aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rwxr-xr-xconfig/snort/snort.inc315
-rw-r--r--config/snort/snort.priv.inc1
-rwxr-xr-xconfig/snort/snort.xml4
-rwxr-xr-xconfig/snort/snort_interfaces.php19
-rwxr-xr-xconfig/snort/snort_interfaces_edit.php23
-rw-r--r--config/snort/snort_pkg.sh29
-rw-r--r--config/snort/snort_post_install.php54
-rw-r--r--config/snort/snort_service_utils.php127
8 files changed, 212 insertions, 360 deletions
diff --git a/config/snort/snort.inc b/config/snort/snort.inc
index f0819b4e..788c439d 100755
--- a/config/snort/snort.inc
+++ b/config/snort/snort.inc
@@ -557,7 +557,6 @@ function snort_barnyard_stop($snortcfg, $if_real) {
$snort_uuid = $snortcfg['uuid'];
if (isvalidpid("{$g['varrun_path']}/barnyard2_{$if_real}{$snort_uuid}.pid")) {
log_error("[Snort] Barnyard2 STOP for " . convert_real_interface_to_friendly_descr($if_real) . "({$if_real})...");
- touch("{$g['varrun_path']}/barnyard2_{$if_real}{$snort_uuid}.stopping");
killbypid("{$g['varrun_path']}/barnyard2_{$if_real}{$snort_uuid}.pid");
// Now wait up to 5 seconds for Barnyard2 to actually stop and clear its PID file
@@ -568,8 +567,8 @@ function snort_barnyard_stop($snortcfg, $if_real) {
sleep(1);
$count++;
} while ($count < 5);
- unlink_if_exists("{$g['varrun_path']}/barnyard2_{$if_real}{$snort_uuid}.stopping");
}
+ unlink_if_exists("{$g['varrun_path']}/barnyard2_{$if_real}{$snort_uuid}.pid");
}
function snort_stop($snortcfg, $if_real) {
@@ -578,7 +577,6 @@ function snort_stop($snortcfg, $if_real) {
$snort_uuid = $snortcfg['uuid'];
if (isvalidpid("{$g['varrun_path']}/snort_{$if_real}{$snort_uuid}.pid")) {
log_error("[Snort] Snort STOP for " . convert_real_interface_to_friendly_descr($if_real) . "({$if_real})...");
- touch("{$g['varrun_path']}/snort_{$if_real}{$snort_uuid}.stopping");
killbypid("{$g['varrun_path']}/snort_{$if_real}{$snort_uuid}.pid");
// Now wait up to 10 seconds for Snort to actually stop and clear its PID file
@@ -589,8 +587,8 @@ function snort_stop($snortcfg, $if_real) {
sleep(1);
$count++;
} while ($count < 10);
- unlink_if_exists("{$g['varrun_path']}/snort_{$if_real}{$snort_uuid}.stopping");
}
+ unlink_if_exists("{$g['varrun_path']}/snort_{$if_real}{$snort_uuid}.pid");
snort_barnyard_stop($snortcfg, $if_real);
}
@@ -602,7 +600,7 @@ function snort_barnyard_start($snortcfg, $if_real, $background=FALSE) {
$snortlogdir = SNORTLOGDIR;
$snort_uuid = $snortcfg['uuid'];
- if ($snortcfg['barnyard_enable'] == 'on') {
+ if ($snortcfg['barnyard_enable'] == 'on' && !file_exists("{$g['varrun_path']}/barnyard2_{$if_real}{$snort_uuid}.pid")) {
log_error("[Snort] Barnyard2 START for " . convert_real_interface_to_friendly_descr($if_real) . "({$if_real})...");
if ($background)
mwexec_bg("/usr/local/bin/barnyard2 -r {$snort_uuid} -f \"snort_{$snort_uuid}_{$if_real}.u2\" --pid-path {$g['varrun_path']} --nolock-pidfile -c {$snortdir}/snort_{$snort_uuid}_{$if_real}/barnyard2.conf -d {$snortlogdir}/snort_{$if_real}{$snort_uuid} -D -q");
@@ -618,7 +616,7 @@ function snort_start($snortcfg, $if_real, $background=FALSE) {
$snortlogdir = SNORTLOGDIR;
$snort_uuid = $snortcfg['uuid'];
- if ($snortcfg['enable'] == 'on') {
+ if ($snortcfg['enable'] == 'on' && !file_exists("{$g['varrun_path']}/snort_{$if_real}{$snort_uuid}.pid")) {
log_error("[Snort] Snort START for " . convert_real_interface_to_friendly_descr($if_real) . "({$if_real})...");
