aboutsummaryrefslogtreecommitdiffstats
path: root/config/snort-dev
diff options
context:
space:
mode:
Diffstat (limited to 'config/snort-dev')
-rw-r--r--config/snort-dev/snort.inc109
-rw-r--r--config/snort-dev/snort_download_rules.php49
-rw-r--r--config/snort-dev/snort_dynamic_ip_reload.php23
-rw-r--r--config/snort-dev/snort_interfaces.php10
-rw-r--r--config/snort-dev/snort_interfaces_edit.php22
5 files changed, 117 insertions, 96 deletions
diff --git a/config/snort-dev/snort.inc b/config/snort-dev/snort.inc
index 7008d9b0..cd8f40ec 100644
--- a/config/snort-dev/snort.inc
+++ b/config/snort-dev/snort.inc
@@ -473,7 +473,7 @@ class array_ereg {
$id += 1;
$result_lan = $config['installedpackages']['snortglobal']['rule'][$id]['interface'];
- $if_real = convert_friendly_interface_to_real_interface_name($result_lan);
+ $if_real = convert_friendly_interface_to_real_interface_name2($result_lan);
$snort_rules_list[] = "snort_$id$if_real";
@@ -555,12 +555,61 @@ if ($id != '' && $if_real != '') //new
if ($snortbarnyardlog_info_chk == 'on')
create_barnyard2_conf($id, $if_real, $snort_uuid);
+ sync_snort_package();
+
exec("echo \"Funtion sync all $id $if_real $snort_uuid....\" >> /root/test.log");
conf_mount_ro();
}
}
}
+/* only be run on new iface create, bootup and ip refresh */
+function sync_snort_package_empty()
+{
+ global $config, $g;
+ conf_mount_rw();
+
+ /* do not start config build if rules is empty */
+ if (!empty($config['installedpackages']['snortglobal']['rule']))
+ {
+ if ($id == "")
+ {
+
+ $rule_array = $config['installedpackages']['snortglobal']['rule'];
+ $id = -1;
+ foreach ($rule_array as $value)
+ {
+
+ if ($id == '') {
+ $id = 0;
+ }
+
+ $id += 1;
+
+ $result_lan = $config['installedpackages']['snortglobal']['rule'][$id]['interface'];
+ $if_real = convert_friendly_interface_to_real_interface_name2($result_lan);
+
+ /* create snort configuration file */
+ create_snort_conf($id, $if_real, $snort_uuid);
+
+ /* if rules exist cp rules to each iface */
+ create_rules_iface($id, $if_real, $snort_uuid);
+
+ /* create barnyard2 configuration file */
+ $snortbarnyardlog_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['barnyard_enable'];
+ if ($snortbarnyardlog_info_chk == 'on')
+ create_barnyard2_conf($id, $if_real, $snort_uuid);
+
+ }
+
+ /* create snort bootup file snort.sh only create once */
+ create_snort_sh();
+
+ sync_snort_package();
+ exec("echo \"Funtion sync empty create files foreach $if_real $id....\" >> /root/test.log");
+ }
+ }
+}
/* Start of main config files */
/* Start of main config files */
@@ -637,9 +686,6 @@ $snort_sh_text3[] = <<<EOE
snort_pid="`/bin/ps -auwx | /usr/bin/grep -v grep | /usr/bin/grep "R {$snort_uuid}_{$if_real}" | /usr/bin/awk '{print $2;}'`"
/usr/bin/logger -p daemon.info -i -t SnortStartup "Snort already running, soft restart"
- #### Remake the configs on boot Important!
- /usr/local/bin/php -f /usr/local/pkg/pf/snort_dynamic_ip_reload.php $id $if_real
-
#### Restart Iface
/bin/kill -HUP \${snort_pid}
/usr/bin/logger -p daemon.info -i -t SnortStartup "Snort Soft Reload For {$snort_uuid}_{$if_real}..."
@@ -686,6 +732,7 @@ conf_mount_rw();
$snort_sh_text = <<<EOD
#!/bin/sh
+########
# This file was automatically generated
# by the pfSense service handler.
# Code added to protect from double starts on pfSense bootup
@@ -703,6 +750,10 @@ rc_start() {
/bin/echo "snort.sh run" > /tmp/snort.sh.pid
+ #### Remake the configs on boot Important!
