diff options
Diffstat (limited to 'config/snort/snort.inc')
-rwxr-xr-x | config/snort/snort.inc | 201 |
1 files changed, 0 insertions, 201 deletions
diff --git a/config/snort/snort.inc b/config/snort/snort.inc index e9feec1a..53ae4a9d 100755 --- a/config/snort/snort.inc +++ b/config/snort/snort.inc @@ -1109,9 +1109,6 @@ function sync_snort_package_config() { if ($is_dirty) write_config("Snort pkg: updated snort service entry configuration."); - /* create snort bootup file snort.sh only create once */ -// snort_create_rc(); - $snortglob = $config['installedpackages']['snortglobal']; snort_snortloglimit_install_cron(true); @@ -2833,204 +2830,6 @@ function snort_modify_sids(&$rule_map, $snortcfg) { unset($enablesid, $disablesid); } -function snort_create_rc() { - -/*********************************************************/ -/* This function builds the /usr/local/etc/rc.d/snort.sh */ -/* shell script for starting and stopping Snort. The */ -/* script is rebuilt on each package sync operation and */ -/* after any changes to snort.conf saved in the GUI. */ -/*********************************************************/ - - global $config, $g, $pfs_version; - - $snortdir = SNORTDIR; - $snortlogdir = SNORTLOGDIR; - $rcdir = RCFILEPREFIX; - - // If no interfaces are configured for Snort, exit - if (!is_array($config['installedpackages']['snortglobal']['rule'])) - return; - $snortconf = $config['installedpackages']['snortglobal']['rule']; - if (empty($snortconf)) - return; - - // At least one interface is configured, so OK - $start_snort_iface_start = array(); - $start_snort_iface_stop = array(); - - // If not using PBI package, then make sure Barnyard2 can - // find the latest MySQL shared libs in /usr/local/lib/mysql - if ($pfs_version < 2.1) { - $sql_lib_path = "\n# Ensure MySQL shared libs are in ldconfig search path\n"; - $sql_lib_path .= "/sbin/ldconfig -m /usr/local/lib/mysql"; - $start_snort_iface_start[] = $sql_lib_path; - } - - // Loop thru each configured interface and build - // the shell script. - foreach ($snortconf as $value) { - // Skip disabled Snort interfaces - if ($value['enable'] <> 'on') - continue; - $snort_uuid = $value['uuid']; - $if_real = get_real_interface($value['interface']); - - $start_barnyard = <<<EOE - - if [ ! -f {$g['varrun_path']}/barnyard2_{$if_real}{$snort_uuid}.pid ]; then - pid=`/bin/pgrep -fn "barnyard2 -r {$snort_uuid} "` - else - pid=`/bin/pgrep -F {$g['varrun_path']}/barnyard2_{$if_real}{$snort_uuid}.pid` - fi - if [ ! -z \$pid ]; then - /usr/bin/logger -p daemon.info -i -t SnortStartup "Barnyard2 SOFT RESTART for {$value['descr']}({$snort_uuid}_{$if_real})..." - /bin/pkill -HUP \$pid - else - /usr/bin/logger -p daemon.info -i -t SnortStartup "Barnyard2 START for {$value['descr']}({$snort_uuid}_{$if_real})..." - /usr/local/bin/barnyard2 -r {$snort_uuid} -f snort_{$snort_uuid}_{$if_real}.u2 --pid-path {$g['varrun_path']} --nolock-pidfile -c {$snortdir}/snort_{$snort_uuid}_{$if_real}/barnyard2.conf -d {$snortlogdir}/snort_{$if_real}{$snort_uuid} -D -q - fi - -EOE; - $stop_barnyard2 = <<<EOE - - if [ -f {$g['varrun_path']}/barnyard2_{$if_real}{$snort_uuid}.pid ]; then - /usr/bin/logger -p daemon.info -i -t SnortStartup "Barnyard2 STOP for {$value['descr']}({$snort_uuid}_{$if_real})..." - pid=`/bin/pgrep -F {$g['varrun_path']}/barnyard2_{$if_real}{$snort_uuid}.pid` - /bin/pkill -F {$g['varrun_path']}/barnyard2_{$if_real}{$snort_uuid}.pid -a - time=0 timeout=30 - while kill -0 \$pid 2>/dev/null; do - sleep 1 - time=\$((time+1)) - if [ \$time -gt \$timeout ]; then - break - fi - done - if [ -f /var/run/barnyard2_{$if_real}{$snort_uuid}.pid ]; then - /bin/rm /var/run/barnyard2_{$if_real}{$snort_uuid}.pid - fi - else - pid=`/bin/pgrep -fn "barnyard2 -r {$snort_uuid} "` - if [ ! -z \$pid ]; then - /bin/pkill -f "barnyard2 -r {$snort_uuid} " - time=0 timeout=30 - while kill -0 \$pid 2>/dev/null; do - sleep 1 - time=\$((time+1)) - if [ \$time -gt \$timeout ]; then - break - fi - done - fi - fi - -EOE; - if ($value['barnyard_enable'] == 'on') - $start_barnyard2 = $start_barnyard; - else - $start_barnyard2 = $stop_barnyard2; - - $start_snort_iface_start[] = <<<EOE - -###### For Each Iface - # Start snort and barnyard2 - if [ ! -f {$g['varrun_path']}/snort_{$if_real}{$snort_uuid}.pid ]; then - pid=`/bin/pgrep -fn "snort -R {$snort_uuid} "` - else - pid=`/bin/pgrep -F {$g['varrun_path']}/snort_{$if_real}{$snort_uuid}.pid` - fi - - if [ ! -z \$pid ]; then - /usr/bin/logger -p daemon.info -i -t SnortStartup "Snort SOFT RESTART for {$value['descr']}({$snort_uuid}_{$if_real})..." - /bin/pkill -HUP \$pid - else - /usr/bin/logger -p daemon.info -i -t SnortStartup "Snort START for {$value['descr']}({$snort_uuid}_{$if_real})..." - /usr/local/bin/snort -R {$snort_uuid} -D -q -l {$snortlogdir}/snort_{$if_real}{$snort_uuid} --pid-path {$g['varrun_path']} --nolock-pidfile -G {$snort_uuid} -c {$snortdir}/snort_{$snort_uuid}_{$if_real}/snort.conf -i {$if_real} - fi - - sleep 2 - {$start_barnyard2} - -EOE; - - $start_snort_iface_stop[] = <<<EOE - - if [ -f {$g['varrun_path']}/snort_{$if_real}{$snort_uuid}.pid ]; then - pid=`/bin/pgrep -F {$g['varrun_path']}/snort_{$if_real}{$snort_uuid}.pid` - /usr/bin/logger -p daemon.info -i -t SnortStartup "Snort STOP for {$value['descr']}({$snort_uuid}_{$if_real})..." - /bin/pkill -F {$g['varrun_path']}/snort_{$if_real}{$snort_uuid}.pid -a - time=0 timeout=30 - while kill -0 \$pid 2>/dev/null; do - sleep 1 - time=\$((time+1)) - if [ \$time -gt \$timeout ]; then - break - fi - done - if [ -f /var/run/snort_{$if_real}{$snort_uuid}.pid ]; then - /bin/rm /var/run/snort_{$if_real}{$snort_uuid}.pid - fi - else - pid=`/bin/pgrep -fn "snort -R {$snort_uuid} "` - if [ ! -z \$pid ]; then - /usr/bin/logger -p daemon.info -i -t SnortStartup "Snort STOP for {$value['descr']}({$snort_uuid}_{$if_real})..." - /bin/pkill -fn "snort -R {$snort_uuid} " - time=0 timeout=30 - while kill -0 \$pid 2>/dev/null; do - sleep 1 - time=\$((time+1)) - if [ \$time -gt \$timeout ]; then - break - fi - done - fi - fi - - sleep 2 - {$stop_barnyard2} - -EOE; - } - - $rc_start = implode("\n", $start_snort_iface_start); - $rc_stop = implode("\n", $start_snort_iface_stop); - - $snort_sh_text = <<<EOD -#!/bin/sh -######## -# This file was automatically generated -# by the pfSense service handler. -# Code added to protect from double starts on pfSense bootup -######## Start of main snort.sh - -rc_start() { - {$rc_start} -} - -rc_stop() { - {$rc_stop} -} - -case $1 in - start) - rc_start - ;; - stop) - rc_stop - ;; - restart) - rc_stop - rc_start - ;; -esac - -EOD; - - /* write out snort.sh */ - @file_put_contents("{$rcdir}snort.sh", $snort_sh_text); - @chmod("{$rcdir}snort.sh", 0755); -} - function snort_generate_barnyard2_conf($snortcfg, $if_real) { /****************************************************/ |