aboutsummaryrefslogtreecommitdiffstats
path: root/config/snort-dev
diff options
context:
space:
mode:
Diffstat (limited to 'config/snort-dev')
-rw-r--r--config/snort-dev/NOTES.txt58
-rw-r--r--config/snort-dev/snort.inc391
-rw-r--r--config/snort-dev/snort_barnyard.php2
-rw-r--r--config/snort-dev/snort_define_servers.php2
-rw-r--r--config/snort-dev/snort_gui.inc59
-rw-r--r--config/snort-dev/snort_interfaces.php140
-rw-r--r--config/snort-dev/snort_interfaces_edit.php160
-rw-r--r--config/snort-dev/snort_preprocessors.php2
8 files changed, 422 insertions, 392 deletions
diff --git a/config/snort-dev/NOTES.txt b/config/snort-dev/NOTES.txt
index b6c49926..88c80cb2 100644
--- a/config/snort-dev/NOTES.txt
+++ b/config/snort-dev/NOTES.txt
@@ -1,59 +1,19 @@
-November 18 2009
+March 16 2019
+Snort-dev 2.8.5.3 pk v. 12 Beta
-Snort_inline due date is by Dec 1st. (Why ? Scott said so.)
+Snort is Stoping/Starting with new UUID. Files are independent of rule order now. Ya me.......
-Gui is almost done. just odds and ends left.
+TODO:
+The snort.sh code needs to be looked at and made sure there is a new file at every enabe/disbale save,
+reboot, rule delete.
-If you work on this package just comment on every-thing you change or add.
+The snort_interfaces.php needs speed inprovments. !inportant.
-====================
-Goals
-====================
+Make sure I ad a reset button someware the removes all of snort-devs addd to config.xml
-Release the New snort GUI as a package for 1.2.3 so that we can work out bugs.
+Pierre POMES code needs to be added.
-Move the Snort GUI to base of Pfsense. The divert options should be added to firewall_nat.php or firewall_rules.php.
-Ask Ermal to add divert out to Pfsense again though, he has kept divert in.
-
-=================================
-Any Devs that would like to help please work on snort_rules_edit.php and snort_rules.php. They work but need cleaning up.
-=================================
-
-To get snort_rules_edit.php and snort_rules.php working
-
- * Update the rules.
- * Add at least on rule to snort_interfaces.php.
-
-snort_rules_edit.php
-Make sure all snort sig options that are in the GUI are written to file.
-
-snort_rules.php
-Change the way the rules get disabled, by removing the x icon image and replacing it with check boxes.
-This should improve the users experience. Moreover, check boxes could be added to blocked.php tab to improve performance.
-Users always complain that the way were deleting options is slow.
-
-===========================================
-Misc.
-===========================================
-
-All further development will be in Freebsd 8.
-
-ALL further snort and barnyard builds will be mmx sse.
-
-All further snort builds will have snort_inline code.
-
-All further builds will have "did I start on a pfsense system" code, if not, exit.
-
-Adding extra options to the new snort gui for snort_inline should be easy.
-
-Snort_inline binaries with custom c++ code ready to go.
-
-Snort_inline works with only one Wan and Lan. Add a Opt onterface and the TCP flow goes into a loop.
-This should be easy to fix by the firewall guru by modifying the divert rule I am using.
-
-
-
Done. \ No newline at end of file
diff --git a/config/snort-dev/snort.inc b/config/snort-dev/snort.inc
index 513fc626..b773b231 100644
--- a/config/snort-dev/snort.inc
+++ b/config/snort-dev/snort.inc
@@ -44,14 +44,40 @@ if ($pfsense_ver_chk == '1.2.3-RELEASE')
$pfsense_stable = 'no';
}
-/* Get id and realinterfaces */
+/* check if uniq snort proc is running */
+function uniq_snort_proc($id, $if_real)
+{
+ global $config, $g, $id, $if_real;
+
+$snort_uuid = $config['installedpackages']['snortglobal']['rule'][$id]['uuid'];
+$snort_up_ck = exec("/bin/ps -auwx | /usr/bin/grep -v grep | /usr/bin/grep snort | /usr/bin/awk '{print \$2;}' | sed 1q");
+
+ if ($snort_up_ck == '')
+ {
+ $snort_up == 'false';
+ }
+
+ if ($snort_up_ck == '')
+ {
+ $snort_up = 'false';
+ }
+
+ if ($snort_up_ck != '')
+ {
+ $snort_up_pre = exec("/usr/bin/top -a -U snort -u | grep -v grep | grep \"R {$snort_uuid}_{$if_real}\" | awk '{print \$1;}'");
-$id = $_GET['id'];
-if (isset($_POST['id']))
- $id = $_POST['id'];
+ $snort_up_s = exec("/usr/bin/top -U snort -u | grep snort | grep {$snort_up_pre} | /usr/bin/awk '{print \$1;}'");
+ $snort_up_r = exec("/usr/bin/top -U root -u | grep snort | grep {$snort_up_pre} | /usr/bin/awk '{print \$1;}'");
-$interface_fake = $config['installedpackages']['snortglobal']['rule'][$id]['interface'];
-$if_real = convert_friendly_interface_to_real_interface_name($interface_fake);
+ if ($snort_up_s != '' || $snort_up_r != '')
+ {
+ $snort_up = 'true';
+ }else{
+ $snort_up = 'false';
+ }
+ return $snort_up;
+ }
+}
/* get the real iface name of wan */
function convert_friendly_interface_to_real_interface_name2($interface)
@@ -420,6 +446,55 @@ function snort_rules_up_install_cron($should_install) {
}
}
+function sync_snort_package_remove_old()
+{
+
+ global $config, $g;
+
+$snort_dir_scan = '/usr/local/etc/snort';
+
+// scan dirm might have to make this into a funtion
+$dh_scan = opendir($snort_dir_scan);
+while (false !== ($dir_filename = readdir($dh_scan))) {
+ $list_dir_files[] = $dir_filename;
+}
+
+// find patern in a array, very cool code
+class array_ereg {
+ function array_ereg($pattern) { $this->pattern = $pattern; }
+ function ereg($string) {
+ return ereg($this->pattern, $string);
+ }
+}
+
+ $rule_array2 = $config['installedpackages']['snortglobal']['rule'];
+ $id2 = -1;
+ foreach ($rule_array2 as $value)
+ {
+
+ $id += 1;
+
+ $result_lan = $config['installedpackages']['snortglobal']['rule'][$id]['interface'];
+ $if_real = convert_friendly_interface_to_real_interface_name($result_lan);
+
+ $snort_rules_list[] = "snort_$id$if_real";
+
+ }
+
+
+$snort_dir_filter = array_filter($list_dir_files, array(new array_ereg("snort_"), 'ereg'));
+$snort_dir_filter_search_result = array_diff($snort_dir_filter, $snort_rules_list);
+
+ foreach ($snort_dir_filter_search_result as $value)
+ {
+ exec("rm -r /usr/local/etc/snort/$value");
+ exec("echo \"rm -r /usr/local/etc/snort/$value\" >> /root/test.log");
+ }
+
+ exec("echo \"Function remove ....\" >> /root/test.log");
+
+}
+
/* make sure this func on writes to files and does not start snort */
function sync_snort_package()
{
@@ -439,7 +514,9 @@ function sync_snort_package()
exec("/usr/sbin/chown -R snort:snort /usr/local/lib/snort");
exec("/bin/chmod -R 755 /var/log/snort");
exec("/bin/chmod -R 755 /usr/local/etc/snort");
- exec("/bin/chmod -R 755 /usr/local/lib/snort");
+ exec("/bin/chmod -R 755 /usr/local/lib/snort");
+
+ exec("echo \"Funtion sync package....\" >> /root/test.log");
conf_mount_ro();
}
@@ -447,10 +524,7 @@ function sync_snort_package()
/* make sure this func on writes to files and does not start snort */
function sync_snort_package_all()
{
- global $config, $g, $id, $if_real, $interface_fake;
- conf_mount_rw();
-
-
+ global $config, $g, $id, $if_real, $snort_uuid, $interface_fake;
/* RedDevil suggested code */
/* TODO: more testing needs to be done */
