aboutsummaryrefslogtreecommitdiffstats
path: root/config/snort-dev
diff options
context:
space:
mode:
Diffstat (limited to 'config/snort-dev')
-rw-r--r--config/snort-dev/snort.xml2
-rw-r--r--config/snort-dev/snort_check_for_rule_updates.php212
2 files changed, 122 insertions, 92 deletions
diff --git a/config/snort-dev/snort.xml b/config/snort-dev/snort.xml
index 013e30ca..7a61d8c1 100644
--- a/config/snort-dev/snort.xml
+++ b/config/snort-dev/snort.xml
@@ -47,7 +47,7 @@
<faq>Currently there are no FAQ items provided.</faq>
<name>Snort</name>
<version>2.8.4.1_1</version>
- <title>Services: Snort 2.8.4.1_1 pkg v. 1.6 RC3</title>
+ <title>Services: Snort 2.8.4.1_1 pkg v. 1.6 RC4</title>
<include_file>/usr/local/pkg/snort.inc</include_file>
<menu>
<name>Snort</name>
diff --git a/config/snort-dev/snort_check_for_rule_updates.php b/config/snort-dev/snort_check_for_rule_updates.php
index f99ff08d..8a6aedc9 100644
--- a/config/snort-dev/snort_check_for_rule_updates.php
+++ b/config/snort-dev/snort_check_for_rule_updates.php
@@ -309,23 +309,23 @@ if ($snort_md5_check_ok != on) {
if (file_exists("{$tmpfname}/{$snort_filename}")) {
echo "Extracting rules...\n";
echo "May take a while...\n";
- exec("/usr/bin/tar xzf {$tmpfname}/{$snort_filename} -C {$tmpfname} rules/");
- exec("/usr/bin/tar xzf {$tmpfname}/{$snort_filename} -C {$tmpfname} etc/");
- exec("`/usr/bin/tar xzf {$tmpfname}/{$snort_filename} -C {$tmpfname} so_rules/precompiled/FreeBSD-7.0/i386/2.8.4/*`");
- exec("/usr/bin/tar xzf {$tmpfname}/{$snort_filename} -C {$tmpfname} so_rules/bad-traffic.rules/");
- exec("/usr/bin/tar xzf {$tmpfname}/{$snort_filename} -C {$tmpfname} so_rules/chat.rules/");
- exec("/usr/bin/tar xzf {$tmpfname}/{$snort_filename} -C {$tmpfname} so_rules/dos.rules/");
- exec("/usr/bin/tar xzf {$tmpfname}/{$snort_filename} -C {$tmpfname} so_rules/exploit.rules/");
- exec("/usr/bin/tar xzf {$tmpfname}/{$snort_filename} -C {$tmpfname} so_rules/imap.rules/");
- exec("/usr/bin/tar xzf {$tmpfname}/{$snort_filename} -C {$tmpfname} so_rules/misc.rules/");
- exec("/usr/bin/tar xzf {$tmpfname}/{$snort_filename} -C {$tmpfname} so_rules/multimedia.rules/");
- exec("/usr/bin/tar xzf {$tmpfname}/{$snort_filename} -C {$tmpfname} so_rules/netbios.rules/");
- exec("/usr/bin/tar xzf {$tmpfname}/{$snort_filename} -C {$tmpfname} so_rules/nntp.rules/");
- exec("/usr/bin/tar xzf {$tmpfname}/{$snort_filename} -C {$tmpfname} so_rules/p2p.rules/");
- exec("/usr/bin/tar xzf {$tmpfname}/{$snort_filename} -C {$tmpfname} so_rules/smtp.rules/");
- exec("/usr/bin/tar xzf {$tmpfname}/{$snort_filename} -C {$tmpfname} so_rules/sql.rules/");
- exec("/usr/bin/tar xzf {$tmpfname}/{$snort_filename} -C {$tmpfname} so_rules/web-client.rules/");
- exec("/usr/bin/tar xzf {$tmpfname}/{$snort_filename} -C {$tmpfname} so_rules/web-misc.rules/");
+ exec("/usr/bin/tar xzf {$tmpfname}/{$snort_filename} -C {$snortdir} rules/");