if ($background)
mwexec_bg("/usr/local/bin/snort -R {$snort_uuid} -D -q -l {$snortlogdir}/snort_{$if_real}{$snort_uuid} --pid-path {$g['varrun_path']} --nolock-pidfile -G {$snort_uuid} -c {$snortdir}/snort_{$snort_uuid}_{$if_real}/snort.conf -i {$if_real}");
@@ -1052,128 +1050,32 @@ function sync_snort_package_config() {
$snortdir = SNORTDIR;
$rcdir = RCFILEPREFIX;
- conf_mount_rw();
-
- $pkg_serv = &$config['installedpackages']['service'];
- if (!is_array($pkg_serv))
- $pkg_serv = array();
-
/* do not start config build if rules is empty or there are no Snort settings */
if (!is_array($config['installedpackages']['snortglobal']) || !is_array($config['installedpackages']['snortglobal']['rule'])) {
- conf_mount_ro();
-
- // Make sure no lingering <service> entries exist for Snort interfaces
- $is_dirty = FALSE;
- foreach ($pkg_serv as $key => $service) {
- if (strpos($service['name'], "snort_") !== FALSE) {
- unset($pkg_serv[$key]);
- $is_dirty = TRUE;
- }
- if (strpos($service['name'], "barnyard2_") !== FALSE) {
- unset($pkg_serv[$key]);
- $is_dirty = TRUE;
- }
- }
- if ($is_dirty)
- write_config("Snort pkg: removed snort interface service entry.");
return;
}
+ conf_mount_rw();
+
$snortconf = $config['installedpackages']['snortglobal']['rule'];
- $is_dirty = FALSE;
foreach ($snortconf as $value) {
/* Skip configuration of any disabled interface */
- /* after removing its custom service entry. */
- if ($value['enable'] != 'on') {
- foreach ($pkg_serv as $key => $service) {
- if (isset($service['uuid']) && $service['uuid'] == $value['uuid'] &&
- $service['name'] == "snort_" . strtolower($value['interface'])) {
- unset($pkg_serv[$key]);
- unlink_if_exists("{$g['varrun_path']}/snort_{$uuid}.disabled");
- $is_dirty = TRUE;
- }
- if (isset($service['uuid']) && $service['uuid'] == $value['uuid'] &&
- $service['name'] == "barnyard2_" . strtolower($value['interface'])) {
- unset($pkg_serv[$key]);
- unlink_if_exists("{$g['varrun_path']}/barnyard2_{$uuid}.disabled");
- $is_dirty = TRUE;
- }
- }
+ if ($value['enable'] != 'on')
continue;
- }
-
- $if_real = get_real_interface($value['interface']);
- /* create a snort.conf file for interface */
+ /* create a snort.conf file for interface */
snort_generate_conf($value);
- /* create barnyard2.conf file for interface */
+ /* create barnyard2.conf file for interface */
if ($value['barnyard_enable'] == 'on')
- snort_generate_barnyard2_conf($value, $if_real);
-
- /* create a <service> entry for interface */
- $snort_found = FALSE;
- $barnyard_found = FALSE;
- foreach ($pkg_serv as $key => $service) {
- if (isset($service['uuid']) && $service['uuid'] == $value['uuid'] &&
- $service['name'] == "snort_" . strtolower($value['interface'])) {
- $snort_found = TRUE;
- }
- if (isset($service['uuid']) && $service['uuid'] == $value['uuid'] &&
- $service['name'] == "barnyard2_" . strtolower($value['interface'])) {
- $barnyard_found = TRUE;
- $byid = $key;
- }
- }
-
- // If we found a configured Barnyard2 service for this interface,
- // but Barnyard2 is disabled, remove the Barnyard2 service entry.
- if ($barnyard_found && $value['barnyard_enable'] != "on") {
- unset($pkg_serv[$byid]);
- unlink_if_exists("{$g['varrun_path']}/barnyard2_{$uuid}.disabled");
- $is_dirty = TRUE;
- }
-
- // If we did not find configured services for enabled Snort and
- // Barnyard2 interfaces, then create them.
