diff options
-rwxr-xr-x | config/snort/snort.inc | 315 | ||||
-rw-r--r-- | config/snort/snort.priv.inc | 1 | ||||
-rwxr-xr-x | config/snort/snort.xml | 4 | ||||
-rwxr-xr-x | config/snort/snort_interfaces.php | 19 | ||||
-rwxr-xr-x | config/snort/snort_interfaces_edit.php | 23 | ||||
-rw-r--r-- | config/snort/snort_pkg.sh | 29 | ||||
-rw-r--r-- | config/snort/snort_post_install.php | 54 | ||||
-rw-r--r-- | config/snort/snort_service_utils.php | 127 |
8 files changed, 212 insertions, 360 deletions
diff --git a/config/snort/snort.inc b/config/snort/snort.inc index f0819b4e..788c439d 100755 --- a/config/snort/snort.inc +++ b/config/snort/snort.inc @@ -557,7 +557,6 @@ function snort_barnyard_stop($snortcfg, $if_real) { $snort_uuid = $snortcfg['uuid']; if (isvalidpid("{$g['varrun_path']}/barnyard2_{$if_real}{$snort_uuid}.pid")) { log_error("[Snort] Barnyard2 STOP for " . convert_real_interface_to_friendly_descr($if_real) . "({$if_real})..."); - touch("{$g['varrun_path']}/barnyard2_{$if_real}{$snort_uuid}.stopping"); killbypid("{$g['varrun_path']}/barnyard2_{$if_real}{$snort_uuid}.pid"); // Now wait up to 5 seconds for Barnyard2 to actually stop and clear its PID file @@ -568,8 +567,8 @@ function snort_barnyard_stop($snortcfg, $if_real) { sleep(1); $count++; } while ($count < 5); - unlink_if_exists("{$g['varrun_path']}/barnyard2_{$if_real}{$snort_uuid}.stopping"); } + unlink_if_exists("{$g['varrun_path']}/barnyard2_{$if_real}{$snort_uuid}.pid"); } function snort_stop($snortcfg, $if_real) { @@ -578,7 +577,6 @@ function snort_stop($snortcfg, $if_real) { $snort_uuid = $snortcfg['uuid']; if (isvalidpid("{$g['varrun_path']}/snort_{$if_real}{$snort_uuid}.pid")) { log_error("[Snort] Snort STOP for " . convert_real_interface_to_friendly_descr($if_real) . "({$if_real})..."); - touch("{$g['varrun_path']}/snort_{$if_real}{$snort_uuid}.stopping"); killbypid("{$g['varrun_path']}/snort_{$if_real}{$snort_uuid}.pid"); // Now wait up to 10 seconds for Snort to actually stop and clear its PID file @@ -589,8 +587,8 @@ function snort_stop($snortcfg, $if_real) { sleep(1); $count++; } while ($count < 10); - unlink_if_exists("{$g['varrun_path']}/snort_{$if_real}{$snort_uuid}.stopping"); } + unlink_if_exists("{$g['varrun_path']}/snort_{$if_real}{$snort_uuid}.pid"); snort_barnyard_stop($snortcfg, $if_real); } @@ -602,7 +600,7 @@ function snort_barnyard_start($snortcfg, $if_real, $background=FALSE) { $snortlogdir = SNORTLOGDIR; $snort_uuid = $snortcfg['uuid']; - if ($snortcfg['barnyard_enable'] == 'on') { + if ($snortcfg['barnyard_enable'] == 'on' && !file_exists("{$g['varrun_path']}/barnyard2_{$if_real}{$snort_uuid}.pid")) { log_error("[Snort] Barnyard2 START for " . convert_real_interface_to_friendly_descr($if_real) . "({$if_real})..."); if ($background) mwexec_bg("/usr/local/bin/barnyard2 -r {$snort_uuid} -f \"snort_{$snort_uuid}_{$if_real}.u2\" --pid-path {$g['varrun_path']} --nolock-pidfile -c {$snortdir}/snort_{$snort_uuid}_{$if_real}/barnyard2.conf -d {$snortlogdir}/snort_{$if_real}{$snort_uuid} -D -q"); @@ -618,7 +616,7 @@ function snort_start($snortcfg, $if_real, $background=FALSE) { $snortlogdir = SNORTLOGDIR; $snort_uuid = $snortcfg['uuid']; - if ($snortcfg['enable'] == 'on') { + if ($snortcfg['enable'] == 'on' && !file_exists("{$g['varrun_path']}/snort_{$if_real}{$snort_uuid}.pid")) { log_error("[Snort] Snort START for " . convert_real_interface_to_friendly_descr($if_real) . "({$if_real})..."); if ($background) mwexec_bg("/usr/local/bin/snort -R {$snort_uuid} -D -q -l {$snortlogdir}/snort_{$if_real}{$snort_uuid} --pid-path {$g['varrun_path']} --nolock-pidfile -G {$snort_uuid} -c {$snortdir}/snort_{$snort_uuid}_{$if_real}/snort.conf -i {$if_real}"); @@ -1052,128 +1050,32 @@ function sync_snort_package_config() { $snortdir = SNORTDIR; $rcdir = RCFILEPREFIX; - conf_mount_rw(); - - $pkg_serv = &$config['installedpackages']['service']; - if (!is_array($pkg_serv)) - $pkg_serv = array(); - /* do not start config build if rules is empty or there are no Snort settings */ if (!is_array($config['installedpackages']['snortglobal']) || !is_array($config['installedpackages']['snortglobal']['rule'])) { - conf_mount_ro(); - - // Make sure no lingering <service> entries exist for Snort interfaces - $is_dirty = FALSE; - foreach ($pkg_serv as $key => $service) { - if (strpos($service['name'], "snort_") !