@@ -459,112 +533,37 @@ exec("/sbin/sysctl net.bpf.maxbufsize=4194304");
exec("/sbin/sysctl net.bpf.maxinsns=512");
exec("/sbin/sysctl net.inet.tcp.rfc1323=1");
-if ($id != '' && $if_real != '')
+# Error checking
+if ($id != '' && $if_real != '') //new
{
-
/* do not start config build if rules is empty */
if (!empty($config['installedpackages']['snortglobal']['rule']))
{
- if ($id == "")
- {
- $rule_array = $config['installedpackages']['snortglobal']['rule'];
- $id = -1;
- foreach ($rule_array as $value)
- {
-
- $id += 1;
+ conf_mount_rw();
+ $snort_uuid = $config['installedpackages']['snortglobal']['rule'][$id]['uuid'];
$result_lan = $config['installedpackages']['snortglobal']['rule'][$id]['interface'];
$if_real = convert_friendly_interface_to_real_interface_name($result_lan);
/* create snort configuration file */
- create_snort_conf();
-
- /* create snort bootup file snort.sh */
- create_snort_sh();
+ create_snort_conf($id, $if_real, $snort_uuid);
/* if rules exist cp rules to each iface */
- create_rules_iface();
+ create_rules_iface($id, $if_real, $snort_uuid);
/* create barnyard2 configuration file */
$snortbarnyardlog_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['barnyard_enable'];
if ($snortbarnyardlog_info_chk == 'on')
- create_barnyard2_conf();
-
- }
-
- }else{
+ create_barnyard2_conf($id, $if_real, $snort_uuid);
- /* create snort configuration file */
- create_snort_conf();
-
- /* create snort bootup file snort.sh */
- create_snort_sh();
-
- /* if rules exist cp rules to each iface */
- create_rules_iface();
-
- /* create barnyard2 configuration file */
- $snortbarnyardlog_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['barnyard_enable'];
- if ($snortbarnyardlog_info_chk == on)
- {
- create_barnyard2_conf();
- }
+ exec("echo \"Funtion sync all $id $if_real $snort_uuid....\" >> /root/test.log");
+ conf_mount_ro();
}
}
-
- /* all new files are for the user snort nologin */
- if(!file_exists("/var/log/snort"))
- {
- exec("/bin/mkdir -p /var/log/snort");
- }
-
- exec("/usr/sbin/chown -R snort:snort /var/log/snort");
- exec("/usr/sbin/chown -R snort:snort /usr/local/etc/snort");
- exec("/usr/sbin/chown -R snort:snort /usr/local/lib/snort");
- exec("/bin/chmod -R 755 /var/log/snort");
- exec("/bin/chmod -R 755 /usr/local/etc/snort");
- exec("/bin/chmod -R 755 /usr/local/lib/snort");
-
- /* Generate the snort instance list */
- $rc_snort = "";
- $i = 0;
- $rules = &$config['installedpackages']['snortglobal']['rule'];
- foreach($rules as $snort) {
- $name = "${i}${if_real}";
- $if_real = convert_friendly_interface_to_real_interface_name($snort['interface']);
- $rc_snort .= "snort_list=\"\${snort_list} ${name}\"\n";
- $rc_snort .= "snort_${name}_conf=\"/usr/local/etc/snort/snort_${name}/snort.conf\"\n";
- $rc_snort .= "snort_${name}_name=\"${name}\"\n";
- $rc_snort .= "snort_${name}_id=\"${i}\"\n";
- $rc_snort .= "snort_${name}_interface=\"${if_real}\"\n";
-
- $snortenable_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['enable'];
- if ($snortenable_info_chk == 'on')
- $rc_snort .= "snort_${name}_enable=\"YES\"\n";
- else
- $rc_snort .= "snort_${name}_enable=\"NO\"\n";
-
- $snortbarnyardlog_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['barnyard_enable'];
- if ($snortbarnyardlog_info_chk == 'on')
- $rc_snort .= "snort_${name}_barnyard=\"YES\"\n";
- $i++;
- }
- $rcconf = fopen("/var/etc/rc.snort", "w");
- if(!$rcconf) {
- log_error("Could not open /var/etc/rc.snort for writing.");
- exit;
- }
- fwrite($rcconf, $rc_snort);
- fclose($rcconf);
-
-
- conf_mount_ro();
-
-}
}
+
/* Start of main config files */
/* Start of main config files */
@@ -576,15 +575,17 @@ function create_snort_sh()
{
# Don not add $id or this will break
- global $config, $g, $if_real, $if_real_wan;
+ global $config, $g;
conf_mount_rw();
+exec("echo \"Craete snort.sh $snort_uuid $if_real $id....\" >> /root/test.log");
+
$snortbarnyardlog_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['barnyard_enable'];
/* define snortbarnyardlog_chk */
if ($snortbarnyardlog_info_chk == on) {
- $start_barnyard2 = "sleep 4/n/usr/local/bin/barnyard2 -u snort -g snort -c /usr/local/etc/snort/snort_$id$if_real/barnyard2.conf -d /var/log/snort -f snort.u2_$id$if_real -w /usr/local/etc/snort/snort_$id$if_real/barnyard2.waldo -D -q";
+ $start_barnyard2 = "sleep 4/n/usr/local/bin/barnyard2 -u snort -g snort -c /usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/barnyard2.conf -d /var/log/snort -f snort.u2_{$snort_uuid}_{$if_real} -w /usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/barnyard2.waldo -D -q";
}
@@ -600,7 +601,8 @@ function create_snort_sh()
{
$id += 1;
-
+
+ $snort_uuid = $config['installedpackages']['snortglobal']['rule'][$id]['uuid'];
$result_lan = $config['installedpackages']['snortglobal']['rule'][$id]['interface'];
$if_real = convert_friendly_interface_to_real_interface_name($result_lan);
@@ -610,18 +612,18 @@ $snort_sh_text2[] = <<<EOD
###### For Each Iface
# If Snort proc is NOT running
- if [ "`/bin/ps -auwx | grep -v grep | grep "R $id$if_real" | awk '{print $2;}'`" = "" ]; then
+ if [ "`/bin/ps -auwx | grep -v grep | grep "R {$snort_uuid}_{$if_real}" | awk '{print $2;}'`" = "" ]; then
/bin/echo "snort.sh run" > /tmp/snort.sh.pid
# Start snort and barnyard2
- /bin/rm /var/run/snort_$if_real$id$if_real.pid
- /bin/rm /var/run/snort_$if_real$id$if_real.pid.lck
+ /bin/rm /var/run/snort_{$snort_uuid}_{$if_real}.pid
+ /bin/rm /var/run/snort_{$snort_uuid}_{$if_real}.pid.lck
- /usr/local/bin/snort -u snort -g snort -R $id$if_real -D -q -l /var/log/snort -G $id -c /usr/local/etc/snort/snort_$id$if_real/snort.conf -i $if_real
+ /usr/local/bin/snort -u snort -g snort -R {$snort_uuid}_{$if_real} -D -q -l /var/log/snort -G {$snort_uuid} -c /usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/snort.conf -i {$if_real}
$start_barnyard2
- /usr/bin/logger -p daemon.info -i -t SnortStartup "Snort HARD Reload For $id$if_real..."
+ /usr/bin/logger -p daemon.info -i -t SnortStartup "Snort HARD Reload For {$snort_uuid}_{$if_real}..."
fi
EOD;
@@ -632,9 +634,9 @@ $snort_sh_text3[] = <<<EOE
#### Fake start only used on bootup and Pfsense IP changes
#### Only try to restart if snort is running on Iface
- if [ "`/bin/ps -auwx | /usr/bin/grep -v grep | /usr/bin/grep "R $id$if_real" | /usr/bin/awk '{print $2;}'`" != "" ]; then
+ if [ "`/bin/ps -auwx | /usr/bin/grep -v grep | /usr/bin/grep "R {$snort_uuid}_{$if_real}" | /usr/bin/awk '{print $2;}'`" != "" ]; then
- snort_pid="`/bin/ps -auwx | /usr/bin/grep -v grep | /usr/bin/grep "R $id$if_real" | /usr/bin/awk '{print $2;}'`"
+ snort_pid="`/bin/ps -auwx | /usr/bin/grep -v grep | /usr/bin/grep "R {$snort_uuid}_{$if_real}" | /usr/bin/awk '{print $2;}'`"
/usr/bin/logger -p daemon.info -i -t SnortStartup "Snort already running, soft restart"
#### Remake the configs on boot Important!
@@ -642,7 +644,7 @@ $snort_sh_text3[] = <<<EOE
#### Restart Iface
/bin/kill -HUP \${snort_pid}
- /usr/bin/logger -p daemon.info -i -t SnortStartup "Snort Soft Reload For $id$if_real..."