- if (!$snort_found) {
- $service = array();
- $service['name'] = "snort_" . strtolower($value['interface']);
- if (!empty($value['descr']))
- $service['description'] = "Snort IDS - " . $value['descr'];
- else
- $service['description'] = "Snort IDS - " . convert_friendly_interface_to_friendly_descr($value['interface']);
- $service['uuid'] = $value['uuid'];
- $service['startcmd'] = "\$action='start';\$service='snort';\$uuid={$value['uuid']};\$rc = include '/usr/local/pkg/snort/snort_service_utils.php';";
- $service['stopcmd'] = "\$action='stop';\$service='snort';\$uuid={$value['uuid']};\$rc = include '/usr/local/pkg/snort/snort_service_utils.php';";
- $service['restartcmd'] = "\$action='restart';\$service='snort';\$uuid={$value['uuid']};\$rc = include '/usr/local/pkg/snort/snort_service_utils.php';";
- $service['custom_php_service_status_command'] = "\$action='status';\$service='snort';\$uuid={$value['uuid']};\$rc = include '/usr/local/pkg/snort/snort_service_utils.php';";
- $config['installedpackages']['service'][] = $service;
- $is_dirty = TRUE;
- }
- if (!$barnyard_found && $value['barnyard_enable'] == 'on') {
- $service = array();
- $service['name'] = "barnyard2_" . strtolower($value['interface']);
- if (!empty($value['descr']))
- $service['description'] = "Barnyard2 Logging - " . $value['descr'];
- else
- $service['description'] = "Barnyard2 Logging - " . convert_friendly_interface_to_friendly_descr($value['interface']);
- $service['uuid'] = $value['uuid'];
- $service['startcmd'] = "\$action='start';\$service='barnyard2';\$uuid={$value['uuid']};\$rc = include '/usr/local/pkg/snort/snort_service_utils.php';";
- $service['stopcmd'] = "\$action='stop';\$service='barnyard2';\$uuid={$value['uuid']};\$rc = include '/usr/local/pkg/snort/snort_service_utils.php';";
- $service['restartcmd'] = "\$action='restart';\$service='barnyard2';\$uuid={$value['uuid']};\$rc = include '/usr/local/pkg/snort/snort_service_utils.php';";
- $service['custom_php_service_status_command'] = "\$action='status';\$service='barnyard2';\$uuid={$value['uuid']};\$rc = include '/usr/local/pkg/snort/snort_service_utils.php';";
- $config['installedpackages']['service'][] = $service;
- $is_dirty = TRUE;
- }
+ snort_generate_barnyard2_conf($value, get_real_interface($value['interface']));
}
- // Call write_config() if we made any updates up above
- if ($is_dirty)
- write_config("Snort pkg: updated snort service entry configuration.");
-
$snortglob = $config['installedpackages']['snortglobal'];
+ /* create snort bootup file snort.sh */
+ snort_create_rc();
+
snort_snortloglimit_install_cron(true);
/* set the snort block hosts time IMPORTANT */
@@ -2893,6 +2795,197 @@ function snort_modify_sids(&$rule_map, $snortcfg) {
unset($enablesid, $disablesid);
}
+function snort_create_rc() {
+
+/*********************************************************/
+/* This function builds the /usr/local/etc/rc.d/snort.sh */
+/* shell script for starting and stopping Snort. The */
+/* script is rebuilt on each package sync operation and */
+/* after any changes to snort.conf saved in the GUI. */
+/*********************************************************/
+
+ global $config, $g;
+
+ $snortdir = SNORTDIR;
+ $snortlogdir = SNORTLOGDIR;
+ $rcdir = RCFILEPREFIX;
+
+ $snortconf = $config['installedpackages']['snortglobal']['rule'];
+
+ // If no interfaces are configured for Snort, exit
+ if (!is_array($snortconf) || count($snortconf) < 1) {
+ unlink_if_exists("{$rcdir}snort.sh");
+ return;
+ }
+
+ // At least one interface is configured, so OK
+ $start_snort_iface_start = array();
+ $start_snort_iface_stop = array();
+
+ // Loop thru each configured interface and build
+ // the shell script.
+ foreach ($snortconf as $value) {
+ // Skip disabled Snort interfaces
+ if ($value['enable'] <> 'on')
+ continue;
+ $snort_uuid = $value['uuid'];
+ $if_real = get_real_interface($value['interface']);
+
+ $start_barnyard = <<<EOE
+
+ if [ ! -f {$g['varrun_path']}/barnyard2_{$if_real}{$snort_uuid}.pid ]; then
+ pid=`/bin/pgrep -fn "barnyard2 -r {$snort_uuid} "`
+ else
+ pid=`/bin/pgrep -F {$g['varrun_path']}/barnyard2_{$if_real}{$snort_uuid}.pid`
+ fi
+ if [ ! -z \$pid ]; then
+ /usr/bin/logger -p daemon.info -i -t SnortStartup "Barnyard2 SOFT RESTART for {$value['descr']}({$snort_uuid}_{$if_real})..."
+ /bin/pkill -HUP \$pid
+ else
+ /usr/bin/logger -p daemon.info -i -t SnortStartup "Barnyard2 START for {$value['descr']}({$snort_uuid}_{$if_real})..."