+ /usr/local/bin/php -f /usr/local/pkg/pf/snort_dynamic_ip_reload.php
+ /usr/bin/logger -p daemon.info -i -t SnortStartup "Snort Startup files Sync..."
+
$start_snort_iface_restart
/bin/rm /tmp/snort.sh.pid
@@ -802,7 +853,7 @@ exec("echo \"Create rules $snort_uuid $if_real $id ....\" >> /root/test.log");
}
/* open barnyard2.conf for writing */
-function create_barnyard2_conf() {
+function create_barnyard2_conf($id, $if_real, $snort_uuid) {
global $bconfig, $bg, $id, $if_real;
/* write out barnyard2_conf */
@@ -1932,54 +1983,6 @@ EOD;
return $snort_conf_text;
}
-/* only be run on new iface create, bootup and ip refresh */
-function sync_snort_package_empty()
-//function sync_snort_package_all()
-{
- global $config, $g;
- conf_mount_rw();
-
- /* do not start config build if rules is empty */
- if (!empty($config['installedpackages']['snortglobal']['rule']))
- {
- if ($id == "")
- {
-
- $rule_array = $config['installedpackages']['snortglobal']['rule'];
- $id = -1;
- foreach ($rule_array as $value)
- {
-
- if ($id == '') {
- $id = 0;
- }
-
- $id += 1;
-
- $result_lan = $config['installedpackages']['snortglobal']['rule'][$id]['interface'];
- $if_real = convert_friendly_interface_to_real_interface_name($result_lan);
-
- /* create snort configuration file */
- create_snort_conf($id, $if_real);
-
- /* create snort bootup file snort.sh */
- create_snort_sh($if_real);
-
- /* if rules exist cp rules to each iface */
- create_rules_iface($id, $if_real);
-
- /* create barnyard2 configuration file */
- $snortbarnyardlog_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['barnyard_enable'];
- if ($snortbarnyardlog_info_chk == 'on')
- create_barnyard2_conf($id, $if_real);
-
- exec("echo \"Funtion sync empty create files foreach $if_real $id....\" >> /root/test.log");
-
- }
- }
- }
-}
-
/* check downloaded text from snort.org to make sure that an error did not occur
* for example, if you are not a premium subscriber you can only download rules
* so often, etc. TO BE: Removed unneeded.
diff --git a/config/snort-dev/snort_download_rules.php b/config/snort-dev/snort_download_rules.php
index 9eca60be..ead5d0c5 100644
--- a/config/snort-dev/snort_download_rules.php
+++ b/config/snort-dev/snort_download_rules.php
@@ -969,7 +969,7 @@ exec("/usr/local/bin/perl /usr/local/bin/create-sidmap.pl /usr/local/etc/snort/r
//////////////////
/* open oinkmaster_conf for writing" function */
-function oinkmaster_conf()
+function oinkmaster_conf($id, $if_real, $iface_uuid)
{
global $config, $g, $id, $if_real, $snortdir_wan, $snortdir, $snort_md5_check_ok, $emerg_md5_check_ok, $pfsense_md5_check_ok;
@@ -1014,7 +1014,7 @@ $selected_sid_off_sections
EOD;
/* open snort's oinkmaster.conf for writing */
- $oinkmasterlist = fopen("/usr/local/etc/snort/snort_$id$if_real/oinkmaster_$id$if_real.conf", "w");
+ $oinkmasterlist = fopen("/usr/local/etc/snort/snort_{$iface_uuid}_{$if_real}/oinkmaster_{$iface_uuid}_{$if_real}.conf", "w");
fwrite($oinkmasterlist, "$snort_sid_text");
@@ -1027,7 +1027,7 @@ EOD;
/* Run oinkmaster to snort_wan and cp configs */
/* If oinkmaster is not needed cp rules normally */
