aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--packages/snort/snort.inc8
-rw-r--r--packages/snort/snort.xml5
-rw-r--r--packages/snort/snort_download_rules.php157
3 files changed, 163 insertions, 7 deletions
diff --git a/packages/snort/snort.inc b/packages/snort/snort.inc
index eb0c738f..a2283b55 100644
--- a/packages/snort/snort.inc
+++ b/packages/snort/snort.inc
@@ -1,6 +1,7 @@
<?php
function sync_package_snort() {
+ exec("mkdir -p /usr/local/etc/snort");
$first = 0;
/* if list */
$iflist = array("lan" => "LAN");
@@ -33,11 +34,4 @@ function sync_package_snort() {
start_service("snort");
}
-function download_latest_rules() {
- $oinkid = "";
- $dl = "http://www.snort.org/pub-bin/oinkmaster.cgi/{$oinkid}/snortrules-snapshot-CURRENT.tar.gz";
- $dl_md5 = "http://www.snort.org/pub-bin/oinkmaster.cgi/{$oinkid}/snortrules-snapshot-CURRENT.tar.gz.md5";
-
-}
-
?> \ No newline at end of file
diff --git a/packages/snort/snort.xml b/packages/snort/snort.xml
index 650dd182..13369f02 100644
--- a/packages/snort/snort.xml
+++ b/packages/snort/snort.xml
@@ -14,6 +14,11 @@
<chmod>077</chmod>
<item>http://www.pfsense.com/packages/config/snort/bin/snort2c</item>
</additional_files_needed>
+ <additional_files_needed>
+ <prefix>/usr/local/www/</prefix>
+ <chmod>077</chmod>
+ <item>http://www.pfsense.com/packages/config/snort/snort_download_rules.php</item>
+ </additional_files_needed>
<service>
<name>snort</name>
<rcfile>snort.sh</rcfile>
diff --git a/packages/snort/snort_download_rules.php b/packages/snort/snort_download_rules.php
new file mode 100644
index 00000000..3558ee8b
--- /dev/null
+++ b/packages/snort/snort_download_rules.php
@@ -0,0 +1,157 @@
+<?php
+/*
+ snort_download_rules.php
+ part of pfSense (http://www.pfsense.com)
+
+ Copyright (C) 2005 Scott Ullrich and Colin Smith
+
+ All rights reserved.
+
+ Redistribution and use in source and binary forms, with or without
+ modification, are permitted provided that the following conditions are met:
+
+ 1. Redistributions of source code must retain the above copyright notice,
+ this list of conditions and the following disclaimer.
+
+ 2. Redistributions in binary form must reproduce the above copyright
+ notice, this list of conditions and the following disclaimer in the
+ documentation and/or other materials provided with the distribution.
+
+ THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
+ INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+ AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
+ OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ POSSIBILITY OF SUCH DAMAGE.
+
+ TODO:
+ * modify pfSense.com XMLRPC server to return md5 hashes of firmware updates.