+ /usr/local/bin/barnyard2 -r {$snort_uuid} -f snort_{$snort_uuid}_{$if_real}.u2 --pid-path {$g['varrun_path']} --nolock-pidfile -c {$snortdir}/snort_{$snort_uuid}_{$if_real}/barnyard2.conf -d {$snortlogdir}/snort_{$if_real}{$snort_uuid} -D -q
+ fi
+
+EOE;
+ $stop_barnyard2 = <<<EOE
+
+ if [ -f {$g['varrun_path']}/barnyard2_{$if_real}{$snort_uuid}.pid ]; then
+ /usr/bin/logger -p daemon.info -i -t SnortStartup "Barnyard2 STOP for {$value['descr']}({$snort_uuid}_{$if_real})..."
+ pid=`/bin/pgrep -F {$g['varrun_path']}/barnyard2_{$if_real}{$snort_uuid}.pid`
+ /bin/pkill -F {$g['varrun_path']}/barnyard2_{$if_real}{$snort_uuid}.pid -a
+ time=0 timeout=30
+ while kill -0 \$pid 2>/dev/null; do
+ sleep 1
+ time=\$((time+1))
+ if [ \$time -gt \$timeout ]; then
+ break
+ fi
+ done
+ if [ -f {$g['varrun_path']}/barnyard2_{$if_real}{$snort_uuid}.pid ]; then
+ /bin/rm {$g['varrun_path']}/barnyard2_{$if_real}{$snort_uuid}.pid
+ fi
+ else
+ pid=`/bin/pgrep -fn "barnyard2 -r {$snort_uuid} "`
+ if [ ! -z \$pid ]; then
+ /bin/pkill -f "barnyard2 -r {$snort_uuid} "
+ time=0 timeout=30
+ while kill -0 \$pid 2>/dev/null; do
+ sleep 1
+ time=\$((time+1))
+ if [ \$time -gt \$timeout ]; then
+ break
+ fi
+ done
+ fi
+ fi
+
+EOE;
+ if ($value['barnyard_enable'] == 'on')
+ $start_barnyard2 = $start_barnyard;
+ else
+ $start_barnyard2 = $stop_barnyard2;
+
+ $start_snort_iface_start[] = <<<EOE
+
+###### For Each Iface
+ # Start snort and barnyard2
+ if [ ! -f {$g['varrun_path']}/snort_{$if_real}{$snort_uuid}.pid ]; then
+ pid=`/bin/pgrep -fn "snort -R {$snort_uuid} "`
+ else
+ pid=`/bin/pgrep -F {$g['varrun_path']}/snort_{$if_real}{$snort_uuid}.pid`
+ fi
+
+ if [ ! -z \$pid ]; then
+ /usr/bin/logger -p daemon.info -i -t SnortStartup "Snort SOFT RESTART for {$value['descr']}({$snort_uuid}_{$if_real})..."
+ /bin/pkill -HUP \$pid
+ else
+ /usr/bin/logger -p daemon.info -i -t SnortStartup "Snort START for {$value['descr']}({$snort_uuid}_{$if_real})..."
+ /usr/local/bin/snort -R {$snort_uuid} -D -q -l {$snortlogdir}/snort_{$if_real}{$snort_uuid} --pid-path {$g['varrun_path']} --nolock-pidfile -G {$snort_uuid} -c {$snortdir}/snort_{$snort_uuid}_{$if_real}/snort.conf -i {$if_real}
+ fi
+
+ sleep 2
+ {$start_barnyard2}
+
+EOE;
+
+ $start_snort_iface_stop[] = <<<EOE
+
+ if [ -f {$g['varrun_path']}/snort_{$if_real}{$snort_uuid}.pid ]; then
+ pid=`/bin/pgrep -F {$g['varrun_path']}/snort_{$if_real}{$snort_uuid}.pid`
+ /usr/bin/logger -p daemon.info -i -t SnortStartup "Snort STOP for {$value['descr']}({$snort_uuid}_{$if_real})..."
+ /bin/pkill -F {$g['varrun_path']}/snort_{$if_real}{$snort_uuid}.pid -a
+ time=0 timeout=30
+ while kill -0 \$pid 2>/dev/null; do
+ sleep 1
+ time=\$((time+1))
+ if [ \$time -gt \$timeout ]; then
+ break
+ fi
+ done
+ if [ -f {$g['varrun_path']}/snort_{$if_real}{$snort_uuid}.pid ]; then
+ /bin/rm {$g['varrun_path']}/snort_{$if_real}{$snort_uuid}.pid
+ fi
+ else
+ pid=`/bin/pgrep -fn "snort -R {$snort_uuid} "`
+ if [ ! -z \$pid ]; then
+ /usr/bin/logger -p daemon.info -i -t SnortStartup "Snort STOP for {$value['descr']}({$snort_uuid}_{$if_real})..."
