aboutsummaryrefslogtreecommitdiffstats
path: root/config/snort-dev
diff options
context:
space:
mode:
Diffstat (limited to 'config/snort-dev')
-rw-r--r--config/snort-dev/snort_check_for_rule_updates.php24
-rw-r--r--config/snort-dev/snort_download_rules.php20
-rw-r--r--config/snort-dev/snort_interfaces.php2
3 files changed, 39 insertions, 7 deletions
diff --git a/config/snort-dev/snort_check_for_rule_updates.php b/config/snort-dev/snort_check_for_rule_updates.php
index 48a2ee73..1bc48a28 100644
--- a/config/snort-dev/snort_check_for_rule_updates.php
+++ b/config/snort-dev/snort_check_for_rule_updates.php
@@ -67,6 +67,7 @@ $config['installedpackages']['snortglobal']['last_md5_download'] = date("Y-M-jS-
/* send current buffer */
ob_flush();
+conf_mount_rw();
/* define oinkid */
if($config['installedpackages']['snortglobal'])
@@ -101,6 +102,7 @@ if ($premium_url_chk == "premium") {
/* send current buffer */
ob_flush();
+conf_mount_rw();
/* remove old $tmpfname files */
if (file_exists("{$tmpfname}")) {
@@ -116,6 +118,7 @@ exec("/bin/mkdir -p {$snortdir}/signatures");
/* send current buffer */
ob_flush();
+conf_mount_rw();
/* If tmp dir does not exist create it */
if (file_exists($tmpfname)) {
@@ -263,15 +266,19 @@ exec("/usr/bin/logger -p daemon.info -i -t SnortStartup 'SNORT RULES ARE OUT OF
exec("/usr/bin/logger -p daemon.info -i -t SnortStartup 'Stopping All Snort Package Services...'");
$chk_if_snort_up = exec("pgrep -x snort");
if ($chk_if_snort_up != "") {
- exec("/usr/bin/touch /tmp/snort_download_halt.pid");
+
+
+ exec("/usr/bin/touch /tmp/snort_download_halt.pid");
/* dont flood the syslog code */
exec("/bin/cp /var/log/system.log /var/log/system.log.bk");
sleep(3);
exec("/usr/bin/killall snort");
+ exec("/bin/rm /var/run/snort*");
sleep(2);
exec("/usr/bin/killall barnyard2");
+ exec("/bin/rm /var/run/barnyard2*");
/* stop syslog flood code */
exec("/bin/cp /var/log/system.log /var/log/snort/snort_sys_rules_update.log");
@@ -679,8 +686,8 @@ if ($snort_md5_check_ok != on || $emerg_md5_check_chk_ok != on || $pfsense_md5_c
if (empty($config['installedpackages']['snortglobal']['rule'][$id]['rule_sid_on']) || empty($config['installedpackages']['snortglobal']['rule'][$id]['rule_sid_off'])) {
echo "Your first set of rules are being copied...\n";
echo "May take a while...\n";
- exec("/bin/echo \"test {$snortdir} {$snortdir_wan} $id$if_real\" > /root/debug");
- exec("/bin/cp {$snortdir}/rules/\* {$snortdir_wan}/snort_$id$if_real/rules/");
+ exec("/bin/echo \"test {$snortdir} {$snortdir_wan} $id$if_real\" >> /root/debug");
+ exec("/bin/cp {$snortdir}/rules/* {$snortdir_wan}/snort_$id$if_real/rules/");
exec("/bin/cp {$snortdir}/classification.config {$snortdir_wan}/snort_$id$if_real");
exec("/bin/cp {$snortdir}/gen-msg.map {$snortdir_wan}/snort_$id$if_real");
exec("/bin/cp {$snortdir}/generators {$snortdir_wan}/snort_$id$if_real");
@@ -693,7 +700,7 @@ if ($snort_md5_check_ok != on || $emerg_md5_check_chk_ok != on || $pfsense_md5_c
echo "Your enable and disable changes are being applied to your fresh set of rules...\n";
echo "May take a while...\n";
exec("/bin/echo \"test2 {$snortdir} {$snortdir_wan} $id$if_real\" > /root/debug");
- exec("/bin/cp {$snortdir}/rules/\* {$snortdir_wan}/snort_$id$if_real/rules/");