/* TODO add per interface settings here */
-function oinkmaster_run()
+function oinkmaster_run($id, $if_real, $iface_uuid)
{
global $config, $g, $id, $if_real, $snortdir_wan, $snortdir, $snort_md5_check_ok, $emerg_md5_check_ok, $pfsense_md5_check_ok;
@@ -1040,30 +1040,30 @@ function oinkmaster_run()
{
update_status(gettext("Your first set of rules are being copied..."));
update_output_window(gettext("May take a while..."));
- exec("/bin/echo \"test {$snortdir} {$snortdir_wan} $id$if_real\" > /root/debug");
- exec("/bin/cp {$snortdir}/rules/* {$snortdir_wan}/snort_$id$if_real/rules/");
- exec("/bin/cp {$snortdir}/classification.config {$snortdir_wan}/snort_$id$if_real");
- exec("/bin/cp {$snortdir}/gen-msg.map {$snortdir_wan}/snort_$id$if_real");
- exec("/bin/cp {$snortdir}/generators {$snortdir_wan}/snort_$id$if_real");
- exec("/bin/cp {$snortdir}/reference.config {$snortdir_wan}/snort_$id$if_real");
- exec("/bin/cp {$snortdir}/sid {$snortdir_wan}/snort_$id$if_real");
- exec("/bin/cp {$snortdir}/sid-msg.map {$snortdir_wan}/snort_$id$if_real");
- exec("/bin/cp {$snortdir}/unicode.map {$snortdir_wan}/snort_$id$if_real");
+ exec("/bin/echo \"test {$snortdir} {$snortdir_wan} {$iface_uuid}_{$if_real}\" > /root/debug");
+ exec("/bin/cp {$snortdir}/rules/* {$snortdir_wan}/snort_{$iface_uuid}_{$if_real}/rules/");
+ exec("/bin/cp {$snortdir}/classification.config {$snortdir_wan}/snort_{$iface_uuid}_{$if_real}");
+ exec("/bin/cp {$snortdir}/gen-msg.map {$snortdir_wan}/snort_{$iface_uuid}_{$if_real}");
+ exec("/bin/cp {$snortdir}/generators {$snortdir_wan}/snort_{$iface_uuid}_{$if_real}");
+ exec("/bin/cp {$snortdir}/reference.config {$snortdir_wan}/snort_{$iface_uuid}_{$if_real}");
+ exec("/bin/cp {$snortdir}/sid {$snortdir_wan}/snort_{$iface_uuid}_{$if_real}");
+ exec("/bin/cp {$snortdir}/sid-msg.map {$snortdir_wan}/snort_{$iface_uuid}_{$if_real}");
+ exec("/bin/cp {$snortdir}/unicode.map {$snortdir_wan}/snort_{$iface_uuid}_{$if_real}");
}else{
update_status(gettext("Your enable and disable changes are being applied to your fresh set of rules..."));
update_output_window(gettext("May take a while..."));
- exec("/bin/echo \"test2 {$snortdir} {$snortdir_wan} $id$if_real\" > /root/debug");
- exec("/bin/cp {$snortdir}/rules/* {$snortdir_wan}/snort_$id$if_real/rules/");
- exec("/bin/cp {$snortdir}/classification.config {$snortdir_wan}/snort_$id$if_real");
- exec("/bin/cp {$snortdir}/gen-msg.map {$snortdir_wan}/snort_$id$if_real");
- exec("/bin/cp {$snortdir}/generators {$snortdir_wan}/snort_$id$if_real");
- exec("/bin/cp {$snortdir}/reference.config {$snortdir_wan}/snort_$id$if_real");
- exec("/bin/cp {$snortdir}/sid {$snortdir_wan}/snort_$id$if_real");
- exec("/bin/cp {$snortdir}/sid-msg.map {$snortdir_wan}/snort_$id$if_real");
- exec("/bin/cp {$snortdir}/unicode.map {$snortdir_wan}/snort_$id$if_real");
+ exec("/bin/echo \"test2 {$snortdir} {$snortdir_wan} {$iface_uuid}_{$if_real}\" > /root/debug");
+ exec("/bin/cp {$snortdir}/rules/* {$snortdir_wan}/snort_{$iface_uuid}_{$if_real}/rules/");
+ exec("/bin/cp {$snortdir}/classification.config {$snortdir_wan}/snort_{$iface_uuid}_{$if_real}");
