diff options
| -rw-r--r-- | packages/snort/snort.inc | 29 |
1 files changed, 22 insertions, 7 deletions
diff --git a/packages/snort/snort.inc b/packages/snort/snort.inc index 96a97d7b..fa55b735 100644 --- a/packages/snort/snort.inc +++ b/packages/snort/snort.inc @@ -3,6 +3,7 @@ /* snort.inc Copyright (C) 2006 Scott Ullrich + part of pfSense All rights reserved. Redistribution and use in source and binary forms, with or without @@ -44,6 +45,7 @@ function sync_package_snort_reinstall() { function sync_package_snort() { global $config, $g; conf_mount_rw(); + /* create a few directories and ensure the sample files are in place */ exec("/bin/mkdir -p /usr/local/etc/snort"); exec("/bin/mkdir -p /var/log/snort"); exec("/bin/cp /usr/local/etc/snort/unicode.map-sample /usr/local/etc/snort/unicode.map"); @@ -82,6 +84,7 @@ function sync_package_snort() { if($_POST['blockoffenders']) $start .= ";/usr/bin/killall snort2c; snort2c -w /var/db/whitelist -a /var/log/snort/alert"; + /* write out rc.d start/stop file */ write_rcfile(array( "file" => "snort.sh", "start" => $start, @@ -115,6 +118,7 @@ function create_snort_conf() { function snort_deinstall() { $text_ww = "*/60\t* \t 1\t *\t *\t root\t /usr/bin/nice -n20 /usr/local/pkg/snort_check_for_rule_updates.php"; $filenamea = "/etc/crontab"; + /* remove auto rules update helper */ remove_text_from_file($filenamea, $text_ww); /* remove custom sysctl */ remove_text_from_file("/etc/sysctl.conf", "sysctl net.bpf.bufsize=20480"); @@ -142,6 +146,7 @@ function generate_snort_conf() { /* should we install a automatic update crontab entry? */ $automaticrulesupdate = $config['installedpackages']['snort']['config'][0]['automaticrulesupdate']; + /* if user is on pppoe, we really want to use ng0 interface */ if($config['interfaces'][$snort_ext_int]['ipaddr'] == "pppoe") $snort_ext_int = "ng0"; @@ -171,8 +176,8 @@ function generate_snort_conf() { else $ssh_port = "22"; - /* iterate through interface list and write out whitelist items - * and also compile a home_net list for snort. + /* iterate through interface list and write out whitelist items + * and also compile a home_net list for snort. */ foreach($int_array as $int) { /* calculate interface subnet information */ @@ -233,11 +238,11 @@ function generate_snort_conf() { /* build snort configuration file */ $snort_conf_text = <<<EOD -#snort configuration file -#generated by the pfSense -#package manager system -#see /usr/local/pkg/snort.inc -#for more information +# snort configuration file +# generated by the pfSense +# package manager system +# see /usr/local/pkg/snort.inc +# for more information var AIM_SERVERS [64.12.24.0/24,64.12.25.0/24,64.12.26.14/24,64.12.28.0/24,64.12.29.0/24,64.12.161.0/24,64.12.163.0/24,205.188.5.0/24,205.188.9.0/24] var HTTP_PORTS 80 @@ -335,6 +340,10 @@ EOD; return $snort_conf_text; } +/* check downloaded text from snort.org to make sure that an error did not occur + * for example, if you are not a premium subscriber you can only download rules + * so often, etc. + */ function check_for_common_errors($filename) { global $snort_filename, $snort_filename_md5, $console_mode; ob_flush(); @@ -372,6 +381,7 @@ function check_for_common_errors($filename) { } } +/* force browser to scroll all the way down */ function scroll_down_to_bottom_of_page() { global $snort_filename, $console_mode; ob_flush(); @@ -379,6 +389,7 @@ function scroll_down_to_bottom_of_page() { echo "\n<script type=\"text/javascript\">parent.scrollTo(0,1500);\n</script>"; } +/* ensure downloaded file looks sane */ function verify_downloaded_file($filename) { global $snort_filename, $snort_filename_md5, $console_mode; ob_flush(); @@ -402,6 +413,7 @@ function verify_downloaded_file($filename) { update_all_status("Verifyied {$filename}."); } +/* extract rules */ function extract_snort_rules_md5($tmpfname) { global $snort_filename, $snort_filename_md5, $console_mode; ob_flush(); @@ -419,6 +431,7 @@ function extract_snort_rules_md5($tmpfname) { } } +/* verify MD5 against downloaded item */ function verify_snort_rules_md5($tmpfname) { global $snort_filename, $snort_filename_md5, $console_mode; ob_flush(); @@ -441,6 +454,7 @@ function verify_snort_rules_md5($tmpfname) { } } +/* hide progress bar */ function hide_progress_bar_status() { global $snort_filename, $snort_filename_md5, $console_mode; ob_flush(); @@ -448,6 +462,7 @@ function hide_progress_bar_status() { echo "\n<script type=\"text/javascript\">document.progressbar.style.visibility='hidden';\n</script>"; } +/* update both top and bottom text box during an operation */ function update_all_status($status) { global $snort_filename, $snort_filename_md5, $console_mode; ob_flush(); |