aboutsummaryrefslogtreecommitdiffstats
path: root/config/snort-dev
diff options
context:
space:
mode:
Diffstat (limited to 'config/snort-dev')
-rw-r--r--config/snort-dev/snort.inc125
-rw-r--r--config/snort-dev/snort.xml45
2 files changed, 165 insertions, 5 deletions
diff --git a/config/snort-dev/snort.inc b/config/snort-dev/snort.inc
index ca640551..7a7282bb 100644
--- a/config/snort-dev/snort.inc
+++ b/config/snort-dev/snort.inc
@@ -68,11 +68,11 @@ function sync_package_snort()
$bpfmaxbufsize = $config['installedpackages']['snortadvanced']['config'][0]['bpfmaxbufsize'];
$bpfmaxinsns = $config['installedpackages']['snortadvanced']['config'][0]['bpfmaxinsns'];
- /* set the snort performance model */
- if($config['installedpackages']['snort']['config'][0]['performance'])
- $snort_performance = $config['installedpackages']['snort']['config'][0]['performance'];
- else
- $snort_performance = "ac-bnfa";
+// /* set the snort performance model */
+// if($config['installedpackages']['snort']['config'][0]['performance'])
+// $snort_performance = $config['installedpackages']['snort']['config'][0]['performance'];
+// else
+// $snort_performance = "ac-bnfa";
conf_mount_rw();
/* create a few directories and ensure the sample files are in place */
@@ -585,6 +585,121 @@ else
else
$snort_performance = "ac-bnfa";
+ /* set the snort block hosts time */
+ $snort_rm_blocked_info_ck = $config['installedpackages']['snort']['config'][0]['rm_blocked'];
+ if ($snort_rm_blocked_info_ck == "never_b")
+ $snort_rm_blocked_false = "";
+ else
+ $snort_rm_blocked_false = "true";
+
+function snort_rm_blocked_install_cron($should_install) {
+ global $config, $g;
+
+ if ($g['booting']==true)
+ return;
+
+ $is_installed = false;
+
+ if(!$config['cron']['item'])
+ return;
+
+ $x=0;
+ foreach($config['cron']['item'] as $item) {
+ if (strstr($item['command'], "snort2c")) {
+ $is_installed = true;
+ break;
+ }
+ $x++;
+ }
+ $snort_rm_blocked_info_ck = $config['installedpackages']['snort']['config'][0]['rm_blocked'];
+ if ($snort_rm_blocked_info_ck == "1h_b") {
+ $snort_rm_blocked_min = "*";
+ $snort_rm_blocked_hr = "*/1";
+ $snort_rm_blocked_mday = "*";
+ $snort_rm_blocked_month = "*";
+ $snort_rm_blocked_wday = "*";
+ }
+ if ($snort_rm_blocked_info_ck == "3h_b") {
+ $snort_rm_blocked_min = "*";
+ $snort_rm_blocked_hr = "*/3";
+ $snort_rm_blocked_mday = "*";
+ $snort_rm_blocked_month = "*";
+ $snort_rm_blocked_wday = "*";
+ }
+ if ($snort_rm_blocked_info_ck == "6h_b") {
+ $snort_rm_blocked_min = "*";
+ $snort_rm_blocked_hr = "*/6";
+ $snort_rm_blocked_mday = "*";
+ $snort_rm_blocked_month = "*";
+ $snort_rm_blocked_wday = "*";
+ }
+ if ($snort_rm_blocked_info_ck == "12h_b") {
+ $snort_rm_blocked_min = "*";
+ $snort_rm_blocked_hr = "*/12";
+ $snort_rm_blocked_mday = "*";
+ $snort_rm_blocked_month = "*";
+ $snort_rm_blocked_wday = "*";
+ }
+ if ($snort_rm_blocked_info_ck == "1d_b") {
+ $snort_rm_blocked_min = "*";
+ $snort_rm_blocked_hr = "*";
+ $snort_rm_blocked_mday = "*/1";
+ $snort_rm_blocked_month = "*";
+ $snort_rm_blocked_wday = "*";
+ }
+ if ($snort_rm_blocked_info_ck == "4d_b") {