+ /usr/bin/logger -p daemon.info -i -t SnortStartup "Snort Soft Reload For {$snort_uuid}_{$if_real}..."
fi
@@ -650,21 +652,21 @@ EOE;
$snort_sh_text4[] = <<<EOF
- pid_s=`/bin/ps -auwx | /usr/bin/grep -v grep | /usr/bin/grep "R $id$if_real" | /usr/bin/awk '{print \$2;}'`
+ pid_s=`/bin/ps -auwx | /usr/bin/grep -v grep | /usr/bin/grep "R {$snort_uuid}_{$if_real}" | /usr/bin/awk '{print \$2;}'`
sleep 3
- pid_b=`/bin/ps -auwx | /usr/bin/grep -v grep | /usr/bin/grep "snort.u2_$id$if_real" | /usr/bin/awk '{print \$2;}'`
+ pid_b=`/bin/ps -auwx | /usr/bin/grep -v grep | /usr/bin/grep "snort.u2_{$snort_uuid}_{$if_real}" | /usr/bin/awk '{print \$2;}'`
if [ \${pid_s} ] ; then
/bin/echo "snort.sh run" > /tmp/snort.sh.pid
- /usr/bin/logger -p daemon.info -i -t SnortStartup "Snort HARD STOP For $id$if_real..."
+ /usr/bin/logger -p daemon.info -i -t SnortStartup "Snort HARD STOP For {$snort_uuid}_{$if_real}..."
/bin/kill \${pid_s}
sleep 3
/bin/kill \${pid_b}
- /bin/rm /var/run/snort_$if_real$id$if_real.pid.lck
- /bin/rm /var/run/snort_$if_real$id$if_real.pid
+ /bin/rm /var/run/snort_{$snort_uuid}_{$if_real}.pid.lck
+ /bin/rm /var/run/snort_{$snort_uuid}_{$if_real}.pid
fi
@@ -674,6 +676,7 @@ EOF;
}
}
+
$start_snort_iface_start = implode("\n\n", $snort_sh_text2);
$start_snort_iface_restart = implode("\n\n", $snort_sh_text3);
@@ -707,7 +710,7 @@ $start_snort_iface_restart
/bin/rm /tmp/snort.sh.pid
#### If on Fake start snort is NOT running DO a real start.
- if [ "`/bin/ps -auwx | grep -v grep | grep "R $id$if_real" | awk '{print $2;}'`" = "" ]; then
+ if [ "`/bin/ps -auwx | grep -v grep | grep "R {$snort_uuid}_{$if_real}" | awk '{print $2;}'`" = "" ]; then
rc_start_real
@@ -777,26 +780,27 @@ EOD;
///////////////////////// >>>>>>>>>>>>
/* if rules exist copy to new interfaces */
-function create_rules_iface()
+function create_rules_iface($id, $if_real, $snort_uuid)
{
- global $config, $g, $id, $if_real;
+ global $config, $g;
conf_mount_rw();
+
+exec("echo \"Create rules $snort_uuid $if_real $id ....\" >> /root/test.log");
- if ($id != '' || $if_real != '')
- {
- $if_rule_dir = "/usr/local/etc/snort/snort_$id$if_real/rules";
+
+ $if_rule_dir = "/usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/rules";
$folder_chk = (count(glob("$if_rule_dir/*")) === 0) ? 'empty' : 'full';
if ($folder_chk == "empty")
{
- exec("/bin/cp -R /usr/local/etc/snort/rules /usr/local/etc/snort/snort_$id$if_real");
- if (file_exists("/usr/local/etc/snort/custom_rules/local_$id$if_real.rules"))
+ exec("/bin/cp -R /usr/local/etc/snort/rules /usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}");
+ if (file_exists("/usr/local/etc/snort/custom_rules/local_{$snort_uuid}_{$if_real}.rules"))
{
- exec("/bin/cp /usr/local/etc/snort/custom_rules/local_$id$if_real.rules /usr/local/etc/snort/snort_$id$if_real/rules/local_$id$if_real.rules");
+ exec("/bin/cp /usr/local/etc/snort/custom_rules/local_{$snort_uuid}_{$if_real}.rules /usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/rules/local_{$snort_uuid}_{$if_real}.rules");
}
}
- }
+
}
/* open barnyard2.conf for writing */
@@ -804,15 +808,17 @@ function create_barnyard2_conf() {
global $bconfig, $bg, $id, $if_real;
/* write out barnyard2_conf */
- if(!file_exists("/usr/local/etc/snort/snort_$id$if_real/barnyard2.conf"))
+exec("echo \"Create barnyard.conf $if_real $id....\" >> /root/test.log");
+
+ if(!file_exists("/usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/barnyard2.conf"))
{
- exec("/bin//usr/bin/touch /usr/local/etc/snort/snort_$id$if_real/barnyard2.conf");
+ exec("/bin//usr/bin/touch /usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/barnyard2.conf");
}
$barnyard2_conf_text = generate_barnyard2_conf();
- $bconf = fopen("/usr/local/etc/snort/snort_$id$if_real/barnyard2.conf", "w");
+ $bconf = fopen("/usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/barnyard2.conf", "w");
if(!$bconf) {
- log_error("Could not open /usr/local/etc/snort/snort_$id$if_real/barnyard2.conf for writing.");
+ log_error("Could not open /usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/barnyard2.conf for writing.");
exit;
}
fwrite($bconf, $barnyard2_conf_text);
@@ -831,8 +837,6 @@ function generate_barnyard2_conf() {
$snortbarnyardlog_database_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['barnyard_mysql'];
$snortbarnyardlog_hostname_info_chk = exec("/bin/hostname");
-$snortbarnyardlog_interface_info_chk = $if_real;
-
$barnyard2_conf_text = <<<EOD
# barnyard2.conf
@@ -868,7 +872,7 @@ config gen-msg-map: /usr/local/etc/snort/gen-msg.map
config sid-msg-map: /usr/local/etc/snort/sid-msg.map
config hostname: $snortbarnyardlog_hostname_info_chk
-config interface: $id$snortbarnyardlog_interface_info_chk
+config interface: {$snort_uuid}_{$if_real}
# Step 2: setup the input plugins
input unified2
@@ -884,19 +888,25 @@ EOD;
}
-function create_snort_conf() {
- global $config, $g, $id, $if_real;
+function create_snort_conf($id, $if_real, $snort_uuid)
+{
+ global $config, $g, $id, $if_real, $snort_uuid;
/* write out snort.conf */
- $snort_conf_text = generate_snort_conf();
+
+exec("echo \"Create sonrt.conf $snort_uuid $if_real $id....\" >> /root/test.log");
+
+ $snort_conf_text = generate_snort_conf($id, $if_real, $snort_uuid);
conf_mount_rw();
- $conf = fopen("/usr/local/etc/snort/snort_$id$if_real/snort.conf", "w");
+ $conf = fopen("/usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/snort.conf", "w");
if(!$conf) {
- log_error("Could not open /usr/local/etc/snort/$id$if_real/snort.conf for writing.");
+ log_error("Could not open /usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/snort.conf for writing.");
exit;
}
fwrite($conf, $snort_conf_text);
fclose($conf);
conf_mount_ro();
+
+
}
function snort_deinstall()
@@ -905,6 +915,8 @@ function snort_deinstall()
global $config, $g, $id, $if_real;
conf_mount_rw();
+exec("echo \"Snort Deinstall $if_real $id....\" >> /root/test.log");
+
/* remove custom sysctl */
remove_text_from_file("/etc/sysctl.conf", "sysctl net.bpf.bufsize=20480");
/* decrease bpf buffers back to 4096, from 20480 */
@@ -924,12 +936,15 @@ function snort_deinstall()
exec("cd /var/db/pkg && pkg_delete `ls | grep snort`");
/* Remove snort cron entries Ugly code needs smoothness*/
-
+}
+
function snort_rm_blocked_deinstall_cron($should_install)
{
global $config, $g;
conf_mount_rw();
+exec("echo \"Deinstall cron block....\" >> /root/test.log");
+
$is_installed = false;
if(!$config['cron']['item'])
@@ -963,10 +978,13 @@ function snort_rm_blocked_deinstall_cron($should_install)
}
- function snort_rules_up_deinstall_cron($should_install) {
+ function snort_rules_up_deinstall_cron($should_install)
+{
global $config, $g;
conf_mount_rw();
+exec("echo \"Deinstall rules up ....\" >> /root/test.log");
+
$is_installed = false;
if(!$config['cron']['item'])
@@ -988,7 +1006,6 @@ function snort_rm_blocked_deinstall_cron($should_install)
}
configure_cron();
}
- }
snort_rm_blocked_deinstall_cron("");
snort_rules_up_deinstall_cron("");
@@ -1008,14 +1025,13 @@ snort_rules_up_deinstall_cron("");
}
-function generate_snort_conf()
+function generate_snort_conf($id, $if_real, $snort_uuid)
{
- global $config, $g, $if_real, $id;
+ global $config, $g, $id, $if_real, $snort_uuid;
conf_mount_rw();
-if ($id != '' && $if_real != '')
-{
+exec("echo \"Generate snort.conf $snort_uuid $if_real $id....\" >> /root/test.log");
/* obtain external interface */
/* XXX: make multi wan friendly */
@@ -1024,25 +1040,24 @@ if ($id != '' && $if_real != '')
// $snort_config_pass_thru = $config['installedpackages']['snortglobal']['rule'][$id]['configpassthru'];
/* create basic files */
- if(!file_exists("/usr/local/etc/snort/snort/snort_$id$if_real"))
+ if(!file_exists("/usr/local/etc/snort/snort/snort_{$snort_uuid}_{$if_real}"))
{
- exec("/bin/mkdir -p /usr/local/etc/snort/snort_$id$if_real/");
- exec("/bin/mkdir -p /usr/local/etc/snort/snort_$id$if_real/rules");
+ exec("/bin/mkdir -p /usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/");
+ exec("/bin/mkdir -p /usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/rules");
- if(!file_exists("/usr/local/etc/snort/snort_$id$if_real/gen-msg.map"))
+ if(!file_exists("/usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/gen-msg.map"))
{
- exec("/bin/cp /usr/local/etc/snort/classification.config /usr/local/etc/snort/snort_$id$if_real/classification.config");
