
unhide_progress_bar_status();
/* download md5 sig from snort.org */
-if (file_exists("{$tmpfname}/{$snort_filename_md5}")) {
- update_status(gettext("md5 temp file exists..."));
-} else {
- update_status(gettext("Downloading md5 file..."));
- ini_set('user_agent','Mozilla/4.0 (compatible; MSIE 6.0)');
- $image = @file_get_contents("http://dl.snort.org/{$premium_url}/snortrules-snapshot-2.8{$premium_subscriber}.tar.gz.md5?oink_code={$oinkid}");
+if ($snortdownload == "basic" || $snortdownload == "premium")
+{
+ if (file_exists("{$tmpfname}/{$snort_filename_md5}") &&
+ filesize("{$tmpfname}/{$snort_filename_md5}") > 0) {
+ update_status(gettext("snort.org md5 temp file exists..."));
+ } else {
+ update_status(gettext("Downloading snort.org md5 file..."));
+ ini_set('user_agent','Mozilla/4.0 (compatible; MSIE 6.0)');
+ $image = @file_get_contents("http://dl.snort.org/{$premium_url}/snortrules-snapshot-2.8{$premium_subscriber}.tar.gz.md5?oink_code={$oinkid}");
// $image = @file_get_contents("http://www.mtest.local/pub-bin/oinkmaster.cgi/{$oinkid}/snortrules-snapshot-2.8{$premium_subscriber}.tar.gz.md5");
- $f = fopen("{$tmpfname}/snortrules-snapshot-2.8.tar.gz.md5", 'w');
- fwrite($f, $image);
- fclose($f);
- update_status(gettext("Done. downloading md5"));
+ $f = fopen("{$tmpfname}/snortrules-snapshot-2.8.tar.gz.md5", 'w');
+ fwrite($f, $image);
+ fclose($f);
+ update_status(gettext("Done downloading snort.org md5"));
+ }
}
/* download md5 sig from emergingthreats.net */
-$emergingthreats_url_chk = $config['installedpackages']['snort']['config'][0]['emergingthreats'];
-if ($emergingthreats_url_chk == on) {
- update_status(gettext("Downloading md5 file..."));
- ini_set('user_agent','Mozilla/4.0 (compatible; MSIE 6.0)');
- $image = @file_get_contents("http://www.emergingthreats.net/version.txt");
+if ($emergingthreats == "on")
+{
+ update_status(gettext("Downloading emergingthreats md5 file..."));
+ ini_set('user_agent','Mozilla/4.0 (compatible; MSIE 6.0)');
+ $image = @file_get_contents("http://www.emergingthreats.net/version.txt");
// $image = @file_get_contents("http://www.mtest.local/pub-bin/oinkmaster.cgi/{$oinkid}/version.txt");
- $f = fopen("{$tmpfname}/version.txt", 'w');
- fwrite($f, $image);
- fclose($f);
- update_status(gettext("Done. downloading md5"));
+ $f = fopen("{$tmpfname}/version.txt", 'w');
+ fwrite($f, $image);
+ fclose($f);
+ update_status(gettext("Done downloading emergingthreats md5"));
}
/* download md5 sig from pfsense.org */
if (file_exists("{$tmpfname}/{$pfsense_rules_filename_md5}")) {
- update_status(gettext("md5 temp file exists..."));
+ update_status(gettext("pfsense md5 temp file exists..."));
} else {
update_status(gettext("Downloading pfsense md5 file..."));
ini_set('user_agent','Mozilla/4.0 (compatible; MSIE 6.0)');
@@ -229,23 +420,30 @@ if (file_exists("{$tmpfname}/{$pfsense_rules_filename_md5}")) {
$f = fopen("{$tmpfname}/pfsense_rules.tar.gz.md5", 'w');
fwrite($f, $image);
fclose($f);
- update_status(gettext("Done. downloading md5"));
+ update_status(gettext("Done downloading pfsense md5."));
}
-/* Time stamps define */
-$last_md5_download = $config['installedpackages']['snort']['last_md5_download'];
-$last_rules_install = $config['installedpackages']['snort']['last_rules_install'];
-
/* If md5 file is empty wait 15min exit */
-if (0 == filesize("{$tmpfname}/snortrules-snapshot-2.8.tar.gz.md5")){
- update_status(gettext("Please wait... You may only check for New Rules every 15 minutes..."));
- update_output_window(gettext("Rules are released every month from snort.org. You may download the Rules at any time."));
- hide_progress_bar_status();
- /* Display last time of sucsessful md5 check from cache */
- echo "\n<p align=center><b>You last checked for updates: </b>{$last_md5_download}</p>\n";
- echo "\n<p align=center><b>You last installed for rules: </b>{$last_rules_install}</p>\n";
- echo "\n\n</body>\n</html>\n";
- exit(0);
+if ($snortdownload != "off")
+{
+ if (0 == filesize("{$tmpfname}/snortrules-snapshot-2.8.tar.gz.md5"))
+ {
+ update_status(gettext("Please wait... You may only check for New Rules every 15 minutes..."));
+ update_output_window(gettext("Rules are released every month from snort.org. You may download the Rules at any time."));
+ hide_progress_bar_status();
+ /* Display last time of sucsessful md5 check from cache */
+ echo "\n\n</body>\n</html>\n";
+ echo '
+<script type="text/javascript">
+<!--
+ displaymessagestop();
+// -->
+</script>';
+echo "</body>";
+echo "</html>";
+conf_mount_ro();
+ exit(0);
+ }
}
/* If emergingthreats md5 file is empty wait 15min exit not needed */
@@ -256,89 +454,138 @@ if (0 == filesize("{$tmpfname}/$pfsense_rules_filename_md5")){
update_output_window(gettext("Rules are released to support Pfsense packages."));
hide_progress_bar_status();
/* Display last time of sucsessful md5 check from cache */
- echo "\n<p align=center><b>You last checked for updates: </b>{$last_md5_download}</p>\n";
- echo "\n<p align=center><b>You last installed for rules: </b>{$last_rules_install}</p>\n";
echo "\n\n</body>\n</html>\n";
+ echo '
+<script type="text/javascript">
+<!--
+ displaymessagestop();
+// -->
+</script>';
+echo "</body>";
+echo "</html>";
+conf_mount_ro();
exit(0);
}
/* Check if were up to date snort.org */
-if (file_exists("{$snortdir}/snortrules-snapshot-2.8.tar.gz.md5")){
-$md5_check_new_parse = file_get_contents("{$tmpfname}/{$snort_filename_md5}");
-$md5_check_new = `/bin/echo "{$md5_check_new_parse}" | /usr/bin/awk '{ print $1 }'`;
-$md5_check_old_parse = file_get_contents("{$snortdir}/{$snort_filename_md5}");
-$md5_check_old = `/bin/echo "{$md5_check_old_parse}" | /usr/bin/awk '{ print $1 }'`;
-/* Write out time of last sucsessful md5 to cache */
-$config['installedpackages']['snort']['last_md5_download'] = date("Y-M-jS-h:i-A");
-write_config(); // Will cause switch back to read-only on nanobsd
-conf_mount_rw();
-if ($md5_check_new == $md5_check_old) {
- update_status(gettext("Your rules are up to date..."));
- update_output_window(gettext("You may start Snort now, check update."));
- hide_progress_bar_status();
- /* Timestamps to html */
- echo "\n<p align=center><b>You last checked for updates: </b>{$last_md5_download}</p>\n";
- echo "\n<p align=center><b>You last installed for rules: </b>{$last_rules_install}</p>\n";
-// echo "P is this code {$premium_subscriber}";
+if ($snortdownload != "off")
+{
+ if (file_exists("{$snortdir}/snortrules-snapshot-2.8.tar.gz.md5"))
+ {
+ $md5_check_new_parse = file_get_contents("{$tmpfname}/{$snort_filename_md5}");
+ $md5_check_new = `/bin/echo "{$md5_check_new_parse}" | /usr/bin/awk '{ print $1 }'`;
+ $md5_check_old_parse = file_get_contents("{$snortdir}/{$snort_filename_md5}");
+ $md5_check_old = `/bin/echo "{$md5_check_old_parse}" | /usr/bin/awk '{ print $1 }'`;
+ /* Write out time of last sucsessful md5 to cache */
+ write_config(); // Will cause switch back to read-only on nanobsd
+ conf_mount_rw();
+ if ($md5_check_new == $md5_check_old)
+ {
+ update_status(gettext("Your rules are up to date..."));
+ update_output_window(gettext("You may start Snort now, check update."));
+ hide_progress_bar_status();
echo "\n\n</body>\n</html>\n";
$snort_md5_check_ok = on;
- }
+ }
+ }
}
/* Check if were up to date emergingthreats.net */
-$emergingthreats_url_chk = $config['installedpackages']['snort']['config'][0]['emergingthreats'];
-if ($emergingthreats_url_chk == on) {
-if (file_exists("{$snortdir}/version.txt")){
-$emerg_md5_check_new_parse = file_get_contents("{$tmpfname}/version.txt");
-$emerg_md5_check_new = `/bin/echo "{$emerg_md5_check_new_parse}" | /usr/bin/awk '{ print $1 }'`;
-$emerg_md5_check_old_parse = file_get_contents("{$snortdir}/version.txt");
-$emerg_md5_check_old = `/bin/echo "{$emerg_md5_check_old_parse}" | /usr/bin/awk '{ print $1 }'`;
-/* Write out time of last sucsessful md5 to cache */
-$config['installedpackages']['snort']['last_md5_download'] = date("Y-M-jS-h:i-A");
-write_config(); // Will cause switch back to read-only on nanobsd
-conf_mount_rw();
-if ($emerg_md5_check_new == $emerg_md5_check_old) {
- update_status(gettext("Your emergingthreats rules are up to date..."));
- update_output_window(gettext("You may start Snort now, check update."));
+if ($emergingthreats == "on")
+{
+ if (file_exists("{$snortdir}/version.txt"))
+ {
+ $emerg_md5_check_new_parse = file_get_contents("{$tmpfname}/version.txt");
+ $emerg_md5_check_new = `/bin/echo "{$emerg_md5_check_new_parse}" | /usr/bin/awk '{ print $1 }'`;
+ $emerg_md5_check_old_parse = file_get_contents("{$snortdir}/version.txt");
+ $emerg_md5_check_old = `/bin/echo "{$emerg_md5_check_old_parse}" | /usr/bin/awk '{ print $1 }'`;
+ /* Write out time of last sucsessful md5 to cache */
+ // Will cause switch back to read-only on nanobsd
+ write_config();
+ conf_mount_rw();
+ if ($emerg_md5_check_new == $emerg_md5_check_old)
+ {
hide_progress_bar_status();
- $emerg_md5_check_chk_ok = on;
- }
- }
+ $emerg_md5_check_ok = on;
+ }
+ }
}
/* Check if were up to date pfsense.org */
-if (file_exists("{$snortdir}/$pfsense_rules_filename_md5")){
-$pfsense_md5_check_new_parse = file_get_contents("{$tmpfname}/{$snort_filename_md5}");
-$pfsense_md5_check_new = `/bin/echo "{$pfsense_md5_check_new_parse}" | /usr/bin/awk '{ print $1 }'`;
-$pfsense_md5_check_old_parse = file_get_contents("{$snortdir}/{$snort_filename_md5}");
-$pfsense_md5_check_old = `/bin/echo "{$md5_check_old_parse}" | /usr/bin/awk '{ print $1 }'`;
-if ($pfsense_md5_check_new == $pfsense_md5_check_old) {
+ if (file_exists("{$snortdir}/pfsense_rules.tar.gz.md5"))
+ {
+ $pfsense_check_new_parse = file_get_contents("{$tmpfname}/pfsense_rules.tar.gz.md5");
+ $pfsense_md5_check_new = `/bin/echo "{$pfsense_md5_check_new_parse}" | /usr/bin/awk '{ print $1 }'`;
+ $pfsense_md5_check_old_parse = file_get_contents("{$snortdir}/pfsense_rules.tar.gz.md5");
+ $pfsense_md5_check_old = `/bin/echo "{$pfsense_md5_check_old_parse}" | /usr/bin/awk '{ print $1 }'`;
+ /* Write out time of last sucsessful md5 to cache */
+ // Will cause switch back to read-only on nanobsd
+ write_config();
+ conf_mount_rw();
+ if ($pfsense_md5_check_new == $pfsense_md5_check_old)
+ {
+ hide_progress_bar_status();
$pfsense_md5_check_ok = on;
- }
-}
+ }
+ }
-/* Make Clean Snort Directory emergingthreats not checked */
-if ($snort_md5_check_ok == on && $emergingthreats_url_chk != on) {
- update_status(gettext("Cleaning the snort Directory..."));
- update_output_window(gettext("removing..."));
- exec("/bin/rm {$snortdir}/rules/emerging*");
- exec("/bin/rm {$snortdir}/version.txt");
- exec("/bin/rm {$snortdir_wan}/rules/emerging*");
- exec("/bin/rm {$snortdir_wan}/version.txt");
- update_status(gettext("Done making cleaning emrg direcory."));
+/* Check if were up to date is so, exit */
+/* WARNING This code needs constant checks */
+if ($snortdownload != "off" && $emergingthreats != "off")
+{
+ if ($snort_md5_check_ok == "on" && $emerg_md5_check_ok == "on")
+ {
+ update_status(gettext("All your rules are up to date..."));
+ update_output_window(gettext("You may start Snort now..."));
+ echo '
+ <script type="text/javascript">
+ <!--
+ displaymessagestop();
+ // -->
+ </script>';
+ echo "</body>";
+ echo "</html>";
+ conf_mount_ro();
+ exit(0);
+ }
}
-/* Check if were up to date exits */
-if ($snort_md5_check_ok == on && $emerg_md5_check_chk_ok == on && $pfsense_md5_check_ok == on) {
- update_status(gettext("Your rules are up to date..."));
- update_output_window(gettext("You may start Snort now..."));
- exit(0);
+if ($snortdownload == "on" && $emergingthreats == "off")
+{
+ if ($snort_md5_check_ok == "on")
+ {
+ update_status(gettext("Your snort.org rules are up to date..."));
+ update_output_window(gettext("You may start Snort now..."));
+ echo '
+ <script type="text/javascript">
+ <!--
+ displaymessagestop();
+ // -->
+ </script>';
+ echo "</body>";
+ echo "</html>";
+ conf_mount_ro();
+ exit(0);
+ }
}
-if ($snort_md5_check_ok == on && $pfsense_md5_check_ok == on && $emergingthreats_url_chk != on) {
- update_status(gettext("Your rules are up to date..."));
- update_output_window(gettext("You may start Snort now..."));
- exit(0);
+if ($snortdownload == "off" && $emergingthreats == "on")
+{
+ if ($emerg_md5_check_ok == "on")
+ {
+ update_status(gettext("Your Emergingthreats rules are up to date..."));
+ update_output_window(gettext("You may start Snort now..."));
+ echo '
+ <script type="text/javascript">
+ <!--
+ displaymessagestop();
+ // -->
+ </script>';
+ echo "</body>";
+ echo "</html>";
+ conf_mount_ro();
+ exit(0);
+ }
}
/* You are Not Up to date, always stop snort when updating rules for low end machines */;
@@ -347,45 +594,60 @@ update_output_window(gettext("Stopping Snort service..."));
$chk_if_snort_up = exec("pgrep -x snort");
if ($chk_if_snort_up != "") {
exec("/usr/bin/touch /tmp/snort_download_halt.pid");
- stop_service("snort");
+ exec("/bin/sh /usr/local/etc/rc.d/snort.sh stop");
sleep(2);
}
/* download snortrules file */
-if ($snort_md5_check_ok != on) {
-if (file_exists("{$tmpfname}/{$snort_filename}")) {
- update_status(gettext("Snortrule tar file exists..."));
-} else {
- unhide_progress_bar_status();
- update_status(gettext("There is a new set of Snort rules posted. Downloading..."));
- update_output_window(gettext("May take 4 to 10 min..."));
+if ($snortdownload != "off")
+{
+ if ($snort_md5_check_ok != on) {
+ if (file_exists("{$tmpfname}/{$snort_filename}")) {
+ update_status(gettext("Snortrule tar file exists..."));
+ } else {
+ unhide_progress_bar_status();
+ update_status(gettext("There is a new set of Snort rules posted. Downloading..."));
+ update_output_window(gettext("May take 4 to 10 min..."));
// download_file_with_progress_bar("http://www.mtest.local/pub-bin/oinkmaster.cgi/{$oinkid}/snortrules-snapshot-2.8{$premium_subscriber}.tar.gz", $tmpfname . "/{$snort_filename}", "read_body_firmware");
- download_file_with_progress_bar("http://dl.snort.org/{$premium_url}/snortrules-snapshot-2.8{$premium_subscriber}.tar.gz?oink_code={$oinkid}", $tmpfname . "/{$snort_filename}", "read_body_firmware");
- update_all_status($static_output);
- update_status(gettext("Done downloading rules file."));
- if (150000 > filesize("{$tmpfname}/$snort_filename")){
- update_status(gettext("Error with the snort rules download..."));
- update_output_window(gettext("Snort rules file downloaded failed..."));
- exit(0);
- }
- }
+ download_file_with_progress_bar("http://dl.snort.org/{$premium_url}/snortrules-snapshot-2.8{$premium_subscriber}.tar.gz?oink_code={$oinkid}", $tmpfname . "/{$snort_filename}", "read_body_firmware");
+ update_all_status($static_output);
+ update_status(gettext("Done downloading rules file."));
+ if (150000 > filesize("{$tmpfname}/$snort_filename")){
+ update_status(gettext("Error with the snort rules download..."));
+ update_output_window(gettext("Snort rules file downloaded failed..."));
+ echo '
+<script type="text/javascript">
+<!--
+ displaymessagestop();
+// -->
+</script>';
+echo "</body>";
+echo "</html>";
+conf_mount_ro();
+ exit(0);
+ }
+ }
+ }
}
-
+
/* download emergingthreats rules file */
-if ($emergingthreats_url_chk == on) {
-if ($emerg_md5_check_chk_ok != on) {
-if (file_exists("{$tmpfname}/{$emergingthreats_filename}")) {
- update_status(gettext("Emergingthreats tar file exists..."));
-} else {
- update_status(gettext("There is a new set of Emergingthreats rules posted. Downloading..."));
- update_output_window(gettext("May take 4 to 10 min..."));
+if ($emergingthreats == "on")
+{
+ if ($emerg_md5_check_ok != on)
+ {
+ if (file_exists("{$tmpfname}/{$emergingthreats_filename}"))
+ {
+ update_status(gettext("Emergingthreats tar file exists..."));
+ }else{
+ update_status(gettext("There is a new set of Emergingthreats rules posted. Downloading..."));
+ update_output_window(gettext("May take 4 to 10 min..."));
// download_file_with_progress_bar("http://www.mtest.local/pub-bin/oinkmaster.cgi/{$oinkid}/emerging.rules.tar.gz", $tmpfname . "/{$emergingthreats_filename}", "read_body_firmware");
- download_file_with_progress_bar("http://www.emergingthreats.net/rules/emerging.rules.tar.gz", $tmpfname . "/{$emergingthreats_filename}", "read_body_firmware");
- update_all_status($static_output);
- update_status(gettext("Done downloading Emergingthreats rules file."));
- }
- }
- }
+ download_file_with_progress_bar("http://www.emergingthreats.net/rules/emerging.rules.tar.gz", $tmpfname . "/{$emergingthreats_filename}", "read_body_firmware");
+ update_all_status($static_output);
+ update_status(gettext("Done downloading Emergingthreats rules file."));
+ }
+ }
+}
/* download pfsense rules file */
if ($pfsense_md5_check_ok != on) {
@@ -431,44 +693,65 @@ if (file_exists("{$tmpfname}/{$pfsense_rules_filename}")) {
//}
/* Untar snort rules file individually to help people with low system specs */
-if ($snort_md5_check_ok != on) {
-if (file_exists("{$tmpfname}/{$snort_filename}")) {
- update_status(gettext("Extracting rules..."));
- update_output_window(gettext("May take a while..."));
- exec("/usr/bin/tar xzf {$tmpfname}/{$snort_filename} -C {$snortdir} rules/");
- exec("/usr/bin/tar xzf {$tmpfname}/{$snort_filename} -C {$snortdir} etc/");
- exec("`/usr/bin/tar xzf {$tmpfname}/{$snort_filename} -C {$snortdir} so_rules/precompiled/FreeBSD-7.0/i386/2.8.4/*`");
- exec("/usr/bin/tar xzf {$tmpfname}/{$snort_filename} -C {$snortdir} so_rules/bad-traffic.rules/");
- exec("/usr/bin/tar xzf {$tmpfname}/{$snort_filename} -C {$snortdir} so_rules/chat.rules/");
- exec("/usr/bin/tar xzf {$tmpfname}/{$snort_filename} -C {$snortdir} so_rules/dos.rules/");
- exec("/usr/bin/tar xzf {$tmpfname}/{$snort_filename} -C {$snortdir} so_rules/exploit.rules/");
- exec("/usr/bin/tar xzf {$tmpfname}/{$snort_filename} -C {$snortdir} so_rules/imap.rules/");
- exec("/usr/bin/tar xzf {$tmpfname}/{$snort_filename} -C {$snortdir} so_rules/misc.rules/");
- exec("/usr/bin/tar xzf {$tmpfname}/{$snort_filename} -C {$snortdir} so_rules/multimedia.rules/");
- exec("/usr/bin/tar xzf {$tmpfname}/{$snort_filename} -C {$snortdir} so_rules/netbios.rules/");
- exec("/usr/bin/tar xzf {$tmpfname}/{$snort_filename} -C {$snortdir} so_rules/nntp.rules/");
- exec("/usr/bin/tar xzf {$tmpfname}/{$snort_filename} -C {$snortdir} so_rules/p2p.rules/");
- exec("/usr/bin/tar xzf {$tmpfname}/{$snort_filename} -C {$snortdir} so_rules/smtp.rules/");
- exec("/usr/bin/tar xzf {$tmpfname}/{$snort_filename} -C {$snortdir} so_rules/sql.rules/");
- exec("/usr/bin/tar xzf {$tmpfname}/{$snort_filename} -C {$snortdir} so_rules/web-client.rules/");
- exec("/usr/bin/tar xzf {$tmpfname}/{$snort_filename} -C {$snortdir} so_rules/web-misc.rules/");
- update_status(gettext("Done extracting Rules."));
-} else {
- update_status(gettext("The Download rules file missing..."));
- update_output_window(gettext("Error rules extracting failed..."));
- exit(0);
- }
+if ($snortdownload != "off")
+{
+ if ($snort_md5_check_ok != on) {
+ if (file_exists("{$tmpfname}/{$snort_filename}")) {
+ update_status(gettext("Extracting rules..."));
+ update_output_window(gettext("May take a while..."));
+ exec("/bin/mkdir -p {$snortdir}/rules_bk/");
+ exec("/usr/bin/tar xzf {$tmpfname}/{$snort_filename} -C {$snortdir}/rules_bk rules/");
+ exec("/usr/bin/tar xzf {$tmpfname}/{$snort_filename} -C {$snortdir} etc/" .