== FALSE) { - unset($pkg_serv[$key]); - $is_dirty = TRUE; - } - if (strpos($service['name'], "barnyard2_") !== FALSE) { - unset($pkg_serv[$key]); - $is_dirty = TRUE; - } - } - if ($is_dirty) - write_config("Snort pkg: removed snort interface service entry."); return; } + conf_mount_rw(); + $snortconf = $config['installedpackages']['snortglobal']['rule']; - $is_dirty = FALSE; foreach ($snortconf as $value) { /* Skip configuration of any disabled interface */ - /* after removing its custom service entry. */ - if ($value['enable'] != 'on') { - foreach ($pkg_serv as $key => $service) { - if (isset($service['uuid']) && $service['uuid'] == $value['uuid'] && - $service['name'] == "snort_" . strtolower($value['interface'])) { - unset($pkg_serv[$key]); - unlink_if_exists("{$g['varrun_path']}/snort_{$uuid}.disabled"); - $is_dirty = TRUE; - } - if (isset($service['uuid']) && $service['uuid'] == $value['uuid'] && - $service['name'] == "barnyard2_" . strtolower($value['interface'])) { - unset($pkg_serv[$key]); - unlink_if_exists("{$g['varrun_path']}/barnyard2_{$uuid}.disabled"); - $is_dirty = TRUE; - } - } + if ($value['enable'] != 'on') continue; - } - - $if_real = get_real_interface($value['interface']); - /* create a snort.conf file for interface */ + /* create a snort.conf file for interface */ snort_generate_conf($value); - /* create barnyard2.conf file for interface */ + /* create barnyard2.conf file for interface */ if ($value['barnyard_enable'] == 'on') - snort_generate_barnyard2_conf($value, $if_real); - - /* create a <service> entry for interface */ - $snort_found = FALSE; - $barnyard_found = FALSE; - foreach ($pkg_serv as $key => $service) { - if (isset($service['uuid']) && $service['uuid'] == $value['uuid'] && - $service['name'] == "snort_" . strtolower($value['interface'])) { - $snort_found = TRUE; - } - if (isset($service['uuid']) && $service['uuid'] == $value['uuid'] && - $service['name'] == "barnyard2_" . strtolower($value['interface'])) { - $barnyard_found = TRUE; - $byid = $key; - } - } - - // If we found a configured Barnyard2 service for this interface, - // but Barnyard2 is disabled, remove the Barnyard2 service entry. - if ($barnyard_found && $value['barnyard_enable'] != "on") { - unset($pkg_serv[$byid]); - unlink_if_exists("{$g['varrun_path']}/barnyard2_{$uuid}.disabled"); - $is_dirty = TRUE; - } - - // If we did not find configured services for enabled Snort and - // Barnyard2 interfaces, then create them. - if (!$snort_found) { - $service = array(); - $service['name'] = "snort_" . strtolower($value['interface']); - if (!empty($value['descr'])) - $service['description'] = "Snort IDS - " . $value['descr']; - else - $service['description'] = "Snort IDS - " . convert_friendly_interface_to_friendly_descr($value['interface']); - $service['uuid'] = $value['uuid']; - $service['startcmd'] = "\$action='start';\$service='snort';\$uuid={$value['uuid']};\$rc = include '/usr/local/pkg/snort/snort_service_utils.php';"; - $service['stopcmd'] = "\$action='stop';\$service='snort';\$uuid={$value['uuid']};\$rc = include '/usr/local/pkg/snort/snort_service_utils.php';"; - $service['restartcmd'] = "\$action='restart';\$service='snort';\$uuid={$value['uuid']};\$rc = include '/usr/local/pkg/snort/snort_service_utils.php';"; - $service['custom_php_service_status_command'] = "\$action='status';\$service='snort';\$uuid={$value['uuid']};\$rc = include '/usr/local/pkg/snort/snort_service_utils.php';"; - $config['installedpackages']['service'][] = $service; - $is_dirty = TRUE; - } - if (!