+ exec("/bin/cp {$snortdir}/gen-msg.map {$snortdir_wan}/snort_{$iface_uuid}_{$if_real}");
+ exec("/bin/cp {$snortdir}/generators {$snortdir_wan}/snort_{$iface_uuid}_{$if_real}");
+ exec("/bin/cp {$snortdir}/reference.config {$snortdir_wan}/snort_{$iface_uuid}_{$if_real}");
+ exec("/bin/cp {$snortdir}/sid {$snortdir_wan}/snort_{$iface_uuid}_{$if_real}");
+ exec("/bin/cp {$snortdir}/sid-msg.map {$snortdir_wan}/snort_{$iface_uuid}_{$if_real}");
+ exec("/bin/cp {$snortdir}/unicode.map {$snortdir_wan}/snort_{$iface_uuid}_{$if_real}");
/* might have to add a sleep for 3sec for flash drives or old drives */
- exec("/usr/local/bin/perl /usr/local/bin/oinkmaster.pl -C /usr/local/etc/snort/snort_$id$if_real/oinkmaster_$id$if_real.conf -o /usr/local/etc/snort/snort_$id$if_real/rules > /usr/local/etc/snort/oinkmaster_$id$if_real.log");
+ exec("/usr/local/bin/perl /usr/local/bin/oinkmaster.pl -C /usr/local/etc/snort/snort_{$iface_uuid}_{$if_real}/oinkmaster_{$iface_uuid}_{$if_real}.conf -o /usr/local/etc/snort/snort_{$iface_uuid}_{$if_real}/rules > /usr/local/etc/snort/oinkmaster_{$iface_uuid}_{$if_real}.log");
}
}
}
@@ -1082,12 +1082,13 @@ if (!empty($config['installedpackages']['snortglobal']['rule']))
$result_lan = $config['installedpackages']['snortglobal']['rule'][$id]['interface'];
$if_real = convert_friendly_interface_to_real_interface_name($result_lan);
+ $iface_uuid = $config['installedpackages']['snortglobal']['rule'][$id]['uuid'];
/* make oinkmaster.conf for each interface rule */
- oinkmaster_conf();
+ oinkmaster_conf($id, $if_real, $iface_uuid);
/* run oinkmaster for each interface rule */
- oinkmaster_run();
+ oinkmaster_run($id, $if_real, $iface_uuid);
}
}
diff --git a/config/snort-dev/snort_dynamic_ip_reload.php b/config/snort-dev/snort_dynamic_ip_reload.php
index dceb84b4..98d9bcce 100644
--- a/config/snort-dev/snort_dynamic_ip_reload.php
+++ b/config/snort-dev/snort_dynamic_ip_reload.php
@@ -35,23 +35,16 @@ require_once("/usr/local/pkg/snort/snort.inc");
/* get the varibles from the command line */
/* Note: snort.sh sould only be using this */
-$id = $_SERVER["argv"][1];
-$if_real = $_SERVER["argv"][2];
+//$id = $_SERVER["argv"][1];
+//$if_real = $_SERVER["argv"][2];
-$test_iface = $config['installedpackages']['snortglobal']['rule'][$id]['interface'];
+//$test_iface = $config['installedpackages']['snortglobal']['rule'][$id]['interface'];
-if ($id == "" || $if_real == "" || $test_iface == "") {
- exec("/usr/bin/logger -p daemon.info -i -t SnortDynIP \"ERORR starting snort_dynamic_ip_reload.php\"");
- exit;
- }
+//if ($id == "" || $if_real == "" || $test_iface == "") {
+// exec("/usr/bin/logger -p daemon.info -i -t SnortDynIP \"ERORR starting snort_dynamic_ip_reload.php\"");
+// exit;
+// }
-if ($id != "" && $if_real != "") {
- create_snort_conf();
-
-/* create barnyard2 configuration file */
-$snortbarnyardlog_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['barnyard_enable'];
-if ($snortbarnyardlog_info_chk == on)
- create_barnyard2_conf();
-}
+sync_snort_package_empty();
?> \ No newline at end of file
diff --git a/config/snort-dev/snort_interfaces.php b/config/snort-dev/snort_interfaces.php