+ " so_rules/precompiled/FreeBSD-7.0/i386/2.8.5.1/" .
+ " so_rules/bad-traffic.rules/" .
+ " so_rules/chat.rules/" .
+ " so_rules/dos.rules/" .
+ " so_rules/exploit.rules/" .
+ " so_rules/imap.rules/" .
+ " so_rules/misc.rules/" .
+ " so_rules/multimedia.rules/" .
+ " so_rules/netbios.rules/" .
+ " so_rules/nntp.rules/" .
+ " so_rules/p2p.rules/" .
+ " so_rules/smtp.rules/" .
+ " so_rules/sql.rules/" .
+ " so_rules/web-client.rules/" .
+ " so_rules/web-misc.rules/");
+ /* add prefix to all snort.org files */
+ /* remove this part and make it all php with the simplst code posible */
+ chdir ("/usr/local/etc/snort/rules_bk/rules");
+ sleep(2);
+ exec('/usr/local/bin/perl /usr/local/bin/snort_rename.pl s/^/snort_/ *.rules');
+ update_status(gettext("Done extracting Rules."));
+ }else{
+ update_status(gettext("The Download rules file missing..."));
+ update_output_window(gettext("Error rules extracting failed..."));
+ echo '
+<script type="text/javascript">
+<!--
+ displaymessagestop();
+// -->
+</script>';
+echo "</body>";
+echo "</html>";
+conf_mount_ro();
+ exit(0);
+ }
+ }
}
/* Untar emergingthreats rules to tmp */
-if ($emergingthreats_url_chk == on) {
-if ($emerg_md5_check_chk_ok != on) {
-if (file_exists("{$tmpfname}/{$emergingthreats_filename}")) {
- update_status(gettext("Extracting rules..."));
- update_output_window(gettext("May take a while..."));
- exec("/usr/bin/tar xzf {$tmpfname}/{$emergingthreats_filename} -C {$snortdir} rules/");
- }
- }
+if ($emergingthreats == "on")
+{
+ if ($emerg_md5_check_ok != on)
+ {
+ if (file_exists("{$tmpfname}/{$emergingthreats_filename}"))
+ {
+ update_status(gettext("Extracting rules..."));
+ update_output_window(gettext("May take a while..."));
+ exec("/usr/bin/tar xzf {$tmpfname}/{$emergingthreats_filename} -C {$snortdir} rules/");
+ }
+ }
}
/* Untar Pfsense rules to tmp */
@@ -483,7 +766,7 @@ if (file_exists("{$tmpfname}/{$pfsense_rules_filename}")) {
/* Untar snort signatures */
if ($snort_md5_check_ok != on) {
if (file_exists("{$tmpfname}/{$snort_filename}")) {
-$signature_info_chk = $config['installedpackages']['snortadvanced']['config'][0]['signatureinfo'];
+$signature_info_chk = $config['installedpackages']['snortglobal']['signatureinfo'];
if ($premium_url_chk == on) {
update_status(gettext("Extracting Signatures..."));
update_output_window(gettext("May take a while..."));
@@ -493,74 +776,250 @@ if ($premium_url_chk == on) {
}
}
-/* Make Clean Snort Directory */
-//if ($snort_md5_check_ok != on && $emerg_md5_check_chk_ok != on && $pfsense_md5_check_ok != on) {
-//if (file_exists("{$snortdir}/rules")) {
-// update_status(gettext("Cleaning the snort Directory..."));
-// update_output_window(gettext("removing..."));
-// exec("/bin/mkdir -p {$snortdir}");
-// exec("/bin/mkdir -p {$snortdir}/rules");
-// exec("/bin/mkdir -p {$snortdir}/signatures");
-// exec("/bin/rm {$snortdir}/*");
-// exec("/bin/rm {$snortdir}/rules/*");
-// exec("/bin/rm {$snortdir_wan}/*");
-// exec("/bin/rm {$snortdir_wan}/rules/*");
+/* Copy so_rules dir to snort lib dir */
+/* Disabed untill I find out why there is a segment failt coredump when using these rules on 2.8.5.3 */
+if ($snortdownload != "off")
+{
+ if ($snort_md5_check_ok != on) {
+ if (file_exists("{$snortdir}/so_rules/precompiled/FreeBSD-7.0/i386/2.8.5.1")) {
+ update_status(gettext("Copying so_rules..."));
+ update_output_window(gettext("May take a while..."));
+ exec("/bin/cp -f {$snortdir}/so_rules/precompiled/FreeBSD-7.0/i386/2.8.5.1/* /usr/local/lib/snort/dynamicrules/");
+ exec("/bin/cp {$snortdir}/so_rules/bad-traffic.rules {$snortdir}/rules/snort_bad-traffic.so.rules");
+ exec("/bin/cp {$snortdir}/so_rules/chat.rules {$snortdir}/rules/snort_chat.so.rules");
+ exec("/bin/cp {$snortdir}/so_rules/dos.rules {$snortdir}/rules/snort_dos.so.rules");
+ exec("/bin/cp {$snortdir}/so_rules/exploit.rules {$snortdir}/rules/snort_exploit.so.rules");
+ exec("/bin/cp {$snortdir}/so_rules/imap.rules {$snortdir}/rules/snort_imap.so.rules");
+ exec("/bin/cp {$snortdir}/so_rules/misc.rules {$snortdir}/rules/snort_misc.so.rules");
+ exec("/bin/cp {$snortdir}/so_rules/multimedia.rules {$snortdir}/rules/snort_multimedia.so.rules");
+ exec("/bin/cp {$snortdir}/so_rules/netbios.rules {$snortdir}/rules/snort_netbios.so.rules");
+ exec("/bin/cp {$snortdir}/so_rules/nntp.rules {$snortdir}/rules/snort_nntp.so.rules");
+ exec("/bin/cp {$snortdir}/so_rules/p2p.rules {$snortdir}/rules/snort_p2p.so.rules");
+ exec("/bin/cp {$snortdir}/so_rules/smtp.rules {$snortdir}/rules/snort_smtp.so.rules");
+ exec("/bin/cp {$snortdir}/so_rules/sql.rules {$snortdir}/rules/snort_sql.so.rules");
+ exec("/bin/cp {$snortdir}/so_rules/web-activex.rules {$snortdir}/rules/snort_web-activex.so.rules");
+ exec("/bin/cp {$snortdir}/so_rules/web-client.rules {$snortdir}/rules/snort_web-client.so.rules");
+ exec("/bin/cp {$snortdir}/so_rules/web-iis.rules {$snortdir}/rules/snort_web-iis.so.rules");
+ exec("/bin/cp {$snortdir}/so_rules/web.misc.rules {$snortdir}/rules/snort_web.misc.so.rules");
+ exec("/bin/rm -r {$snortdir}/so_rules");
+ update_status(gettext("Done copying so_rules."));
+ }else{
+ update_status(gettext("Directory so_rules does not exist..."));
+ update_output_window(gettext("Error copying so_rules..."));
+ echo '
+<script type="text/javascript">
+<!--
+ displaymessagestop();
+// -->
+</script>';
+ echo "</body>";
+ echo "</html>";
+ conf_mount_ro();
+ exit(0);
+ }
+ }
+}
+
+/* Copy renamed snort.org rules to snort dir */
+if ($snortdownload != "off")
+{
+ if ($snort_md5_check_ok != on)
+ {
+ if (file_exists("{$snortdir}/rules_bk/rules/Makefile.am"))
+ {
+ update_status(gettext("Copying renamed snort.org rules to snort directory..."));
+ exec("/bin/cp {$snortdir}/rules_bk/rules/* {$snortdir}/rules/");
+ }else{
+ update_status(gettext("The renamed snort.org rules do not exist..."));
+ update_output_window(gettext("Error copying config..."));
+ echo '
+<script type="text/javascript">
+<!--
+ displaymessagestop();
+// -->
+</script>';
+ echo "</body>";
+ echo "</html>";
+ conf_mount_ro();
+ exit(0);
+ }
+ }
+}
+
+/* Copy configs to snort dir */
+if ($snortdownload != "off")
+{
+ if ($snort_md5_check_ok != on)
+ {
+ if (file_exists("{$snortdir}/etc/Makefile.am")) {
+ update_status(gettext("Copying configs to snort directory..."));
+ exec("/bin/cp {$snortdir}/etc/* {$snortdir}");
+ exec("/bin/rm -r {$snortdir}/etc");
+ }else{
+ update_status(gettext("The snort config does not exist..."));
+ update_output_window(gettext("Error copying config..."));
+ echo '
+<script type="text/javascript">
+<!--
+ displaymessagestop();
+// -->
+</script>';
+echo "</body>";
+echo "</html>";
+conf_mount_ro();
+ exit(0);
+ }
+ }
+}
+
+
+/* Copy md5 sig to snort dir */
+if ($snortdownload != "off")
+{
+ if ($snort_md5_check_ok != on) {
+ if (file_exists("{$tmpfname}/$snort_filename_md5")) {
+ update_status(gettext("Copying md5 sig to snort directory..."));
+ exec("/bin/cp {$tmpfname}/$snort_filename_md5 {$snortdir}/$snort_filename_md5");
+ }else{
+ update_status(gettext("The md5 file does not exist..."));
+ update_output_window(gettext("Error copying config..."));
+ echo '
+<script type="text/javascript">
+<!--
+ displaymessagestop();
+// -->
+</script>';
+ echo "</body>";
+ echo "</html>";
+ conf_mount_ro();
+ exit(0);
+ }
+ }
+}
-// exec("/bin/rm /usr/local/lib/snort/dynamicrules/*");
-//} else {
-// update_status(gettext("Making Snort Directory..."));
-// update_output_window(gettext("should be fast..."));
-// exec("/bin/mkdir -p {$snortdir}");
-// exec("/bin/mkdir -p {$snortdir}/rules");
-// exec("/bin/rm {$snortdir_wan}/*");
-// exec("/bin/rm {$snortdir_wan}/rules/*");
-// exec("/bin/rm /usr/local/lib/snort/dynamicrules/\*");
-// update_status(gettext("Done making snort direcory."));
-// }
-//}
+/* Copy emergingthreats md5 sig to snort dir */
+if ($emergingthreats == "on")
+{
+ if ($emerg_md5_check_ok != on)
+ {
+ if (file_exists("{$tmpfname}/$emergingthreats_filename_md5"))
+ {
+ update_status(gettext("Copying md5 sig to snort directory..."));
+ exec("/bin/cp {$tmpfname}/$emergingthreats_filename_md5 {$snortdir}/$emergingthreats_filename_md5");
+ }else{
+ update_status(gettext("The emergingthreats md5 file does not exist..."));
+ update_output_window(gettext("Error copying config..."));
+ echo "</body>";
+ echo "</html>";
+ conf_mount_ro();
+ exit(0);
+ }
+ }
+}
-/* Copy so_rules dir to snort lib dir */
-if ($snort_md5_check_ok != on) {
-if (file_exists("{$snortdir}/so_rules/precompiled/FreeBSD-7.0/i386/2.8.4/")) {
- update_status(gettext("Copying so_rules..."));
- update_output_window(gettext("May take a while..."));
- exec("`/bin/cp -f {$snortdir}/so_rules/precompiled/FreeBSD-7.0/i386/2.8.4/* /usr/local/lib/snort/dynamicrules/`");
- exec("/bin/cp {$snortdir}/so_rules/bad-traffic.rules {$snortdir}/rules/bad-traffic.so.rules");
- exec("/bin/cp {$snortdir}/so_rules/chat.rules {$snortdir}/rules/chat.so.rules");
- exec("/bin/cp {$snortdir}/so_rules/dos.rules {$snortdir}/rules/dos.so.rules");
- exec("/bin/cp {$snortdir}/so_rules/exploit.rules {$snortdir}/rules/exploit.so.rules");
- exec("/bin/cp {$snortdir}/so_rules/imap.rules {$snortdir}/rules/imap.so.rules");
- exec("/bin/cp {$snortdir}/so_rules/misc.rules {$snortdir}/rules/misc.so.rules");
- exec("/bin/cp {$snortdir}/so_rules/multimedia.rules {$snortdir}/rules/multimedia.so.rules");
- exec("/bin/cp {$snortdir}/so_rules/netbios.rules {$snortdir}/rules/netbios.so.rules");
- exec("/bin/cp {$snortdir}/so_rules/nntp.rules {$snortdir}/rules/nntp.so.rules");
- exec("/bin/cp {$snortdir}/so_rules/p2p.rules {$snortdir}/rules/p2p.so.rules");
- exec("/bin/cp {$snortdir}/so_rules/smtp.rules {$snortdir}/rules/smtp.so.rules");
- exec("/bin/cp {$snortdir}/so_rules/sql.rules {$snortdir}/rules/sql.so.rules");
- exec("/bin/cp {$snortdir}/so_rules/web-client.rules {$snortdir}/rules/web-client.so.rules");
- exec("/bin/cp {$snortdir}/so_rules/web.misc.rules {$snortdir}/rules/web.misc.so.rules");
- exec("/bin/rm -r {$snortdir}/so_rules");
- update_status(gettext("Done copying so_rules."));
+/* Copy Pfsense md5 sig to snort dir */
+if ($pfsense_md5_check_ok != on) {
+if (file_exists("{$tmpfname}/$pfsense_rules_filename_md5")) {
+ update_status(gettext("Copying Pfsense md5 sig to snort directory..."));
+ exec("/bin/cp {$tmpfname}/$pfsense_rules_filename_md5 {$snortdir}/$pfsense_rules_filename_md5");
} else {
- update_status(gettext("Directory so_rules does not exist..."));
- update_output_window(gettext("Error copying so_rules..."));
- exit(0);
+ update_status(gettext("The Pfsense md5 file does not exist..."));
+ update_output_window(gettext("Error copying config..."));
+ echo '
+<script type="text/javascript">
+<!--
+ displaymessagestop();
+// -->
+</script>';
+ echo "</body>";
+ echo "</html>";
+ conf_mount_ro();
+ exit(0);
}
}
+
+/* Copy signatures dir to snort dir */
+if ($snortdownload != "off")
+{
+ if ($snort_md5_check_ok != on)
+ {
+ $signature_info_chk = $config['installedpackages']['snortglobal']['signatureinfo'];
+ if ($premium_url_chk == on)
+ {
+ if (file_exists("{$snortdir}/doc/signatures")) {
+ update_status(gettext("Copying signatures..."));
+ update_output_window(gettext("May take a while..."));
+ exec("/bin/mv -f {$snortdir}/doc/signatures {$snortdir}/signatures");
+ exec("/bin/rm -r {$snortdir}/doc/signatures");
+ update_status(gettext("Done copying signatures."));
+ }else{
+ update_status(gettext("Directory signatures exist..."));
+ update_output_window(gettext("Error copying signature..."));
+ echo '
+<script type="text/javascript">
+<!--
+ displaymessagestop();
+// -->
+</script>';
+echo "</body>";
+echo "</html>";
+conf_mount_ro();
+ exit(0);
+ }
+ }
+ }
+}
+
+/* double make shure cleanup emerg rules that dont belong */
+if (file_exists("/usr/local/etc/snort/rules/emerging-botcc-BLOCK.rules")) {
+ apc_clear_cache();
+ exec("/bin/rm /usr/local/etc/snort/rules/emerging-botcc-BLOCK.rules");
+ exec("/bin/rm /usr/local/etc/snort/rules/emerging-botcc.rules");
+ exec("/bin/rm /usr/local/etc/snort/rules/emerging-compromised-BLOCK.rules");
+ exec("/bin/rm /usr/local/etc/snort/rules/emerging-drop-BLOCK.rules");
+ exec("/bin/rm /usr/local/etc/snort/rules/emerging-dshield-BLOCK.rules");
+ exec("/bin/rm /usr/local/etc/snort/rules/emerging-rbn-BLOCK.rules");
+ exec("/bin/rm /usr/local/etc/snort/rules/emerging-tor-BLOCK.rules");
+}
+
+if (file_exists("/usr/local/lib/snort/dynamicrules/lib_sfdynamic_example_rule.so")) {
+ exec("/bin/rm /usr/local/lib/snort/dynamicrules/lib_sfdynamic_example_rule.so");
+ exec("/bin/rm /usr/local/lib/snort/dynamicrules/lib_sfdynamic_example\*");
+}
+
+/* make shure default rules are in the right format */
+exec("/usr/local/bin/perl -pi -e 's/#alert/# alert/g' /usr/local/etc/snort/rules/*.rules");
+exec("/usr/local/bin/perl -pi -e 's/##alert/# alert/g' /usr/local/etc/snort/rules/*.rules");
+exec("/usr/local/bin/perl -pi -e 's/## alert/# alert/g' /usr/local/etc/snort/rules/*.rules");
+/* create a msg-map for snort */
+update_status(gettext("Updating Alert Messages..."));
+update_output_window(gettext("Please Wait..."));
+exec("/usr/local/bin/perl /usr/local/bin/create-sidmap.pl /usr/local/etc/snort/rules > /usr/local/etc/snort/sid-msg.map");
+
+
+//////////////////
+
+/* open oinkmaster_conf for writing" function */
+function oinkmaster_conf($id, $if_real, $iface_uuid)
+{
+
+ global $config, $g, $id, $if_real, $snortdir_wan, $snortdir, $snort_md5_check_ok, $emerg_md5_check_ok, $pfsense_md5_check_ok;
+ conf_mount_rw();
+
/* enable disable setting will carry over with updates */
/* TODO carry signature changes with the updates */
-if ($snort_md5_check_ok != on || $emerg_md5_check_chk_ok != on || $pfsense_md5_check_ok != on) {
+if ($snort_md5_check_ok != on || $emerg_md5_check_ok != on || $pfsense_md5_check_ok != on) {