+ exec("/bin/cp {$snortdir}/rules/* {$snortdir_wan}/snort_$id$if_real/rules/");
exec("/bin/cp {$snortdir}/classification.config {$snortdir_wan}/snort_$id$if_real");
exec("/bin/cp {$snortdir}/gen-msg.map {$snortdir_wan}/snort_$id$if_real");
exec("/bin/cp {$snortdir}/generators {$snortdir_wan}/snort_$id$if_real");
@@ -727,10 +734,17 @@ sleep(2);
apc_clear_cache();
exec("/bin/sync ;/bin/sync ;/bin/sync ;/bin/sync ;/bin/sync ;/bin/sync ;/bin/sync ;/bin/sync");
+ /* make snort the owner */
+ exec("/usr/sbin/chown -R snort:snort /var/log/snort");
+ exec("/usr/sbin/chown -R snort:snort /usr/local/etc/snort");
+ exec("/usr/sbin/chown -R snort:snort /usr/local/lib/snort");
+ exec("/bin/chmod -R 755 /var/log/snort");
+ exec("/bin/chmod -R 755 /usr/local/etc/snort");
+ exec("/bin/chmod -R 755 /usr/local/lib/snort");
+
/* if snort is running hardrestart, if snort is not running do nothing */
if (file_exists("/tmp/snort_download_halt.pid")) {
exec("/bin/sh /usr/local/etc/rc.d/snort* start");
- start_service("snort");
echo "The Rules update finished...\n";
echo "Snort has restarted with your new set of rules...\n";
exec("/usr/bin/logger -p daemon.info -i -t SnortStartup 'SNORT RULE UPDATE FINNISHED...'");
diff --git a/config/snort-dev/snort_download_rules.php b/config/snort-dev/snort_download_rules.php
index d7b58c39..952a4d4d 100644
--- a/config/snort-dev/snort_download_rules.php
+++ b/config/snort-dev/snort_download_rules.php
@@ -53,8 +53,22 @@ if (isset($_POST['id_d']))
$last_md5_download = $config['installedpackages']['snortglobal']['last_md5_download'];
$last_rules_install = $config['installedpackages']['snortglobal']['last_rules_install'];
+$snort_rule_d_chk = $config['installedpackages']['snortglobal']['snortdownload'];
+$emrging_rule_d_chk = $config['installedpackages']['snortglobal']['emergingthreats'];
+
+if ($snort_rule_d_chk != premium || $snort_rule_d_chk == "" )
+ $snort_rule_d_info = "no";
+
+if ($emrging_rule_d_chk != on || $emrging_rule_d_chk == "" )
+ $emrging_rule_d_info = "no";
+
+if ($snort_rule_d_info == "no" && $emrging_rule_d_info = "no")
+ $snort_$emrging_info = "stop";
+
+
+
/* If no id show the user a button */
-if ($id_d == "") {
+if ($id_d == "" || $snort_$emrging_info = "stop") {
$pgtitle = "Services: Snort: Update Rules";
@@ -117,8 +131,12 @@ echo "</td>\n
\n
<p>\n\n";
+if ($id_d == "")
echo "Click on the <strong>\"Update Rules\"</strong> button to start the updates. <br><br> \n";
+if ($snort_$emrging_info = "stop")
+echo "Click on the <strong>\"Global Settings\"</strong> TAB and select ether snort.org or enmergingthreats.net rules to download. <br><br> \n";
+
if ($config['installedpackages']['snortglobal']['last_md5_download'] != "")
echo "The last time the updates were started <strong>$last_md5_download</strong>. <br><br> \n";
diff --git a/config/snort-dev/snort_interfaces.php b/config/snort-dev/snort_interfaces.php
index f358e6c6..fc7d2c6e 100644
--- a/config/snort-dev/snort_interfaces.php
+++ b/config/snort-dev/snort_interfaces.php
@@ -275,7 +275,7 @@ if ($_GET['act'] == "toggle" && $_GET['id'] != "")
}
-$pgtitle = "Services: Snort 2.8.4.1_6 pkg v. 1.8 RC2";
+$pgtitle = "Services: Snort 2.8.4.1_6 pkg v. 1.8 RC1";
include("head.inc");
?>