+ exec("/usr/bin/tar xzf {$tmpfname}/{$snort_filename} -C {$snortdir} etc/");
+ exec("`/usr/bin/tar xzf {$tmpfname}/{$snort_filename} -C {$snortdir} so_rules/precompiled/FreeBSD-7.0/i386/2.8.4/*`");
+ exec("/usr/bin/tar xzf {$tmpfname}/{$snort_filename} -C {$snortdir} so_rules/bad-traffic.rules/");
+ exec("/usr/bin/tar xzf {$tmpfname}/{$snort_filename} -C {$snortdir} so_rules/chat.rules/");
+ exec("/usr/bin/tar xzf {$tmpfname}/{$snort_filename} -C {$snortdir} so_rules/dos.rules/");
+ exec("/usr/bin/tar xzf {$tmpfname}/{$snort_filename} -C {$snortdir} so_rules/exploit.rules/");
+ exec("/usr/bin/tar xzf {$tmpfname}/{$snort_filename} -C {$snortdir} so_rules/imap.rules/");
+ exec("/usr/bin/tar xzf {$tmpfname}/{$snort_filename} -C {$snortdir} so_rules/misc.rules/");
+ exec("/usr/bin/tar xzf {$tmpfname}/{$snort_filename} -C {$snortdir} so_rules/multimedia.rules/");
+ exec("/usr/bin/tar xzf {$tmpfname}/{$snort_filename} -C {$snortdir} so_rules/netbios.rules/");
+ exec("/usr/bin/tar xzf {$tmpfname}/{$snort_filename} -C {$snortdir} so_rules/nntp.rules/");
+ exec("/usr/bin/tar xzf {$tmpfname}/{$snort_filename} -C {$snortdir} so_rules/p2p.rules/");
+ exec("/usr/bin/tar xzf {$tmpfname}/{$snort_filename} -C {$snortdir} so_rules/smtp.rules/");
+ exec("/usr/bin/tar xzf {$tmpfname}/{$snort_filename} -C {$snortdir} so_rules/sql.rules/");
+ exec("/usr/bin/tar xzf {$tmpfname}/{$snort_filename} -C {$snortdir} so_rules/web-client.rules/");
+ exec("/usr/bin/tar xzf {$tmpfname}/{$snort_filename} -C {$snortdir} so_rules/web-misc.rules/");
echo "Done extracting Rules.\n";
} else {
echo "The Download rules file missing...\n";
@@ -340,7 +340,7 @@ if ($emerg_md5_check_chk_ok != on) {
if (file_exists("{$tmpfname}/{$emergingthreats_filename}")) {
echo "Extracting rules...\n";
echo "May take a while...\n";
- exec("/usr/bin/tar xzf {$tmpfname}/{$emergingthreats_filename} -C {$tmpfname} rules/");
+ exec("/usr/bin/tar xzf {$tmpfname}/{$emergingthreats_filename} -C {$snortdir} rules/");
}
}
}
@@ -350,7 +350,7 @@ if ($pfsense_md5_check_ok != on) {
if (file_exists("{$tmpfname}/{$pfsense_rules_filename}")) {
echo "Extracting Pfsense rules...\n";
echo "May take a while...\n";
- exec("/usr/bin/tar xzf {$tmpfname}/{$pfsense_rules_filename} -C {$tmpfname} rules/");
+ exec("/usr/bin/tar xzf {$tmpfname}/{$pfsense_rules_filename} -C {$snortdir} rules/");
}
}
@@ -361,58 +361,59 @@ $signature_info_chk = $config['installedpackages']['snortadvanced']['config'][0]
if ($premium_url_chk == on) {
echo "Extracting Signatures...\n";
echo "May take a while...\n";
- exec("/usr/bin/tar xzf {$tmpfname}/{$snort_filename} -C {$tmpfname} doc/signatures/");
+ exec("/usr/bin/tar xzf {$tmpfname}/{$snort_filename} -C {$snortdir} doc/signatures/");
echo "Done extracting Signatures.\n";
}
}
}
/* Make Clean Snort Directory */
-if ($snort_md5_check_ok != on && $emerg_md5_check_chk_ok != on && $pfsense_md5_check_ok != on) {
-if (file_exists("{$snortdir}/rules")) {