-if (!empty($config['installedpackages']['snort']['rule_sid_on'])) {
-$enabled_sid_on = $config['installedpackages']['snort']['rule_sid_on'];
+if (!empty($config['installedpackages']['snortglobal']['rule'][$id]['rule_sid_on'])) {
+$enabled_sid_on = $config['installedpackages']['snortglobal']['rule'][$id]['rule_sid_on'];
$enabled_sid_on_array = split('\|\|', $enabled_sid_on);
foreach($enabled_sid_on_array as $enabled_item_on)
$selected_sid_on_sections .= "$enabled_item_on\n";
}
-if (!empty($config['installedpackages']['snort']['rule_sid_off'])) {
-$enabled_sid_off = $config['installedpackages']['snort']['rule_sid_off'];
+if (!empty($config['installedpackages']['snortglobal']['rule'][$id]['rule_sid_off'])) {
+$enabled_sid_off = $config['installedpackages']['snortglobal']['rule'][$id]['rule_sid_off'];
$enabled_sid_off_array = split('\|\|', $enabled_sid_off);
foreach($enabled_sid_off_array as $enabled_item_off)
$selected_sid_off_sections .= "$enabled_item_off\n";
@@ -578,7 +1037,7 @@ path = /bin:/usr/bin:/usr/local/bin
update_files = \.rules$|\.config$|\.conf$|\.txt$|\.map$
-url = dir:///usr/local/etc/snort_bkup/rules
+url = dir:///usr/local/etc/snort/rules
$selected_sid_on_sections
@@ -586,153 +1045,99 @@ $selected_sid_off_sections
EOD;
- /* open snort's threshold.conf for writing */
- $oinkmasterlist = fopen("/usr/local/etc/snort_bkup/oinkmaster.conf", "w");
+ /* open snort's oinkmaster.conf for writing */
+ $oinkmasterlist = fopen("/usr/local/etc/snort/snort_{$iface_uuid}_{$if_real}/oinkmaster_{$iface_uuid}_{$if_real}.conf", "w");
fwrite($oinkmasterlist, "$snort_sid_text");
- /* close snort's threshold.conf file */
+ /* close snort's oinkmaster.conf file */
fclose($oinkmasterlist);
+ }
}
-/* Copy configs to snort dir */
-if ($snort_md5_check_ok != on) {
-if (file_exists("{$snortdir}/etc/Makefile.am")) {
- update_status(gettext("Copying configs to snort directory..."));
- exec("/bin/cp {$snortdir}/etc/* {$snortdir}");
- exec("/bin/rm -r {$snortdir}/etc");
-
-} else {
- update_status(gettext("The snort config does not exist..."));
- update_output_window(gettext("Error copying config..."));
- exit(0);
- }
-}
+/* Run oinkmaster to snort_wan and cp configs */
+/* If oinkmaster is not needed cp rules normally */
+/* TODO add per interface settings here */
+function oinkmaster_run($id, $if_real, $iface_uuid)
+{
-/* Copy md5 sig to snort dir */
-if ($snort_md5_check_ok != on) {
-if (file_exists("{$tmpfname}/$snort_filename_md5")) {
- update_status(gettext("Copying md5 sig to snort directory..."));
- exec("/bin/cp {$tmpfname}/$snort_filename_md5 {$snortdir}/$snort_filename_md5");
-} else {
- update_status(gettext("The md5 file does not exist..."));
- update_output_window(gettext("Error copying config..."));
- exit(0);
- }
-}
+ global $config, $g, $id, $if_real, $snortdir_wan, $snortdir, $snort_md5_check_ok, $emerg_md5_check_ok, $pfsense_md5_check_ok;
+ conf_mount_rw();
-/* Copy emergingthreats md5 sig to snort dir */
-if ($emergingthreats_url_chk == on) {
-if ($emerg_md5_check_chk_ok != on) {
-if (file_exists("{$tmpfname}/$emergingthreats_filename_md5")) {
- update_status(gettext("Copying md5 sig to snort directory..."));
- exec("/bin/cp {$tmpfname}/$emergingthreats_filename_md5 {$snortdir}/$emergingthreats_filename_md5");
-} else {
- update_status(gettext("The emergingthreats md5 file does not exist..."));
- update_output_window(gettext("Error copying config..."));
- exit(0);
- }
- }
-}
+ if ($snort_md5_check_ok != on || $emerg_md5_check_ok != on || $pfsense_md5_check_ok != on)
+ {
-/* Copy Pfsense md5 sig to snort dir */
-if ($pfsense_md5_check_ok != on) {
-if (file_exists("{$tmpfname}/$pfsense_rules_filename_md5")) {
- update_status(gettext("Copying Pfsense md5 sig to snort directory..."));
- exec("/bin/cp {$tmpfname}/$pfsense_rules_filename_md5 {$snortdir}/$pfsense_rules_filename_md5");
-} else {
- update_status(gettext("The Pfsense md5 file does not exist..."));
- update_output_window(gettext("Error copying config..."));
- exit(0);
- }
-}
-
-/* Copy signatures dir to snort dir */
-if ($snort_md5_check_ok != on) {
-$signature_info_chk = $config['installedpackages']['snort']['config'][0]['signatureinfo'];
-if ($premium_url_chk == on) {
-if (file_exists("{$snortdir}/doc/signatures")) {
- update_status(gettext("Copying signatures..."));
- update_output_window(gettext("May take a while..."));
- exec("/bin/mv -f {$snortdir}/doc/signatures {$snortdir}/signatures");
- exec("/bin/rm -r {$snortdir}/doc/signatures");
- update_status(gettext("Done copying signatures."));
-} else {
- update_status(gettext("Directory signatures exist..."));
- update_output_window(gettext("Error copying signature..."));
- exit(0);
- }
- }
-}
+ if ($config['installedpackages']['snortglobal']['rule'][$id]['rule_sid_on'] == '' && $config['installedpackages']['snortglobal']['rule'][$id]['rule_sid_off'] == '')
+ {
+ update_status(gettext("Your first set of rules are being copied..."));
+ update_output_window(gettext("May take a while..."));
+ exec("/bin/echo \"test {$snortdir} {$snortdir_wan} {$iface_uuid}_{$if_real}\" > /root/debug");
+ exec("/bin/cp {$snortdir}/rules/* {$snortdir_wan}/snort_{$iface_uuid}_{$if_real}/rules/");
+ exec("/bin/cp {$snortdir}/classification.config {$snortdir_wan}/snort_{$iface_uuid}_{$if_real}");
+ exec("/bin/cp {$snortdir}/gen-msg.map {$snortdir_wan}/snort_{$iface_uuid}_{$if_real}");
+ exec("/bin/cp {$snortdir}/generators {$snortdir_wan}/snort_{$iface_uuid}_{$if_real}");
+ exec("/bin/cp {$snortdir}/reference.config {$snortdir_wan}/snort_{$iface_uuid}_{$if_real}");
+ exec("/bin/cp {$snortdir}/sid {$snortdir_wan}/snort_{$iface_uuid}_{$if_real}");
+ exec("/bin/cp {$snortdir}/sid-msg.map {$snortdir_wan}/snort_{$iface_uuid}_{$if_real}");
+ exec("/bin/cp {$snortdir}/unicode.map {$snortdir_wan}/snort_{$iface_uuid}_{$if_real}");
+ }else{
+ update_status(gettext("Your enable and disable changes are being applied to your fresh set of rules..."));
+ update_output_window(gettext("May take a while..."));
+ exec("/bin/echo \"test2 {$snortdir} {$snortdir_wan} {$iface_uuid}_{$if_real}\" > /root/debug");
+ exec("/bin/cp {$snortdir}/rules/* {$snortdir_wan}/snort_{$iface_uuid}_{$if_real}/rules/");
+ exec("/bin/cp {$snortdir}/classification.config {$snortdir_wan}/snort_{$iface_uuid}_{$if_real}");
+ exec("/bin/cp {$snortdir}/gen-msg.map {$snortdir_wan}/snort_{$iface_uuid}_{$if_real}");
+ exec("/bin/cp {$snortdir}/generators {$snortdir_wan}/snort_{$iface_uuid}_{$if_real}");
+ exec("/bin/cp {$snortdir}/reference.config {$snortdir_wan}/snort_{$iface_uuid}_{$if_real}");
+ exec("/bin/cp {$snortdir}/sid {$snortdir_wan}/snort_{$iface_uuid}_{$if_real}");
+ exec("/bin/cp {$snortdir}/sid-msg.map {$snortdir_wan}/snort_{$iface_uuid}_{$if_real}");
+ exec("/bin/cp {$snortdir}/unicode.map {$snortdir_wan}/snort_{$iface_uuid}_{$if_real}");
-/* double make shure cleanup emerg rules that dont belong */
-if (file_exists("/usr/local/etc/snort_bkup/rules/emerging-botcc-BLOCK.rules")) {
- apc_clear_cache();
- exec("/bin/rm /usr/local/etc/snort_bkup/rules/emerging-botcc-BLOCK.rules");
- exec("/bin/rm /usr/local/etc/snort_bkup/rules/emerging-botcc.rules");
- exec("/bin/rm /usr/local/etc/snort_bkup/rules/emerging-compromised-BLOCK.rules");
- exec("/bin/rm /usr/local/etc/snort_bkup/rules/emerging-drop-BLOCK.rules");
- exec("/bin/rm /usr/local/etc/snort_bkup/rules/emerging-dshield-BLOCK.rules");
- exec("/bin/rm /usr/local/etc/snort_bkup/rules/emerging-rbn-BLOCK.rules");
- exec("/bin/rm /usr/local/etc/snort_bkup/rules/emerging-tor-BLOCK.rules");
+ /* might have to add a sleep for 3sec for flash drives or old drives */
+ exec("/usr/local/bin/perl /usr/local/bin/oinkmaster.pl -C /usr/local/etc/snort/snort_{$iface_uuid}_{$if_real}/oinkmaster_{$iface_uuid}_{$if_real}.conf -o /usr/local/etc/snort/snort_{$iface_uuid}_{$if_real}/rules > /usr/local/etc/snort/oinkmaster_{$iface_uuid}_{$if_real}.log");
+ }
+ }
}
-if (file_exists("/usr/local/lib/snort/dynamicrules/lib_sfdynamic_example_rule.so")) {
- exec("/bin/rm /usr/local/lib/snort/dynamicrules/lib_sfdynamic_example_rule.so");
- exec("/bin/rm /usr/local/lib/snort/dynamicrules/lib_sfdynamic_example\*");
-}
+/* Start the proccess for every interface rule */
+/* TODO: try to make the code smother */
-/* create a msg-map for snort */
-update_status(gettext("Updating Alert Messages..."));
-update_output_window(gettext("Please Wait..."));
-exec("/usr/local/bin/perl /usr/local/bin/create-sidmap.pl /usr/local/etc/snort_bkup/rules > /usr/local/etc/snort_bkup/sid-msg.map");
+if (!empty($config['installedpackages']['snortglobal']['rule']))
+{
-/* Run oinkmaster to snort_wan and cp configs */
-/* If oinkmaster is not needed cp rules normally */
-/* TODO add per interface settings here */
-if ($snort_md5_check_ok != on || $emerg_md5_check_chk_ok != on || $pfsense_md5_check_ok != on) {
+ $rule_array = $config['installedpackages']['snortglobal']['rule'];
+ $id = -1;
+ foreach ($rule_array as $value) {
- if (empty($config['installedpackages']['snort']['rule_sid_on']) || empty($config['installedpackages']['snort']['rule_sid_off'])) {
- update_status(gettext("Your first set of rules are being copied..."));
- update_output_window(gettext("May take a while..."));
- exec("/bin/cp {$snortdir}/rules/* {$snortdir_wan}/rules/");
- exec("/bin/cp {$snortdir}/classification.config {$snortdir_wan}");
- exec("/bin/cp {$snortdir}/gen-msg.map {$snortdir_wan}");
- exec("/bin/cp {$snortdir}/generators {$snortdir_wan}");
- exec("/bin/cp {$snortdir}/reference.config {$snortdir_wan}");
- exec("/bin/cp {$snortdir}/sid {$snortdir_wan}");
- exec("/bin/cp {$snortdir}/sid-msg.map {$snortdir_wan}");
- exec("/bin/cp {$snortdir}/unicode.map {$snortdir_wan}");
+ $id += 1;
+
+ $result_lan = $config['installedpackages']['snortglobal']['rule'][$id]['interface'];
+ $if_real = convert_friendly_interface_to_real_interface_name($result_lan);
+ $iface_uuid = $config['installedpackages']['snortglobal']['rule'][$id]['uuid'];
+
+ /* make oinkmaster.conf for each interface rule */
+ oinkmaster_conf($id, $if_real, $iface_uuid);
+
+ /* run oinkmaster for each interface rule */
+ oinkmaster_run($id, $if_real, $iface_uuid);
-} else {
- update_status(gettext("Your enable and disable changes are being applied to your fresh set of rules..."));
- update_output_window(gettext("May take a while..."));
- exec("/bin/cp {$snortdir}/rules/* {$snortdir_wan}/rules/");
- exec("/bin/cp {$snortdir}/classification.config {$snortdir_wan}");
- exec("/bin/cp {$snortdir}/gen-msg.map {$snortdir_wan}");
- exec("/bin/cp {$snortdir}/generators {$snortdir_wan}");
- exec("/bin/cp {$snortdir}/reference.config {$snortdir_wan}");
- exec("/bin/cp {$snortdir}/sid {$snortdir_wan}");
- exec("/bin/cp {$snortdir}/sid-msg.map {$snortdir_wan}");
- exec("/bin/cp {$snortdir}/unicode.map {$snortdir_wan}");
-
- /* oinkmaster.pl will convert saved changes for the new updates then we have to change #alert to # alert for the gui */
- /* might have to add a sleep for 3sec for flash drives or old drives */
- exec("/usr/local/bin/perl /usr/local/bin/oinkmaster.pl -C /usr/local/etc/snort_bkup/oinkmaster.conf -o /usr/local/etc/snort/rules > /usr/local/etc/snort_bkup/oinkmaster.log");
- exec("/usr/local/bin/perl -pi -e 's/#alert/# alert/g' /usr/local/etc/snort/rules/*.rules");
- exec("/usr/local/bin/perl -pi -e 's/##alert/# alert/g' /usr/local/etc/snort/rules/*.rules");
- exec("/usr/local/bin/perl -pi -e 's/## alert/# alert/g' /usr/local/etc/snort/rules/*.rules");
-
-
}
}
+//////////////
+
+/* mark the time update finnished */
+$config['installedpackages']['snortglobal']['last_rules_install'] = date("Y-M-jS-h:i-A");
+
/* remove old $tmpfname files */
-if (file_exists("{$tmpfname}")) {
- update_status(gettext("Cleaning up..."));
- exec("/bin/rm -r /root/snort_rules_up");
-// apc_clear_cache();
+if (file_exists("{$tmpfname}"))
+{
+ update_status(gettext("Cleaning up..."));
+ exec("/bin/rm -r /tmp/snort_rules_up");
+ sleep(2);
+ exec("/bin/rm -r {$snortdir}/rules_bk/rules/");
+ apc_clear_cache();
}
/* php code to flush out cache some people are reportting missing files this might help */
@@ -740,9 +1145,18 @@ sleep(2);
apc_clear_cache();
exec("/bin/sync ;/bin/sync ;/bin/sync ;/bin/sync ;/bin/sync ;/bin/sync ;/bin/sync ;/bin/sync");
+/* make all dirs snorts */
+exec("/usr/sbin/chown -R snort:snort /var/log/snort");
+exec("/usr/sbin/chown -R snort:snort /usr/local/etc/snort");
+exec("/usr/sbin/chown -R snort:snort /usr/local/lib/snort");
+exec("/bin/chmod -R 755 /var/log/snort");
+exec("/bin/chmod -R 755 /usr/local/etc/snort");
+exec("/bin/chmod -R 755 /usr/local/lib/snort");
+
+
/* if snort is running hardrestart, if snort is not running do nothing */
if (file_exists("/tmp/snort_download_halt.pid")) {
- start_service("snort");
+ exec("/bin/sh /usr/local/etc/rc.d/snort.sh start");
update_status(gettext("The Rules update finished..."));
update_output_window(gettext("Snort has restarted with your new set of rules..."));
exec("/bin/rm /tmp/snort_download_halt.pid");
@@ -751,6 +1165,13 @@ if (file_exists("/tmp/snort_download_halt.pid")) {
update_output_window(gettext("You may start snort now..."));
}
+echo '
+<script type="text/javascript">
+<!--
+ displaymessagestop();
+// -->
+</script>';
+
/* hide progress bar and lets end this party */
hide_progress_bar_status();
conf_mount_ro();
diff --git a/config/snort/snort_dynamic_ip_reload.php b/config/snort/snort_dynamic_ip_reload.php
index 0fad085b..98d9bcce 100644
--- a/config/snort/snort_dynamic_ip_reload.php
+++ b/config/snort/snort_dynamic_ip_reload.php
@@ -3,7 +3,7 @@
/* $Id$ */
/*
snort_dynamic_ip_reload.php
- Copyright (C) 2006 Scott Ullrich and Robert Zeleya
+ Copyright (C) 2009 Robert Zeleya
All rights reserved.