+ /bin/pkill -fn "snort -R {$snort_uuid} "
+ time=0 timeout=30
+ while kill -0 \$pid 2>/dev/null; do
+ sleep 1
+ time=\$((time+1))
+ if [ \$time -gt \$timeout ]; then
+ break
+ fi
+ done
+ fi
+ fi
+
+ sleep 2
+ {$stop_barnyard2}
+
+EOE;
+ }
+
+ $rc_start = implode("\n", $start_snort_iface_start);
+ $rc_stop = implode("\n", $start_snort_iface_stop);
+
+ $snort_sh_text = <<<EOD
+#!/bin/sh
+########
+# This file was automatically generated
+# by the pfSense service handler.
+# Code added to protect from double starts on pfSense bootup
+######## Start of main snort.sh
+
+rc_start() {
+ {$rc_start}
+}
+
+rc_stop() {
+ {$rc_stop}
+}
+
+case $1 in
+ start)
+ rc_start
+ ;;
+ stop)
+ rc_stop
+ ;;
+ restart)
+ rc_stop
+ rc_start
+ ;;
+esac
+
+EOD;
+
+ /* write out snort.sh */
+ @file_put_contents("{$rcdir}snort.sh", $snort_sh_text);
+ @chmod("{$rcdir}snort.sh", 0755);
+}
+
function snort_generate_barnyard2_conf($snortcfg, $if_real) {
/****************************************************/
diff --git a/config/snort/snort.priv.inc b/config/snort/snort.priv.inc
index 7376a1b2..1af0e783 100644
--- a/config/snort/snort.priv.inc
+++ b/config/snort/snort.priv.inc
@@ -43,7 +43,6 @@ $priv_list['page-services-snort']['match'][] = "snort/snort_iprep_list_browser.p
$priv_list['page-services-snort']['match'][] = "snort/snort_generate_conf.php*";
$priv_list['page-services-snort']['match'][] = "snort/snort_interface_logs.php*";
$priv_list['page-services-snort']['match'][] = "snort/snort_log_mgmt.php*";
-$priv_list['page-services-snort']['match'][] = "snort/snort_service_utils.php*";
$priv_list['page-services-snort']['match'][] = "widgets/javascript/snort_alerts.js*";
$priv_list['page-services-snort']['match'][] = "widgets/include/widget-snort.inc*";
$priv_list['page-services-snort']['match'][] = "widgets/widgets/snort_alerts.widget.php*";
diff --git a/config/snort/snort.xml b/config/snort/snort.xml
index dcad30f3..79c2a0c4 100755
--- a/config/snort/snort.xml
+++ b/config/snort/snort.xml
@@ -56,6 +56,10 @@
<url>/snort/snort_interfaces.php</url>
</menu>
<service>
+ <name>snort</name>
+ <rcfile>snort.sh</rcfile>
+ <executable>snort</executable>
+ <description>Snort IDS/IPS Daemon</description>
</service>
<tabs>
</tabs>
diff --git a/config/snort/snort_interfaces.php b/config/snort/snort_interfaces.php
index 04e6dae0..c3325f4a 100755
--- a/config/snort/snort_interfaces.php
+++ b/config/snort/snort_interfaces.php
@@ -52,24 +52,9 @@ if (isset($_POST['del_x'])) {
/* Delete selected Snort interfaces */
if (is_array($_POST['rule'])) {
conf_mount_rw();
- $pkg_serv = &$config['installedpackages']['service'];
- if (!is_array($pkg_serv))
- $pkg_serv = array();
foreach ($_POST['rule'] as $rulei) {
$if_real = get_real_interface($a_nat[$rulei]['interface']);
$snort_uuid = $a_nat[$rulei]['uuid'];
- foreach ($pkg_serv as $key => $service) {
- if (isset($service['uuid']) && $service['uuid'] == $snort_uuid &&
- $service['name'] == "snort_" . strtolower($a_nat[$rulei]['interface'])) {
- unset($pkg_serv[$key]);
- unlink_if_exists("{$g['varrun_path']}/snort_{$snort_uuid}.disabled");
- }
- if (isset($service['uuid']) && $service['uuid'] == $snort_uuid &&
- $service['name'] == "barnyard2_" . strtolower($a_nat[$rulei]['interface'])) {
- unset($pkg_serv[$key]);
- unlink_if_exists("{$g['varrun_path']}/barnyard2_{$snort_uuid}.disabled");
- }
- }
snort_stop($a_nat[$rulei], $if_real);
rmdir_recursive("{$snortlogdir}/snort_{$if_real}{$snort_uuid}");
rmdir_recursive("{$snortdir}/snort_{$snort_uuid}_{$if_real}");
@@ -109,10 +94,8 @@ if ($_POST['bartoggle'] && is_numericint($_POST['id'])) {
log_error("Toggle (barnyard starting) for {$if_friendly}({$if_real})...");
sync_snort_package_config();
snort_barnyard_start($snortcfg, $if_real);
- unlink_if_exists("{$g['varrun_path']}/barnyard2_{$snortcfg['uuid']}.disabled");
} else {
log_error("Toggle (barnyard stopping) for {$if_friendly}({$if_real})...");
- touch("{$g['varrun_path']}/barnyard2_{$snortcfg['uuid']}.disabled");
snort_barnyard_stop($snortcfg, $if_real);
}
sleep(3); // So the GUI reports correctly
@@ -126,7 +109,6 @@ if ($_POST['toggle'] && is_numericint($_POST['id'])) {
if (snort_is_running($snortcfg['uuid'], $if_real)) {
log_error("Toggle (snort stopping) for {$if_friendly}({$if_real})...");