- exec("/bin/cp /usr/local/etc/snort/gen-msg.map /usr/local/etc/snort/snort_$id$if_real/gen-msg.map");
- exec("/bin/cp /usr/local/etc/snort/reference.config /usr/local/etc/snort/snort_$id$if_real/reference.config");
- exec("/bin/cp /usr/local/etc/snort/sid-msg.map /usr/local/etc/snort/snort_$id$if_real/sid-msg.map");
- exec("/bin/cp /usr/local/etc/snort/unicode.map /usr/local/etc/snort/snort_$id$if_real/unicode.map");
- exec("/bin/cp /usr/local/etc/snort/threshold.conf /usr/local/etc/snort/snort_$id$if_real/threshold.conf");
- exec("/bin/cp /usr/local/etc/snort/snort.conf /usr/local/etc/snort/snort_$id$if_real/snort.conf");
- exec("/bin//usr/bin/touch /usr/local/etc/snort/snort_$id$if_real/barnyard2.conf");
- exec("/bin/mkdir -p /usr/local/etc/snort/snort_$id$if_real/rules");
+ exec("/bin/cp /usr/local/etc/snort/classification.config /usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/classification.config");
+ exec("/bin/cp /usr/local/etc/snort/gen-msg.map /usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/gen-msg.map");
+ exec("/bin/cp /usr/local/etc/snort/reference.config /usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/reference.config");
+ exec("/bin/cp /usr/local/etc/snort/sid-msg.map /usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/sid-msg.map");
+ exec("/bin/cp /usr/local/etc/snort/unicode.map /usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/unicode.map");
+ exec("/bin/cp /usr/local/etc/snort/threshold.conf /usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/threshold.conf");
+ exec("/bin/cp /usr/local/etc/snort/snort.conf /usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/snort.conf");
+ exec("/bin/cp/usr/bin/touch /usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/barnyard2.conf");
+ exec("/bin/mkdir -p /usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/rules");
}
}
-}
/* define snortalertlogtype */
$snortalertlogtype = $config['installedpackages']['snortglobal']['snortalertlogtype'];
@@ -1064,7 +1079,7 @@ if ($tcpdumplog_info_chk == on)
/* define snortunifiedlog */
$snortunifiedlog_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['snortunifiedlog'];
if ($snortunifiedlog_info_chk == on)
- $snortunifiedlog_type = "output unified2: filename snort.u2_$id$if_real, limit 128";
+ $snortunifiedlog_type = "output unified2: filename snort.u2_{$snort_uuid}_{$if_real}, limit 128";
/* define spoink (DISABLED)*/
$spoink_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['blockoffenders7'];
@@ -1321,7 +1336,7 @@ else
if($config['installedpackages']['snortglobal']['rule'][$id]['performance'])
$snort_performance = $config['installedpackages']['snortglobal']['rule'][$id]['performance'];
else
- $snort_performance = "lowmem";
+ $snort_performance = "ac-bnfa";
/* open snort's whitelist for writing */
$whitelist = fopen("/var/db/whitelist", "w");
@@ -1452,7 +1467,7 @@ $snort_perform_stat = <<<EOD
#
##########################
-preprocessor perfmonitor: time 300 file /var/log/snort/snort_$id$if_real.stats pktcnt 10000
+preprocessor perfmonitor: time 300 file /var/log/snort/snort_{$snort_uuid}_{$if_real}.stats pktcnt 10000
EOD;
@@ -1797,7 +1812,7 @@ portvar DCERPC_BRIGHTSTORE [6503,6504]
#
#####################
-var RULE_PATH /usr/local/etc/snort/snort_$id$if_real/rules
+var RULE_PATH /usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/rules
# var PREPROC_RULE_PATH ./preproc_rules
################################
@@ -1899,9 +1914,9 @@ $spoink_type
#
#################
-include /usr/local/etc/snort/snort_$id$if_real/reference.config
-include /usr/local/etc/snort/snort_$id$if_real/classification.config
-include /usr/local/etc/snort/snort_$id$if_real/threshold.conf
+include /usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/reference.config
+include /usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/classification.config
+include /usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/threshold.conf
# Snort user pass through configuration
{$snort_config_pass_thru}
@@ -1919,13 +1934,63 @@ EOD;
return $snort_conf_text;
}
+/* only be run on new iface create, bootup and ip refresh */
+function sync_snort_package_empty()
+//function sync_snort_package_all()
+{
+ global $config, $g;
+ conf_mount_rw();
+
+ /* do not start config build if rules is empty */
+ if (!empty($config['installedpackages']['snortglobal']['rule']))
+ {
+ if ($id == "")
+ {
+
+ $rule_array = $config['installedpackages']['snortglobal']['rule'];
+ $id = -1;
+ foreach ($rule_array as $value)
+ {
+
+ if ($id == '') {
+ $id = 0;
+ }
+
+ $id += 1;
+
+ $result_lan = $config['installedpackages']['snortglobal']['rule'][$id]['interface'];
+ $if_real = convert_friendly_interface_to_real_interface_name($result_lan);
+
+ /* create snort configuration file */
+ create_snort_conf($id, $if_real);
+
+ /* create snort bootup file snort.sh */
+ create_snort_sh($if_real);
+
+ /* if rules exist cp rules to each iface */
+ create_rules_iface($id, $if_real);
+
+ /* create barnyard2 configuration file */
+ $snortbarnyardlog_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['barnyard_enable'];
+ if ($snortbarnyardlog_info_chk == 'on')
+ create_barnyard2_conf($id, $if_real);
+
+ exec("echo \"Funtion sync empty create files foreach $if_real $id....\" >> /root/test.log");
+
+ }
+ }
+ }
+}
+
/* check downloaded text from snort.org to make sure that an error did not occur
* for example, if you are not a premium subscriber you can only download rules
* so often, etc. TO BE: Removed unneeded.
*/
+
function check_for_common_errors($filename) {
global $snort_filename, $snort_filename_md5, $console_mode;
- ob_flush();
+
+// ob_flush();
$contents = file_get_contents($filename);
if(stristr($contents, "You don't have permission")) {
if(!$console_mode) {
diff --git a/config/snort-dev/snort_barnyard.php b/config/snort-dev/snort_barnyard.php
index 10afa183..667de21a 100644
--- a/config/snort-dev/snort_barnyard.php
+++ b/config/snort-dev/snort_barnyard.php
@@ -105,6 +105,7 @@ if (isset($id) && $a_nat[$id]) {
$pconfig['barnyard_enable'] = $a_nat[$id]['barnyard_enable'];
$pconfig['barnyard_mysql'] = $a_nat[$id]['barnyard_mysql'];
$pconfig['enable'] = $a_nat[$id]['enable'];
+ $pconfig['uuid'] = $a_nat[$id]['uuid'];
$pconfig['interface'] = $a_nat[$id]['interface'];
$pconfig['descr'] = $a_nat[$id]['descr'];
$pconfig['performance'] = $a_nat[$id]['performance'];
@@ -144,6 +145,7 @@ if ($_POST) {
if ($pconfig['interface'] != "") { $natent['interface'] = $pconfig['interface']; }
if ($pconfig['enable'] != "") { $natent['enable'] = $pconfig['enable']; }
+ if ($pconfig['uuid'] != "") { $natent['uuid'] = $pconfig['uuid']; }
if ($pconfig['descr'] != "") { $natent['descr'] = $pconfig['descr']; }
if ($pconfig['performance'] != "") { $natent['performance'] = $pconfig['performance']; }
if ($pconfig['blockoffenders7'] != "") { $natent['blockoffenders7'] = $pconfig['blockoffenders7']; }
diff --git a/config/snort-dev/snort_define_servers.php b/config/snort-dev/snort_define_servers.php
index a2cafc05..550cf153 100644
--- a/config/snort-dev/snort_define_servers.php
+++ b/config/snort-dev/snort_define_servers.php
@@ -105,6 +105,7 @@ if (isset($id) && $a_nat[$id]) {
$pconfig['barnyard_enable'] = $a_nat[$id]['barnyard_enable'];
$pconfig['barnyard_mysql'] = $a_nat[$id]['barnyard_mysql'];
$pconfig['enable'] = $a_nat[$id]['enable'];
+ $pconfig['uuid'] = $a_nat[$id]['uuid'];
$pconfig['interface'] = $a_nat[$id]['interface'];
$pconfig['descr'] = $a_nat[$id]['descr'];
$pconfig['performance'] = $a_nat[$id]['performance'];
@@ -133,6 +134,7 @@ if ($_POST) {
/* repost the options already in conf */
if ($pconfig['interface'] != "") { $natent['interface'] = $pconfig['interface']; }
if ($pconfig['enable'] != "") { $natent['enable'] = $pconfig['enable']; }
+ if ($pconfig['uuid'] != "") { $natent['uuid'] = $pconfig['uuid']; }
if ($pconfig['descr'] != "") { $natent['descr'] = $pconfig['descr']; }
if ($pconfig['performance'] != "") { $natent['performance'] = $pconfig['performance']; }
if ($pconfig['blockoffenders7'] != "") { $natent['blockoffenders7'] = $pconfig['blockoffenders7']; }
diff --git a/config/snort-dev/snort_gui.inc b/config/snort-dev/snort_gui.inc
index 1746ab54..c485d1ac 100644
--- a/config/snort-dev/snort_gui.inc
+++ b/config/snort-dev/snort_gui.inc
@@ -29,37 +29,40 @@
POSSIBILITY OF SUCH DAMAGE.