- echo "Cleaning the snort Directory...\n";
- echo "removing...\n";
- exec("/bin/mkdir -p {$snortdir}");
- exec("/bin/mkdir -p {$snortdir}/rules");
- exec("/bin/mkdir -p {$snortdir}/signatures");
- exec("/bin/rm {$snortdir}/*");
- exec("/bin/rm {$snortdir}/rules/*");
- exec("/bin/rm {$snortdir_wan}/*");
- exec("/bin/rm {$snortdir_wan}/rules/*");
- exec("/bin/rm /usr/local/lib/snort/dynamicrules/*");
-} else {
- echo "Making Snort Directory...\n";
- echo "should be fast...\n";
- exec("/bin/mkdir {$snortdir}");
- exec("/bin/mkdir {$snortdir}/rules");
- exec("/bin/rm {$snortdir_wan}/\*");
- exec("/bin/rm {$snortdir_wan}/rules/*");
- exec("/bin/rm /usr/local/lib/snort/dynamicrules/\*");
- echo "Done making snort direcory.\n";
- }
-}
+//if ($snort_md5_check_ok != on && $emerg_md5_check_chk_ok != on && $pfsense_md5_check_ok != on) {
+//if (file_exists("{$snortdir}/rules")) {
+// echo "Cleaning the snort Directory...\n";
+// echo "removing...\n";
+// exec("/bin/mkdir -p {$snortdir}");
+// exec("/bin/mkdir -p {$snortdir}/rules");
+// exec("/bin/mkdir -p {$snortdir}/signatures");
+// exec("/bin/rm {$snortdir}/*");
+// exec("/bin/rm {$snortdir}/rules/*");
+// exec("/bin/rm {$snortdir_wan}/*");
+// exec("/bin/rm {$snortdir_wan}/rules/*");
+// exec("/bin/rm /usr/local/lib/snort/dynamicrules/*");
+//} else {
+// echo "Making Snort Directory...\n";
+// echo "should be fast...\n";
+// exec("/bin/mkdir {$snortdir}");
+// exec("/bin/mkdir {$snortdir}/rules");
+// exec("/bin/rm {$snortdir_wan}/\*");
+// exec("/bin/rm {$snortdir_wan}/rules/*");
+// exec("/bin/rm /usr/local/lib/snort/dynamicrules/\*");
+// echo "Done making snort direcory.\n";
+// }
+//}
/* Copy so_rules dir to snort lib dir */
if ($snort_md5_check_ok != on) {
-if (file_exists("{$tmpfname}/so_rules/precompiled/FreeBSD-7.0/i386/2.8.4/")) {
+if (file_exists("{$snortdir}/so_rules/precompiled/FreeBSD-7.0/i386/2.8.4/")) {
echo "Copying so_rules...\n";
echo "May take a while...\n";
sleep(2);
- exec("`/bin/cp -f {$tmpfname}/so_rules/precompiled/FreeBSD-7.0/i386/2.8.4/* /usr/local/lib/snort/dynamicrules/`");
- exec("/bin/cp {$tmpfname}/so_rules/bad-traffic.rules {$snortdir}/rules/bad-traffic.so.rules");
- exec("/bin/cp {$tmpfname}/so_rules/chat.rules {$snortdir}/rules/chat.so.rules");
- exec("/bin/cp {$tmpfname}/so_rules/dos.rules {$snortdir}/rules/dos.so.rules");
- exec("/bin/cp {$tmpfname}/so_rules/exploit.rules {$snortdir}/rules/exploit.so.rules");
- exec("/bin/cp {$tmpfname}/so_rules/imap.rules {$snortdir}/rules/imap.so.rules");
- exec("/bin/cp {$tmpfname}/so_rules/misc.rules {$snortdir}/rules/misc.so.rules");
- exec("/bin/cp {$tmpfname}/so_rules/multimedia.rules {$snortdir}/rules/multimedia.so.rules");
- exec("/bin/cp {$tmpfname}/so_rules/netbios.rules {$snortdir}/rules/netbios.so.rules");
- exec("/bin/cp {$tmpfname}/so_rules/nntp.rules {$snortdir}/rules/nntp.so.rules");
- exec("/bin/cp {$tmpfname}/so_rules/p2p.rules {$snortdir}/rules/p2p.so.rules");