Redistribution and use in source and binary forms, with or without
@@ -31,19 +31,20 @@
/* NOTE: this file gets included from the pfSense filter.inc plugin process */
/* NOTE: file location /usr/local/pkg/pf, all files in pf dir get exec on filter reloads */
-require_once("/usr/local/pkg/snort.inc");
-require_once("service-utils.inc");
-require_once("config.inc");
+require_once("/usr/local/pkg/snort/snort.inc");
+/* get the varibles from the command line */
+/* Note: snort.sh sould only be using this */
+//$id = $_SERVER["argv"][1];
+//$if_real = $_SERVER["argv"][2];
-if($config['interfaces']['wan']['ipaddr'] == "pppoe" or
- $config['interfaces']['wan']['ipaddr'] == "dhcp") {
- create_snort_conf();
- exec("killall -HUP snort");
- /* define snortbarnyardlog_chk */
- $snortbarnyardlog_info_chk = $config['installedpackages']['snortadvanced']['config'][0]['snortbarnyardlog'];
- if ($snortbarnyardlog_info_chk == on)
- exec("killall -HUP barnyard2");
-}
+//$test_iface = $config['installedpackages']['snortglobal']['rule'][$id]['interface'];
+
+//if ($id == "" || $if_real == "" || $test_iface == "") {
+// exec("/usr/bin/logger -p daemon.info -i -t SnortDynIP \"ERORR starting snort_dynamic_ip_reload.php\"");
+// exit;
+// }
+
+sync_snort_package_empty();
?> \ No newline at end of file
diff --git a/config/snort-dev/snort_fbegin.inc b/config/snort/snort_fbegin.inc
index b8faff09..b8faff09 100644
--- a/config/snort-dev/snort_fbegin.inc
+++ b/config/snort/snort_fbegin.inc
diff --git a/config/snort-dev/snort_gui.inc b/config/snort/snort_gui.inc
index 95a0e597..95a0e597 100644
--- a/config/snort-dev/snort_gui.inc
+++ b/config/snort/snort_gui.inc
diff --git a/config/snort-dev/snort_help_info.php b/config/snort/snort_help_info.php
index 5355ec77..5355ec77 100644
--- a/config/snort-dev/snort_help_info.php
+++ b/config/snort/snort_help_info.php
diff --git a/config/snort-dev/snort_interfaces.php b/config/snort/snort_interfaces.php
index b2f72aad..cb51df44 100644
--- a/config/snort-dev/snort_interfaces.php
+++ b/config/snort/snort_interfaces.php
@@ -141,7 +141,7 @@ if (isset($_POST['del_x'])) {
/* stop syslog flood code */
//$if_real_wan_rulei = $a_nat[$rulei]['interface'];
- //$if_real_wan_rulei2 = convert_friendly_interface_to_real_interface_name2($if_real_wan_rulei);
+ //$if_real_wan_rulei2 = convert_friendly_interface_to_real_interface_name($if_real_wan_rulei);
//exec("/sbin/ifconfig $if_real_wan_rulei2 -promisc");
//exec("/bin/cp /var/log/system.log /var/log/snort/snort_sys_$rulei$if_real.log");
//exec("/usr/bin/killall syslogd");
@@ -156,18 +156,21 @@ if (isset($_POST['del_x'])) {
}
}
-
- unset($a_nat[$rulei]);
- }
-
- conf_mount_rw();
+
+ /* for every iface do these steps */
+ conf_mount_rw();
exec("/bin/rm /var/log/snort/snort.u2_{$snort_uuid}_{$if_real}*");
exec("/bin/rm -r /usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}");
+
conf_mount_ro();
-
+
+ unset($a_nat[$rulei]);
+
+ }
+
write_config();
- touch("/var/run/snort_conf_delete.dirty");
+ //touch("/var/run/snort_conf_delete.dirty");
header( 'Expires: Sat, 26 Jul 1997 05:00:00 GMT' );
header( 'Last-Modified: ' . gmdate( 'D, d M Y H:i:s' ) . ' GMT' );
@@ -176,7 +179,7 @@ if (isset($_POST['del_x'])) {
header( 'Pragma: no-cache' );
sleep(2);
header("Location: /snort/snort_interfaces.php");
- exit;
+ //exit;
}
}
@@ -211,7 +214,7 @@ if ($_GET['act'] == 'toggle' && $_GET['id'] != '')
}else{
- sync_snort_package_all($id, $if_real);
+ sync_snort_package_all($id, $if_real, $snort_uuid);
sync_snort_package();
Running_Start($snort_uuid, $if_real, $id);
@@ -228,7 +231,7 @@ if ($_GET['act'] == 'toggle' && $_GET['id'] != '')
-$pgtitle = "Services: Snort 2.8.5.3 pkg v. 1.18 RC Final";
+$pgtitle = "Services: Snort 2.8.5.3 pkg v. 1.19";
include("head.inc");
?>
diff --git a/config/snort-dev/snort_interfaces_edit.php b/config/snort/snort_interfaces_edit.php
index 164f154a..dddca3af 100644
--- a/config/snort-dev/snort_interfaces_edit.php
+++ b/config/snort/snort_interfaces_edit.php
@@ -158,14 +158,16 @@ $d_snortconfdirty_path = "/var/run/snort_conf_{$snort_uuid}_{$if_real}.dirty";
/* this will exec when alert says apply */
if ($_POST['apply']) {
- if (file_exists("/var/run/snort_conf_{$snort_uuid}_.dirty")) {
-
- write_config();
+ if (file_exists("/var/run/snort_conf_{$snort_uuid}_.dirty")) {
+
+ write_config();
- sync_snort_package_empty();
- sync_snort_package();
+ $if_real = convert_friendly_interface_to_real_interface_name($a_nat[$id]['interface']);
+
+ sync_snort_package_all($id, $if_real, $snort_uuid);
+ sync_snort_package();
- unlink("/var/run/snort_conf_{$snort_uuid}_.dirty");
+ unlink("/var/run/snort_conf_{$snort_uuid}_.dirty");
}
@@ -173,7 +175,7 @@ $d_snortconfdirty_path = "/var/run/snort_conf_{$snort_uuid}_{$if_real}.dirty";
write_config();
- sync_snort_package_all();
+ sync_snort_package_all($id, $if_real, $snort_uuid);
sync_snort_package();
unlink($d_snortconfdirty_path);
@@ -314,7 +316,7 @@ if ($_POST["Submit"]) {
if ($_POST["Submit2"]) {
- sync_snort_package_all();
+ sync_snort_package_all($id, $if_real, $snort_uuid);
sync_snort_package();
sleep(1);
diff --git a/config/snort/snort_interfaces_edit_bkup.php b/config/snort/snort_interfaces_edit_bkup.php
new file mode 100644
index 00000000..92bc7c5a
--- /dev/null
+++ b/config/snort/snort_interfaces_edit_bkup.php
@@ -0,0 +1,609 @@
+<?php
+/* $Id$ */
+/*
+ snort_interfaces.php
+ part of m0n0wall (http://m0n0.ch/wall)
+
+ Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>.
+ Copyright (C) 2008-2009 Robert Zelaya.
+ All rights reserved.
+
+ Redistribution and use in source and binary forms, with or without
+ modification, are permitted provided that the following conditions are met:
+
+ 1. Redistributions of source code must retain the above copyright notice,
+ this list of conditions and the following disclaimer.
+
+ 2. Redistributions in binary form must reproduce the above copyright
+ notice, this list of conditions and the following disclaimer in the
+ documentation and/or other materials provided with the distribution.
+
+ THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
+ INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+ AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
+ OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ POSSIBILITY OF SUCH DAMAGE.
+*/
+
+require_once("guiconfig.inc");
+require_once("/usr/local/pkg/snort/snort.inc");
+require_once("/usr/local/pkg/snort/snort_gui.inc");
+
+
+if (!is_array($config['installedpackages']['snortglobal']['rule'])) {
+ $config['installedpackages']['snortglobal']['rule'] = array();
+}
+
+$a_nat = $config['installedpackages']['snortglobal']['rule'];
+
+$id = $_GET['id'];
+if (isset($_POST['id']))
+ $id = $_POST['id'];
+
+if (isset($_GET['dup'])) {
+ $id = $_GET['dup'];
+ $after = $_GET['dup'];
+}
+
+/* always have a limit of (65535) numbers only or snort will not start do to id limits */
+/* TODO: When inline gets added make the uuid the port number lisstening */
+//function gen_snort_uuid($fileline)
+//{
+ /* return the first 5 */
+ //if (preg_match("/...../", $fileline, $matches1))
+ //{
+ //$uuid_final = "$matches1[0]";
+ //}
+//return $uuid_final;
+//}
+
+/* gen uuid for each iface !inportant */
+if ($config['installedpackages']['snortglobal']['rule'][$id]['uuid'] == '') {
+ //$snort_uuid = gen_snort_uuid(strrev(uniqid(true)));
+$snort_uuid = 0;
+while ($snort_uuid > 65535 || $snort_uuid == 0) {
+ $snort_uuid = mt_rand(1, 65535);
+ $pconfig['uuid'] = $snort_uuid;
+ }
+}
+
+if ($config['installedpackages']['snortglobal']['rule'][$id]['uuid'] != '') {
+ $snort_uuid = $config['installedpackages']['snortglobal']['rule'][$id]['uuid'];
+}
+
+
+/* convert fake interfaces to real */
+$if_real = convert_friendly_interface_to_real_interface_name2($config['installedpackages']['snortglobal']['rule'][$id]['interface']);
+
+
+if (isset($id) && $a_nat[$id]) {
+
+ /* old options */
+ $pconfig['def_ssl_ports_ignore'] = $a_nat[$id]['def_ssl_ports_ignore'];
+ $pconfig['flow_depth'] = $a_nat[$id]['flow_depth'];
+ $pconfig['perform_stat'] = $a_nat[$id]['perform_stat'];
+ $pconfig['http_inspect'] = $a_nat[$id]['http_inspect'];
+ $pconfig['other_preprocs'] = $a_nat[$id]['other_preprocs'];
+ $pconfig['ftp_preprocessor'] = $a_nat[$id]['ftp_preprocessor'];
+ $pconfig['smtp_preprocessor'] = $a_nat[$id]['smtp_preprocessor'];
+ $pconfig['sf_portscan'] = $a_nat[$id]['sf_portscan'];
+ $pconfig['dce_rpc_2'] = $a_nat[$id]['dce_rpc_2'];
+ $pconfig['dns_preprocessor'] = $a_nat[$id]['dns_preprocessor'];
+ $pconfig['def_dns_servers'] = $a_nat[$id]['def_dns_servers'];
+ $pconfig['def_dns_ports'] = $a_nat[$id]['def_dns_ports'];
+ $pconfig['def_smtp_servers'] = $a_nat[$id]['def_smtp_servers'];
+ $pconfig['def_smtp_ports'] = $a_nat[$id]['def_smtp_ports'];
+ $pconfig['def_mail_ports'] = $a_nat[$id]['def_mail_ports'];
+ $pconfig['def_http_servers'] = $a_nat[$id]['def_http_servers'];
+ $pconfig['def_www_servers'] = $a_nat[$id]['def_www_servers'];
+ $pconfig['def_http_ports'] = $a_nat[$id]['def_http_ports'];
+ $pconfig['def_sql_servers'] = $a_nat[$id]['def_sql_servers'];
+ $pconfig['def_oracle_ports'] = $a_nat[$id]['def_oracle_ports'];
+ $pconfig['def_mssql_ports'] = $a_nat[$id]['def_mssql_ports'];
+ $pconfig['def_telnet_servers'] = $a_nat[$id]['def_telnet_servers'];
+ $pconfig['def_telnet_ports'] = $a_nat[$id]['def_telnet_ports'];
+ $pconfig['def_snmp_servers'] = $a_nat[$id]['def_snmp_servers'];
+ $pconfig['def_snmp_ports'] = $a_nat[$id]['def_snmp_ports'];
+ $pconfig['def_ftp_servers'] = $a_nat[$id]['def_ftp_servers'];
+ $pconfig['def_ftp_ports'] = $a_nat[$id]['def_ftp_ports'];
+ $pconfig['def_ssh_servers'] = $a_nat[$id]['def_ssh_servers'];
+ $pconfig['def_ssh_ports'] = $a_nat[$id]['def_ssh_ports'];
+ $pconfig['def_pop_servers'] = $a_nat[$id]['def_pop_servers'];
+ $pconfig['def_pop2_ports'] = $a_nat[$id]['def_pop2_ports'];
+ $pconfig['def_pop3_ports'] = $a_nat[$id]['def_pop3_ports'];
+ $pconfig['def_imap_servers'] = $a_nat[$id]['def_imap_servers'];
+ $pconfig['def_imap_ports'] = $a_nat[$id]['def_imap_ports'];
+ $pconfig['def_sip_proxy_ip'] = $a_nat[$id]['def_sip_proxy_ip'];
+ $pconfig['def_sip_proxy_ports'] = $a_nat[$id]['def_sip_proxy_ports'];
+ $pconfig['def_auth_ports'] = $a_nat[$id]['def_auth_ports'];
+ $pconfig['def_finger_ports'] = $a_nat[$id]['def_finger_ports'];
+ $pconfig['def_irc_ports'] = $a_nat[$id]['def_irc_ports'];
+ $pconfig['def_nntp_ports'] = $a_nat[$id]['def_nntp_ports'];
+ $pconfig['def_rlogin_ports'] = $a_nat[$id]['def_rlogin_ports'];
+ $pconfig['def_rsh_ports'] = $a_nat[$id]['def_rsh_ports'];
+ $pconfig['def_ssl_ports'] = $a_nat[$id]['def_ssl_ports'];
+ $pconfig['barnyard_enable'] = $a_nat[$id]['barnyard_enable'];
+ $pconfig['barnyard_mysql'] = $a_nat[$id]['barnyard_mysql'];
+ $pconfig['enable'] = $a_nat[$id]['enable'];
+ $pconfig['uuid'] = $a_nat[$id]['uuid'];
+ $pconfig['interface'] = $a_nat[$id]['interface'];
+ $pconfig['descr'] = $a_nat[$id]['descr'];
+ $pconfig['performance'] = $a_nat[$id]['performance'];
+ $pconfig['blockoffenders7'] = $a_nat[$id]['blockoffenders7'];
+ $pconfig['snortalertlogtype'] = $a_nat[$id]['snortalertlogtype'];
+ $pconfig['alertsystemlog'] = $a_nat[$id]['alertsystemlog'];
+ $pconfig['tcpdumplog'] = $a_nat[$id]['tcpdumplog'];
+ $pconfig['snortunifiedlog'] = $a_nat[$id]['snortunifiedlog'];
+ $pconfig['rulesets'] = $a_nat[$id]['rulesets'];
+ $pconfig['rule_sid_off'] = $a_nat[$id]['rule_sid_off'];
+ $pconfig['rule_sid_on'] = $a_nat[$id]['rule_sid_on'];
+
+
+ if (!$pconfig['interface']) {
+ $pconfig['interface'] = "wan";
+ } else {
+ $pconfig['interface'] = "wan";
+ }
+}
+
+if (isset($_GET['dup']))
+ unset($id);
+
+/* alert file */
+$d_snortconfdirty_path = "/var/run/snort_conf_{$snort_uuid}_{$if_real}.dirty";
+
+ /* this will exec when alert says apply */
+ if ($_POST['apply']) {
+
+ if (file_exists("/var/run/snort_conf_{$snort_uuid}_.dirty")) {
+
+ write_config();
+
+ sync_snort_package_empty();
+ sync_snort_package();
+
+ unlink("/var/run/snort_conf_{$snort_uuid}_.dirty");
+
+ }
+
+ if (file_exists($d_snortconfdirty_path)) {
+
+ write_config();
+
+ sync_snort_package_all($id, $if_real, $snort_uuid);
+ sync_snort_package();
+
+ unlink($d_snortconfdirty_path);
+
+ }
+
+ }
+
+if ($_POST["Submit"]) {
+
+
+
+ // if ($config['installedpackages']['snortglobal']['rule']) {
+ if ($_POST['descr'] == '' && $pconfig['descr'] == '') {
+ $input_errors[] = "Please enter a description for your reference.";
+ }
+
+ if ($id == "" && $config['installedpackages']['snortglobal']['rule'][0]['interface'] != "") {
+
+ $rule_array = $config['installedpackages']['snortglobal']['rule'];
+ $id_c = -1;
+ foreach ($rule_array as $value) {
+
+ $id_c += 1;
+
+ $result_lan = $config['installedpackages']['snortglobal']['rule'][$id_c]['interface'];
+ $if_real = convert_friendly_interface_to_real_interface_name2($result_lan);
+
+ if ($_POST['interface'] == $result_lan) {
+ $input_errors[] = "Interface $result_lan is in use. Please select another interface.";
+ }
+ }
+ }
+
+ /* check for overlaps */
+ foreach ($a_nat as $natent) {
+ if (isset($id) && ($a_nat[$id]) && ($a_nat[$id] === $natent))
+ continue;
+ if ($natent['interface'] != $_POST['interface'])
+ continue;
+ }
+
+ /* if no errors write to conf */
+ if (!$input_errors) {
+ $natent = array();
+
+ /* write to conf for 1st time or rewrite the answer */
+ $natent['interface'] = $_POST['interface'] ? $_POST['interface'] : $pconfig['interface'];
+ /* if post write to conf or rewite the answer */
+ $natent['enable'] = $_POST['enable'] ? on : off;
+ $natent['uuid'] = $pconfig['uuid'];
+ $natent['descr'] = $_POST['descr'] ? $_POST['descr'] : $pconfig['descr'];
+ $natent['performance'] = $_POST['performance'] ? $_POST['performance'] : $pconfig['performance'];
+ /* if post = on use on off or rewrite the conf */
+ if ($_POST['blockoffenders7'] == "on") { $natent['blockoffenders7'] = on; }else{ $natent['blockoffenders7'] = off; } if ($_POST['enable'] == "") { $natent['blockoffenders7'] = $pconfig['blockoffenders7']; }
+ $natent['snortalertlogtype'] = $_POST['snortalertlogtype'] ? $_POST['snortalertlogtype'] : $pconfig['snortalertlogtype'];
+ if ($_POST['alertsystemlog'] == "on") { $natent['alertsystemlog'] = on; }else{ $natent['alertsystemlog'] = off; } if ($_POST['enable'] == "") { $natent['alertsystemlog'] = $pconfig['alertsystemlog']; }
+ if ($_POST['tcpdumplog'] == "on") { $natent['tcpdumplog'] = on; }else{ $natent['tcpdumplog'] = off; } if ($_POST['enable'] == "") { $natent['tcpdumplog'] = $pconfig['tcpdumplog']; }
+ if ($_POST['snortunifiedlog'] == "on") { $natent['snortunifiedlog'] = on; }else{ $natent['snortunifiedlog'] = off; } if ($_POST['enable'] == "") { $natent['snortunifiedlog'] = $pconfig['snortunifiedlog']; }
+ /* if optiion = 0 then the old descr way will not work */
+
+ /* rewrite the options that are not in post */
+ /* make shure values are set befor repost or conf.xml will be broken */
+ if ($pconfig['def_ssl_ports_ignore'] != "") { $natent['def_ssl_ports_ignore'] = $pconfig['def_ssl_ports_ignore']; }
+ if ($pconfig['flow_depth'] != "") { $natent['flow_depth'] = $pconfig['flow_depth']; }
+ if ($pconfig['perform_stat'] != "") { $natent['perform_stat'] = $pconfig['perform_stat']; }
+ if ($pconfig['http_inspect'] != "") { $natent['http_inspect'] = $pconfig['http_inspect']; }
+ if ($pconfig['other_preprocs'] != "") { $natent['other_preprocs'] = $pconfig['other_preprocs']; }
+ if ($pconfig['ftp_preprocessor'] != "") { $natent['ftp_preprocessor'] = $pconfig['ftp_preprocessor']; }
+ if ($pconfig['smtp_preprocessor'] != "") { $natent['smtp_preprocessor'] = $pconfig['smtp_preprocessor']; }
+ if ($pconfig['sf_portscan'] != "") { $natent['sf_portscan'] = $pconfig['sf_portscan']; }
+ if ($pconfig['dce_rpc_2'] != "") { $natent['dce_rpc_2'] = $pconfig['dce_rpc_2']; }
+ if ($pconfig['dns_preprocessor'] != "") { $natent['dns_preprocessor'] = $pconfig['dns_preprocessor']; }
+ if ($pconfig['def_dns_servers'] != "") { $natent['def_dns_servers'] = $pconfig['def_dns_servers']; }
+ if ($pconfig['def_dns_ports'] != "") { $natent['def_dns_ports'] = $pconfig['def_dns_ports']; }
+ if ($pconfig['def_smtp_servers'] != "") { $natent['def_smtp_servers'] = $pconfig['def_smtp_servers']; }
+ if ($pconfig['def_smtp_ports'] != "") { $natent['def_smtp_ports'] = $pconfig['def_smtp_ports']; }
+ if ($pconfig['def_mail_ports'] != "") { $natent['def_mail_ports'] = $pconfig['def_mail_ports']; }
