diff options
Diffstat (limited to 'config/snort-dev')
-rw-r--r-- | config/snort-dev/snort.inc | 125 | ||||
-rw-r--r-- | config/snort-dev/snort.xml | 45 |
2 files changed, 165 insertions, 5 deletions
diff --git a/config/snort-dev/snort.inc b/config/snort-dev/snort.inc index ca640551..7a7282bb 100644 --- a/config/snort-dev/snort.inc +++ b/config/snort-dev/snort.inc @@ -68,11 +68,11 @@ function sync_package_snort() $bpfmaxbufsize = $config['installedpackages']['snortadvanced']['config'][0]['bpfmaxbufsize']; $bpfmaxinsns = $config['installedpackages']['snortadvanced']['config'][0]['bpfmaxinsns']; - /* set the snort performance model */ - if($config['installedpackages']['snort']['config'][0]['performance']) - $snort_performance = $config['installedpackages']['snort']['config'][0]['performance']; - else - $snort_performance = "ac-bnfa"; +// /* set the snort performance model */ +// if($config['installedpackages']['snort']['config'][0]['performance']) +// $snort_performance = $config['installedpackages']['snort']['config'][0]['performance']; +// else +// $snort_performance = "ac-bnfa"; conf_mount_rw(); /* create a few directories and ensure the sample files are in place */ @@ -585,6 +585,121 @@ else else $snort_performance = "ac-bnfa"; + /* set the snort block hosts time */ + $snort_rm_blocked_info_ck = $config['installedpackages']['snort']['config'][0]['rm_blocked']; + if ($snort_rm_blocked_info_ck == "never_b") + $snort_rm_blocked_false = ""; + else + $snort_rm_blocked_false = "true"; + +function snort_rm_blocked_install_cron($should_install) { + global $config, $g; + + if ($g['booting']==true) + return; + + $is_installed = false; + + if(!$config['cron']['item']) + return; + + $x=0; + foreach($config['cron']['item'] as $item) { + if (strstr($item['command'], "snort2c")) { + $is_installed = true; + break; + } + $x++; + } + $snort_rm_blocked_info_ck = $config['installedpackages']['snort']['config'][0]['rm_blocked']; + if ($snort_rm_blocked_info_ck == "1h_b") { + $snort_rm_blocked_min = "*"; + $snort_rm_blocked_hr = "*/1"; + $snort_rm_blocked_mday = "*"; + $snort_rm_blocked_month = "*"; + $snort_rm_blocked_wday = "*"; + } + if ($snort_rm_blocked_info_ck == "3h_b") { + $snort_rm_blocked_min = "*"; + $snort_rm_blocked_hr = "*/3"; + $snort_rm_blocked_mday = "*"; + $snort_rm_blocked_month = "*"; + $snort_rm_blocked_wday = "*"; + } + if ($snort_rm_blocked_info_ck == "6h_b") { + $snort_rm_blocked_min = "*"; + $snort_rm_blocked_hr = "*/6"; + $snort_rm_blocked_mday = "*"; + $snort_rm_blocked_month = "*"; + $snort_rm_blocked_wday = "*"; + } + if ($snort_rm_blocked_info_ck == "12h_b") { + $snort_rm_blocked_min = "*"; + $snort_rm_blocked_hr = "*/12"; + $snort_rm_blocked_mday = "*"; + $snort_rm_blocked_month = "*"; + $snort_rm_blocked_wday = "*"; + } + if ($snort_rm_blocked_info_ck == "1d_b") { + $snort_rm_blocked_min = "*"; + $snort_rm_blocked_hr = "*"; + $snort_rm_blocked_mday = "*/1"; + $snort_rm_blocked_month = "*"; + $snort_rm_blocked_wday = "*"; + } + if ($snort_rm_blocked_info_ck == "4d_b") { + $snort_rm_blocked_min = "*"; + $snort_rm_blocked_hr = "*"; + $snort_rm_blocked_mday = "*/4"; + $snort_rm_blocked_month = "*"; + $snort_rm_blocked_wday = "*"; + } + if ($snort_rm_blocked_info_ck == "7d_b") { + $snort_rm_blocked_min = "*"; + $snort_rm_blocked_hr = "*"; + $snort_rm_blocked_mday = "*/7"; + $snort_rm_blocked_month = "*"; + $snort_rm_blocked_wday = "*"; + } + if ($snort_rm_blocked_info_ck == "28d_b") { + $snort_rm_blocked_min = "*"; + $snort_rm_blocked_hr = "*"; + $snort_rm_blocked_mday = "*/28"; + $snort_rm_blocked_month = "*"; + $snort_rm_blocked_wday = "*"; + } + switch($should_install) { + case true: + if(!$is_installed) { + $cron_item = array(); + $cron_item['minute'] = "$snort_rm_blocked_min"; + $cron_item['hour'] = "$snort_rm_blocked_hr"; + $cron_item['mday'] = "$snort_rm_blocked_mday"; + $cron_item['month'] = "$snort_rm_blocked_month"; + $cron_item['wday'] = "$snort_rm_blocked_wday"; + $cron_item['who'] = "root"; + $cron_item['command'] = "/usr/bin/nice -n20 /usr/local/sbin/expiretable -t 3600 snort2c"; + $config['cron']['item'][] = $cron_item; + write_config("Installed 15 minute filter reload for Time Based Rules"); + configure_cron(); + } + break; + case false: + if($is_installed == true) { + if($x > 0) { + unset($config['cron']['item'][$x]); + write_config(); + } + configure_cron(); + } + break; + } +} + +snort_rm_blocked_install_cron(""); +snort_rm_blocked_install_cron($snort_rm_blocked_false); + + /* open snort2c's whitelist for writing */ $whitelist = fopen("/var/db/whitelist", "w"); if(!$whitelist) { diff --git a/config/snort-dev/snort.xml b/config/snort-dev/snort.xml index 70739737..28a9f858 100644 --- a/config/snort-dev/snort.xml +++ b/config/snort-dev/snort.xml @@ -247,6 +247,50 @@ <size>60</size> </field> <field> + <fielddescr>Remove blocked hosts every</fielddescr> + <fieldname>rm_blocked</fieldname> + <description>Please select the amount of time hosts are blocked</description> + <type>select</type> + <options> + <option> + <name>never</name> + <value>never_b</value> + </option> + <option> + <name>1 hour</name> + <value>1h_b</value> + </option> + <option> + <name>3 hours</name> + <value>3h_b</value> + </option> + <option> + <name>6 hours</name> + <value>6h_b</value> + </option> + <option> + <name>12 hours</name> + <value>12h_b</value> + </option> + <option> + <name>1 day</name> + <value>1d_b</value> + </option> + <option> + <name>4 days</name> + <value>4d_b</value> + </option> + <option> + <name>7 days</name> + <value>7d_b</value> + </option> + <option> + <name>28 days</name> + <value>28d_b</value> + </option> + </options> + </field> + <field> <fielddescr>Update rules automatically</fielddescr> <fieldname>automaticrulesupdate</fieldname> <description>Checking this option will automatically check for and update rules once a week from snort.org.</description> @@ -286,6 +330,7 @@ <custom_add_php_command> </custom_add_php_command> <custom_php_resync_config_command> + system("/bin/mkdir -p /usr/local/etc/snort/rules"); sync_package_snort(); </custom_php_resync_config_command> <custom_php_install_command> |