diff options
Diffstat (limited to 'config/snort-dev')
-rw-r--r-- | config/snort-dev/snort_download_rules.php | 114 | ||||
-rw-r--r-- | config/snort-dev/snort_rules.php | 37 |
2 files changed, 89 insertions, 62 deletions
diff --git a/config/snort-dev/snort_download_rules.php b/config/snort-dev/snort_download_rules.php index b27d3042..d4862453 100644 --- a/config/snort-dev/snort_download_rules.php +++ b/config/snort-dev/snort_download_rules.php @@ -685,9 +685,9 @@ if ($snortdownload != "off") exec("/usr/bin/tar xzf {$tmpfname}/{$snort_filename} -C {$snortdir} so_rules/web-misc.rules/"); /* add prefix to all snort.org files */ /* remove this part and make it all php with the simplst code posible */ - //chdir ("/usr/local/etc/snort/rules_bk/rules"); - //sleep(2); - //exec('/usr/local/bin/snort_rename.pl s/^/snort_/ *.rules'); + chdir ("/usr/local/etc/snort/rules_bk/rules"); + sleep(2); + exec('/usr/local/bin/perl /usr/local/bin/snort_rename.pl s/^/snort_/ *.rules'); update_status(gettext("Done extracting Rules.")); }else{ update_status(gettext("The Download rules file missing...")); @@ -963,31 +963,9 @@ exec("/usr/local/bin/perl /usr/local/bin/create-sidmap.pl /usr/local/etc/snort/r ////////////////// -/* Start the proccess for every interface rule */ -/* TODO: try to make the code smother */ - -if (!empty($config['installedpackages']['snortglobal']['rule'])) { - -$rule_array = $config['installedpackages']['snortglobal']['rule']; -$id = -1; -foreach ($rule_array as $value) { - -$id += 1; - -$result_lan = $config['installedpackages']['snortglobal']['rule'][$id]['interface']; -$if_real = convert_friendly_interface_to_real_interface_name($result_lan); - - /* make oinkmaster.conf for each interface rule */ - oinkmaster_conf(); - - /* run oinkmaster for each interface rule */ - oinkmaster_run(); - - } -} - /* open oinkmaster_conf for writing" function */ -function oinkmaster_conf() { +function oinkmaster_conf() +{ global $config, $g, $id, $if_real, $snortdir_wan, $snortdir, $snort_md5_check_ok, $emerg_md5_check_ok, $pfsense_md5_check_ok; conf_mount_rw(); @@ -1031,7 +1009,7 @@ $selected_sid_off_sections EOD; /* open snort's oinkmaster.conf for writing */ - $oinkmasterlist = fopen("/usr/local/etc/snort/oinkmaster_$if_real.conf", "w"); + $oinkmasterlist = fopen("/usr/local/etc/snort/snort_$id$if_real/oinkmaster_$id$if_real.conf", "w"); fwrite($oinkmasterlist, "$snort_sid_text"); @@ -1044,31 +1022,33 @@ EOD; /* Run oinkmaster to snort_wan and cp configs */ /* If oinkmaster is not needed cp rules normally */ /* TODO add per interface settings here */ -function oinkmaster_run() { +function oinkmaster_run() +{ global $config, $g, $id, $if_real, $snortdir_wan, $snortdir, $snort_md5_check_ok, $emerg_md5_check_ok, $pfsense_md5_check_ok; conf_mount_rw(); -if ($snort_md5_check_ok != on || $emerg_md5_check_ok != on || $pfsense_md5_check_ok != on) { - - if (empty($config['installedpackages']['snortglobal']['rule'][$id]['rule_sid_on']) || empty($config['installedpackages']['snortglobal']['rule'][$id]['rule_sid_off'])) { - update_status(gettext("Your first set of rules are being copied...")); - update_output_window(gettext("May take a while...")); - exec("/bin/echo \"test {$snortdir} {$snortdir_wan} $id$if_real\" > /root/debug"); - exec("/bin/cp {$snortdir}/rules/\* {$snortdir_wan}/snort_$id$if_real/rules/"); - exec("/bin/cp {$snortdir}/classification.config {$snortdir_wan}/snort_$id$if_real"); - exec("/bin/cp {$snortdir}/gen-msg.map {$snortdir_wan}/snort_$id$if_real"); - exec("/bin/cp {$snortdir}/generators {$snortdir_wan}/snort_$id$if_real"); - exec("/bin/cp {$snortdir}/reference.config {$snortdir_wan}/snort_$id$if_real"); - exec("/bin/cp {$snortdir}/sid {$snortdir_wan}/snort_$id$if_real"); - exec("/bin/cp {$snortdir}/sid-msg.map {$snortdir_wan}/snort_$id$if_real"); - exec("/bin/cp {$snortdir}/unicode.map {$snortdir_wan}/snort_$id$if_real"); + if ($snort_md5_check_ok != on || $emerg_md5_check_ok != on || $pfsense_md5_check_ok != on) + { -} else { + if ($config['installedpackages']['snortglobal']['rule'][$id]['rule_sid_on'] == '' && $config['installedpackages']['snortglobal']['rule'][$id]['rule_sid_off'] == '') + { + update_status(gettext("Your first set of rules are being copied...")); + update_output_window(gettext("May take a while...")); + exec("/bin/echo \"test {$snortdir} {$snortdir_wan} $id$if_real\" > /root/debug"); + exec("/bin/cp {$snortdir}/rules/* {$snortdir_wan}/snort_$id$if_real/rules/"); + exec("/bin/cp {$snortdir}/classification.config {$snortdir_wan}/snort_$id$if_real"); + exec("/bin/cp {$snortdir}/gen-msg.map {$snortdir_wan}/snort_$id$if_real"); + exec("/bin/cp {$snortdir}/generators {$snortdir_wan}/snort_$id$if_real"); + exec("/bin/cp {$snortdir}/reference.config {$snortdir_wan}/snort_$id$if_real"); + exec("/bin/cp {$snortdir}/sid {$snortdir_wan}/snort_$id$if_real"); + exec("/bin/cp {$snortdir}/sid-msg.map {$snortdir_wan}/snort_$id$if_real"); + exec("/bin/cp {$snortdir}/unicode.map {$snortdir_wan}/snort_$id$if_real"); + }else{ update_status(gettext("Your enable and disable changes are being applied to your fresh set of rules...")); update_output_window(gettext("May take a while...")); exec("/bin/echo \"test2 {$snortdir} {$snortdir_wan} $id$if_real\" > /root/debug"); - exec("/bin/cp {$snortdir}/rules/\* {$snortdir_wan}/snort_$id$if_real/rules/"); + exec("/bin/cp {$snortdir}/rules/* {$snortdir_wan}/snort_$id$if_real/rules/"); exec("/bin/cp {$snortdir}/classification.config {$snortdir_wan}/snort_$id$if_real"); exec("/bin/cp {$snortdir}/gen-msg.map {$snortdir_wan}/snort_$id$if_real"); exec("/bin/cp {$snortdir}/generators {$snortdir_wan}/snort_$id$if_real"); @@ -1077,23 +1057,46 @@ if ($snort_md5_check_ok != on || $emerg_md5_check_ok != on || $pfsense_md5_check exec("/bin/cp {$snortdir}/sid-msg.map {$snortdir_wan}/snort_$id$if_real"); exec("/bin/cp {$snortdir}/unicode.map {$snortdir_wan}/snort_$id$if_real"); - /* oinkmaster.pl will convert saved changes for the new updates then we have to change #alert to # alert for the gui */ /* might have to add a sleep for 3sec for flash drives or old drives */ - exec("/usr/local/bin/perl /usr/local/bin/oinkmaster.pl -C /usr/local/etc/snort/oinkmaster_$id$if_real.conf -o /usr/local/etc/snort/snort_$id$if_real/rules > /usr/local/etc/snort/oinkmaster_$id$if_real.log"); - + exec("/usr/local/bin/perl /usr/local/bin/oinkmaster.pl -C /usr/local/etc/snort/snort_$id$if_real/oinkmaster_$id$if_real.conf -o /usr/local/etc/snort/snort_$id$if_real/rules > /usr/local/etc/snort/oinkmaster_$id$if_real.log"); } } } +/* Start the proccess for every interface rule */ +/* TODO: try to make the code smother */ + +if (!empty($config['installedpackages']['snortglobal']['rule'])) +{ + + $rule_array = $config['installedpackages']['snortglobal']['rule']; + $id = -1; + foreach ($rule_array as $value) { + + $id += 1; + + $result_lan = $config['installedpackages']['snortglobal']['rule'][$id]['interface']; + $if_real = convert_friendly_interface_to_real_interface_name($result_lan); + + /* make oinkmaster.conf for each interface rule */ + oinkmaster_conf(); + + /* run oinkmaster for each interface rule */ + oinkmaster_run(); + + } +} + ////////////// /* mark the time update finnished */ $config['installedpackages']['snortglobal']['last_rules_install'] = date("Y-M-jS-h:i-A"); /* remove old $tmpfname files */ -if (file_exists("{$tmpfname}")) { - update_status(gettext("Cleaning up...")); - exec("/bin/rm -r /tmp/snort_rules_up"); +if (file_exists("{$tmpfname}")) +{ + update_status(gettext("Cleaning up...")); + exec("/bin/rm -r /tmp/snort_rules_up"); sleep(2); exec("/bin/rm -r {$snortdir}/rules_bk/rules/"); apc_clear_cache(); @@ -1104,6 +1107,15 @@ sleep(2); apc_clear_cache(); exec("/bin/sync ;/bin/sync ;/bin/sync ;/bin/sync ;/bin/sync ;/bin/sync ;/bin/sync ;/bin/sync"); +/* make all dirs snorts */ +exec("/usr/sbin/chown -R snort:snort /var/log/snort"); +exec("/usr/sbin/chown -R snort:snort /usr/local/etc/snort"); +exec("/usr/sbin/chown -R snort:snort /usr/local/lib/snort"); +exec("/bin/chmod -R 755 /var/log/snort"); +exec("/bin/chmod -R 755 /usr/local/etc/snort"); +exec("/bin/chmod -R 755 /usr/local/lib/snort"); + + /* if snort is running hardrestart, if snort is not running do nothing */ if (file_exists("/tmp/snort_download_halt.pid")) { start_service("snort"); diff --git a/config/snort-dev/snort_rules.php b/config/snort-dev/snort_rules.php index b77e6224..2a9d4f2f 100644 --- a/config/snort-dev/snort_rules.php +++ b/config/snort-dev/snort_rules.php @@ -167,7 +167,10 @@ function load_rule_file($incoming_file) $ruledir = "/usr/local/etc/snort/snort_{$id}{$if_real}/rules/"; $dh = opendir($ruledir); -$message_reload = "The Snort rule configuration has been changed.<br>You must apply the changes in order for them to take effect."; +if ($_GET['openruleset'] != '' && $_GET['ids'] != '') +{ + header("Location: /snort/snort_rules.php?id=$id&openruleset={$_GET['openruleset']}&saved=yes"); +} while (false !== ($filename = readdir($dh))) { @@ -196,6 +199,9 @@ $splitcontents = load_rule_file($file); if ($_POST) { + + conf_mount_rw(); + if (!$_POST['apply']) { //retrieve POST data $post_lineid = $_POST['lineid']; @@ -279,18 +285,12 @@ if ($_POST) $stopMsg = true; } - - if ($_POST['apply']) { -// stop_service("snort"); -// sleep(2); -// start_service("snort"); - $savemsg = "The snort rules selections have been saved. Please restart snort by clicking save on the settings tab."; - $stopMsg = false; - } - } else if ($_GET['act'] == "toggle") { + + conf_mount_rw(); + $toggleid = $_GET['ids']; //copy rule contents from array into string @@ -354,6 +354,8 @@ else if ($_GET['act'] == "toggle") // add sid off registers to new off sid $a_nat[$id]['rule_sid_off'] = "||disablesid $sid_off" . $a_nat[$id]['rule_sid_off']; write_config(); + conf_mount_rw(); + } else { @@ -377,10 +379,23 @@ else if ($_GET['act'] == "toggle") // add sid on registers to new on sid $a_nat[$id]['rule_sid_on'] = "||enablesid $sid_on" . $a_nat[$id]['rule_sid_on']; write_config(); + conf_mount_rw(); } } +//if ($GET['saved'] == 'yes') +//{ + $message = "The Snort rule configuration has been changed.<br>You must apply the changes in order for them to take effect."; + echo "please work"; +// stop_service("snort"); +// sleep(2); +// start_service("snort"); +// $savemsg = ""; +// $stopMsg = false; + +//} + $currentruleset = basename($file); $pgtitle = "Snort: Interface $id$if_real Rule File $currentruleset"; @@ -394,7 +409,7 @@ include("head.inc"); <?php echo "<form action=\"snort_rules.php?id={$id}\" method=\"post\" name=\"iform\" id=\"iform\">"; ?> -<?php if ($savemsg){print_info_box($savemsg);} else if ($stopMsg){print_info_box_np($message_reload);}?> +<?php // print_info_box($message);?> </form> <script type="text/javascript" language="javascript" src="row_toggle.js"> <script src="/javascript/sorttable.js" type="text/javascript"> |