- exec("/bin/cp {$tmpfname}/so_rules/smtp.rules {$snortdir}/rules/smtp.so.rules");
- exec("/bin/cp {$tmpfname}/so_rules/sql.rules {$snortdir}/rules/sql.so.rules");
- exec("/bin/cp {$tmpfname}/so_rules/web-client.rules {$snortdir}/rules/web-client.so.rules");
- exec("/bin/cp {$tmpfname}/so_rules/web-misc.rules {$snortdir}/rules/web-misc.so.rules");
+ exec("`/bin/cp -f {$snortdir}/so_rules/precompiled/FreeBSD-7.0/i386/2.8.4/* /usr/local/lib/snort/dynamicrules/`");
+ exec("/bin/cp {$snortdir}/so_rules/bad-traffic.rules {$snortdir}/rules/bad-traffic.so.rules");
+ exec("/bin/cp {$snortdir}/so_rules/chat.rules {$snortdir}/rules/chat.so.rules");
+ exec("/bin/cp {$snortdir}/so_rules/dos.rules {$snortdir}/rules/dos.so.rules");
+ exec("/bin/cp {$snortdir}/so_rules/exploit.rules {$snortdir}/rules/exploit.so.rules");
+ exec("/bin/cp {$snortdir}/so_rules/imap.rules {$snortdir}/rules/imap.so.rules");
+ exec("/bin/cp {$snortdir}/so_rules/misc.rules {$snortdir}/rules/misc.so.rules");
+ exec("/bin/cp {$snortdir}/so_rules/multimedia.rules {$snortdir}/rules/multimedia.so.rules");
+ exec("/bin/cp {$snortdir}/so_rules/netbios.rules {$snortdir}/rules/netbios.so.rules");
+ exec("/bin/cp {$snortdir}/so_rules/nntp.rules {$snortdir}/rules/nntp.so.rules");
+ exec("/bin/cp {$snortdir}/so_rules/p2p.rules {$snortdir}/rules/p2p.so.rules");
+ exec("/bin/cp {$snortdir}/so_rules/smtp.rules {$snortdir}/rules/smtp.so.rules");
+ exec("/bin/cp {$snortdir}/so_rules/sql.rules {$snortdir}/rules/sql.so.rules");
+ exec("/bin/cp {$snortdir}/so_rules/web-client.rules {$snortdir}/rules/web-client.so.rules");
+ exec("/bin/cp {$snortdir}/so_rules/web-misc.rules {$snortdir}/rules/web-misc.so.rules");
+ exec("/bin/rm -r {$snortdir}/so_rules");
echo "Done copying so_rules.\n";
} else {
echo "Directory so_rules does not exist...\n";
@@ -425,15 +426,19 @@ if (file_exists("{$tmpfname}/so_rules/precompiled/FreeBSD-7.0/i386/2.8.4/")) {
/* TODO carry signature changes with the updates */
if ($snort_md5_check_ok != on || $emerg_md5_check_chk_ok != on || $pfsense_md5_check_ok != on) {
+if (!empty($config['installedpackages']['snort']['rule_sid_on'])) {
$enabled_sid_on = $config['installedpackages']['snort']['rule_sid_on'];
-$enabled_sid_on_array = split("\|\|", $enabled_sid_on);
+$enabled_sid_on_array = split('\|\|', $enabled_sid_on);
foreach($enabled_sid_on_array as $enabled_item_on)
-$selected_sid_on_sections .= "enable $enabled_item_on\n";
+$selected_sid_on_sections .= "$enabled_item_on\n";
+ }
+if (!empty($config['installedpackages']['snort']['rule_sid_off'])) {
$enabled_sid_off = $config['installedpackages']['snort']['rule_sid_off'];
-$enabled_sid_off_array = split("\|\|", $enabled_sid_off);
+$enabled_sid_off_array = split('\|\|', $enabled_sid_off);
foreach($enabled_sid_off_array as $enabled_item_off)
-$selected_sid_off_sections .= "disable $enabled_item_off\n";
+$selected_sid_off_sections .= "$enabled_item_off\n";