index e2cf9fdb..e5e5c86b 100644
--- a/config/snort-dev/snort_interfaces.php
+++ b/config/snort-dev/snort_interfaces.php
@@ -267,7 +267,7 @@ if ($_GET['act'] == "toggle" && $_GET['id'] != "")
}
-$pgtitle = "Services: Snort 2.8.5.3 pkg v. 1.12 Beta";
+$pgtitle = "Services: Snort 2.8.5.3 pkg v. 1.14 Beta";
include("head.inc");
?>
@@ -312,6 +312,7 @@ padding: 15px 10px 50% 50px;
#footer2
{
position: relative;
+ //top: 135px;
top: -17px;
background-color: #cccccc;
background-image: none;
@@ -321,7 +322,9 @@ padding: 15px 10px 50% 50px;
padding-top: 0px;
padding-right: 0px;
padding-bottom: 0px;
- padding-left: 0px;
+ padding-left: 10px;
+ //padding-left: 0px;
+ clear: both;
}
</style>
@@ -536,10 +539,11 @@ if ($pkg['tabs'] <> "") {
?>
</form>
+
</div> <!-- Right DIV -->
</div> <!-- Content DIV -->
- <div id="footer2">
+ <div id="footer2"> <!-- style="width:760px; -->
<IMG SRC="./images/footer2.jpg" width="780px" height="35" ALT="Apps">
<font size="1">Snort® is a registered trademark of Sourcefire, Inc., Barnyard2® is a registered trademark of securixlive.com., Orion® copyright Robert Zelaya.,
Emergingthreats is a registered trademark of emergingthreats.net., Mysql® is a registered trademark of Mysql.com.</font>
diff --git a/config/snort-dev/snort_interfaces_edit.php b/config/snort-dev/snort_interfaces_edit.php
index f91f56eb..551c0460 100644
--- a/config/snort-dev/snort_interfaces_edit.php
+++ b/config/snort-dev/snort_interfaces_edit.php
@@ -305,6 +305,12 @@ if ($_POST["Submit"]) {
}
//touch($d_natconfdirty_path);
+ header( 'Expires: Sat, 26 Jul 1997 05:00:00 GMT' );
+ header( 'Last-Modified: ' . gmdate( 'D, d M Y H:i:s' ) . ' GMT' );
+ header( 'Cache-Control: no-store, no-cache, must-revalidate' );
+ header( 'Cache-Control: post-check=0, pre-check=0', false );
+ header( 'Pragma: no-cache' );
+ sleep(2);
header("Location: /snort/snort_interfaces_edit.php?id=$id");
exit;
@@ -327,8 +333,13 @@ if ($_POST["Submit"]) {
sync_snort_package_all($id, $if_real);
sleep(1);
exec("/usr/local/bin/snort -u snort -g snort -R \"{$snort_uuid}_{$if_real}\" -D -q -l /var/log/snort -G {$snort_uuid} -c /usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/snort.conf -i {$if_real}");
+ header( 'Expires: Sat, 26 Jul 1997 05:00:00 GMT' );
+ header( 'Last-Modified: ' . gmdate( 'D, d M Y H:i:s' ) . ' GMT' );
+ header( 'Cache-Control: no-store, no-cache, must-revalidate' );
+ header( 'Cache-Control: post-check=0, pre-check=0', false );
+ header( 'Pragma: no-cache' );
+ sleep(2);
header("Location: /snort/snort_interfaces_edit.php?id=$id");
- exit;
}
if ($_POST["Submit3"])
@@ -351,6 +362,15 @@ if ($_POST["Submit"]) {
exec("/bin/kill {$start_up_r}");
exec("/bin/rm /var/run/snort_{$snort_uuid}_{$if_real}*");
}
+ header( 'Expires: Sat, 26 Jul 1997 05:00:00 GMT' );
+ header( 'Last-Modified: ' . gmdate( 'D, d M Y H:i:s' ) . ' GMT' );
+ header( 'Cache-Control: no-store, no-cache, must-revalidate' );
+ header( 'Cache-Control: post-check=0, pre-check=0', false );
+ header( 'Pragma: no-cache' );
+ sleep(2);
+ header("Location: /snort/snort_interfaces_edit.php?id=$id");
+
+
}
$iface_uuid = $a_nat[$id]['uuid'];