$barnyard_found && $value['barnyard_enable'] == 'on') { - $service = array(); - $service['name'] = "barnyard2_" . strtolower($value['interface']); - if (!empty($value['descr'])) - $service['description'] = "Barnyard2 Logging - " . $value['descr']; - else - $service['description'] = "Barnyard2 Logging - " . convert_friendly_interface_to_friendly_descr($value['interface']); - $service['uuid'] = $value['uuid']; - $service['startcmd'] = "\$action='start';\$service='barnyard2';\$uuid={$value['uuid']};\$rc = include '/usr/local/pkg/snort/snort_service_utils.php';"; - $service['stopcmd'] = "\$action='stop';\$service='barnyard2';\$uuid={$value['uuid']};\$rc = include '/usr/local/pkg/snort/snort_service_utils.php';"; - $service['restartcmd'] = "\$action='restart';\$service='barnyard2';\$uuid={$value['uuid']};\$rc = include '/usr/local/pkg/snort/snort_service_utils.php';"; - $service['custom_php_service_status_command'] = "\$action='status';\$service='barnyard2';\$uuid={$value['uuid']};\$rc = include '/usr/local/pkg/snort/snort_service_utils.php';"; - $config['installedpackages']['service'][] = $service; - $is_dirty = TRUE; - } + snort_generate_barnyard2_conf($value, get_real_interface($value['interface'])); } - // Call write_config() if we made any updates up above - if ($is_dirty) - write_config("Snort pkg: updated snort service entry configuration."); - $snortglob = $config['installedpackages']['snortglobal']; + /* create snort bootup file snort.sh */ + snort_create_rc(); + snort_snortloglimit_install_cron(true); /* set the snort block hosts time IMPORTANT */ @@ -2893,6 +2795,197 @@ function snort_modify_sids(&$rule_map, $snortcfg) { unset($enablesid, $disablesid); } +function snort_create_rc() { + +/*********************************************************/ +/* This function builds the /usr/local/etc/rc.d/snort.sh */ +/* shell script for starting and stopping Snort. The */ +/* script is rebuilt on each package sync operation and */ +/* after any changes to snort.conf saved in the GUI. */ +/*********************************************************/ + + global $config, $g; + + $snortdir = SNORTDIR; + $snortlogdir = SNORTLOGDIR; + $rcdir = RCFILEPREFIX; + + $snortconf = $config['installedpackages']['snortglobal']['rule']; + + // If no interfaces are configured for Snort, exit + if (!is_array($snortconf) || count($snortconf) < 1) { + unlink_if_exists("{$rcdir}snort.sh"); + return; + } + + // At least one interface is configured, so OK + $start_snort_iface_start = array(); + $start_snort_iface_stop = array(); + + // Loop thru each configured interface and build + // the shell script. + foreach ($snortconf as $value) { + // Skip disabled Snort interfaces + if ($value['enable'] <> 'on') + continue; + $snort_uuid = $value['uuid']; + $if_real = get_real_interface($value['interface']); + + $start_barnyard = <<<EOE + + if [ ! -f {$g['varrun_path']}/barnyard2_{$if_real}{$snort_uuid}.pid ]; then + pid=`/bin/pgrep -fn "barnyard2 -r {$snort_uuid} "` + else + pid=`/bin/pgrep -F {$g['varrun_path']}/barnyard2_{$if_real}{$snort_uuid}.pid` + fi + if [ ! -z \$pid ]; then + /usr/bin/logger -p daemon.info -i -t SnortStartup "Barnyard2 SOFT RESTART for {$value['descr']}({$snort_uuid}_{$if_real})..." + /bin/pkill -HUP \$pid + else + /usr/bin/logger -p daemon.info -i -t SnortStartup "Barnyard2 START for {$value['descr']}({$snort_uuid}_{$if_real})..." + /usr/local/bin/barnyard2 -r {$snort_uuid} -f snort_{$snort_uuid}_{$if_real}.u2 --pid-path {$g['varrun_path']} --nolock-pidfile -c {$snortdir}/snort_{$snort_uuid}_{$if_real}/barnyard2.conf -d {$snortlogdir}/snort_{$if_real}{$snort_uuid} -D -q + fi + +EOE; + $stop_barnyard2 = <<<EOE + + if [ -f {$g['varrun_path']}/barnyard2_{$if_real}{$snort_uuid}.pid ]; then + /usr/bin/logger -p daemon.info -i -t SnortStartup "Barnyard2 STOP for {$value['descr']}({$snort_uuid}_{$if_real})..." + pid=`/bin/pgrep -F {$g['varrun_path']}/barnyard2_{$if_real}{$snort_uuid}.pid` + /bin/pkill -F {$g['varrun_path']}/barnyard2_{$if_real}{$snort_uuid}.pid -a + time=0 timeout=30 + while kill -0 \$pid 2>/dev/null; do + sleep 1 + time=\$((time+1)) + if [ \$time -gt \$timeout ]; then + break + fi + done + if [ -f {$g['varrun_path']}/barnyard2_{$if_real}{$snort_uuid}.pid ]; then + /bin/rm {$g['varrun_path']}/barnyard2_{$if_real}{$snort_uuid}.pid + fi + else + pid=`/bin/pgrep -fn "barnyard2 -r {$snort_uuid} "` + if [ ! -z \$pid ]; then + /bin/pkill -f "barnyard2 -r {$snort_uuid} " + time=0 timeout=30 + while kill -0 \$pid 2>/dev/null; do + sleep 1 + time=\$((time+1)) + if [ \$time -gt \$timeout ]; then + break + fi + done + fi + fi + +EOE; + if ($value['barnyard_enable'] == 'on') + $start_barnyard2 = $start_barnyard; + else + $start_barnyard2 = $stop_barnyard2; + + $start_snort_iface_start[] = <<<EOE + +###### For Each Iface + # Start snort and barnyard2 + if [ ! -f {$g['varrun_path']}/snort_{$if_real}{$snort_uuid}.pid ]; then + pid=`/bin/pgrep -fn "snort -R {$snort_uuid} "` + else + pid=`/bin/pgrep -F {$g['varrun_path']}/snort_{$if_real}{$snort_uuid}.pid` + fi + + if [ ! -z \$pid ]; then + /usr/bin/logger -p daemon.info -i -t SnortStartup "Snort SOFT RESTART for {$value['descr']}({$snort_uuid}_{$if_real})..." + /bin/pkill -HUP \$pid + else + /usr/bin/logger -p daemon.info -i -t SnortStartup "Snort START for {$value['descr']}({$snort_uuid}_{$if_real})..." + /usr/local/bin/snort -R {$snort_uuid} -D -q -l {$snortlogdir}/snort_{$if_real}{$snort_uuid} --pid-path {$g['varrun_path']} --nolock-pidfile -G {$snort_uuid} -c {$snortdir}/snort_{$snort_uuid}_{$if_real}/snort.conf -i {$if_real} + fi + + sleep 2 + {$start_barnyard2} + +EOE; + + $start_snort_iface_stop[] = <<<EOE + + if [ -f {$g['varrun_path']}/snort_{$if_real}{$snort_uuid}.pid ]; then + pid=`/bin/pgrep -F {$g['varrun_path']}/snort_{$if_real}{$snort_uuid}.pid` + /usr/bin/logger -p daemon.info -i -t SnortStartup "Snort STOP for {$value['descr']}({$snort_uuid}_{$if_real})..." + /bin/pkill -F {$g['varrun_path']}/snort_{$if_real}{$snort_uuid}.pid -a + time=0 timeout=30 + while kill -0 \$pid 2>/dev/null; do + sleep 1 + time=\$((time+1)) + if [ \$time -gt \$timeout ]; then + break + fi + done + if [ -f {$g['varrun_path']}/snort_{$if_real}{$snort_uuid}.pid ]; then + /bin/rm {$g['varrun_path']}/snort_{$if_real}{$snort_uuid}.pid + fi + else + pid=`/bin/pgrep -fn "snort -R {$snort_uuid} "` + if [ ! -z \$pid ]; then + /usr/bin/logger -p daemon.info -i -t SnortStartup "Snort STOP for {$value['descr']}({$snort_uuid}_{$if_real})..." + /bin/pkill -fn "snort -R {$snort_uuid} " + time=0 timeout=30 + while kill -0 \$pid 2>/dev/null; do + sleep 1 + time=\$((time+1)) + if [ \$time -gt \$timeout ]; then + break + fi + done + fi + fi + + sleep 2 + {$stop_barnyard2} + +EOE; + } + + $rc_start = implode("\n", $start_snort_iface_start); + $rc_stop = implode("\n", $start_snort_iface_stop); + + $snort_sh_text = <<<EOD +#!