+ if ($pconfig['def_http_servers'] != "") { $natent['def_http_servers'] = $pconfig['def_http_servers']; }
+ if ($pconfig['def_www_servers'] != "") { $natent['def_www_servers'] = $pconfig['def_www_servers']; }
+ if ($pconfig['def_http_ports'] != "") { $natent['def_http_ports'] = $pconfig['def_http_ports']; }
+ if ($pconfig['def_sql_servers'] != "") { $natent['def_sql_servers'] = $pconfig['def_sql_servers']; }
+ if ($pconfig['def_oracle_ports'] != "") { $natent['def_oracle_ports'] = $pconfig['def_oracle_ports']; }
+ if ($pconfig['def_mssql_ports'] != "") { $natent['def_mssql_ports'] = $pconfig['def_mssql_ports']; }
+ if ($pconfig['def_telnet_servers'] != "") { $natent['def_telnet_servers'] = $pconfig['def_telnet_servers']; }
+ if ($pconfig['def_telnet_ports'] != "") { $natent['def_telnet_ports'] = $pconfig['def_telnet_ports']; }
+ if ($pconfig['def_snmp_servers'] != "") { $natent['def_snmp_servers'] = $pconfig['def_snmp_servers']; }
+ if ($pconfig['def_snmp_ports'] != "") { $natent['def_snmp_ports'] = $pconfig['def_snmp_ports']; }
+ if ($pconfig['def_ftp_servers'] != "") { $natent['def_ftp_servers'] = $pconfig['def_ftp_servers']; }
+ if ($pconfig['def_ftp_ports'] != "") { $natent['def_ftp_ports'] = $pconfig['def_ftp_ports']; }
+ if ($pconfig['def_ssh_servers'] != "") { $natent['def_ssh_servers'] = $pconfig['def_ssh_servers']; }
+ if ($pconfig['def_ssh_ports'] != "") { $natent['def_ssh_ports'] = $pconfig['def_ssh_ports']; }
+ if ($pconfig['def_pop_servers'] != "") { $natent['def_pop_servers'] = $pconfig['def_pop_servers']; }
+ if ($pconfig['def_pop2_ports'] != "") { $natent['def_pop2_ports'] = $pconfig['def_pop2_ports']; }
+ if ($pconfig['def_pop3_ports'] != "") { $natent['def_pop3_ports'] = $pconfig['def_pop3_ports']; }
+ if ($pconfig['def_imap_servers'] != "") { $natent['def_imap_servers'] = $pconfig['def_imap_servers']; }
+ if ($pconfig['def_imap_ports'] != "") { $natent['def_imap_ports'] = $pconfig['def_imap_ports']; }
+ if ($pconfig['def_sip_proxy_ip'] != "") { $natent['def_sip_proxy_ip'] = $pconfig['def_sip_proxy_ip']; }
+ if ($pconfig['def_sip_proxy_ports'] != "") { $natent['def_sip_proxy_ports'] = $pconfig['def_sip_proxy_ports']; }
+ if ($pconfig['def_auth_ports'] != "") { $natent['def_auth_ports'] = $pconfig['def_auth_ports']; }
+ if ($pconfig['def_finger_ports'] != "") { $natent['def_finger_ports'] = $pconfig['def_finger_ports']; }
+ if ($pconfig['def_irc_ports'] != "") { $natent['def_irc_ports'] = $pconfig['def_irc_ports']; }
+ if ($pconfig['def_nntp_ports'] != "") { $natent['def_nntp_ports'] = $pconfig['def_nntp_ports']; }
+ if ($pconfig['def_rlogin_ports'] != "") { $natent['def_rlogin_ports'] = $pconfig['def_rlogin_ports']; }
+ if ($pconfig['def_rsh_ports'] != "") { $natent['def_rsh_ports'] = $pconfig['def_rsh_ports']; }
+ if ($pconfig['def_ssl_ports'] != "") { $natent['def_ssl_ports'] = $pconfig['def_ssl_ports']; }
+ if ($pconfig['barnyard_enable'] != "") { $natent['barnyard_enable'] = $pconfig['barnyard_enable']; }
+ if ($pconfig['barnyard_mysql'] != "") { $natent['barnyard_mysql'] = $pconfig['barnyard_mysql']; }
+ if ($pconfig['rulesets'] != "") { $natent['rulesets'] = $pconfig['rulesets']; }
+ if ($pconfig['rule_sid_off'] != "") { $natent['rule_sid_off'] = $pconfig['rule_sid_off']; }
+ if ($pconfig['rule_sid_on'] != "") { $natent['rule_sid_on'] = $pconfig['rule_sid_on']; }
+
+
+ if (isset($id) && $a_nat[$id])
+ $a_nat[$id] = $natent;
+ else {
+ if (is_numeric($after))
+ array_splice($a_nat, $after+1, 0, array($natent));
+ else
+ $a_nat[] = $natent;
+ }
+
+ write_config();
+
+ touch("$d_snortconfdirty_path");
+
+ header( 'Expires: Sat, 26 Jul 1997 05:00:00 GMT' );
+ header( 'Last-Modified: ' . gmdate( 'D, d M Y H:i:s' ) . ' GMT' );
+ header( 'Cache-Control: no-store, no-cache, must-revalidate' );
+ header( 'Cache-Control: post-check=0, pre-check=0', false );
+ header( 'Pragma: no-cache' );
+ sleep(2);
+ header("Location: /snort/snort_interfaces_edit.php?id=$id");
+
+ //exit;
+ }
+}
+
+ if ($_POST["Submit2"]) {
+
+ sync_snort_package_all($id, $if_real, $snort_uuid);
+ sync_snort_package();
+ sleep(1);
+
+ Running_Start($snort_uuid, $if_real, $id);
+
+ header( 'Expires: Sat, 26 Jul 1997 05:00:00 GMT' );
+ header( 'Last-Modified: ' . gmdate( 'D, d M Y H:i:s' ) . ' GMT' );
+ header( 'Cache-Control: no-store, no-cache, must-revalidate' );
+ header( 'Cache-Control: post-check=0, pre-check=0', false );
+ header( 'Pragma: no-cache' );
+ sleep(2);
+ header("Location: /snort/snort_interfaces_edit.php?id=$id");
+ }
+
+ if ($_POST["Submit3"])
+ {
+
+ Running_Stop($snort_uuid, $if_real, $id);
+
+ header( 'Expires: Sat, 26 Jul 1997 05:00:00 GMT' );
+ header( 'Last-Modified: ' . gmdate( 'D, d M Y H:i:s' ) . ' GMT' );
+ header( 'Cache-Control: no-store, no-cache, must-revalidate' );
+ header( 'Cache-Control: post-check=0, pre-check=0', false );
+ header( 'Pragma: no-cache' );
+ sleep(2);
+ header("Location: /snort/snort_interfaces_edit.php?id=$id");
+
+ }
+
+ /* This code needs to be below headers */
+ if (isset($config['installedpackages']['snortglobal']['rule'][$id]['interface']))
+ {
+
+ $snort_up_ck2_info = Running_Ck($snort_uuid, $if_real, $id);
+
+ if ($snort_up_ck2_info == 'no') {
+ $snort_up_ck = '<input name="Submit2" type="submit" class="formbtn" value="Start" onClick="enable_change(true)">';
+ }else{
+ $snort_up_ck = '<input name="Submit3" type="submit" class="formbtn" value="Stop" onClick="enable_change(true)">';
+ }
+
+ }else{
+ $snort_up_ck = '';
+ }
+
+
+$pgtitle = "Snort: Interface Edit: $id $snort_uuid $if_real";
+include("head.inc");
+
+?>
+<body link="#0000CC" vlink="#0000CC" alink="#0000CC">
+<?php
+include("./snort_fbegin.inc");
+?>
+<style type="text/css">
+.alert {
+ position:absolute;
+ top:10px;
+ left:0px;
+ width:94%;
+background:#FCE9C0;
+background-position: 15px;
+border-top:2px solid #DBAC48;
+border-bottom:2px solid #DBAC48;
+padding: 15px 10px 85% 50px;
+}
+</style>
+<noscript><div class="alert" ALIGN=CENTER><img src="/themes/nervecenter/images/icons/icon_alert.gif"/><strong>Please enable JavaScript to view this content</strong></div></noscript>
+<script language="JavaScript">
+<!--
+
+function enable_change(enable_change) {
+ endis = !(document.iform.enable.checked || enable_change);
+ // make shure a default answer is called if this is envoked.
+ endis2 = (document.iform.enable);
+
+<?php
+/* make shure all the settings exist or function hide will not work */
+/* if $id is emty allow if and discr to be open */
+if($config['installedpackages']['snortglobal']['rule'][$id]['interface'] != '')
+{
+echo "
+ document.iform.interface.disabled = endis2;
+ document.iform.descr.disabled = endis;\n";
+}
+?>
+ document.iform.performance.disabled = endis;
+ document.iform.blockoffenders7.disabled = endis;
+ document.iform.alertsystemlog.disabled = endis;
+ document.iform.tcpdumplog.disabled = endis;
+ document.iform.snortunifiedlog.disabled = endis;
+}
+//-->
+</script>
+<p class="pgtitle"><?php if($pfsense_stable == 'yes'){echo $pgtitle;}?></p>
+<body link="#0000CC" vlink="#0000CC" alink="#0000CC">
+
+<form action="snort_interfaces_edit.php<?php echo "?id=$id";?>" method="post" enctype="multipart/form-data" name="iform" id="iform">
+
+<?php
+
+ /* Display Alert message */
+
+ if ($input_errors) {
+ print_input_errors($input_errors); // TODO: add checks
+ }
+
+ if ($savemsg) {
+ print_info_box2($savemsg);
+ }
+
+ //if (file_exists($d_snortconfdirty_path)) {
+ if (file_exists($d_snortconfdirty_path) || file_exists("/var/run/snort_conf_{$snort_uuid}_.dirty")) {
+ echo '<p>';
+
+ if($savemsg) {
+ print_info_box_np2("{$savemsg}");
+ }else{
+ print_info_box_np2('
+ The Snort configuration has changed and snort needs to be restarted on this interface.<br>
+ You must apply the changes in order for them to take effect.<br>
+ ');
+ }
+ }
+
+?>
+
+<table width="100%" border="0" cellpadding="0" cellspacing="0">
+ <tr><td class="tabnavtbl">
+<?php
+if ($a_nat[$id]['interface'] != '') {
+ /* get the interface name */
+ $first = 0;
+ $snortInterfaces = array(); /* -gtm */
+
+ $if_list = $config['installedpackages']['snortglobal']['rule'][$id]['interface'];
+ $if_array = split(',', $if_list);
+ //print_r($if_array);
+ if($if_array) {
+ foreach($if_array as $iface2) {
+ $if2 = convert_friendly_interface_to_real_interface_name2($iface2);
+
+ if($config['interfaces'][$iface2]['ipaddr'] == "pppoe") {
+ $if2 = "ng0";
+ }
+
+ /* build a list of user specified interfaces -gtm */
+ if($if2){
+ array_push($snortInterfaces, $if2);
+ $first = 1;
+ }
+ }
+
+ if (count($snortInterfaces) < 1) {
+ log_error("Snort will not start. You must select an interface for it to listen on.");
+ return;
+ }
+ }
+
+}
+ $tab_array = array();
+ if (!file_exists("/var/run/snort_conf_{$snort_uuid}_.dirty")) {
+ $tab_array[] = array("Snort Interfaces", false, "/snort/snort_interfaces.php");
+ }
+ $tab_array[] = array("If Settings", true, "/snort/snort_interfaces_edit.php?id={$id}");
+ /* hide user tabs when no settings have be saved */
+ if ($config['installedpackages']['snortglobal']['rule'][$id]['interface'] != '') {
+ if (!file_exists("/var/run/snort_conf_{$snort_uuid}_.dirty")) {
+ //$tab_array[] = array("upload", false, "/snort/snort_conf_upload.php?id={$id}");
+ $tab_array[] = array("Categories", false, "/snort/snort_rulesets.php?id={$id}");
+ $tab_array[] = array("Rules", false, "/snort/snort_rules.php?id={$id}");
+ $tab_array[] = array("Servers", false, "/snort/snort_define_servers.php?id={$id}");
+ $tab_array[] = array("Preprocessors", false, "/snort/snort_preprocessors.php?id={$id}");
+ $tab_array[] = array("Barnyard2", false, "/snort/snort_barnyard.php?id={$id}");
+ }
+ }
+ display_top_tabs($tab_array);
+
+?>
+</td>
+</tr>
+ <tr>
+ <td class="tabcont">
+ <table width="100%" border="0" cellpadding="6" cellspacing="0">
+ <tr>
+ <td width="22%" valign="top" class="vtable">&nbsp;</td>
+ <td width="78%" class="vtable">
+ <?php
+ // <input name="enable" type="checkbox" value="yes" checked onClick="enable_change(false)">
+ // care with spaces
+ if ($pconfig['enable'] == "on")
+ $checked = checked;
+
+ $onclick_enable = "onClick=\"enable_change(false)\">";
+
+ echo "
+ <input name=\"enable\" type=\"checkbox\" value=\"on\" $checked $onclick_enable
+ <strong>Enable Interface</strong></td>\n\n";
+ ?>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncellreq">Interface</td>
+ <td width="78%" class="vtable">
+ <select name="interface" class="formfld">
+ <?php
+ $interfaces = array('wan' => 'WAN', 'lan' => 'LAN');
+ for ($i = 1; isset($config['interfaces']['opt' . $i]); $i++) {
+ $interfaces['opt' . $i] = $config['interfaces']['opt' . $i]['descr'];
+ }
+ foreach ($interfaces as $iface => $ifacename): ?>
+ <option value="<?=$iface;?>" <?php if ($iface == $pconfig['interface']) echo "selected"; ?>>
+ <?=htmlspecialchars($ifacename);?>
+ </option>
+ <?php endforeach; ?>
+ </select><br>
+ <span class="vexpl">Choose which interface this rule applies to.<br>
+ Hint: in most cases, you'll want to use WAN here.</span></td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncellreq">Description</td>
+ <td width="78%" class="vtable">
+ <input name="descr" type="text" class="formfld" id="descr" size="40" value="<?=htmlspecialchars($pconfig['descr']);?>">
+ <br> <span class="vexpl">You may enter a description here for your reference (not parsed).</span></td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncell">Memory Performance</td>
+ <td width="78%" class="vtable">
+ <select name="performance" class="formfld" id="performance">
+ <?php
+ $interfaces2 = array('ac-bnfa' => 'AC-BNFA', 'lowmem' => 'LOWMEM', 'ac-std' => 'AC-STD', 'ac' => 'AC', 'ac-banded' => 'AC-BANDED', 'ac-sparsebands' => 'AC-SPARSEBANDS', 'acs' => 'ACS');
+ foreach ($interfaces2 as $iface2 => $ifacename2): ?>
+ <option value="<?=$iface2;?>" <?php if ($iface2 == $pconfig['performance']) echo "selected"; ?>>
+ <?=htmlspecialchars($ifacename2);?>
+ </option>
+ <?php endforeach; ?>
+ </select><br>
+ <span class="vexpl">Lowmem and ac-bnfa are recommended for low end systems, Ac: high memory, best performance, ac-std: moderate memory,high performance, acs: small memory, moderateperformance, ac-banded: small memory,moderate performance, ac-sparsebands: small memory, high performance.<br>
+ </span></td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncell">Block offenders</td>
+ <td width="78%" class="vtable">
+ <input name="blockoffenders7" type="checkbox" value="on" <?php if ($pconfig['blockoffenders7'] == "on") echo "checked"; ?> onClick="enable_change(false)"><br>
+ Checking this option will automatically block hosts that generate a Snort alert.</td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncell">Send alerts to main System logs</td>
+ <td width="78%" class="vtable">
+ <input name="alertsystemlog" type="checkbox" value="on" <?php if ($pconfig['alertsystemlog'] == "on") echo "checked"; ?> onClick="enable_change(false)"><br>
+ Snort will send Alerts to the Pfsense system logs.</td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncell">Log to a Tcpdump file</td>
+ <td width="78%" class="vtable">
+ <input name="tcpdumplog" type="checkbox" value="on" <?php if ($pconfig['tcpdumplog'] == "on") echo "checked"; ?> onClick="enable_change(false)"><br>
+ Snort will log packets to a tcpdump-formatted file. The file then can be analyzed by an application such as Wireshark which understands pcap file formats. <span class="red"><strong>WARNING:</strong></span> File may become large.</td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncell">Log Alerts to a snort unified2 file</td>
+ <td width="78%" class="vtable">
+ <input name="snortunifiedlog" type="checkbox" value="on" <?php if ($pconfig['snortunifiedlog'] == "on") echo "checked"; ?> onClick="enable_change(false)"><br>
+ Snort will log Alerts to a file in the UNIFIED2 format. This is a requirement for barnyard2.</td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top"></td>
+ <td width="78%">
+ <input name="Submit" type="submit" class="formbtn" value="Save"> <?php echo $snort_up_ck; ?> <input type="button" class="formbtn" value="Cancel" onclick="history.back()">
+ <?php if (isset($id) && $a_nat[$id]): ?>
+ <input name="id" type="hidden" value="<?=$id;?>">
+ <?php endif; ?>
+ </td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top">&nbsp;</td>
+ <td width="78%"><span class="vexpl"><span class="red"><strong>Note:</strong></span>
+ <br>
+ Please save your settings before you click start. </td>
+ </tr>
+ </table>
+ </table>
+</form>
+
+<script language="JavaScript">
+<!--
+enable_change(false);
+//-->
+</script>
+<?php include("fend.inc"); ?>
+</body>
+</html>
diff --git a/config/snort-dev/snort_interfaces_global.php b/config/snort/snort_interfaces_global.php
index ff3620a3..ff3620a3 100644
--- a/config/snort-dev/snort_interfaces_global.php
+++ b/config/snort/snort_interfaces_global.php
diff --git a/config/snort-dev/snort_preprocessors.php b/config/snort/snort_preprocessors.php
index c522a643..25963cbe 100644
--- a/config/snort-dev/snort_preprocessors.php
+++ b/config/snort/snort_preprocessors.php
@@ -119,12 +119,12 @@ if (isset($_GET['dup']))
}
/* convert fake interfaces to real */
-$if_real = convert_friendly_interface_to_real_interface_name($pconfig['interface']);
-
+$if_real = convert_friendly_interface_to_real_interface_name2($pconfig['interface']);
+$snort_uuid = $pconfig['uuid'];
/* alert file */
-$d_snortconfdirty_path = "/var/run/snort_conf_{$pconfig['uuid']}_{$if_real}.dirty";
+$d_snortconfdirty_path = "/var/run/snort_conf_{$snort_uuid}_{$if_real}.dirty";
/* this will exec when alert says apply */
if ($_POST['apply']) {
@@ -133,7 +133,7 @@ $d_snortconfdirty_path = "/var/run/snort_conf_{$pconfig['uuid']}_{$if_real}.dirt
write_config();
- sync_snort_package_all();
+ sync_snort_package_all($id, $if_real, $snort_uuid);
sync_snort_package();
unlink($d_snortconfdirty_path);
diff --git a/config/snort/snort_rules.php b/config/snort/snort_rules.php
index 94c99f0e..c95d76ca 100644
--- a/config/snort/snort_rules.php
+++ b/config/snort/snort_rules.php
@@ -2,7 +2,8 @@
/* $Id$ */
/*
edit_snortrule.php
- Copyright (C) 2004, 2005 Scott Ullrich and Rober Zelaya
+ Copyright (C) 2004, 2005 Scott Ullrich
+ Copyright (C) 2008, 2009 Robert Zelaya
All rights reserved.
Redistribution and use in source and binary forms, with or without
@@ -26,22 +27,45 @@
ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
POSSIBILITY OF SUCH DAMAGE.