- touch("{$g['varrun_path']}/snort_{$snortcfg['uuid']}.disabled");
snort_stop($snortcfg, $if_real);
} else {
log_error("Toggle (snort starting) for {$if_friendly}({$if_real})...");
@@ -136,7 +118,6 @@ if ($_POST['toggle'] && is_numericint($_POST['id'])) {
sync_snort_package_config();
$rebuild_rules = false;
snort_start($snortcfg, $if_real);
- unlink_if_exists("{$g['varrun_path']}/snort_{$snortcfg['uuid']}.disabled");
}
sleep(3); // So the GUI reports correctly
}
diff --git a/config/snort/snort_interfaces_edit.php b/config/snort/snort_interfaces_edit.php
index 1b412d31..249108f9 100755
--- a/config/snort/snort_interfaces_edit.php
+++ b/config/snort/snort_interfaces_edit.php
@@ -226,32 +226,11 @@ if ($_POST["save"] && !$input_errors) {
if ($natent['interface'] != $a_rule[$id]['interface']) {
$oif_real = get_real_interface($a_rule[$id]['interface']);
if (snort_is_running($a_rule[$id]['uuid'], $oif_real)) {
- touch("{$g['varrun_path']}/snort_{$a_rule[$id]['uuid']}.disabled");
- touch("{$g['varrun_path']}/barnyard2_{$a_rule[$id]['uuid']}.disabled");
snort_stop($a_rule[$id], $oif_real);
$snort_start = true;
}
else
$snort_start = false;
- // Need to rename the service entries when moving instance to another interface
- foreach ($config['installedpackages']['service'] as &$service) {
- if (isset($service['uuid']) && $service['uuid'] == $a_rule[$id]['uuid'] &&
- $service['name'] == "snort_" . strtolower($a_rule[$id]['interface'])) {
- $service['name'] = "snort_" . strtolower($natent['interface']);
- if (!empty($natent['descr']))
- $service['description'] = "Snort IDS - " . $natent['descr'];
- else
- $service['description'] = "Snort IDS - " . convert_friendly_interface_to_friendly_descr($natent['interface']);
- }
- if (isset($service['uuid']) && $service['uuid'] == $a_rule[$id]['uuid'] &&
- $service['name'] == "barnyard2_" . strtolower($a_rule[$id]['interface'])) {
- $service['name'] = "barnyard2_" . strtolower($natent['interface']);
- if (!empty($natent['descr']))
- $service['description'] = "Barnyard2 Logging - " . $natent['descr'];
- else
- $service['description'] = "Barnyard2 Logging - " . convert_friendly_interface_to_friendly_descr($natent['interface']);
- }
- }
@rename("{$snortlogdir}/snort_{$oif_real}{$a_rule[$id]['uuid']}", "{$snortlogdir}/snort_{$if_real}{$a_rule[$id]['uuid']}");
conf_mount_rw();
@rename("{$snortdir}/snort_{$a_rule[$id]['uuid']}_{$oif_real}", "{$snortdir}/snort_{$a_rule[$id]['uuid']}_{$if_real}");
@@ -403,8 +382,6 @@ if ($_POST["save"] && !$input_errors) {
/* See if we need to restart Snort after an interface re-assignment */
if ($snort_start == true) {
snort_start($natent, $if_real);
- unlink_if_exists("{$g['varrun_path']}/snort_{$natent['uuid']}.disabled");
- unlink_if_exists("{$g['varrun_path']}/barnyard2_{$natent['uuid']}.disabled");
}
/*******************************************************/
diff --git a/config/snort/snort_pkg.sh b/config/snort/snort_pkg.sh
deleted file mode 100644
index a19adf4d..00000000
--- a/config/snort/snort_pkg.sh
+++ /dev/null
@@ -1,29 +0,0 @@
-#!/usr/local/bin/php -f
-<?php
-require_once("/usr/local/pkg/snort/snort.inc");
-global $g;
-switch (strtolower($argv[1])) {
- case "start":
- if (!file_exists("{$g['varrun_path']}/snort_pkg_starting.lck")) {
- touch("{$g['varrun_path']}/snort_pkg_starting.lck");
- snort_start_all_interfaces();
- unlink_if_exists("{$g['varrun_path']}/snort_pkg_starting.lck");
- }
- break;
-
- case "stop":
- snort_stop_all_interfaces();
- unlink_if_exists("{$g['varrun_path']}/snort_pkg_starting.lck");
- break;
-
- case "restart":
- snort_stop_all_interfaces();
- touch("{$g['varrun_path']}/snort_pkg_starting.lck");
- snort_start_all_interfaces();
- unlink_if_exists("{$g['varrun_path']}/snort_pkg_starting.lck");
- break;
-
- default:
- echo "WARNING: ignoring unsupported command - '{$argv[1]}'\n";
-}
-?>
diff --git a/config/snort/snort_post_install.php b/config/snort/snort_post_install.php
index 8ed7d81b..fb54a050 100644
--- a/config/snort/snort_post_install.php
+++ b/config/snort/snort_post_install.php
@@ -5,7 +5,7 @@
* Copyright (C) 2006 Scott Ullrich
* Copyright (C) 2009-2010 Robert Zelaya
* Copyright (C) 2011-2012 Ermal Luci
- * Copyright (C) 2013 Bill Meeks
+ * Copyright (C) 2013-2014 Bill Meeks
* part of pfSense
* All rights reserved.