*/
-function print_info_box_np2($msg) {
- global $g;
- echo "<table height=\"32\" width=\"100%\">\n";
- echo " <tr>\n";
- echo " <td>\n";
- echo " <div style='background-color:#990000' id='redbox'>\n";
- echo " <table width='100%'><tr><td width='8%'>\n";
- echo " &nbsp;&nbsp;&nbsp;<img style='vertical-align:middle' src=\"/snort/images/alert.jpg\" width=\"32\" height=\"28\">\n";
- echo " </td>\n";
- echo " <td width='70%'><font color='white'><b>{$msg}</b></font>\n";
- echo " </td>";
- echo " </tr></table>\n";
- echo " </div>\n";
- echo " </td>\n";
- echo "</table>\n";
- echo "<script type=\"text/javascript\">\n";
- echo "NiftyCheck();\n";
- echo "Rounded(\"div#redbox\",\"all\",\"#FFF\",\"#990000\",\"smooth\");\n";
- echo "Rounded(\"td#blackbox\",\"all\",\"#FFF\",\"#000000\",\"smooth\");\n";
- echo "</script>\n";
- echo "\n<br>\n";
-}
-
-
-
-
-
-
+include_once("/usr/local/pkg/snort/snort.inc");
+function print_info_box_np2($msg) {
+ global $config, $g;
+
+ echo "<table height=\"32\" width=\"100%\">\n";
+ echo " <tr>\n";
+ echo " <td>\n";
+ echo " <div style='background-color:#990000' id='redbox'>\n";
+ echo " <table width='100%'><tr><td width='8%'>\n";
+ echo " &nbsp;&nbsp;&nbsp;<img style='vertical-align:middle' src=\"/snort/images/alert.jpg\" width=\"32\" height=\"28\">\n";
+ echo " </td>\n";
+ echo " <td width='70%'><font color='white'><b>{$msg}</b></font>\n";
+ echo " </td>";
+ if(stristr($msg, "apply") == true) {
+ echo " <td>";
+ echo " <input name=\"apply\" type=\"submit\" class=\"formbtn\" id=\"apply\" value=\"Apply changes\">\n";
+ echo " </td>";
+ }
+ echo " </tr></table>\n";
+ echo " </div>\n";
+ echo " </td>\n";
+ echo "</table>\n";
+ echo "<script type=\"text/javascript\">\n";
+ echo "NiftyCheck();\n";
+ echo "Rounded(\"div#redbox\",\"all\",\"#FFF\",\"#990000\",\"smooth\");\n";
+ echo "Rounded(\"td#blackbox\",\"all\",\"#FFF\",\"#000000\",\"smooth\");\n";
+ echo "</script>\n";
+ echo "\n<br>\n";
+
+ exec("echo \"Funtion print info ....\" >> /root/test.log");
+}
?> \ No newline at end of file
diff --git a/config/snort-dev/snort_interfaces.php b/config/snort-dev/snort_interfaces.php
index 996ff83b..e2cf9fdb 100644
--- a/config/snort-dev/snort_interfaces.php
+++ b/config/snort-dev/snort_interfaces.php
@@ -42,6 +42,16 @@ if (!is_array($config['installedpackages']['snortglobal']['rule']))
$a_nat = &$config['installedpackages']['snortglobal']['rule'];
+///////////
+
+if (isset($config['installedpackages']['snortglobal']['rule'])) {
+$id_gen = count($config['installedpackages']['snortglobal']['rule']);
+}else{
+$id_gen = '0';
+}
+
+///////////
+
/* if a custom message has been passed along, lets process it */
if ($_GET['savemsg'])
$savemsg = $_GET['savemsg'];
@@ -71,6 +81,8 @@ if ($_POST) {
unlink($d_filterconfdirty_path);
}
+ exec("echo \"Sync Empty on POST on interfaces.php....\" >> /root/test.log");
+
}
}
@@ -81,17 +93,19 @@ if (isset($_POST['del_x'])) {
/* convert fake interfaces to real */
$if_real = convert_friendly_interface_to_real_interface_name($a_nat[$rulei]['interface']);
+ $snort_uuid = $a_nat[$rulei]['uuid'];
+
+ /* cool code to check if any snort is up */
+ $snort_up_ck = exec("/bin/ps -auwx | /usr/bin/grep -v grep | /usr/bin/grep snort | /usr/bin/awk '{print \$2;}' | sed 1q");
- $snort_pid = exec("/bin/ps -auwx | grep -v grep | grep \"$if_real -c\" | awk '{print $2;}'");
-
- if ($snort_pid != "")
+ if ($snort_up_ck != "")
{
- $start_up_pre = exec("/bin/cat /var/run/snort_{$if_real}{$rulei}{$if_real}.pid");
+ $start_up_pre = exec("/usr/bin/top -a -U snort -u | grep -v grep | grep \"R {$snort_uuid}_{$if_real}\" | awk '{print \$1;}'");
$start_up_s = exec("/usr/bin/top -U snort -u | grep snort | grep {$start_up_pre} | awk '{ print $1; }'");
$start_up_r = exec("/usr/bin/top -U root -u | grep snort | grep {$start_up_pre} | awk '{ print $1; }'");
- $start2_upb_pre = exec("/bin/cat /var/run/barnyard2_{$rulei}{$if_real}.pid");
+ $start2_upb_pre = exec("/bin/cat /var/run/barnyard2_{$snort_uuid}_{$if_real}.pid");
$start2_upb_s = exec("/usr/bin/top -U snort -u | grep barnyard2 | grep {$start2_upb_pre} | awk '{ print $1; }'");
$start2_upb_r = exec("/usr/bin/top -U root -u | grep barnyard2 | grep {$start2_upb_pre} | awk '{ print $1; }'");
@@ -100,113 +114,68 @@ if (isset($_POST['del_x'])) {
{
/* dont flood the syslog code */
- exec("/bin/cp /var/log/system.log /var/log/system.log.bk");
- sleep(3);
+ //exec("/bin/cp /var/log/system.log /var/log/system.log.bk");
+ //sleep(3);
/* remove only running instances */
if ($start_up_s != "")
{
exec("/bin/kill {$start_up_s}");
- exec("/bin/rm /var/run/snort_$if_real$rulei$if_real*");
+ exec("/bin/rm /var/run/snort_{$snort_uuid}_{$if_real}*");
}
if ($start2_upb_s != "")
{
exec("/bin/kill {$start2_upb_s}");
- exec("/bin/rm /var/run/barnyard2_$rulei$if_real*");
+ exec("/bin/rm /var/run/barnyard2_{$snort_uuid}_{$if_real}*");
}
if ($start_up_r != "")
{
exec("/bin/kill {$start_up_r}");
- exec("/bin/rm /var/run/snort_$if_real$rulei$if_real*");
+ exec("/bin/rm /var/run/snort_{$snort_uuid}_{$if_real}*");
}
if ($start2_upb_r != "")
{
exec("/bin/kill {$start2_upb_r}");
- exec("/bin/rm /var/run/barnyard2_$rulei$if_real*");
+ exec("/bin/rm /var/run/barnyard2_{$snort_uuid}_{$if_real}*");
}
/* stop syslog flood code */
- $if_real_wan_rulei = $a_nat[$rulei]['interface'];
- $if_real_wan_rulei2 = convert_friendly_interface_to_real_interface_name2($if_real_wan_rulei);
- exec("/sbin/ifconfig $if_real_wan_rulei2 -promisc");
- exec("/bin/cp /var/log/system.log /var/log/snort/snort_sys_$rulei$if_real.log");
- exec("/usr/bin/killall syslogd");
- exec("/usr/sbin/clog -i -s 262144 /var/log/system.log");
- exec("/usr/sbin/syslogd -c -ss -f /var/etc/syslog.conf");
- sleep(2);
- exec("/bin/cp /var/log/system.log.bk /var/log/system.log");
- $after_mem = exec("/usr/bin/top | /usr/bin/grep Wired | /usr/bin/awk '{ print $2 }'");
- exec("/usr/bin/logger -p daemon.info -i -t SnortStartup 'MEM after {$rulei}{$if_real} STOP {$after_mem}'");
- exec("/usr/bin/logger -p daemon.info -i -t SnortStartup 'Interface Rule removed for {$rulei}{$if_real}...'");
+ //$if_real_wan_rulei = $a_nat[$rulei]['interface'];
+ //$if_real_wan_rulei2 = convert_friendly_interface_to_real_interface_name2($if_real_wan_rulei);
+ //exec("/sbin/ifconfig $if_real_wan_rulei2 -promisc");
+ //exec("/bin/cp /var/log/system.log /var/log/snort/snort_sys_$rulei$if_real.log");
+ //exec("/usr/bin/killall syslogd");