*/
-require("guiconfig.inc");
-require("config.inc");
-if(!is_dir("/usr/local/etc/snort/rules")) {
- conf_mount_rw();
- exec('mkdir /usr/local/etc/snort/rules/');
- conf_mount_ro();
+
+require_once("guiconfig.inc");
+require_once("/usr/local/pkg/snort/snort_gui.inc");
+require_once("/usr/local/pkg/snort/snort.inc");
+
+if (!is_array($config['installedpackages']['snortglobal']['rule'])) {
+ $config['installedpackages']['snortglobal']['rule'] = array();
+}
+
+//nat_rules_sort();
+$a_nat = &$config['installedpackages']['snortglobal']['rule'];
+
+$id = $_GET['id'];
+if (isset($_POST['id']))
+ $id = $_POST['id'];
+
+if (isset($id) && $a_nat[$id]) {
+
+ $pconfig['enable'] = $a_nat[$id]['enable'];
+ $pconfig['interface'] = $a_nat[$id]['interface'];
+ $pconfig['rulesets'] = $a_nat[$id]['rulesets'];
}
+/* convert fake interfaces to real */
+$if_real = convert_friendly_interface_to_real_interface_name($pconfig['interface']);
+
+$iface_uuid = $a_nat[$id]['uuid'];
+
+// if(!is_dir("/usr/local/etc/snort/rules"))
+// exec('mkdir /usr/local/etc/snort/rules/');
+
/* Check if the rules dir is empy if so warn the user */
/* TODO give the user the option to delete the installed rules rules */
-$isrulesfolderempty = exec('ls -A /usr/local/etc/snort/rules/*.rules');
+$isrulesfolderempty = exec("ls -A /usr/local/etc/snort/snort_{$iface_uuid}_{$if_real}/rules/*.rules");
if ($isrulesfolderempty == "") {
include("head.inc");
-include("fbegin.inc");
+include("./snort_fbegin.inc");
echo "<body link=\"#000000\" vlink=\"#000000\" alink=\"#000000\">";
@@ -51,18 +75,15 @@ echo "<script src=\"/row_toggle.js\" type=\"text/javascript\"></script>\n
<tr>\n
<td>\n";
- $tab_array = array();
- $tab_array[] = array(gettext("Settings"), false, "/pkg_edit.php?xml=snort.xml&id=0");
- $tab_array[] = array(gettext("Update Rules"), false, "/snort_download_rules.php");
- $tab_array[] = array(gettext("Categories"), false, "/snort_rulesets.php");
- $tab_array[] = array(gettext("Rules"), true, "/snort_rules.php");
- $tab_array[] = array(gettext("Servers"), false, "/pkg_edit.php?xml=snort_define_servers.xml&amp;id=0");
- $tab_array[] = array(gettext("Blocked"), false, "/snort_blocked.php");
- $tab_array[] = array(gettext("Whitelist"), false, "/pkg.php?xml=snort_whitelist.xml");
- $tab_array[] = array(gettext("Threshold"), false, "/pkg.php?xml=snort_threshold.xml");
- $tab_array[] = array(gettext("Alerts"), false, "/snort_alerts.php");
- $tab_array[] = array(gettext("Advanced"), false, "/pkg_edit.php?xml=snort_advanced.xml&id=0");
- display_top_tabs($tab_array);
+ $tab_array = array();
+ $tab_array[] = array("Snort Interfaces", false, "/snort/snort_interfaces.php");
+ $tab_array[] = array("If Settings", false, "/snort/snort_interfaces_edit.php?id={$id}");
+ $tab_array[] = array("Categories", false, "/snort/snort_rulesets.php?id={$id}");
+ $tab_array[] = array("Rules", true, "/snort/snort_rules.php?id={$id}");
+ $tab_array[] = array("Servers", false, "/snort/snort_define_servers.php?id={$id}");
+ $tab_array[] = array("Preprocessors", false, "/snort/snort_preprocessors.php?id={$id}");
+ $tab_array[] = array("Barnyard2", false, "/snort/snort_barnyard.php?id={$id}");
+ display_top_tabs($tab_array);
echo "</td>\n
</tr>\n
@@ -105,8 +126,6 @@ function get_middle($source, $beginning, $ending, $init_pos) {
function write_rule_file($content_changed, $received_file)
{
- conf_mount_rw();
-
//read snort file with writing enabled
$filehandle = fopen($received_file, "w");
@@ -122,7 +141,6 @@ function write_rule_file($content_changed, $received_file)
//close file handle
fclose($filehandle);
- conf_mount_rw();
}
function load_rule_file($incoming_file)
@@ -137,8 +155,9 @@ function load_rule_file($incoming_file)
//close handler
fclose ($filehandle);
+
//string for populating category select
- $currentruleset = substr($file, 27);
+ $currentruleset = basename($rulefile);
//delimiter for each new rule is a new line
$delimiter = "\n";
@@ -150,10 +169,13 @@ function load_rule_file($incoming_file)
}
-$ruledir = "/usr/local/etc/snort/rules/";
+$ruledir = "/usr/local/etc/snort/snort_{$iface_uuid}_{$if_real}/rules/";
$dh = opendir($ruledir);
-$message_reload = "The Snort rule configuration has been changed.<br>You must apply the changes in order for them to take effect.";
+if ($_GET['openruleset'] != '' && $_GET['ids'] != '')
+{
+ header("Location: /snort/snort_rules.php?id=$id&openruleset={$_GET['openruleset']}&saved=yes");
+}
while (false !== ($filename = readdir($dh)))
{
@@ -169,19 +191,22 @@ sort($files);
if ($_GET['openruleset'])
{
- $file = $_GET['openruleset'];
+ $rulefile = $_GET['openruleset'];
}
else
{
- $file = $ruledir.$files[0];
+ $rulefile = $ruledir.$files[0];
}
//Load the rule file
-$splitcontents = load_rule_file($file);
+$splitcontents = load_rule_file($rulefile);
if ($_POST)
{
+
+ conf_mount_rw();
+
if (!$_POST['apply']) {
//retrieve POST data
$post_lineid = $_POST['lineid'];
@@ -258,26 +283,20 @@ if ($_POST)
$splitcontents[$post_lineid] = $tempstring;
//write the new .rules file
- write_rule_file($splitcontents, $file);
+ write_rule_file($splitcontents, $rulefile);
//once file has been written, reload file
- $splitcontents = load_rule_file($file);
+ $splitcontents = load_rule_file($rulefile);
$stopMsg = true;
}
-
- if ($_POST['apply']) {
-// stop_service("snort");
-// sleep(2);
-// start_service("snort");
- $savemsg = "The snort rules selections have been saved. Please restart snort by clicking save on the settings tab.";
- $stopMsg = false;
- }
-
}
else if ($_GET['act'] == "toggle")
{
- $toggleid = $_GET['id'];
+
+ conf_mount_rw();
+
+ $toggleid = $_GET['ids'];
//copy rule contents from array into string
$tempstring = $splitcontents[$toggleid];
@@ -311,10 +330,10 @@ else if ($_GET['act'] == "toggle")
$splitcontents[$toggleid] = $tempstring;
//write the new .rules file
- write_rule_file($splitcontents, $file);
+ write_rule_file($splitcontents, $rulefile);
//once file has been written, reload file
- $splitcontents = load_rule_file($file);
+ $splitcontents = load_rule_file($rulefile);
$stopMsg = true;
@@ -326,20 +345,22 @@ else if ($_GET['act'] == "toggle")
// sid being turned off
$sid_off = str_replace("sid:", "", $sid_off_cut);
// rule_sid_on registers
- $sid_on_pieces = $config['installedpackages']['snort']['rule_sid_on'];
+ $sid_on_pieces = $a_nat[$id]['rule_sid_on'];
// if off sid is the same as on sid remove it
$sid_on_old = str_replace("||enablesid $sid_off", "", "$sid_on_pieces");
// write the replace sid back as empty
- $config['installedpackages']['snort']['rule_sid_on'] = $sid_on_old;
+ $a_nat[$id]['rule_sid_on'] = $sid_on_old;
// rule sid off registers
- $sid_off_pieces = $config['installedpackages']['snort']['rule_sid_off'];
+ $sid_off_pieces = $a_nat[$id]['rule_sid_off'];
// if off sid is the same as off sid remove it
$sid_off_old = str_replace("||disablesid $sid_off", "", "$sid_off_pieces");
// write the replace sid back as empty
- $config['installedpackages']['snort']['rule_sid_off'] = $sid_off_old;
+ $a_nat[$id]['rule_sid_off'] = $sid_off_old;
// add sid off registers to new off sid
- $config['installedpackages']['snort']['rule_sid_off'] = "||disablesid $sid_off" . $config['installedpackages']['snort']['rule_sid_off'];
+ $a_nat[$id]['rule_sid_off'] = "||disablesid $sid_off" . $a_nat[$id]['rule_sid_off'];
write_config();
+ conf_mount_rw();
+
}
else
{
@@ -349,39 +370,55 @@ else if ($_GET['act'] == "toggle")
// sid being turned off
$sid_on = str_replace("sid:", "", $sid_on_cut);
// rule_sid_off registers
- $sid_off_pieces = $config['installedpackages']['snort']['rule_sid_off'];
+ $sid_off_pieces = $a_nat[$id]['rule_sid_off'];
// if off sid is the same as on sid remove it
$sid_off_old = str_replace("||disablesid $sid_on", "", "$sid_off_pieces");
// write the replace sid back as empty
- $config['installedpackages']['snort']['rule_sid_off'] = $sid_off_old;
+ $a_nat[$id]['rule_sid_off'] = $sid_off_old;
// rule sid on registers
- $sid_on_pieces = $config['installedpackages']['snort']['rule_sid_on'];
+ $sid_on_pieces = $a_nat[$id]['rule_sid_on'];
// if on sid is the same as on sid remove it
$sid_on_old = str_replace("||enablesid $sid_on", "", "$sid_on_pieces");
// write the replace sid back as empty
- $config['installedpackages']['snort']['rule_sid_on'] = $sid_on_old;
+ $a_nat[$id]['rule_sid_on'] = $sid_on_old;
// add sid on registers to new on sid
- $config['installedpackages']['snort']['rule_sid_on'] = "||enablesid $sid_on" . $config['installedpackages']['snort']['rule_sid_on'];
+ $a_nat[$id]['rule_sid_on'] = "||enablesid $sid_on" . $a_nat[$id]['rule_sid_on'];
write_config();
+ conf_mount_rw();
}
}
+if ($_GET['saved'] == 'yes')
+{
+ $message = "The Snort rule configuration has been changed.<br>You must restart this snort interface in order for the changes to take effect.";
+
+// stop_service("snort");
+// sleep(2);
+// start_service("snort");
+// $savemsg = "";
+// $stopMsg = false;
+}
+
+$currentruleset = basename($rulefile);
+
+$ifname = strtoupper($pconfig['interface']);
-$pgtitle = "Snort: Rules";
require("guiconfig.inc");
include("head.inc");
+
+$pgtitle = "Snort: $id $iface_uuid $if_real Category: $currentruleset";
+
?>
<body link="#0000CC" vlink="#0000CC" alink="#0000CC">
-<?php include("fbegin.inc"); ?>
+<?php include("./snort_fbegin.inc"); ?>
+<p class="pgtitle"><?if($pfsense_stable == 'yes'){echo $pgtitle;}?></p>
+
<?php
-if(!$pgtitle_output)
- echo "<p class=\"pgtitle\"><?=$pgtitle?></p>";
+echo "<form action=\"snort_rules.php?id={$id}\" method=\"post\" name=\"iform\" id=\"iform\">";
?>
-<form action="snort_rules.php" method="post" name="iform" id="iform">
-<?php if ($savemsg){print_info_box($savemsg);} else if ($stopMsg){print_info_box_np($message_reload);}?>
-<br>
+<?php if ($_GET['saved'] == 'yes') {print_info_box_np2($message);}?>
</form>
<script type="text/javascript" language="javascript" src="row_toggle.js">
<script src="/javascript/sorttable.js" type="text/javascript">
@@ -403,28 +440,40 @@ function go()
}
// -->
</script>
+<script type="text/javascript">
+<!--
+function popup(url)
+{
+ params = 'width='+screen.width;
+ params += ', height='+screen.height;
+ params += ', top=0, left=0'
+ params += ', fullscreen=yes';
+
+ newwin=window.open(url,'windowname4', params);
+ if (window.focus) {newwin.focus()}
+ return false;
+}
+// -->
+</script>
<table width="99%" border="0" cellpadding="0" cellspacing="0">
<tr>
<td>
<?php
- $tab_array = array();
- $tab_array[] = array(gettext("Settings"), false, "/pkg_edit.php?xml=snort.xml&id=0");
- $tab_array[] = array(gettext("Update Rules"), false, "/snort_download_rules.php");
- $tab_array[] = array(gettext("Categories"), false, "/snort_rulesets.php");
- $tab_array[] = array(gettext("Rules"), true, "/snort_rules.php");
- $tab_array[] = array(gettext("Servers"), false, "/pkg_edit.php?xml=snort_define_servers.xml&amp;id=0");
- $tab_array[] = array(gettext("Blocked"), false, "/snort_blocked.php");
- $tab_array[] = array(gettext("Whitelist"), false, "/pkg.php?xml=snort_whitelist.xml");
- $tab_array[] = array(gettext("Threshold"), false, "/pkg.php?xml=snort_threshold.xml");
- $tab_array[] = array(gettext("Alerts"), false, "/snort_alerts.php");
- $tab_array[] = array(gettext("Advanced"), false, "/pkg_edit.php?xml=snort_advanced.xml&id=0");
+ $tab_array = array();
+ $tab_array[] = array("Snort Interfaces", false, "/snort/snort_interfaces.php");
+ $tab_array[] = array("If Settings", false, "/snort/snort_interfaces_edit.php?id={$id}");
+ $tab_array[] = array("Categories", false, "/snort/snort_rulesets.php?id={$id}");
+ $tab_array[] = array("Rules", true, "/snort/snort_rules.php?id={$id}");
+ $tab_array[] = array("Servers", false, "/snort/snort_define_servers.php?id={$id}");
+ $tab_array[] = array("Preprocessors", false, "/snort/snort_preprocessors.php?id={$id}");
+ $tab_array[] = array("Barnyard2", false, "/snort/snort_barnyard.php?id={$id}");
display_top_tabs($tab_array);
?>
- </td>
- </tr>
- <tr>
- <td>
+ </td>
+ </tr>
+ <tr>
+ <td>
<div id="mainarea">
<table id="maintable" class="tabcont" width="100%" border="0" cellpadding="0" cellspacing="0">
<tr>
@@ -447,7 +496,8 @@ function go()
echo "<br>Category: ";
//string for populating category select
- $currentruleset = substr($file, 27);
+ $currentruleset = basename($rulefile);
+
?>
<form name="forms">
<select name="selectbox" class="formfld" onChange="go()">
@@ -459,7 +509,7 @@ function go()
if ($files[$i] === $currentruleset)
$selectedruleset = "selected";
?>
- <option value="?&openruleset=<?=$ruledir;?><?=$files[$i];?>" <?=$selectedruleset;?>><?=$files[$i];?></option>"
+ <option value="?id=<?=$id;?>&openruleset=<?=$ruledir;?><?=$files[$i];?>" <?=$selectedruleset;?>><?=$files[$i];?></option>"
<?php
$i++;
@@ -512,7 +562,13 @@ function go()
$textss = $textse = "";
$iconb = "icon_block.gif";
}
-
+
+ if ($disabled_pos !== false){
+ $ischecked = "";
+ }else{
+ $ischecked = "checked";
+ }
+
$rule_content = explode(' ', $tempstring);
$protocol = $rule_content[$counter2];//protocol location
@@ -525,87 +581,93 @@ function go()
$counter2++;
$destination_port = $rule_content[$counter2];//destination port location
- $message = get_middle($tempstring, 'msg:"', '";', 0);
+ if (strstr($tempstring, 'msg: "'))
+ $message = get_middle($tempstring, 'msg: "', '";', 0);
+ if (strstr($tempstring, 'msg:"'))
+ $message = get_middle($tempstring, 'msg:"', '";', 0);
- echo "<tr>";
- echo "<td class=\"listt\">";
- echo $textss;
+ echo "<tr>
+ <td class=\"listt\">
+ $textss\n";
?>
- <a href="?&openruleset=<?=$file;?>&act=toggle&id=<?=$counter;?>"><img src="./themes/<?= $g['theme']; ?>/images/icons/<?=$iconb;?>" width="11" height="11" border="0" title="click to toggle enabled/disabled status"></a>
+ <a href="?id=<?=$id;?>&openruleset=<?=$rulefile;?>&act=toggle&ids=<?=$counter;?>"><img src="../themes/<?= $g['theme']; ?>/images/icons/<?=$iconb;?>" width="10" height="10" border="0" title="click to toggle enabled/disabled status"></a>
+ <!-- <input name="enable" type="checkbox" value="yes" <?= $ischecked; ?> onClick="enable_change(false)"> -->
+ <!-- TODO: add checkbox and save so that that disabling is nicer -->
<?php
- echo $textse;
- echo "</td>";
-
-
- echo "<td class=\"listlr\">";
- echo $textss;
- echo $sid;
- echo $textse;
- echo "</td>";
-
- echo "<td class=\"listlr\">";
- echo $textss;
- echo $protocol;
+ echo "$textse
+ </td>
+ <td class=\"listlr\">
+ $textss
+ $sid
+ $textse
+ </td>
+ <td class=\"listlr\">
+ $textss
+ $protocol";
+ ?>
+ <?php
$printcounter++;
- echo $textse;
- echo "</td>";
- echo "<td class=\"listlr\">";
- echo $textss;
- echo $source;
- echo $textse;
- echo "</td>";
- echo "<td class=\"listlr\">";
- echo $textss;
- echo $source_port;
- echo $textse;
- echo "</td>";
- echo "<td class=\"listlr\">";
- echo $textss;
- echo $destination;
- echo $textse;
- echo "</td>";
- echo "<td class=\"listlr\">";
- echo $textss;
- echo $destination_port;
- echo $textse;
- echo "</td>";
+ echo "$textse
+ </td>
+ <td class=\"listlr\">
+ $textss
+ $source
+ $textse
+ </td>
+ <td class=\"listlr\">
+ $textss
+ $source_port
+ $textse
+ </td>
+ <td class=\"listlr\">
+ $textss
+ $destination
+ $textse
+ </td>
+ <td class=\"listlr\">
+ $textss
+ $destination_port
+ $textse
+ </td>";
?>
<td class="listbg"><font color="white">
<?php
- echo $textss;
- echo $message;
- echo $textse;
- echo "</td>";
+ echo "$textss
+ $message
+ $textse
+ </td>";
?>
<td valign="middle" nowrap class="list">
<table border="0" cellspacing="0" cellpadding="1">
<tr>
- <td><a href="snort_rules_edit.php?openruleset=<?=$file;?>&id=<?=$counter;?>"><img src="./themes/<?= $g['theme']; ?>/images/icons/icon_e.gif" title="edit rule" width="17" height="17" border="0"></a></td>
+ <td><a href="javascript: void(0)"onclick="popup('snort_rules_edit.php?id=<?=$id;?>&openruleset=<?=$rulefile;?>&ids=<?=$counter;?>')"><img src="../themes/<?= $g['theme']; ?>/images/icons/icon_e.gif" title="edit rule" width="17" height="17" border="0"></a></td>
+ <!-- Codes by Quackit.com -->
</tr>
</table>
</td>
<?php
}
}
- echo " ";
- echo "There are ";
- echo $printcounter;
- echo " rules in this category. <br><br>";
+ echo " There are $printcounter rules in this category. <br><br>";
?>
</table>
</td>
</tr>
<table class="tabcont" width="100%" border="0" cellspacing="0" cellpadding="0">
<tr>
- <td width="16"><img src="./themes/<?= $g['theme']; ?>/images/icons/icon_block.gif" width="11" height="11"></td>
+ <td width="16"><img src="../themes/<?= $g['theme']; ?>/images/icons/icon_block.gif" width="11" height="11"></td>
<td>Rule Enabled</td>
</tr>
<tr>
- <td><img src="./themes/<?= $g['theme']; ?>/images/icons/icon_block_d.gif" width="11" height="11"></td>
+ <td><img src="../themes/<?= $g['theme']; ?>/images/icons/icon_block_d.gif" width="11" height="11"></td>
<td nowrap>Rule Disabled</td>
-
-
+ </tr>
+ <table class="tabcont" width="100%" border="0" cellspacing="0" cellpadding="0">
+ <tr>
+ <!-- TODO: add save and cancel for checkbox options -->
+ <!-- <td><pre><input name="Submit" type="submit" class="formbtn" value="Save"> <input type="button" class="formbtn" value="Cancel" onclick="history.back()"><pre></td> -->
</tr>
+ </table>
<tr>
<td colspan="10">
<p>
@@ -615,12 +677,11 @@ function go()
</tr>
</table>
</table>
-
</td>
</tr>
+
</table>
-
<?php include("fend.inc"); ?>
</div></body>
-</html> \ No newline at end of file
+</html>
diff --git a/config/snort/snort_rules_edit.php b/config/snort/snort_rules_edit.php
index cbabce73..b770867f 100644
--- a/config/snort/snort_rules_edit.php
+++ b/config/snort/snort_rules_edit.php
@@ -1,40 +1,72 @@
+#!/usr/local/bin/php
<?php
-/* $Id$ */
/*
- snort_rules_edit.php
- Copyright (C) 2004, 2005 Scott Ullrich
- All rights reserved.