/bin/sh +######## +# This file was automatically generated +# by the pfSense service handler. +# Code added to protect from double starts on pfSense bootup +######## Start of main snort.sh + +rc_start() { + {$rc_start} +} + +rc_stop() { + {$rc_stop} +} + +case $1 in + start) + rc_start + ;; + stop) + rc_stop + ;; + restart) + rc_stop + rc_start + ;; +esac + +EOD; + + /* write out snort.sh */ + @file_put_contents("{$rcdir}snort.sh", $snort_sh_text); + @chmod("{$rcdir}snort.sh", 0755); +} + function snort_generate_barnyard2_conf($snortcfg, $if_real) { /****************************************************/ diff --git a/config/snort/snort.priv.inc b/config/snort/snort.priv.inc index 7376a1b2..1af0e783 100644 --- a/config/snort/snort.priv.inc +++ b/config/snort/snort.priv.inc @@ -43,7 +43,6 @@ $priv_list['page-services-snort']['match'][] = "snort/snort_iprep_list_browser.p $priv_list['page-services-snort']['match'][] = "snort/snort_generate_conf.php*"; $priv_list['page-services-snort']['match'][] = "snort/snort_interface_logs.php*"; $priv_list['page-services-snort']['match'][] = "snort/snort_log_mgmt.php*"; -$priv_list['page-services-snort']['match'][] = "snort/snort_service_utils.php*"; $priv_list['page-services-snort']['match'][] = "widgets/javascript/snort_alerts.js*"; $priv_list['page-services-snort']['match'][] = "widgets/include/widget-snort.inc*"; $priv_list['page-services-snort']['match'][] = "widgets/widgets/snort_alerts.widget.php*"; diff --git a/config/snort/snort.xml b/config/snort/snort.xml index dcad30f3..79c2a0c4 100755 --- a/config/snort/snort.xml +++ b/config/snort/snort.xml @@ -56,6 +56,10 @@ <url>/snort/snort_interfaces.php</url> </menu> <service> + <name>snort</name> + <rcfile>snort.sh</rcfile> + <executable>snort</executable> + <description>Snort IDS/IPS Daemon</description> </service> <tabs> </tabs> diff --git a/config/snort/snort_interfaces.php b/config/snort/snort_interfaces.php index 04e6dae0..c3325f4a 100755 --- a/config/snort/snort_interfaces.php +++ b/config/snort/snort_interfaces.php @@ -52,24 +52,9 @@ if (isset($_POST['del_x'])) { /* Delete selected Snort interfaces */ if (is_array($_POST['rule'])) { conf_mount_rw(); - $pkg_serv = &$config['installedpackages']['service']; - if (!is_array($pkg_serv)) - $pkg_serv = array(); foreach ($_POST['rule'] as $rulei) { $if_real = get_real_interface($a_nat[$rulei]['interface']); $snort_uuid = $a_nat[$rulei]['uuid']; - foreach ($pkg_serv as $key => $service) { - if (isset($service['uuid']) && $service['uuid'] == $snort_uuid && - $service['name'] == "snort_" . strtolower($a_nat[$rulei]['interface'])) { - unset($pkg_serv[$key]); - unlink_if_exists("{$g['varrun_path']}/snort_{$snort_uuid}.disabled"); - } - if (isset($service['uuid']) && $service['uuid'] == $snort_uuid && - $service['name'] == "barnyard2_" . strtolower($a_nat[$rulei]['interface'])) { - unset($pkg_serv[$key]); - unlink_if_exists("{$g['varrun_path']}/barnyard2_{$snort_uuid}.disabled"); - } - } snort_stop($a_nat[$rulei], $if_real); rmdir_recursive("{$snortlogdir}/snort_{$if_real}{$snort_uuid}"); rmdir_recursive("{$snortdir}/snort_{$snort_uuid}_{$if_real}"); @@ -109,10 +94,8 @@ if ($_POST['bartoggle'] && is_numericint($_POST['id'])) { log_error("Toggle (barnyard starting) for {$if_friendly}({$if_real})..."); sync_snort_package_config(); snort_barnyard_start($snortcfg, $if_real); - unlink_if_exists("{$g['varrun_path']}/barnyard2_{$snortcfg['uuid']}.disabled"); } else { log_error("Toggle (barnyard stopping) for {$if_friendly}({$if_real})..."); - touch("{$g['varrun_path']}/barnyard2_{$snortcfg['uuid']}.disabled"); snort_barnyard_stop($snortcfg, $if_real); } sleep(3); // So the GUI reports correctly @@ -126,7 +109,6 @@ if ($_POST['toggle'] && is_numericint($_POST['id'])) { if (snort_is_running($snortcfg['uuid'], $if_real)) { log_error("Toggle (snort stopping) for {$if_friendly}({$if_real})..."); - touch("{$g['varrun_path']}/snort_{$snortcfg['uuid']}.disabled"); snort_stop($snortcfg, $if_real); } else { log_error("Toggle (snort starting) for {$if_friendly}({$if_real})..."); @@ -136,7 +118,6 @@ if ($_POST['toggle'] && is_numericint($_POST['id'])) { sync_snort_package_config(); $rebuild_rules = false; snort_start($snortcfg, $if_real); - unlink_if_exists("{$g['varrun_path']}/snort_{$snortcfg['uuid']}.disabled"); } sleep(3); // So the GUI reports correctly } diff --git a/config/snort/snort_interfaces_edit.php b/config/snort/snort_interfaces_edit.php index 1b412d31..249108f9 100755 --- a/config/snort/snort_interfaces_edit.php +++ b/config/snort/snort_interfaces_edit.php @@ -226,32 +226,11 @@ if ($_POST["save"] && !