+ //exec("/usr/sbin/clog -i -s 262144 /var/log/system.log");
+ //exec("/usr/sbin/syslogd -c -ss -f /var/etc/syslog.conf");
+ //sleep(2);
+ //exec("/bin/cp /var/log/system.log.bk /var/log/system.log");
+ //$after_mem = exec("/usr/bin/top | /usr/bin/grep Wired | /usr/bin/awk '{ print $2 }'");
+ //exec("/usr/bin/logger -p daemon.info -i -t SnortStartup 'MEM after {$rulei}{$if_real} STOP {$after_mem}'");
+ //exec("/usr/bin/logger -p daemon.info -i -t SnortStartup 'Interface Rule removed for {$rulei}{$if_real}...'");
}
}
unset($a_nat[$rulei]);
-
}
+ exec("echo \"Removing old files ....\" >> /root/test.log");
conf_mount_rw();
- exec("/bin/rm -r /usr/local/etc/snort/snort_$rulei$if_real");
- exec("/bin/rm /usr/local/etc/rc.d/snort_$rulei$if_real.sh");
- exec("/bin/rm /var/log/snort/snort.u2_$rulei$if_real*");
+ exec("/bin/rm /var/log/snort/snort.u2_{$snort_uuid}_{$if_real}*");
+ exec("/bin/rm -r /usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}");
conf_mount_ro();
write_config();
- // touch($d_natconfdirty_path);
+ touch($d_natconfdirty_path);
header("Location: /snort/snort_interfaces.php");
exit;
}
-} else {
-
- /* yuck - IE won't send value attributes for image buttons, while Mozilla does - so we use .x/.y to find move button clicks instead... */
- unset($movebtn);
- foreach ($_POST as $pn => $pd) {
- if (preg_match("/move_(\d+)_x/", $pn, $matches)) {
- $movebtn = $matches[1];
- break;
- }
- }
- /* move selected rules before this rule */
- if (isset($movebtn) && is_array($_POST['rule']) && count($_POST['rule'])) {
- $a_nat_new = array();
-
- /* copy all rules < $movebtn and not selected */
- for ($i = 0; $i < $movebtn; $i++) {
- if (!in_array($i, $_POST['rule']))
- $a_nat_new[] = $a_nat[$i];
- }
-
- /* copy all selected rules */
- for ($i = 0; $i < count($a_nat); $i++) {
- if ($i == $movebtn)
- continue;
- if (in_array($i, $_POST['rule']))
- $a_nat_new[] = $a_nat[$i];
- }
-
- /* copy $movebtn rule */
- if ($movebtn < count($a_nat))
- $a_nat_new[] = $a_nat[$movebtn];
-
- /* copy all rules > $movebtn and not selected */
- for ($i = $movebtn+1; $i < count($a_nat); $i++) {
- if (!in_array($i, $_POST['rule']))
- $a_nat_new[] = $a_nat[$i];
- }
- $a_nat = $a_nat_new;
- write_config();
- touch($d_natconfdirty_path);
- header("Location: snort_interfaces.php");
-
- exit;
- }
}
@@ -215,8 +184,10 @@ if ($_GET['act'] == "toggle" && $_GET['id'] != "")
{
$if_real2 = convert_friendly_interface_to_real_interface_name($a_nat[$id]['interface']);
+
+ $snort_uuid = $a_nat[$id]['uuid'];
- $start_up_pre = exec("/usr/bin/top -a -U snort -u | grep -v grep | grep \"R {$id}{$if_real2}\" | awk '{print \$1;}'");
+ $start_up_pre = exec("/usr/bin/top -a -U snort -u | grep -v grep | grep \"R {$snort_uuid}_{$if_real2}\" | awk '{print \$1;}'");
$start_up_s = exec("/usr/bin/top -U snort -u | grep snort | grep {$start_up_pre} | awk '{ print $1; }'");
$start_up_r = exec("/usr/bin/top -U root -u | grep snort | grep {$start_up_pre} | awk '{ print $1; }'");
@@ -235,7 +206,7 @@ if ($_GET['act'] == "toggle" && $_GET['id'] != "")
if ($start_up_s != "")
{
exec("/bin/kill {$start_up_s}");
- exec("/bin/rm /var/run/snort_$if_real2$id$if_real2*");
+ exec("/bin/rm /var/run/snort_{$snort_uuid}_{$if_real2}*");
}
//if ($start2_upb_s != "")
@@ -247,7 +218,7 @@ if ($_GET['act'] == "toggle" && $_GET['id'] != "")
if ($start_up_r != "")
{
exec("/bin/kill {$start_up_r}");
- exec("/bin/rm /var/run/snort_$if_real2$id$if_real2*");
+ exec("/bin/rm /var/run/snort_{$snort_uuid}_{$if_real2}*");
}
//if ($start2_upb_r != "")
@@ -280,9 +251,9 @@ if ($_GET['act'] == "toggle" && $_GET['id'] != "")
header("Location: /snort/snort_interfaces.php");
}else{
- sync_snort_package_all();
+ //sync_snort_package_all();
- exec("/usr/local/bin/snort -u snort -g snort -R \"$id$if_real2\" -D -q -l /var/log/snort -G $id -c /usr/local/etc/snort/snort_$id$if_real2/snort.conf -i $if_real2");
+ exec("/usr/local/bin/snort -u snort -g snort -R \"{$snort_uuid}_{$if_real2}\" -D -q -l /var/log/snort -G {$snort_uuid} -c /usr/local/etc/snort/snort_{$snort_uuid}_{$if_real2}/snort.conf -i {$if_real2}");
//print_r("$id $if_real2");
header( 'Expires: Sat, 26 Jul 1997 05:00:00 GMT' );
@@ -296,7 +267,7 @@ if ($_GET['act'] == "toggle" && $_GET['id'] != "")
}
-$pgtitle = "Services: Snort 2.8.5.3 pkg v. 1.10 alpha";
+$pgtitle = "Services: Snort 2.8.5.3 pkg v. 1.12 Beta";
include("head.inc");
?>
@@ -353,12 +324,12 @@ padding: 15px 10px 50% 50px;
padding-left: 0px;
}
-</style>
-<noscript><div class="alert" ALIGN=CENTER><img src="../themes/nervecenter/images/icons/icon_alert.gif"/><strong>Please enable JavaScript to view this content</CENTER></div></noscript>
+</style>
+
+
+<noscript><div class="alert" ALIGN=CENTER><img src="../themes/nervecenter/images/icons/icon_alert.gif"/><strong>Please enable JavaScript to view this content</CENTER></div></noscript>
<form action="snort_interfaces.php" method="post" name="iform">
-<script type="text/javascript" language="javascript" src="row_toggle.js">
-</script>
<?php if (file_exists($d_natconfdirty_path)): ?><p>
<?php
if($savemsg)
@@ -398,7 +369,7 @@ padding: 15px 10px 50% 50px;
<table border="0" cellspacing="0" cellpadding="1">
<tr>
<td width="17"></td>
- <td><a href="snort_interfaces_edit.php"><img src="../themes/<?= $g['theme']; ?>/images/icons/icon_plus.gif" width="17" height="17" border="0"></a></td>
+ <td><a href="snort_interfaces_edit.php?id=<?php echo $id_gen;?>"><img src="../themes/<?= $g['theme']; ?>/images/icons/icon_plus.gif" width="17" height="17" border="0"></a></td>
</tr>
</table>
</td>
@@ -410,6 +381,7 @@ padding: 15px 10px 50% 50px;
/* convert fake interfaces to real and check if iface is up */
/* There has to be a smarter way to do this */
$if_real = convert_friendly_interface_to_real_interface_name($natent['interface']);
+ $snort_uuid = $natent['uuid'];
$color_up_ck = exec("/bin/ps -auwx | /usr/bin/grep -v grep | /usr/bin/grep snort | /usr/bin/awk '{print \$2;}' | sed 1q");
@@ -422,7 +394,7 @@ padding: 15px 10px 50% 50px;
if ($color_up_ck != "")
{
//$color_up_pre = exec("/bin/cat /var/run/snort_{$if_real}{$nnats}{$if_real}.pid");
- $color_up_pre = exec("/usr/bin/top -a -U snort -u | grep -v grep | grep \"R $nnats$if_real\" | awk '{print \$1;}'");
+ $color_up_pre = exec("/usr/bin/top -a -U snort -u | grep -v grep | grep \"R {$snort_uuid}_{$if_real}\" | awk '{print \$1;}'");
// /bin/ps -auwx | grep -v grep | grep "$id$if_real -c" | awk '{print $2;}'