*
@@ -223,57 +223,11 @@ if ($config['installedpackages']['snortglobal']['forcekeepsettings'] == 'on') {
// Create barnyard2.conf file for interface
if ($snortcfg['barnyard_enable'] == 'on')
snort_generate_barnyard2_conf($snortcfg, $if_real);
-
- // If this interface is not enabled, we're done with it so
- // loop to the next one.
- if ($snortcfg['enable'] != 'on')
- continue;
-
- // Create a custom <service> entry for each enabled interface
- $snort_found = FALSE;
- $barnyard_found = FALSE;
- foreach ($config['installedpackages']['service'] as $service) {
- if (isset($service['uuid']) && $service['uuid'] == $snortcfg['uuid'] &&
- $service['name'] == "snort_" . strtolower($snortcfg['interface'])) {
- $snort_found = TRUE;
- }
- if (isset($service['uuid']) && $service['uuid'] == $snortcfg['uuid'] &&
- $service['name'] == "barnyard2_" . strtolower($snortcfg['interface'])) {
- $barnyard_found = TRUE;
- }
- }
- if (!$snort_found) {
- $service = array();
- $service['name'] = "snort_" . strtolower($snortcfg['interface']);
- if (!empty($snortcfg['descr']))
- $service['description'] = "Snort IDS - " . $snortcfg['descr'];
- else
- $service['description'] = "Snort IDS - " . convert_friendly_interface_to_friendly_descr($snortcfg['interface']);
- $service['uuid'] = $snortcfg['uuid'];
- $service['startcmd'] = "\$action='start';\$service='snort';\$uuid={$snortcfg['uuid']};\$rc = include '/usr/local/pkg/snort/snort_service_utils.php';";
- $service['stopcmd'] = "\$action='stop';\$service='snort';\$uuid={$snortcfg['uuid']};\$rc = include '/usr/local/pkg/snort/snort_service_utils.php';";
- $service['restartcmd'] = "\$action='restart';\$service='snort';\$uuid={$snortcfg['uuid']};\$rc = include '/usr/local/pkg/snort/snort_service_utils.php';";
- $service['custom_php_service_status_command'] = "\$action='status';\$service='snort';\$uuid={$snortcfg['uuid']};\$rc = include '/usr/local/pkg/snort/snort_service_utils.php';";
- $config['installedpackages']['service'][] = $service;
- $is_dirty = TRUE;
- }
- if (!$barnyard_found && $snortcfg['barnyard_enable'] == 'on') {
- $service = array();
- $service['name'] = "barnyard2_" . strtolower($snortcfg['interface']);
- if (!empty($snortcfg['descr']))
- $service['description'] = "Barnyard2 Logging - " . $snortcfg['descr'];
- else
- $service['description'] = "Barnyard2 Logging - " . convert_friendly_interface_to_friendly_descr($snortcfg['interface']);
- $service['uuid'] = $snortcfg['uuid'];
- $service['startcmd'] = "\$action='start';\$service='barnyard2';\$uuid={$snortcfg['uuid']};\$rc = include '/usr/local/pkg/snort/snort_service_utils.php';";
- $service['stopcmd'] = "\$action='stop';\$service='barnyard2';\$uuid={$snortcfg['uuid']};\$rc = include '/usr/local/pkg/snort/snort_service_utils.php';";
- $service['restartcmd'] = "\$action='restart';\$service='barnyard2';\$uuid={$snortcfg['uuid']};\$rc = include '/usr/local/pkg/snort/snort_service_utils.php';";
- $service['custom_php_service_status_command'] = "\$action='status';\$service='barnyard2';\$uuid={$snortcfg['uuid']};\$rc = include '/usr/local/pkg/snort/snort_service_utils.php';";
- $config['installedpackages']['service'][] = $service;
- $is_dirty = TRUE;
- }
}
+ /* create snort bootup file snort.sh */
+ snort_create_rc();
+
/* Set Log Limit, Block Hosts Time and Rules Update Time */
snort_snortloglimit_install_cron(true);
snort_rm_blocked_install_cron($config['installedpackages']['snortglobal']['rm_blocked'] != "never_b" ? true : false);
diff --git a/config/snort/snort_service_utils.php b/config/snort/snort_service_utils.php
deleted file mode 100644
index 04f1c139..00000000
--- a/config/snort/snort_service_utils.php
+++ /dev/null
@@ -1,127 +0,0 @@
-<?php
-/*
- * snort_service_utils.php
- *
- * Copyright (C) 2006 Scott Ullrich
- * Copyright (C) 2009-2010 Robert Zelaya