$input_errors) { if ($natent['interface'] != $a_rule[$id]['interface']) { $oif_real = get_real_interface($a_rule[$id]['interface']); if (snort_is_running($a_rule[$id]['uuid'], $oif_real)) { - touch("{$g['varrun_path']}/snort_{$a_rule[$id]['uuid']}.disabled"); - touch("{$g['varrun_path']}/barnyard2_{$a_rule[$id]['uuid']}.disabled"); snort_stop($a_rule[$id], $oif_real); $snort_start = true; } else $snort_start = false; - // Need to rename the service entries when moving instance to another interface - foreach ($config['installedpackages']['service'] as &$service) { - if (isset($service['uuid']) && $service['uuid'] == $a_rule[$id]['uuid'] && - $service['name'] == "snort_" . strtolower($a_rule[$id]['interface'])) { - $service['name'] = "snort_" . strtolower($natent['interface']); - if (!empty($natent['descr'])) - $service['description'] = "Snort IDS - " . $natent['descr']; - else - $service['description'] = "Snort IDS - " . convert_friendly_interface_to_friendly_descr($natent['interface']); - } - if (isset($service['uuid']) && $service['uuid'] == $a_rule[$id]['uuid'] && - $service['name'] == "barnyard2_" . strtolower($a_rule[$id]['interface'])) { - $service['name'] = "barnyard2_" . strtolower($natent['interface']); - if (!empty($natent['descr'])) - $service['description'] = "Barnyard2 Logging - " . $natent['descr']; - else - $service['description'] = "Barnyard2 Logging - " . convert_friendly_interface_to_friendly_descr($natent['interface']); - } - } @rename("{$snortlogdir}/snort_{$oif_real}{$a_rule[$id]['uuid']}", "{$snortlogdir}/snort_{$if_real}{$a_rule[$id]['uuid']}"); conf_mount_rw(); @rename("{$snortdir}/snort_{$a_rule[$id]['uuid']}_{$oif_real}", "{$snortdir}/snort_{$a_rule[$id]['uuid']}_{$if_real}"); @@ -403,8 +382,6 @@ if ($_POST["save"] && !$input_errors) { /* See if we need to restart Snort after an interface re-assignment */ if ($snort_start == true) { snort_start($natent, $if_real); - unlink_if_exists("{$g['varrun_path']}/snort_{$natent['uuid']}.disabled"); - unlink_if_exists("{$g['varrun_path']}/barnyard2_{$natent['uuid']}.disabled"); } /*******************************************************/ diff --git a/config/snort/snort_pkg.sh b/config/snort/snort_pkg.sh deleted file mode 100644 index a19adf4d..00000000 --- a/config/snort/snort_pkg.sh +++ /dev/null @@ -1,29 +0,0 @@ -#!/usr/local/bin/php -f -<?php -require_once("/usr/local/pkg/snort/snort.inc"); -global $g; -switch (strtolower($argv[1])) { - case "start": - if (!file_exists("{$g['varrun_path']}/snort_pkg_starting.lck")) { - touch("{$g['varrun_path']}/snort_pkg_starting.lck"); - snort_start_all_interfaces(); - unlink_if_exists("{$g['varrun_path']}/snort_pkg_starting.lck"); - } - break; - - case "stop": - snort_stop_all_interfaces(); - unlink_if_exists("{$g['varrun_path']}/snort_pkg_starting.lck"); - break; - - case "restart": - snort_stop_all_interfaces(); - touch("{$g['varrun_path']}/snort_pkg_starting.lck"); - snort_start_all_interfaces(); - unlink_if_exists("{$g['varrun_path']}/snort_pkg_starting.lck"); - break; - - default: - echo "WARNING: ignoring unsupported command - '{$argv[1]}'\n"; -} -?