-
- Redistribution and use in source and binary forms, with or without
- modification, are permitted provided that the following conditions are met:
-
- 1. Redistributions of source code must retain the above copyright notice,
- this list of conditions and the following disclaimer.
-
- 2. Redistributions in binary form must reproduce the above copyright
- notice, this list of conditions and the following disclaimer in the
- documentation and/or other materials provided with the distribution.
-
- THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
- INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
- AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
- AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
- OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
- SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
- INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
- CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
- POSSIBILITY OF SUCH DAMAGE.
+ system_edit.php
+ Copyright (C) 2004, 2005 Scott Ullrich
+ All rights reserved.
+
+ Adapted for FreeNAS by Volker Theile (votdev@gmx.de)
+ Copyright (C) 2006-2009 Volker Theile
+
+ Adapted for Pfsense Snort package by Robert Zelaya
+ Copyright (C) 2008-2009 Robert Zelaya
+
+ Using dp.SyntaxHighlighter for syntax highlighting
+ http://www.dreamprojections.com/SyntaxHighlighter
+ Copyright (C) 2004-2006 Alex Gorbatchev. All rights reserved.
+
+ Redistribution and use in source and binary forms, with or without
+ modification, are permitted provided that the following conditions are met:
+
+ 1. Redistributions of source code must retain the above copyright notice,
+ this list of conditions and the following disclaimer.
+
+ 2. Redistributions in binary form must reproduce the above copyright
+ notice, this list of conditions and the following disclaimer in the
+ documentation and/or other materials provided with the distribution.
+
+ THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
+ INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+ AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
+ OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ POSSIBILITY OF SUCH DAMAGE.
*/
-function get_middle($source, $beginning, $ending, $init_pos) {
- $beginning_pos = strpos($source, $beginning, $init_pos);
- $middle_pos = $beginning_pos + strlen($beginning);
- $ending_pos = strpos($source, $ending, $beginning_pos);
- $middle = substr($source, $middle_pos, $ending_pos - $middle_pos);
- return $middle;
+require_once("guiconfig.inc");
+require_once("config.inc");
+
+
+if (!is_array($config['installedpackages']['snortglobal']['rule'])) {
+ $config['installedpackages']['snortglobal']['rule'] = array();
+}
+
+//nat_rules_sort();
+$a_nat = &$config['installedpackages']['snortglobal']['rule'];
+
+$id = $_GET['id'];
+if (isset($_POST['id']))
+ $id = $_POST['id'];
+
+$ids = $_GET['ids'];
+if (isset($_POST['ids']))
+ $ids = $_POST['ids'];
+
+
+if (isset($id) && $a_nat[$id]) {
+
+ $pconfig['enable'] = $a_nat[$id]['enable'];
+ $pconfig['interface'] = $a_nat[$id]['interface'];
+ $pconfig['rulesets'] = $a_nat[$id]['rulesets'];
}
+/* convert fake interfaces to real */
+$if_real = convert_friendly_interface_to_real_interface_name($pconfig['interface']);
+
$file = $_GET['openruleset'];
@@ -42,10 +74,10 @@ $file = $_GET['openruleset'];
$filehandle = fopen($file, "r");
//get rule id
-$lineid = $_GET['id'];
+$lineid = $_GET['ids'];
//read file into string, and get filesize
-$contents = fread($filehandle, filesize($file));
+$contents2 = fread($filehandle, filesize($file));
//close handler
fclose ($filehandle);
@@ -54,154 +86,158 @@ fclose ($filehandle);
$delimiter = "\n";
//split the contents of the string file into an array using the delimiter
-$splitcontents = explode($delimiter, $contents);
+$splitcontents = explode($delimiter, $contents2);
//copy rule contents from array into string
$tempstring = $splitcontents[$lineid];
-//explode rule contents into an array, (delimiter is space)
-$rule_content = explode(' ', $tempstring);
+function write_rule_file($content_changed, $received_file)
+{
+ //read snort file with writing enabled
+ $filehandle = fopen($received_file, "w");
+
+ //delimiter for each new rule is a new line
+ $delimiter = "\n";
-//search string
-$findme = "# alert"; //find string for disabled alerts
+ //implode the array back into a string for writing purposes
+ $fullfile = implode($delimiter, $content_changed);
-//find if alert is disabled
-$disabled = strstr($tempstring, $findme);
+ //write data to file
+ fwrite($filehandle, $fullfile);
-//get sid
-$sid = get_middle($tempstring, 'sid:', ';', 0);
+ //close file handle
+ fclose($filehandle);
+}
-//if find alert is false, then rule is disabled
-if ($disabled !== false)
-{
- //move counter up 1, so we do not retrieve the # in the rule_content array
- $counter2 = 2;
+
+
+if($_POST['highlight'] <> "") {
+ if($_POST['highlight'] == "yes" or
+ $_POST['highlight'] == "enabled") {
+ $highlight = "yes";
+ } else {
+ $highlight = "no";
+ }
+} else {
+ $highlight = "no";
}
+
+if($_POST['rows'] <> "")
+ $rows = $_POST['rows'];
else
+ $rows = 1;
+
+if($_POST['cols'] <> "")
+ $cols = $_POST['cols'];
+else
+ $cols = 66;
+
+if ($_POST)
{
- $counter2 = 1;
+ if ($_POST['save']) {
+
+ /* get the changes */
+ $rule_content2 = $_POST['code'];
+
+ //copy string into file array for writing
+ $splitcontents[$lineid] = $rule_content2;
+
+ //write the new .rules file
+ write_rule_file($splitcontents, $file);
+
+ header("Location: /snort/snort_rules_edit.php?id=$id&openruleset=$file&ids=$ids");
+
+ }
}
+$pgtitle = array(gettext("Advanced"), gettext("File Editor"));
-$protocol = $rule_content[$counter2];//protocol location
-$counter2++;
-$source = $rule_content[$counter2];//source location
-$counter2++;
-$source_port = $rule_content[$counter2];//source port location
-$counter2++;
-$direction = $rule_content[$counter2];
-$counter2++;
-$destination = $rule_content[$counter2];//destination location
-$counter2++;
-$destination_port = $rule_content[$counter2];//destination port location
-$message = get_middle($tempstring, 'msg:"', '";', 0);
-
-$content = get_middle($tempstring, 'content:"', '";', 0);
-$classtype = get_middle($tempstring, 'classtype:', ';', 0);
-$revision = get_middle($tempstring, 'rev:', ';',0);
-
-$pgtitle = "Snort: Edit Rule";
-require("guiconfig.inc");
-include("head.inc");
+//
?>
-<body link="#0000CC" vlink="#0000CC" alink="#0000CC">
-
-<?php include("fbegin.inc"); ?>
-<?php
-if(!$pgtitle_output)
- echo "<p class=\"pgtitle\"><?=$pgtitle?></p>";
-?>
-<table width="99%" border="0" cellpadding="0" cellspacing="0">
- <tr>
- <td>
-<?php
- $tab_array = array();
- $tab_array[] = array(gettext("Settings"), false, "/pkg_edit.php?xml=snort.xml&id=0");
- $tab_array[] = array(gettext("Update Rules"), false, "/snort_download_rules.php");
- $tab_array[] = array(gettext("Categories"), false, "/snort_rulesets.php");
- $tab_array[] = array(gettext("Rules"), true, "/snort_rules.php?openruleset=/usr/local/etc/snort/rules/attack-responses.rules");
- $tab_array[] = array(gettext("Servers"), false, "/pkg_edit.php?xml=snort_define_servers.xml&amp;id=0");
- $tab_array[] = array(gettext("Blocked"), false, "/snort_blocked.php");
- $tab_array[] = array(gettext("Whitelist"), false, "/pkg.php?xml=snort_whitelist.xml");
- $tab_array[] = array(gettext("Threshold"), false, "/pkg.php?xml=snort_threshold.xml");
- $tab_array[] = array(gettext("Alerts"), false, "/snort_alerts.php");
- $tab_array[] = array(gettext("Advanced"), false, "/pkg_edit.php?xml=snort_advanced.xml&id=0");
- display_top_tabs($tab_array);
-?>
- </td>
- </tr>
- <tr>
- <td>
- <div id="mainarea">
- <table id="maintable" class="tabcont" width="100%" border="0" cellpadding="0" cellspacing="0">
- <tr>
- <td>
- <form action="snort_rules.php?openruleset=<?=$file;?>&id=<?=$lineid;?>" target="" method="post" name="editform" id="editform">
- <table id="edittable" class="sortable" width="100%" border="0" cellpadding="0" cellspacing="0">
- <tr>
- <td class="listhdr" width="10%">Enabled: </td>
- <td class="listlr" width="30%"><input name="enabled" type="checkbox" id="enabled" value="yes" <?php if ($disabled === false) echo "checked";?>></td>
- </tr>
- <tr>
- <td class="listhdr" width="10%">SID: </td>
- <td class="listlr" width="30%"><?php echo $sid; ?></td>
- </tr>
- <tr>
- <td class="listhdr" width="10%">Protocol: </td>
- <td class="listlr" width="30%"><?php echo $protocol; ?></td>
- </tr>
- <tr>
- <td class="listhdr" width="10%">Source: </td>
- <td class="listlr" width="30%"><input name="src" type="text" id="src" size="20" value="<?php echo $source;?>"></td>
- </tr>
- <tr>
- <td class="listhdr" width="10%">Source Port: </td>
- <td class="listlr" width="30%"><input name="srcport" type="text" id="srcport" size="20" value="<?php echo $source_port;?>"></td>
- </tr>
- <tr>
- <td class="listhdr" width="10%">Direction:</td>
- <td class="listlr" width="30%"><?php echo $direction;?></td>
- </tr>
- <tr>
- <td class="listhdr" width="10%">Destination:</td>
- <td class="listlr" width="30%"><input name="dest" type="text" id="dest" size="20" value="<?php echo $destination;?>"></td>
- </tr>
- <tr>
- <td class="listhdr" width="10%">Destination Port: </td>
- <td class="listlr" width="30%"><input name="destport" type="text" id="destport" size="20" value="<?php echo $destination_port;?>"></td>
- </tr>
- <tr>
- <td class="listhdr" width="10%">Message: </td>
- <td class="listlr" width="30%"><?php echo $message; ?></td>
- </tr>
- <tr>
- <td class="listhdr" width="10%">Content: </td>
- <td class="listlr" width="30%"><?php echo $content; ?></td>
- </tr>
- <tr>
- <td class="listhdr" width="10%">Classtype: </td>
- <td class="listlr" width="30%"><?php echo $classtype; ?></td>
- </tr>
- <tr>
- <td class="listhdr" width="10%">Revision: </td>
- <td class="listlr" width="30%"><?php echo $revision; ?></td>
- </tr>
- <tr><td>&nbsp</td></tr>
- <tr>
- <td><input name="lineid" type="hidden" value="<?=$lineid;?>"></td>
- <td><input class="formbtn" value="Save" type="submit" name="editsave" id="editsave">&nbsp&nbsp&nbsp<input type="button" class="formbtn" value="Cancel" onclick="history.back()"></td>
- </tr>
- </table>
- </form>
- </td>
- </tr>
- </table>
- </td>
-</tr>
+<?php include("head.inc");?>
+
+<body link="#000000" vlink="#000000" alink="#000000">
+<table width="100%" border="0" cellpadding="0" cellspacing="0">
+ <tr>
+ <td class="tabcont">
+ <form action="snort_rules_edit.php?id=<?=$id; ?>&openruleset=<?=$file; ?>&ids=<?=$ids; ?>" method="post">
+ <?php if ($savemsg) print_info_box($savemsg);?>
+ <table width="100%" cellpadding='9' cellspacing='9' bgcolor='#eeeeee'>
+ <tr>
+ <td>
+ <input name="save" type="submit" class="formbtn" id="save" value="save" /> <input type="button" class="formbtn" value="Cancel" onclick="history.back()">
+ <hr noshade="noshade" />
+ <?=gettext("Disable original rule"); ?>:
+ <input id="highlighting_enabled" name="highlight2" type="radio" value="yes" <?php if($highlight == "yes") echo " checked=\"checked\""; ?> />
+ <label for="highlighting_enabled"><?=gettext("Enabled"); ?></label>
+ <input id="highlighting_disabled" name="highlight2" type="radio" value="no"<?php if($highlight == "no") echo " checked=\"checked\""; ?> />
+ <label for="highlighting_disabled"><?=gettext("Disabled"); ?></label>
+ </td>
+ </tr>
+ </table>
+ <table width='100%'>
+ <tr>
+ <td valign="top" class="label">
+ <div style="background: #eeeeee;" id="textareaitem">
+ <!-- NOTE: The opening *and* the closing textarea tag must be on the same line. -->
+ <textarea wrap="off" style="width: 98%; margin: 7px;" class="<?php echo $language; ?>:showcolumns" rows="<?php echo $rows; ?>" cols="<?php echo $cols; ?>" name="code"><?php echo $tempstring;?></textarea>
+ </div>
+ </td>
+ </tr>
+ </table>
+ <table width='100%'>
+ <tr>
+ <td valign="top" class="label">
+ <div style="background: #eeeeee;" id="textareaitem">
+ <!-- NOTE: The opening *and* the closing textarea tag must be on the same line. -->
+ <textarea disabled wrap="off" style="width: 98%; margin: 7px;" class="<?php echo $language; ?>:showcolumns" rows="33" cols="<?php echo $cols; ?>" name="code2"><?php echo $contents2;?></textarea>
+ </div>
+ </td>
+ </tr>
+ </table>
+ <?php // include("formend.inc");?>
+ </form>
+ </td>
+ </tr>
</table>
+<script class="javascript" src="/snort/syntaxhighlighter/shCore.js"></script>
+<script class="javascript" src="/snort/syntaxhighlighter/shBrushCSharp.js"></script>
+<script class="javascript" src="/snort/syntaxhighlighter/shBrushPhp.js"></script>
+<script class="javascript" src="/snort/syntaxhighlighter/shBrushJScript.js"></script>
+<script class="javascript" src="/snort/syntaxhighlighter/shBrushJava.js"></script>
+<script class="javascript" src="/snort/syntaxhighlighter/shBrushVb.js"></script>
+<script class="javascript" src="/snort/syntaxhighlighter/shBrushSql.js"></script>
+<script class="javascript" src="/snort/syntaxhighlighter/shBrushXml.js"></script>
+<script class="javascript" src="/snort/syntaxhighlighter/shBrushDelphi.js"></script>
+<script class="javascript" src="/snort/syntaxhighlighter/shBrushPython.js"></script>
+<script class="javascript" src="/snort/syntaxhighlighter/shBrushRuby.js"></script>
+<script class="javascript" src="/snort/syntaxhighlighter/shBrushCss.js"></script>
+<script class="javascript">
+<!--
+ // Set focus.
+ document.forms[0].savetopath.focus();
+
+ // Append css for syntax highlighter.
+ var head = document.getElementsByTagName("head")[0];
+ var linkObj = document.createElement("link");
+ linkObj.setAttribute("type","text/css");
+ linkObj.setAttribute("rel","stylesheet");
+ linkObj.setAttribute("href","/snort/syntaxhighlighter/SyntaxHighlighter.css");
+ head.appendChild(linkObj);
+
+ // Activate dp.SyntaxHighlighter?
+ <?php
+ if($_POST['highlight'] == "yes") {
+ echo "dp.SyntaxHighlighter.HighlightAll('code', true, true);\n";
+ // Disable 'Save' button.
+ echo "document.forms[0].Save.disabled = 1;\n";
+ }
+?>
+//-->
+</script>
+<?php //include("fend.inc");?>
-<?php include("fend.inc"); ?>
-</div></body>
-</html> \ No newline at end of file
+</body>
+</html>
diff --git a/config/snort/snort_rulesets.php b/config/snort/snort_rulesets.php
index d839ae7a..d232c097 100644
--- a/config/snort/snort_rulesets.php
+++ b/config/snort/snort_rulesets.php
@@ -3,6 +3,7 @@
/*
snort_rulesets.php
Copyright (C) 2006 Scott Ullrich
+ Copyright (C) 2009 Robert Zelaya
All rights reserved.