- * Copyright (C) 2011-2012 Ermal Luci
- * Copyright (C) 2013,2014 Bill Meeks
- * part of pfSense
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions are met:
- *
- * 1. Redistributions of source code must retain the above copyright notice,
- * this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- *
- * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
- * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
- * AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
- * AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
- * OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
- * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
- * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
- * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
- * POSSIBILITY OF SUCH DAMAGE.
- */
-
-/*****************************************************************************
- * This file is called by the custom service start, stop and status handlers *
- * created for each enabled Snort and Barnyard interface. The calling code *
- * is expected to set the following varibles to indicate the action desired. *
- * *
- * $action = start, stop, restart or status *
- * $service = executable to act upon (snort or barnyard2) *
- * $uuid = Unique Identifier ID for the rule interface *
- * *
- *****************************************************************************/
-
-require_once("/usr/local/pkg/snort/snort.inc");
-
-global $g, $config;
-
-if (empty($uuid)) {
- log_error(gettext("[Snort] error in snort_service_utils.php ... no UUID provided."));
- return FALSE;
-}
-if (strtolower($service) != "snort" && strtolower($service) != "barnyard2") {
- log_error(gettext("[Snort] error in snort_service_utils.php ... unrecognized service '{$service}' provided."));
- return FALSE;
-}
-
-$service = strtolower($service);
-$action = strtolower($action);
-
-// First find the correct [rule] index in our config using the UUID
-if (!is_array($config['installedpackages']['snortglobal']['rule']))
- return FALSE;
-foreach ($config['installedpackages']['snortglobal']['rule'] as $rule) {
- if ($rule['uuid'] == $uuid) {
- $if_real = get_real_interface($rule['interface']);
-
- // Block changes when package is being started from shell script
- if (file_exists("{$g['varrun_path']}/snort_pkg_starting.lck")) {
- log_error(gettext("[Snort] interface service start/stop commands locked-out during package start/restart."));
- return TRUE;
- }
-
- // If interface is manually stopped, then don't try to start it
- if (($action == 'start' || $action == 'restart') && file_exists("{$g['varrun_path']}/{$service}_{$uuid}.disabled")) {
- log_error(gettext("[Snort] auto-start locked out by previous manual shutdown...must be started using Snort INTERFACES tab."));
- return FALSE;
- }
-
- switch ($action) {
- case 'start':
- if ($service == "snort")
- snort_start($rule, $if_real, TRUE);
- elseif ($service == "barnyard2")
- snort_barnyard_start($rule, $if_real, TRUE);
- else
- return FALSE;
- return TRUE;
-
- case 'stop':
- if ($service == "snort")
- snort_stop($rule, $if_real);
- elseif ($service == "barnyard2")
- snort_barnyard_stop($rule, $if_real);
- else
- return FALSE;
- return TRUE;
-
- case 'restart':
- if ($service == "snort") {
- snort_stop($rule, $if_real);
- sleep(1);
- snort_start($rule, $if_real, TRUE);
- }
- elseif ($service == "barnyard2") {
- snort_barnyard_stop($rule, $if_real);
- sleep(1);
- snort_barnyard_start($rule, $if_real, TRUE);
- }
- else
- return FALSE;
- return TRUE;
-
- case 'status':
- if (isvalidpid("{$g['varrun_path']}/{$service}_{$if_real}{$uuid}.pid"))
- return TRUE;
- else
- return FALSE;
-
- default:
- log_error(gettext("[Snort] error in snort_service_utils.php ... unrecognized action '{$action}' provided."));
- return FALSE;
- }
- }
-}
-
-?>