> diff --git a/config/snort/snort_post_install.php b/config/snort/snort_post_install.php index 8ed7d81b..fb54a050 100644 --- a/config/snort/snort_post_install.php +++ b/config/snort/snort_post_install.php @@ -5,7 +5,7 @@ * Copyright (C) 2006 Scott Ullrich * Copyright (C) 2009-2010 Robert Zelaya * Copyright (C) 2011-2012 Ermal Luci - * Copyright (C) 2013 Bill Meeks + * Copyright (C) 2013-2014 Bill Meeks * part of pfSense * All rights reserved. * @@ -223,57 +223,11 @@ if ($config['installedpackages']['snortglobal']['forcekeepsettings'] == 'on') { // Create barnyard2.conf file for interface if ($snortcfg['barnyard_enable'] == 'on') snort_generate_barnyard2_conf($snortcfg, $if_real); - - // If this interface is not enabled, we're done with it so - // loop to the next one. - if ($snortcfg['enable'] != 'on') - continue; - - // Create a custom <service> entry for each enabled interface - $snort_found = FALSE; - $barnyard_found = FALSE; - foreach ($config['installedpackages']['service'] as $service) { - if (isset($service['uuid']) && $service['uuid'] == $snortcfg['uuid'] && - $service['name'] == "snort_" . strtolower($snortcfg['interface'])) { - $snort_found = TRUE; - } - if (isset($service['uuid']) && $service['uuid'] == $snortcfg['uuid'] && - $service['name'] == "barnyard2_" . strtolower($snortcfg['interface'])) { - $barnyard_found = TRUE; - } - } - if (!$snort_found) { - $service = array(); - $service['name'] = "snort_" . strtolower($snortcfg['interface']); - if (!empty($snortcfg['descr'])) - $service['description'] = "Snort IDS - " . $snortcfg['descr']; - else - $service['description'] = "Snort IDS - " . convert_friendly_interface_to_friendly_descr($snortcfg['interface']); - $service['uuid'] = $snortcfg['uuid']; - $service['startcmd'] = "\$action='start';\$service='snort';\$uuid={$snortcfg['uuid']};\$rc = include '/usr/local/pkg/snort/snort_service_utils.php';"; - $service['stopcmd'] = "\$action='stop';\$service='snort';\$uuid={$snortcfg['uuid']};\$rc = include '/usr/local/pkg/snort/snort_service_utils.php';"; - $service['restartcmd'] = "\$action='restart';\$service='snort';\$uuid={$snortcfg['uuid']};\$rc = include '/usr/local/pkg/snort/snort_service_utils.php';"; - $service['custom_php_service_status_command'] = "\$action='status';\$service='snort';\$uuid={$snortcfg['uuid']};\$rc = include '/usr/local/pkg/snort/snort_service_utils.php';"; - $config['installedpackages']['service'][] = $service; - $is_dirty = TRUE; - } - if (!$barnyard_found && $snortcfg['barnyard_enable'] == 'on') { - $service = array(); - $service['name'] = "barnyard2_" . strtolower($snortcfg['interface']); - if (!empty($snortcfg['descr'])) - $service['description'] = "Barnyard2 Logging - " . $snortcfg['descr']; - else - $service['description'] = "Barnyard2 Logging - " . convert_friendly_interface_to_friendly_descr($snortcfg['interface']); - $service['uuid'] = $snortcfg['uuid']; - $service['startcmd'] = "\$action='start';\$service='barnyard2';\$uuid={$snortcfg['uuid']};\$rc = include '/usr/local/pkg/snort/snort_service_utils.php';"; - $service['stopcmd'] = "\$action='stop';\$service='barnyard2';\$uuid={$snortcfg['uuid']};\$rc = include '/usr/local/pkg/snort/snort_service_utils.php';"; - $service['restartcmd'] = "\$action='restart';\$service='barnyard2';\$uuid={$snortcfg['uuid']};\$rc = include '/usr/local/pkg/snort/snort_service_utils.php';"; - $service['custom_php_service_status_command'] = "\$action='status';\$service='barnyard2';\$uuid={$snortcfg['uuid']};\$rc = include '/usr/local/pkg/snort/snort_service_utils.php';"; - $config['installedpackages']['service'][] = $service; - $is_dirty = TRUE; - } } + /* create snort bootup file snort.sh */ + snort_create_rc(); + /* Set Log Limit, Block Hosts Time and Rules Update Time */ snort_snortloglimit_install_cron(true); snort_rm_blocked_install_cron($config['installedpackages']['snortglobal']['rm_blocked'] != "never_b" ? true : false); diff --git a/config/snort/snort_service_utils.php b/config/snort/snort_service_utils.php