$color_up_s = exec("/usr/bin/top -U snort -u | grep snort | grep {$color_up_pre} | /usr/bin/awk '{print \$1;}'");
diff --git a/config/snort-dev/snort_interfaces_edit.php b/config/snort-dev/snort_interfaces_edit.php
index 6bdb0dc7..f67cb828 100644
--- a/config/snort-dev/snort_interfaces_edit.php
+++ b/config/snort-dev/snort_interfaces_edit.php
@@ -48,6 +48,25 @@ if (isset($_GET['dup'])) {
$after = $_GET['dup'];
}
+/* always have a limit of (65535) numbers only or snort will not start do to id limits */
+/* TODO: When inline gets added make the uuid the port number lisstening */
+//function gen_snort_uuid($fileline)
+//{
+ /* return the first 5 */
+ //if (preg_match("/...../", $fileline, $matches1))
+ //{
+ //$uuid_final = "$matches1[0]";
+ //}
+//return $uuid_final;
+//}
+
+/* gen uuid for each iface !inportant */
+if ($a_nat[$id]['interface'] == '') {
+ //$snort_uuid = gen_snort_uuid(strrev(uniqid(true)));
+ $snort_uuid = mt_rand(0, 65534);
+ $pconfig['uuid'] = $snort_uuid;
+}
+
if (isset($id) && $a_nat[$id]) {
/* old options */
@@ -97,10 +116,12 @@ if (isset($id) && $a_nat[$id]) {
$pconfig['barnyard_enable'] = $a_nat[$id]['barnyard_enable'];
$pconfig['barnyard_mysql'] = $a_nat[$id]['barnyard_mysql'];
$pconfig['enable'] = $a_nat[$id]['enable'];
+ $pconfig['uuid'] = $a_nat[$id]['uuid'];
$pconfig['interface'] = $a_nat[$id]['interface'];
$pconfig['descr'] = $a_nat[$id]['descr'];
$pconfig['performance'] = $a_nat[$id]['performance'];
$pconfig['blockoffenders7'] = $a_nat[$id]['blockoffenders7'];
+ $pconfig['snortalertlogtype'] = $a_nat[$id]['snortalertlogtype'];
$pconfig['alertsystemlog'] = $a_nat[$id]['alertsystemlog'];
$pconfig['tcpdumplog'] = $a_nat[$id]['tcpdumplog'];
$pconfig['snortunifiedlog'] = $a_nat[$id]['snortunifiedlog'];
@@ -121,7 +142,7 @@ if (isset($_GET['dup']))
/* convert fake interfaces to real */
$if_real = convert_friendly_interface_to_real_interface_name($pconfig['interface']);
-if ($_POST['Submit']) {
+if ($_POST["Submit"]) {
/* input validation */
// if(strtoupper($_POST['proto']) == "TCP" or strtoupper($_POST['proto']) == "UDP" or strtoupper($_POST['proto']) == "TCP/UDP") {
@@ -167,26 +188,26 @@ if ($_POST['Submit']) {
// if ($config['installedpackages']['snortglobal']['rule']) {
-// if ($_POST['descr'] == "") {
-// $input_errors[] = "Please enter a description for your reference.";
-// }
+ if ($_POST['descr'] == "") {
+ $input_errors[] = "Please enter a description for your reference.";
+ }
-// if ($id == "" && $config['installedpackages']['snortglobal']['rule'][0]['interface'] != "") {
+ if ($id == "" && $config['installedpackages']['snortglobal']['rule'][0]['interface'] != "") {
-// $rule_array = $config['installedpackages']['snortglobal']['rule'];
-// $id_c = -1;
-// foreach ($rule_array as $value) {
+ $rule_array = $config['installedpackages']['snortglobal']['rule'];
+ $id_c = -1;
+ foreach ($rule_array as $value) {
-// $id_c += 1;
+ $id_c += 1;
-// $result_lan = $config['installedpackages']['snortglobal']['rule'][$id_c]['interface'];
-// $if_real = convert_friendly_interface_to_real_interface_name($result_lan);
+ $result_lan = $config['installedpackages']['snortglobal']['rule'][$id_c]['interface'];
+ $if_real = convert_friendly_interface_to_real_interface_name($result_lan);
-// if ($_POST['interface'] == $result_lan) {
-// $input_errors[] = "Interface $result_lan is in use. Please select another interface.";
-// }
-// }
-// }
+ if ($_POST['interface'] == $result_lan) {
+ $input_errors[] = "Interface $result_lan is in use. Please select another interface.";
+ }
+ }
+ }
/* check for overlaps */
foreach ($a_nat as $natent) {
@@ -204,10 +225,12 @@ if ($_POST['Submit']) {
$natent['interface'] = $_POST['interface'] ? $_POST['interface'] : $pconfig['interface'];
/* if post write to conf or rewite the answer */
$natent['enable'] = $_POST['enable'] ? on : off;
+ $natent['uuid'] = $pconfig['uuid'];
$natent['descr'] = $_POST['descr'] ? $_POST['descr'] : $pconfig['descr'];
$natent['performance'] = $_POST['performance'] ? $_POST['performance'] : $pconfig['performance'];
/* if post = on use on off or rewrite the conf */
if ($_POST['blockoffenders7'] == "on") { $natent['blockoffenders7'] = on; }else{ $natent['blockoffenders7'] = off; } if ($_POST['enable'] == "") { $natent['blockoffenders7'] = $pconfig['blockoffenders7']; }
+ $natent['snortalertlogtype'] = $_POST['snortalertlogtype'] ? $_POST['snortalertlogtype'] : $pconfig['snortalertlogtype'];
if ($_POST['alertsystemlog'] == "on") { $natent['alertsystemlog'] = on; }else{ $natent['alertsystemlog'] = off; } if ($_POST['enable'] == "") { $natent['alertsystemlog'] = $pconfig['alertsystemlog']; }
if ($_POST['tcpdumplog'] == "on") { $natent['tcpdumplog'] = on; }else{ $natent['tcpdumplog'] = off; } if ($_POST['enable'] == "") { $natent['tcpdumplog'] = $pconfig['tcpdumplog']; }
if ($_POST['snortunifiedlog'] == "on") { $natent['snortunifiedlog'] = on; }else{ $natent['snortunifiedlog'] = off; } if ($_POST['enable'] == "") { $natent['snortunifiedlog'] = $pconfig['snortunifiedlog']; }
@@ -277,35 +300,61 @@ if ($_POST['Submit']) {
write_config();
// stop_service("snort");
- if ($pconfig['interface'] != '' && $id != '') {
+ if ($pconfig['interface'] != "") {
sync_snort_package_all();
-
}
- if ($pconfig['interface'] != '' && $id != '') {
+ //touch($d_natconfdirty_path);
header("Location: /snort/snort_interfaces_edit.php?id=$id");
- }else{
- touch($d_natconfdirty_path);
- header("Location: /snort/snort_interfaces.php");
-
- }
+
exit;
}
}
+ if (isset($config['installedpackages']['snortglobal']['rule'][$id]['interface']))
+ {
+ if (uniq_snort_proc($id, $if_real) == 'false')
+ {
+ $snort_up_ck = '<input name="Submit2" type="submit" class="formbtn" value="Start" onClick="enable_change(true)">';
+ }else{
+ $snort_up_ck = '<input name="Submit3" type="submit" class="formbtn" value="Stop" onClick="enable_change(true)">';
+ }
+ }else{
+ $snort_up_ck = '';
+ }
+
if ($_POST["Submit2"]) {
- if ($id != '')
- {
- sync_snort_package_all();
- }
+ sync_snort_package_all($id, $if_real);
sleep(1);
- exec("/bin/sh /usr/local/etc/rc.d/snort.sh start {$id}{$if_real}");
+ exec("/usr/local/bin/snort -u snort -g snort -R \"{$snort_uuid}_{$if_real}\" -D -q -l /var/log/snort -G {$snort_uuid} -c /usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/snort.conf -i {$if_real}");
header("Location: /snort/snort_interfaces_edit.php?id=$id");
exit;
}
-$ifname = strtoupper($pconfig['interface']);
-$pgtitle = "Snort: Interface: $id$if_real Settings Edit";