+ }
$snort_sid_text = <<<EOD
@@ -467,9 +472,10 @@ EOD;
/* Copy configs to snort dir */
if ($snort_md5_check_ok != on) {
-if (file_exists("{$tmpfname}/etc/Makefile.am")) {
+if (file_exists("{$snortdir}/etc/Makefile.am")) {
echo "Copying configs to snort directory...\n";
- exec("/bin/cp {$tmpfname}/etc/* {$snortdir}");
+ exec("/bin/cp {$snortdir}/etc/* {$snortdir}");
+ exec("/bin/rm -r {$snortdir}/etc");
} else {
echo "The snort configs does not exist...\n";
echo "Error copping config...\n";
@@ -519,10 +525,11 @@ if (file_exists("{$tmpfname}/$pfsense_rules_filename_md5")) {
if ($snort_md5_check_ok != on) {
$signature_info_chk = $config['installedpackages']['snort']['config'][0]['signatureinfo'];
if ($premium_url_chk == on) {
-if (file_exists("{$tmpfname}/doc/signatures")) {
+if (file_exists("{$snortdir}/doc/signatures")) {
echo "Copying signatures...\n";
echo "May take a while...\n";
- exec("/bin/mv -f {$tmpfname}/doc/signatures {$snortdir}/signatures");
+ exec("/bin/mv -f {$snortdir}/doc/signatures {$snortdir}/signatures");
+ exec("/bin/rm -r {$snortdir}/doc/signatures");
echo "Done copying signatures.\n";
} else {
echo "Directory signatures exist...\n";
@@ -533,21 +540,21 @@ if (file_exists("{$tmpfname}/doc/signatures")) {
}
/* Copy snort rules and emergingthreats and pfsense dir to snort dir */
-if ($snort_md5_check_ok != on || $emerg_md5_check_chk_ok != on || $pfsense_md5_check_ok != on) {
-if (file_exists("{$tmpfname}/rules")) {
- echo "Copying rules...\n";
- echo "May take a while...\n";
- exec("/bin/cp {$tmpfname}/rules/* {$snortdir}/rules");
- echo "Done copping rules.\n";
+//if ($snort_md5_check_ok != on || $emerg_md5_check_chk_ok != on || $pfsense_md5_check_ok != on) {
+//if (file_exists("{$tmpfname}/rules")) {
+// echo "Copying rules...\n";
+// echo "May take a while...\n";
+// exec("/bin/cp {$tmpfname}/rules/* {$snortdir}/rules");
+// echo "Done copping rules.\n";
/* Write out time of last sucsessful rule install catch */
- $config['installedpackages']['snort']['last_rules_install'] = date("Y-M-jS-h:i-A");
- write_config();
-} else {
- echo "Directory rules does not exists...\n";
- echo "Error copying rules direcory...\n";
- exit(0);
- }
-}
+// $config['installedpackages']['snort']['last_rules_install'] = date("Y-M-jS-h:i-A");
+// write_config();
+//} else {
+// echo "Directory rules does not exists...\n";
+// echo "Error copying rules direcory...\n";
+// exit(0);
+// }
+//}
/* double make shure clean up emerg rules that dont belong */
if (file_exists("/usr/local/etc/snort_bkup/rules/emerging-botcc-BLOCK.rules")) {
@@ -572,22 +579,45 @@ sleep(2);
exec("/usr/local/bin/perl /usr/local/bin/create-sidmap.pl /usr/local/etc/snort_bkup/rules > /usr/local/etc/snort_bkup/gen-msg.map");
/* Run oinkmaster to snort_wan and cp configs */
+/* If oinkmaster is not needed cp rules normally */
+/* TODO add per interface settings here */