Redistribution and use in source and binary forms, with or without
@@ -28,43 +29,68 @@
*/
require("guiconfig.inc");
-require_once("service-utils.inc");
-require("/usr/local/pkg/snort.inc");
+//require_once("filter.inc");
+//require_once("service-utils.inc");
+include_once("/usr/local/pkg/snort/snort.inc");
+require_once("/usr/local/pkg/snort/snort_gui.inc");
-if(!is_dir("/usr/local/etc/snort/rules")) {
- conf_mount_rw();
- exec('mkdir /usr/local/etc/snort/rules/');
- conf_mount_ro();
+
+if (!is_array($config['installedpackages']['snortglobal']['rule'])) {
+ $config['installedpackages']['snortglobal']['rule'] = array();
+}
+
+//nat_rules_sort();
+$a_nat = &$config['installedpackages']['snortglobal']['rule'];
+
+$id = $_GET['id'];
+if (isset($_POST['id']))
+ $id = $_POST['id'];
+
+
+if (isset($id) && $a_nat[$id]) {
+
+ $pconfig['enable'] = $a_nat[$id]['enable'];
+ $pconfig['interface'] = $a_nat[$id]['interface'];
+ $pconfig['rulesets'] = $a_nat[$id]['rulesets'];
}
+/* convert fake interfaces to real */
+$if_real = convert_friendly_interface_to_real_interface_name2($pconfig['interface']);
+
+
+$iface_uuid = $a_nat[$id]['uuid'];
+
+$pgtitle = "Snort: Interface $id $iface_uuid $if_real Categories";
+
+
/* Check if the rules dir is empy if so warn the user */
/* TODO give the user the option to delete the installed rules rules */
-$isrulesfolderempty = exec('ls -A /usr/local/etc/snort/rules/*.rules');
+$isrulesfolderempty = exec("ls -A /usr/local/etc/snort/snort_{$iface_uuid}_{$if_real}/rules/*.rules");
if ($isrulesfolderempty == "") {
include("head.inc");
-include("fbegin.inc");
+include("./snort_fbegin.inc");
+
+echo "<p class=\"pgtitle\">";
+if($pfsense_stable == 'yes'){echo $pgtitle;}
+echo "</p>\n";
echo "<body link=\"#000000\" vlink=\"#000000\" alink=\"#000000\">";
-echo "<script src=\"/row_toggle.js\" type=\"text/javascript\"></script>\n
-<script src=\"/javascript/sorttable.js\" type=\"text/javascript\"></script>\n
+echo "
<table width=\"99%\" border=\"0\" cellpadding=\"0\" cellspacing=\"0\">\n
<tr>\n
<td>\n";
- $tab_array = array();
- $tab_array[] = array(gettext("Settings"), false, "/pkg_edit.php?xml=snort.xml&id=0");
- $tab_array[] = array(gettext("Update Rules"), false, "/snort_download_rules.php");
- $tab_array[] = array(gettext("Categories"), true, "/snort_rulesets.php");
- $tab_array[] = array(gettext("Rules"), false, "/snort_rules.php");
- $tab_array[] = array(gettext("Servers"), false, "/pkg_edit.php?xml=snort_define_servers.xml&amp;id=0");
- $tab_array[] = array(gettext("Blocked"), false, "/snort_blocked.php");
- $tab_array[] = array(gettext("Whitelist"), false, "/pkg.php?xml=snort_whitelist.xml");
- $tab_array[] = array(gettext("Threshold"), false, "/pkg.php?xml=snort_threshold.xml");
- $tab_array[] = array(gettext("Alerts"), false, "/snort_alerts.php");
- $tab_array[] = array(gettext("Advanced"), false, "/pkg_edit.php?xml=snort_advanced.xml&id=0");
- display_top_tabs($tab_array);
+ $tab_array = array();
+ $tab_array[] = array("Snort Interfaces", false, "/snort/snort_interfaces.php");
+ $tab_array[] = array("If Settings", false, "/snort/snort_interfaces_edit.php?id={$id}");
+ $tab_array[] = array("Categories", true, "/snort/snort_rulesets.php?id={$id}");
+ $tab_array[] = array("Rules", false, "/snort/snort_rules.php?id={$id}");
+ $tab_array[] = array("Servers", false, "/snort/snort_define_servers.php?id={$id}");
+ $tab_array[] = array("Preprocessors", false, "/snort/snort_preprocessors.php?id={$id}");
+ $tab_array[] = array("Barnyard2", false, "/snort/snort_barnyard.php?id={$id}");
+ display_top_tabs($tab_array);
echo "</td>\n
</tr>\n
@@ -74,7 +100,7 @@ echo "</td>\n
<table id=\"maintable\" class=\"tabcont\" width=\"100%\" border=\"0\" cellpadding=\"0\" cellspacing=\"0\">\n
<tr>\n
<td>\n
-# The rules directory is empty.\n
+# The rules directory is empty. /usr/local/etc/snort/snort_{$iface_uuid}_{$if_real}/rules \n
</td>\n
</tr>\n
</table>\n
@@ -87,7 +113,7 @@ echo "</td>\n
\n
<p>\n\n";
-echo "Please click on the Update Rules tab to install your selected rule sets.";
+echo "Please click on the Update Rules tab to install your selected rule sets. $isrulesfolderempty";
include("fend.inc");
echo "</body>";
@@ -97,66 +123,117 @@ exit(0);
}
-if($_POST) {
+ /* alert file */
+$d_snortconfdirty_path = "/var/run/snort_conf_{$iface_uuid}_{$if_real}.dirty";
+
+ /* this will exec when alert says apply */
+ if ($_POST['apply']) {
+
+ if (file_exists($d_snortconfdirty_path)) {
+
+ write_config();
+
+ sync_snort_package_all($id, $if_real, $iface_uuid);
+ sync_snort_package();
+
+ unlink($d_snortconfdirty_path);
+
+ }
+
+ }
+
+ if ($_POST["Submit"]) {
$enabled_items = "";
$isfirst = true;
+ if (is_array($_POST['toenable'])) {
foreach($_POST['toenable'] as $toenable) {
if(!$isfirst)
$enabled_items .= "||";
$enabled_items .= "{$toenable}";
$isfirst = false;
}
- $config['installedpackages']['snort']['rulesets'] = $enabled_items;
+ }else{
+ $enabled_items = $_POST['toenable'];
+ }
+ $a_nat[$id]['rulesets'] = $enabled_items;
+
write_config();
- stop_service("snort");
- create_snort_conf();
- sleep(2);
- start_service("snort");
- $savemsg = "The snort ruleset selections have been saved.";
+
+ touch($d_snortconfdirty_path);
+
+ header( 'Expires: Sat, 26 Jul 1997 05:00:00 GMT' );
+ header( 'Last-Modified: ' . gmdate( 'D, d M Y H:i:s' ) . ' GMT' );
+ header( 'Cache-Control: no-store, no-cache, must-revalidate' );
+ header( 'Cache-Control: post-check=0, pre-check=0', false );
+ header( 'Pragma: no-cache' );
+ sleep(2);
+ sync_snort_package_all($id, $if_real, $iface_uuid);
+ header("Location: /snort/snort_rulesets.php?id=$id");
+
}
-$enabled_rulesets = $config['installedpackages']['snort']['rulesets'];
+$enabled_rulesets = $a_nat[$id]['rulesets'];
if($enabled_rulesets)
$enabled_rulesets_array = split("\|\|", $enabled_rulesets);
-$pgtitle = "Snort: Categories";
include("head.inc");
?>
<body link="#000000" vlink="#000000" alink="#000000">
-<?php include("fbegin.inc"); ?>
+<?php include("./snort_fbegin.inc"); ?>
+<p class="pgtitle"><?php if($pfsense_stable == 'yes'){echo $pgtitle;}?></p>
+<?php
+
+echo "<form action=\"snort_rulesets.php?id={$id}\" method=\"post\" name=\"iform\" id=\"iform\">";
+
+?>
<?php
-if(!$pgtitle_output)
- echo "<p class=\"pgtitle\"><?=$pgtitle?></p>";
+
+ /* Display message */
+
+ if ($input_errors) {
+ print_input_errors($input_errors); // TODO: add checks
+ }
+
+ if ($savemsg) {
+ print_info_box2($savemsg);
+ }
+
+ if (file_exists($d_snortconfdirty_path)) {
+ echo '<p>';
+
+ if($savemsg) {
+ print_info_box_np2("{$savemsg}");
+ }else{
+ print_info_box_np2('
+ The Snort configuration has changed and snort needs to be restarted on this interface.<br>
+ You must apply the changes in order for them to take effect.<br>
+ ');
+ }
+ }
+
?>
-<form action="snort_rulesets.php" method="post" name="iform" id="iform">
-<script src="/row_toggle.js" type="text/javascript"></script>
-<script src="/javascript/sorttable.js" type="text/javascript"></script>
-<?php if ($savemsg) print_info_box($savemsg); ?>
<table width="99%" border="0" cellpadding="0" cellspacing="0">
<tr>
<td>
<?php
- $tab_array = array();
- $tab_array[] = array(gettext("Settings"), false, "/pkg_edit.php?xml=snort.xml&id=0");
- $tab_array[] = array(gettext("Update Rules"), false, "/snort_download_rules.php");
- $tab_array[] = array(gettext("Categories"), true, "/snort_rulesets.php");
- $tab_array[] = array(gettext("Rules"), false, "/snort_rules.php");
- $tab_array[] = array(gettext("Servers"), false, "/pkg_edit.php?xml=snort_define_servers.xml&amp;id=0");
- $tab_array[] = array(gettext("Blocked"), false, "/snort_blocked.php");
- $tab_array[] = array(gettext("Whitelist"), false, "/pkg.php?xml=snort_whitelist.xml");
- $tab_array[] = array(gettext("Threshold"), false, "/pkg.php?xml=snort_threshold.xml");
- $tab_array[] = array(gettext("Alerts"), false, "/snort_alerts.php");
- $tab_array[] = array(gettext("Advanced"), false, "/pkg_edit.php?xml=snort_advanced.xml&id=0");
- display_top_tabs($tab_array);
+ $tab_array = array();
+ $tab_array[] = array("Snort Interfaces", false, "/snort/snort_interfaces.php");
+ $tab_array[] = array("If Settings", false, "/snort/snort_interfaces_edit.php?id={$id}");
+ $tab_array[] = array("Categories", true, "/snort/snort_rulesets.php?id={$id}");
+ $tab_array[] = array("Rules", false, "/snort/snort_rules.php?id={$id}");
+ $tab_array[] = array("Servers", false, "/snort/snort_define_servers.php?id={$id}");
+ $tab_array[] = array("Preprocessors", false, "/snort/snort_preprocessors.php?id={$id}");
+ $tab_array[] = array("Barnyard2", false, "/snort/snort_barnyard.php?id={$id}");
+ display_top_tabs($tab_array);
?>
- </td>
- </tr>
- <tr>
- <td>
+ </td>
+ </tr>
+ <tr>
+ <td>
<div id="mainarea">
<table id="maintable" class="tabcont" width="100%" border="0" cellpadding="0" cellspacing="0">
<tr>
@@ -168,7 +245,7 @@ if(!$pgtitle_output)
<!-- <td class="listhdrr">Description</td> -->
</tr>
<?php
- $dir = "/usr/local/etc/snort/rules/";
+ $dir = "/usr/local/etc/snort/snort_{$iface_uuid}_{$if_real}/rules/";
$dh = opendir($dir);
while (false !== ($filename = readdir($dh))) {
$files[] = $filename;
@@ -177,7 +254,7 @@ if(!$pgtitle_output)
foreach($files as $file) {
if(!stristr($file, ".rules"))
continue;
- echo "<tr>";
+ echo "<tr>\n";
echo "<td align=\"center\" valign=\"top\">";
if(is_array($enabled_rulesets_array))
if(in_array($file, $enabled_rulesets_array)) {
@@ -187,11 +264,11 @@ if(!$pgtitle_output)
}
else
$CHECKED = "";
- echo " <input type='checkbox' name='toenable[]' value='$file' {$CHECKED} />";
- echo "</td>";
- echo "<td>";
- echo "<a href='snort_rules.php?openruleset=/usr/local/etc/snort/rules/" . urlencode($file) . "'>{$file}</a>";
- echo "</td>";
+ echo " \n<input type='checkbox' name='toenable[]' value='$file' {$CHECKED} />\n";
+ echo "</td>\n";
+ echo "<td>\n";
+ echo "<a href='snort_rules.php?id={$id}&openruleset=/usr/local/etc/snort/snort_{$iface_uuid}_{$if_real}/rules/" . urlencode($file) . "'>{$file}</a>\n";
+ echo "</td>\n</tr>\n\n";
//echo "<td>";
//echo "description";
//echo "</td>";
@@ -204,7 +281,7 @@ if(!$pgtitle_output)
<tr><td>&nbsp;</td></tr>
<tr><td>Check the rulesets that you would like Snort to load at startup.</td></tr>
<tr><td>&nbsp;</td></tr>
- <tr><td><input value="Save" type="submit" name="save" id="save" /></td></tr>
+ <tr><td><input value="Save" type="submit" name="Submit" id="Submit" /></td></tr>
</table>
</div>
</td>
@@ -227,4 +304,4 @@ if(!$pgtitle_output)
}
-?> \ No newline at end of file
+?>
diff --git a/config/snort/snort_whitelist.xml b/config/snort/snort_whitelist.xml
index 42769e4e..d98f83fa 100644
--- a/config/snort/snort_whitelist.xml
+++ b/config/snort/snort_whitelist.xml
@@ -45,52 +45,40 @@
<description>Describe your package here</description>
<requirements>Describe your package requirements here</requirements>
<faq>Currently there are no FAQ items provided.</faq>
- <name>snort-whitelist</name>
+ <name>snortglobal</name>
<version>0.1.0</version>
<title>Snort: Whitelist</title>
- <include_file>/usr/local/pkg/snort.inc</include_file>
+ <include_file>/usr/local/pkg/snort/snort.inc</include_file>
<!-- Menu is where this packages menu will appear -->
<tabs>
<tab>
- <text>Settings</text>
- <url>/pkg_edit.php?xml=snort.xml&amp;id=0</url>
+ <text>Snort Interfaces</text>
+ <url>/snort/snort_interfaces.php</url>
</tab>
<tab>
- <text>Update Rules</text>
- <url>/snort_download_rules.php</url>
+ <text>Global Settings</text>
+ <url>/snort/snort_interfaces_global.php</url>
</tab>
<tab>
- <text>Categories</text>
- <url>/snort_rulesets.php</url>
+ <text>Rule Updates</text>
+ <url>/snort/snort_download_rules.php</url>
</tab>
<tab>
- <text>Rules</text>
- <url>/snort_rules.php</url>
- </tab>
- <tab>
- <text>Servers</text>
- <url>/pkg_edit.php?xml=snort_define_servers.xml&amp;id=0</url>
+ <text>Alerts</text>
+ <url>/snort/snort_alerts.php</url>
</tab>
<tab>
<text>Blocked</text>
- <url>/snort_blocked.php</url>
+ <url>/snort/snort_blocked.php</url>
</tab>
<tab>
<text>Whitelist</text>
- <url>/pkg.php?xml=snort_whitelist.xml</url>
+ <url>/pkg.php?xml=/snort/snort_whitelist.xml</url>
<active/>
</tab>
<tab>
- <text>Threshold</text>
- <url>/pkg.php?xml=snort_threshold.xml</url>
- </tab>
- <tab>
- <text>Alerts</text>
- <url>/snort_alerts.php</url>
- </tab>
- <tab>
- <text>Advanced</text>
- <url>/pkg_edit.php?xml=snort_advanced.xml&amp;id=0</url>
+ <text>Help Info</text>
+ <url>/snort/snort_help_info.php</url>
</tab>
</tabs>
<adddeleteeditpagefields>
@@ -124,6 +112,6 @@
<custom_delete_php_command>
</custom_delete_php_command>
<custom_php_resync_config_command>
- create_snort_conf();
+ sync_snort_package_empty();
</custom_php_resync_config_command>
-</packagegui> \ No newline at end of file
+</packagegui>
diff --git a/pkg_config.7.xml b/pkg_config.7.xml
index 51184854..b4563e46 100755
--- a/pkg_config.7.xml
+++ b/pkg_config.7.xml
@@ -329,10 +329,10 @@
<configurationfile>vhosts.xml</configurationfile>
</package>
<package>
- <name>snort</name>
+ <name>snort-old</name>
<pkginfolink>http://forum.pfsense.org/index.php/topic,16847.0.html</pkginfolink>
<website>http://www.snort.org</website>
- <descr>Used by fortune 500 companies and goverments Snort is the most widely deployed IDS/IPS technology worldwide. It features rules based logging and can perform content searching/matching in addition to being used to detect a variety of other attacks and probes, such as buffer overflows, stealth port scans, CGI attacks, SMB probes, and much more.</descr>
+ <descr>WARNING: This is the old snort package. A few current snort.org rules are not supported in this package. This package will not be supported in Pfsense 2.0.</descr>
<category>Security</category>
<depends_on_package_base_url>http://files.pfsense.org/packages/70/All/</depends_on_package_base_url>
<depends_on_package>libdnet-1.11_3.tbz</depends_on_package>
@@ -340,30 +340,30 @@
<depends_on_package>perl-5.8.9_3.tbz</depends_on_package>
<depends_on_package>mysql-client-5.1.34.tbz</depends_on_package>
<depends_on_package>snort-2.8.4.1_1.tbz</depends_on_package>
- <config_file>http://www.pfsense.com/packages/config/snort/snort.xml</config_file>
+ <config_file>http://www.pfsense.com/packages/config/snort-old/snort.xml</config_file>
<version>2.8.4.1_5 pkg v.1.7</version>
<required_version>1.2.2</required_version>
- <status>Stable</status>
+ <status>legacy</status>
<configurationfile>snort.xml</configurationfile>
<after_install_info>Please visit the Snort settings tab and enter your oinkid code. Afterwards visit the update rules tab to download the snort rules.</after_install_info>
</package>
<package>
- <name>snort-dev</name>
+ <name>snort</name>
<pkginfolink>http://forum.pfsense.org/index.php/topic,16847.0.html</pkginfolink>
<website>http://www.snort.org</website>
- <descr>WARNING: This is the final RC before release.</descr>
+ <descr>Used by fortune 500 companies and goverments Snort is the most widely deployed IDS/IPS technology worldwide. It features rules based logging and can perform content searching/matching in addition to being used to detect a variety of other attacks and probes, such as buffer overflows, stealth port scans, CGI attacks, SMB probes, and much more.</descr>
<category>Security</category>
- <depends_on_package_base_url>http://www.pfsense.com/packages/config/snort-dev/bin/7.2.x86/</depends_on_package_base_url>
+ <depends_on_package_base_url>http://www.pfsense.com/packages/config/snort/bin/7.2.x86/</depends_on_package_base_url>
<depends_on_package>pcre-8.00.tbz</depends_on_package>
<depends_on_package>perl-5.10.1.tbz</depends_on_package>
<depends_on_package>mysql-client-5.1.44_1.tbz</depends_on_package>
<depends_on_package>snort-2.8.5.3.tbz</depends_on_package>
- <config_file>http://www.pfsense.com/packages/config/snort-dev/snort.xml</config_file>
- <version>2.8.5.3 pkg v. 1.18</version>
+ <config_file>http://www.pfsense.com/packages/config/snort/snort.xml</config_file>
+ <version>2.8.5.3 pkg v. 1.19</version>
<required_version>1.2.3</required_version>
- <status>RC</status>
+ <status>Stable</status>
<configurationfile>/snort.xml</configurationfile>
- <after_install_info>This is the Snort-dev branch and is stable as of RC.</after_install_info>
+ <after_install_info>This is the Snort branch and is stable.</after_install_info>
</package>
<package>
<name>siproxd</name>
diff --git a/pkg_config.8.xml b/pkg_config.8.xml
index 4dc116d0..b92e2262 100755
--- a/pkg_config.8.xml
+++ b/pkg_config.8.xml
@@ -239,36 +239,17 @@
<website>http://www.snort.org</website>
<descr>Used by fortune 500 companies and goverments Snort is the most widely deployed IDS/IPS technology worldwide. It features rules based logging and can perform content searching/matching in addition to being used to detect a variety of other attacks and probes, such as buffer overflows, stealth port scans, CGI attacks, SMB probes, and much more.</descr>
<category>Security</category>
- <depends_on_package_base_url>http://files.pfsense.org/packages/70/All/</depends_on_package_base_url>
- <depends_on_package>libdnet-1.11_3.tbz</depends_on_package>
- <depends_on_package>pcre-7.9.tbz</depends_on_package>
- <depends_on_package>perl-5.8.9_3.tbz</depends_on_package>
- <depends_on_package>mysql-client-5.1.34.tbz</depends_on_package>
- <depends_on_package>snort-2.8.4.1_1.tbz</depends_on_package>
- <config_file>http://www.pfsense.com/packages/config/snort/snort.xml</config_file>
- <version>2.8.4.1_4 pkg v.1.7</version>
- <required_version>3.0</required_version>
- <status>Stable</status>
- <configurationfile>snort.xml</configurationfile>
- <after_install_info>Please visit the Snort settings tab and enter your oinkid code. Afterwards visit the update rules tab to download the snort rules.</after_install_info>
- </package>
- <package>
- <name>snort-dev</name>
- <pkginfolink>http://forum.pfsense.org/index.php/topic,16847.0.html</pkginfolink>
- <website>http://www.snort.org</website>
- <descr>WARNING: This is the final RC before release.</descr>
- <category>Security</category>
- <depends_on_package_base_url>http://www.pfsense.com/packages/config/snort-dev/bin/8.0.x86/</depends_on_package_base_url>
+ <depends_on_package_base_url>http://www.pfsense.com/packages/config/snort/bin/8.0.x86/</depends_on_package_base_url>
<depends_on_package>pcre-8.00.tbz</depends_on_package>
<depends_on_package>perl-5.10.1.tbz</depends_on_package>
<depends_on_package>mysql-client-5.1.45.tbz</depends_on_package>
<depends_on_package>snort-2.8.5.3.tbz</depends_on_package>
- <config_file>http://www.pfsense.com/packages/config/snort-dev/snort.xml</config_file>
- <version>2.8.5.3 pkg v. 1.18</version>
+ <config_file>http://www.pfsense.com/packages/config/snort/snort.xml</config_file>
+ <version>2.8.5.3 pkg v. 1.19</version>
<required_version>2.0</required_version>
- <status>RC</status>
+ <status>Stable</status>
<configurationfile>/snort.xml</configurationfile>
- <after_install_info>This is the Snort-dev branch and is stable as of RC.</after_install_info>
+ <after_install_info>This is the Snort branch and is stable.</after_install_info>
</package>
<package>
<name>spamd</name>