+ $snort_rm_blocked_min = "*";
+ $snort_rm_blocked_hr = "*";
+ $snort_rm_blocked_mday = "*/4";
+ $snort_rm_blocked_month = "*";
+ $snort_rm_blocked_wday = "*";
+ }
+ if ($snort_rm_blocked_info_ck == "7d_b") {
+ $snort_rm_blocked_min = "*";
+ $snort_rm_blocked_hr = "*";
+ $snort_rm_blocked_mday = "*/7";
+ $snort_rm_blocked_month = "*";
+ $snort_rm_blocked_wday = "*";
+ }
+ if ($snort_rm_blocked_info_ck == "28d_b") {
+ $snort_rm_blocked_min = "*";
+ $snort_rm_blocked_hr = "*";
+ $snort_rm_blocked_mday = "*/28";
+ $snort_rm_blocked_month = "*";
+ $snort_rm_blocked_wday = "*";
+ }
+ switch($should_install) {
+ case true:
+ if(!$is_installed) {
+ $cron_item = array();
+ $cron_item['minute'] = "$snort_rm_blocked_min";
+ $cron_item['hour'] = "$snort_rm_blocked_hr";
+ $cron_item['mday'] = "$snort_rm_blocked_mday";
+ $cron_item['month'] = "$snort_rm_blocked_month";
+ $cron_item['wday'] = "$snort_rm_blocked_wday";
+ $cron_item['who'] = "root";
+ $cron_item['command'] = "/usr/bin/nice -n20 /usr/local/sbin/expiretable -t 3600 snort2c";
+ $config['cron']['item'][] = $cron_item;
+ write_config("Installed 15 minute filter reload for Time Based Rules");
+ configure_cron();
+ }
+ break;
+ case false:
+ if($is_installed == true) {
+ if($x > 0) {
+ unset($config['cron']['item'][$x]);
+ write_config();
+ }
+ configure_cron();
+ }
+ break;
+ }
+}
+
+snort_rm_blocked_install_cron("");
+snort_rm_blocked_install_cron($snort_rm_blocked_false);
+
+
/* open snort2c's whitelist for writing */
$whitelist = fopen("/var/db/whitelist", "w");
if(!$whitelist) {
diff --git a/config/snort-dev/snort.xml b/config/snort-dev/snort.xml
index 70739737..28a9f858 100644
--- a/config/snort-dev/snort.xml
+++ b/config/snort-dev/snort.xml
@@ -247,6 +247,50 @@
<size>60</size>
</field>
<field>
+ <fielddescr>Remove blocked hosts every</fielddescr>
+ <fieldname>rm_blocked</fieldname>
+ <description>Please select the amount of time hosts are blocked</description>
+ <type>select</type>
+ <options>
+ <option>
+ <name>never</name>
+ <value>never_b</value>
+ </option>
+ <option>
+ <name>1 hour</name>
+ <value>1h_b</value>
+ </option>
+ <option>
+ <name>3 hours</name>
+ <value>3h_b</value>
+ </option>
+ <option>
+ <name>6 hours</name>
+ <value>6h_b</value>
+ </option>
+ <option>
+ <name>12 hours</name>
+ <value>12h_b</value>
+ </option>
+ <option>
+ <name>1 day</name>
+ <value>1d_b</value>
+ </option>
+ <option>
+ <name>4 days</name>
+ <value>4d_b</value>
+ </option>
+ <option>
+ <name>7 days</name>
+ <value>7d_b</value>
+ </option>
+ <option>
+ <name>28 days</name>
+ <value>28d_b</value>
+ </option>
+ </options>
+ </field>
+ <field>
<fielddescr>Update rules automatically</fielddescr>
<fieldname>automaticrulesupdate</fieldname>
<description>Checking this option will automatically check for and update rules once a week from snort.org.</description>
@@ -286,6 +330,7 @@
<custom_add_php_command>
</custom_add_php_command>
<custom_php_resync_config_command>
+ system("/bin/mkdir -p /usr/local/etc/snort/rules");
sync_package_snort();
</custom_php_resync_config_command>
<custom_php_install_command>