if ($snort_md5_check_ok != on || $emerg_md5_check_chk_ok != on || $pfsense_md5_check_ok != on) {
+
+ if (empty($config['installedpackages']['snort']['rule_sid_on']) || empty($config['installedpackages']['snort']['rule_sid_off'])) {
echo "Your enable and disable changes are being applied to your fresh set of rules...\n";
echo "May take a while...\n";
-exec("/bin/cp {$snortdir}/classification.config {$snortdir_wan}");
-exec("/bin/cp {$snortdir}/gen-msg.map {$snortdir_wan}");
-exec("/bin/cp {$snortdir}/generators {$snortdir_wan}");
-exec("/bin/cp {$snortdir}/reference.config {$snortdir_wan}");
-exec("/bin/cp {$snortdir}/sid {$snortdir_wan}");
-exec("/bin/cp {$snortdir}/sid-msg.map {$snortdir_wan}");
-exec("/bin/cp {$snortdir}/snort.conf {$snortdir_wan}");
-exec("/bin/cp {$snortdir}/threshold.conf {$snortdir_wan}");
-exec("/bin/cp {$snortdir}/unicode.map {$snortdir_wan}");
+ exec("/bin/cp {$snortdir}/rules/* {$snortdir_wan}/rules/");
+ exec("/bin/cp {$snortdir}/classification.config {$snortdir_wan}");
+ exec("/bin/cp {$snortdir}/gen-msg.map {$snortdir_wan}");
+ exec("/bin/cp {$snortdir}/generators {$snortdir_wan}");
+ exec("/bin/cp {$snortdir}/reference.config {$snortdir_wan}");
+ exec("/bin/cp {$snortdir}/sid {$snortdir_wan}");
+ exec("/bin/cp {$snortdir}/sid-msg.map {$snortdir_wan}");
+ exec("/bin/cp {$snortdir}/snort.conf {$snortdir_wan}");
+ exec("/bin/cp {$snortdir}/threshold.conf {$snortdir_wan}");
+ exec("/bin/cp {$snortdir}/unicode.map {$snortdir_wan}");
-exec("/usr/local/bin/perl /usr/local/bin/oinkmaster.pl -C /usr/local/etc/snort_bkup/oinkmaster.conf -o /usr/local/etc/snort/rules > /usr/local/etc/snort_bkup/oinkmaster.log");
+} else {
+ exec("/bin/cp {$snortdir}/classification.config {$snortdir_wan}");
+ exec("/bin/cp {$snortdir}/gen-msg.map {$snortdir_wan}");
+ exec("/bin/cp {$snortdir}/generators {$snortdir_wan}");
+ exec("/bin/cp {$snortdir}/reference.config {$snortdir_wan}");
+ exec("/bin/cp {$snortdir}/sid {$snortdir_wan}");
+ exec("/bin/cp {$snortdir}/sid-msg.map {$snortdir_wan}");
+ exec("/bin/cp {$snortdir}/snort.conf {$snortdir_wan}");
+ exec("/bin/cp {$snortdir}/threshold.conf {$snortdir_wan}");
+ exec("/bin/cp {$snortdir}/unicode.map {$snortdir_wan}");
+
+ /* oinkmaster.pl will convert saved changes for the new updates then we have to change #alert to # alert for the gui */
+ /* might have to add a sleep for 3sec for flash drives or old drives */
+ exec("/usr/local/bin/perl /usr/local/bin/oinkmaster.pl -C /usr/local/etc/snort_bkup/oinkmaster.conf -o /usr/local/etc/snort/rules > /usr/local/etc/snort_bkup/oinkmaster.log");
+ exec("/usr/local/bin/perl -pi -e 's/#alert/# alert/g' /usr/local/etc/snort/rules/*.rules");
+ exec("/usr/local/bin/perl -pi -e 's/##alert/# alert/g' /usr/local/etc/snort/rules/*.rules");
+ exec("/usr/local/bin/perl -pi -e 's/## alert/# alert/g' /usr/local/etc/snort/rules/*.rules");
+
+ }
}
/* php code to flush out cache some people are reportting missing files this might help */