deleted file mode 100644 index 04f1c139..00000000 --- a/config/snort/snort_service_utils.php +++ /dev/null @@ -1,127 +0,0 @@ -<?php -/* - * snort_service_utils.php - * - * Copyright (C) 2006 Scott Ullrich - * Copyright (C) 2009-2010 Robert Zelaya - * Copyright (C) 2011-2012 Ermal Luci - * Copyright (C) 2013,2014 Bill Meeks - * part of pfSense - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions are met: - * - * 1. Redistributions of source code must retain the above copyright notice, - * this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - * AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - * AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, - * OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - * POSSIBILITY OF SUCH DAMAGE. - */ - -/***************************************************************************** - * This file is called by the custom service start, stop and status handlers * - * created for each enabled Snort and Barnyard interface. The calling code * - * is expected to set the following varibles to indicate the action desired. * - * * - * $action = start, stop, restart or status * - * $service = executable to act upon (snort or barnyard2) * - * $uuid = Unique Identifier ID for the rule interface * - * * - *****************************************************************************/ - -require_once("/usr/local/pkg/snort/snort.inc"); - -global $g, $config; - -if (empty($uuid)) { - log_error(gettext("[Snort] error in snort_service_utils.php ... no UUID provided.")); - return FALSE; -} -if (strtolower($service) != "snort" && strtolower($service) != "barnyard2") { - log_error(gettext("[Snort] error in snort_service_utils.php ... unrecognized service '{$service}' provided.")); - return FALSE; -} - -$service = strtolower($service); -$action = strtolower($action); - -// First find the correct [rule] index in our config using the UUID -if (!is_array($config['installedpackages']['snortglobal']['rule'])) - return FALSE; -foreach ($config['installedpackages']['snortglobal']['rule'] as $rule) { - if ($rule['uuid'] == $uuid) { - $if_real = get_real_interface($rule['interface']); - - // Block changes when package is being started from shell script - if (file_exists("{$g['varrun_path']}/snort_pkg_starting.lck")) { - log_error(gettext("[Snort] interface service start/stop commands locked-out during package start/restart.")); - return TRUE; - } - - // If interface is manually stopped, then don't try to start it - if (($action == 'start' || $action == 'restart') && file_exists("{$g['varrun_path']}/{$service}_{$uuid}.disabled")) { - log_error(gettext("[Snort] auto-start locked out by previous manual shutdown...must be started using Snort INTERFACES tab.")); - return FALSE; - } - - switch ($action) { - case 'start': - if ($service == "snort") - snort_start($rule, $if_real, TRUE); - elseif ($service == "barnyard2") - snort_barnyard_start($rule, $if_real, TRUE); - else - return FALSE; - return TRUE; - - case 'stop': - if ($service == "snort") - snort_stop($rule, $if_real); - elseif ($service == "barnyard2") - snort_barnyard_stop($rule, $if_real); - else - return FALSE; - return TRUE; - - case 'restart': - if ($service == "snort") { - snort_stop($rule, $if_real); - sleep(1); - snort_start($rule, $if_real, TRUE); - } - elseif ($service == "barnyard2") { - snort_barnyard_stop($rule, $if_real); - sleep(1); - snort_barnyard_start($rule, $if_real, TRUE); - } - else - return FALSE; - return TRUE; - - case 'status': - if (isvalidpid("{$g['varrun_path']}/{$service}_{$if_real}{$uuid}.pid")) - return TRUE; - else - return FALSE; - - default: - log_error(gettext("[Snort] error in snort_service_utils.php ... unrecognized action '{$action}' provided.")); - return FALSE; - } - } -} - -?> |