+ if ($_POST["Submit3"])
+ {
+ sync_snort_package_all($id, $if_real);
+ sleep(1);
+
+ $start_up_pre = exec("/usr/bin/top -a -U snort -u | grep -v grep | grep \"R {$snort_uuid}_{$if_real}\" | awk '{print \$1;}'");
+ $start_up_s = exec("/usr/bin/top -U snort -u | grep snort | grep {$start_up_pre} | awk '{ print $1; }'");
+ $start_up_r = exec("/usr/bin/top -U root -u | grep snort | grep {$start_up_pre} | awk '{ print $1; }'");
+
+ if ($start_up_s != '')
+ {
+ exec("/bin/kill {$start_up_s}");
+ exec("/bin/rm /var/run/snort_{$snort_uuid}_{$if_real}*");
+ }
+
+ if ($start_up_r != '')
+ {
+ exec("/bin/kill {$start_up_r}");
+ exec("/bin/rm /var/run/snort_{$snort_uuid}_{$if_real}*");
+ }
+ }
+
+$iface_uuid = $a_nat[$id]['uuid'];
+$pgtitle = "Snort: Interface Edit: $id $iface_uuid $if_real";
include("head.inc");
?>
@@ -313,7 +362,6 @@ include("head.inc");
<?php
include("fbegin.inc");
?>
-<p class="pgtitle"><?if($pfsense_stable == 'yes'){echo $pgtitle;}?></p>
<style type="text/css">
.alert {
position:absolute;
@@ -339,7 +387,7 @@ function enable_change(enable_change) {
<?php
/* make shure all the settings exist or function hide will not work */
/* if $id is emty allow if and discr to be open */
-if($id != "")
+if($iface_uuid != '')
{
echo "
document.iform.interface.disabled = endis2;
@@ -348,22 +396,22 @@ echo "
?>
document.iform.performance.disabled = endis;
document.iform.blockoffenders7.disabled = endis;
+ document.iform.snortalertlogtype.disabled = endis;
document.iform.alertsystemlog.disabled = endis;
document.iform.tcpdumplog.disabled = endis;
document.iform.snortunifiedlog.disabled = endis;
}
//-->
</script>
+<p class="pgtitle"><?=$pgtitle?></p>
<body link="#0000CC" vlink="#0000CC" alink="#0000CC">
<?php if ($input_errors) print_input_errors($input_errors); ?>
<?php if ($savemsg) print_info_box($savemsg); ?>
-<form action="snort_interfaces_edit.php" method="post" enctype="multipart/form-data" name="iform" id="iform">
+<form action="snort_interfaces_edit.php<?php echo "?id=$id";?>" method="post" enctype="multipart/form-data" name="iform" id="iform">
<table width="100%" border="0" cellpadding="0" cellspacing="0">
<tr><td class="tabnavtbl">
<?php
-if($id != "")
-{
-
+if ($a_nat[$id]['interface'] != '') {
/* get the interface name */
$first = 0;
$snortInterfaces = array(); /* -gtm */
@@ -391,48 +439,25 @@ if($id != "")
return;
}
}
-
- /* do for the selected interface */
- foreach($snortInterfaces as $snortIf)
- {
-
- /* if base directories dont exist create them */
- if(!file_exists("/usr/local/etc/snort/snort_{$id}{$if_real}/")) {
- exec("/bin/mkdir -p /usr/local/etc/snort/snort_{$id}{$if_real}/");
- }
+}
$tab_array = array();
$tab_array[] = array("Snort Interfaces", false, "/snort/snort_interfaces.php");
$tab_array[] = array("If Settings", true, "/snort/snort_interfaces_edit.php?id={$id}");
+ $tab_array[] = array("Conf upload", false, "/snort/snort_conf_upload.php?id={$id}");
$tab_array[] = array("Categories", false, "/snort/snort_rulesets.php?id={$id}");
$tab_array[] = array("Rules", false, "/snort/snort_rules.php?id={$id}");
$tab_array[] = array("Servers", false, "/snort/snort_define_servers.php?id={$id}");
$tab_array[] = array("Preprocessors", false, "/snort/snort_preprocessors.php?id={$id}");
$tab_array[] = array("Barnyard2", false, "/snort/snort_barnyard.php?id={$id}");
display_top_tabs($tab_array);
- }
-}
+
?>
</td>
</tr>
<tr>
<td class="tabcont">
<table width="100%" border="0" cellpadding="6" cellspacing="0">
- <?php
- if($id == "")
- {
- echo "
- <tr>
- <td width=\"22%\" valign=\"top\">&nbsp;</td>
- <td width=\"78%\"><span class=\"vexpl\"><span class=\"red\"><strong>Note:</strong></span><br>
- You will be redirected to the Snort Interfaces Menu to approve changes.<br>
- After approval, interface options will be made available.
- <br><br>
- Please select an interface and a description.
- </td>
- </tr>\n";
- }
- ?>
<tr>
<td width="22%" valign="top" class="vtable">&nbsp;</td>
<td width="78%" class="vtable">
@@ -441,10 +466,9 @@ if($id != "")
// care with spaces
if ($pconfig['enable'] == "on")
$checked = checked;
- if($id != "")
- {
+
$onclick_enable = "onClick=\"enable_change(false)\">";
- }
+
echo "
<input name=\"enable\" type=\"checkbox\" value=\"on\" $checked $onclick_enable
<strong>Enable Interface</strong></td>\n\n";
@@ -516,7 +540,7 @@ if($id != "")
<tr>
<td width="22%" valign="top">&nbsp;</td>
<td width="78%">
- <input name="Submit" type="submit" class="formbtn" value="Save"> <input name="Submit2" type="submit" class="formbtn" value="Start" onClick="enable_change(true)"> <input type="button" class="formbtn" value="Cancel" onclick="history.back()">
+ <input name="Submit" type="submit" class="formbtn" value="Save"> <?php echo $snort_up_ck; ?> <input type="button" class="formbtn" value="Cancel" onclick="history.back()">
<?php if (isset($id) && $a_nat[$id]): ?>
<input name="id" type="hidden" value="<?=$id;?>">
<?php endif; ?>
@@ -526,7 +550,7 @@ if($id != "")
<td width="22%" valign="top">&nbsp;</td>
<td width="78%"><span class="vexpl"><span class="red"><strong>Note:</strong></span>
<br>
- Please save your settings before you click start. </td>
+ Please save your settings befor you click start. </td>
</tr>
</table>
</table>
diff --git a/config/snort-dev/snort_preprocessors.php b/config/snort-dev/snort_preprocessors.php
index 0227735c..8072484d 100644
--- a/config/snort-dev/snort_preprocessors.php
+++ b/config/snort-dev/snort_preprocessors.php
@@ -107,6 +107,7 @@ if (isset($id) && $a_nat[$id]) {
$pconfig['barnyard_enable'] = $a_nat[$id]['barnyard_enable'];
$pconfig['barnyard_mysql'] = $a_nat[$id]['barnyard_mysql'];
$pconfig['enable'] = $a_nat[$id]['enable'];
+ $pconfig['uuid'] = $a_nat[$id]['uuid'];
$pconfig['interface'] = $a_nat[$id]['interface'];
$pconfig['descr'] = $a_nat[$id]['descr'];
$pconfig['performance'] = $a_nat[$id]['performance'];
@@ -136,6 +137,7 @@ if ($_POST) {
/* repost the options already in conf */
if ($pconfig['interface'] != "") { $natent['interface'] = $pconfig['interface']; }
if ($pconfig['enable'] != "") { $natent['enable'] = $pconfig['enable']; }
+ if ($pconfig['uuid'] != "") { $natent['uuid'] = $pconfig['uuid']; }
if ($pconfig['descr'] != "") { $natent['descr'] = $pconfig['descr']; }
if ($pconfig['performance'] != "") { $natent['performance'] = $pconfig['performance']; }
if ($pconfig['blockoffenders7'] != "") { $natent['blockoffenders7'] = $pconfig['blockoffenders7']; }