+*/
+
+$pgtitle = array(gettext("Services"),gettext("Snort"),gettext("Update Rules"));
+
+require_once("guiconfig.inc");
+require_once("xmlrpc.inc");
+
+include("head.inc");
+
+?>
+
+<body link="#0000CC" vlink="#0000CC" alink="#0000CC">
+<?php include("fbegin.inc"); ?>
+
+<form action="snort_download_rules.php" method="post">
+<div id="inputerrors"></div>
+<table width="100%" border="0" cellpadding="0" cellspacing="0">
+ <tr>
+ <td>
+<?php
+ $tab_array = array();
+ $tab_array[0] = array(gettext("Snort Settings"), false, "pkg.php?xml=snort.xml");
+ $tab_array[0] = array(gettext("Snort Rules Update"), false, "/usr/local/www/snort_download_rules.php");
+ display_top_tabs($tab_array);
+?>
+ </td>
+ </tr>
+ <tr>
+ <td>
+ <div id="mainarea">
+ <table class="tabcont" width="100%" border="0" cellpadding="6" cellspacing="0">
+ <tr>
+ <td align="center" valign="top">
+ <!-- progress bar -->
+ <table id="progholder" width='420' style='border-collapse: collapse; border: 1px solid #000000;' cellpadding='2' cellspacing='2'>
+ <tr>
+ <td>
+ <img border='0' src='./themes/<?= $g['theme']; ?>/images/misc/progress_bar.gif' width='280' height='23' name='progressbar' id='progressbar' alt='' />
+ </td>
+ </tr>
+ </table>
+ <br />
+ <!-- status box -->
+ <textarea cols="60" rows="1" name="status" id="status" wrap="hard">
+ <?=gettext("Beginning system autoupdate...");?>
+ </textarea>
+ <!-- command output box -->
+ <textarea cols="60" rows="25" name="output" id="output" wrap="hard">
+ </textarea>
+ </td>
+ </tr>
+ </table>
+ </div>
+ </td>
+ </tr>
+</table>
+</form>
+<?php include("fend.inc"); ?>
+<?php
+
+/* define oinkid */
+$oinkid = "";
+
+if(!$oinkid) {
+ $static_output = gettext("You must obtain an oinkid from snort.com and set its value in the Snort settings tab.");
+ update_all_status($static_output);
+ echo "\n<script type=\"text/javascript\">document.progressbar.style.visibility='hidden';\n</script>";
+ exit;
+}
+
+$dl = "http://www.snort.org/pub-bin/oinkmaster.cgi/{$oinkid}/snortrules-snapshot-CURRENT.tar.gz";
+$dl_md5 = "http://www.snort.org/pub-bin/oinkmaster.cgi/{$oinkid}/snortrules-snapshot-CURRENT.tar.gz.md5";
+$tmpfname = tempnam("/tmp", "snortRules");
+$static_output = gettext("Downloading current snort rules... ");
+
+update_all_status($static_output);
+download_file_with_progress_bar($dl, $tmpfname);
+$static_output = gettext("Downloading current snort rules md5... ");
+
+update_all_status($static_output);
+download_file_with_progress_bar($dl_md5, $tmpfname);
+
+/* verify downloaded rules signature */
+verify_snort_rules_md5($tmpfname);
+
+/* extract rules */
+extract_snort_rules_md5($tmpfname);
+
+$static_output = gettext("Your snort rules are now up to date.");
+update_all_status($static_output);
+
+echo "\n<script type=\"text/javascript\">document.progressbar.style.visibility='hidden';\n</script>";
+?>
+</body>
+</html>
+
+<?php
+function extract_snort_rules_md5($tmpfname) {
+ $static_output = gettext("Extracting snort rules...");
+ update_all_status($static_output);
+ exec("tar xzf {$tmpfname}/snortrules-snapshot-CURRENT.tar.gz -C /usr/local/etc/snort/");
+ $static_output = gettext("Snort rules extracted.");
+ update_status($static_output);
+ update_output_window($static_output);
+}
+
+function verify_snort_rules_md5($tmpfname) {
+ $static_output = gettext("Verifying md5 signature...");
+ update_all_status($static_output);
+ $md5 = file_get_contents("{$tmpfname}/snortrules-snapshot-CURRENT.tar.gz.md5");
+ $file_md5_ondisk = `md5 {$tmpfname}/snortrules-snapshot-CURRENT.tar.gz | awk '{ print $4 }'`;
+ if($md5 <> $file_md5_ondisk) {
+ $static_output = gettext("md5 signature of rules mismatch.");
+ update_all_status($static_output);
+ echo "\n<script type=\"text/javascript\">document.progressbar.style.visibility='hidden';\n</script>";
+ exit;
+ }
+}
+
+function update_all_status($status) {
+ update_status($status);
+ update_output_window($status);
+}
+
+?> \ No newline at end of file