diff options
Diffstat (limited to 'config/snort/snort_check_for_rule_updates.php')
| -rw-r--r-- | config/snort/snort_check_for_rule_updates.php | 81 |
1 files changed, 36 insertions, 45 deletions
diff --git a/config/snort/snort_check_for_rule_updates.php b/config/snort/snort_check_for_rule_updates.php index cb85e0ef..5043a624 100644 --- a/config/snort/snort_check_for_rule_updates.php +++ b/config/snort/snort_check_for_rule_updates.php @@ -1,7 +1,6 @@ <?php -/* $Id$ */ /* - snort_rulesets.php + snort_check_for_rule_updates.php Copyright (C) 2006 Scott Ullrich Copyright (C) 2009 Robert Zelaya Copyright (C) 2011 Ermal Luci @@ -41,8 +40,8 @@ $pkg_interface = "console"; $tmpfname = "/usr/local/etc/snort/tmp/snort_rules_up"; $snortdir = "/usr/local/etc/snort"; $snortdir_wan = "/usr/local/etc/snort"; -$snort_filename_md5 = "snortrules-snapshot-2861.tar.gz.md5"; -$snort_filename = "snortrules-snapshot-2861.tar.gz"; +$snort_filename_md5 = "snortrules-snapshot-2905.tar.gz.md5"; +$snort_filename = "snortrules-snapshot-2905.tar.gz"; $emergingthreats_filename_md5 = "emerging.rules.tar.gz.md5"; $emergingthreats_filename = "emerging.rules.tar.gz"; $pfsense_rules_filename_md5 = "pfsense_rules.tar.gz.md5"; @@ -150,7 +149,7 @@ if ($emergingthreats == 'on') update_status(gettext("Downloading emergingthreats md5 file...")); ini_set('user_agent','Mozilla/4.0 (compatible; MSIE 6.0)'); // $image = @file_get_contents("http://www.mtest.local/pub-bin/oinkmaster.cgi/{$oinkid}/version.txt"); - $image = @file_get_contents('http://rules.emergingthreats.net/open/snort-2.8.6/emerging.rules.tar.gz.md5'); + $image = @file_get_contents('http://rules.emergingthreats.net/open/snort-2.9.0/emerging.rules.tar.gz.md5'); @file_put_contents("{$tmpfname}/{$emergingthreats_filename_md5}", $image); update_status(gettext("Done downloading emergingthreats md5")); } @@ -286,7 +285,7 @@ if ($emergingthreats == "on") }else{ update_status(gettext("There is a new set of Emergingthreats rules posted. Downloading...")); update_output_window(gettext("May take 4 to 10 min...")); - download_file_with_progress_bar('http://rules.emergingthreats.net/open/snort-2.8.6/emerging.rules.tar.gz', "{$tmpfname}/{$emergingthreats_filename}"); + download_file_with_progress_bar('http://rules.emergingthreats.net/open/snort-2.9.0/emerging.rules.tar.gz', "{$tmpfname}/{$emergingthreats_filename}"); update_status(gettext('Done downloading Emergingthreats rules file.')); } } @@ -340,11 +339,9 @@ if ($snortdownload == 'on') if (file_exists("{$tmpfname}/{$snort_filename}")) { if ($pfsense_stable == 'yes') - { $freebsd_version_so = 'FreeBSD-7-2'; - }else{ - $freebsd_version_so = 'FreeBSD-8-0'; - } + else + $freebsd_version_so = 'FreeBSD-8-1'; update_status(gettext("Extracting Snort.org rules...")); update_output_window(gettext("May take a while...")); @@ -356,14 +353,17 @@ if ($snortdownload == 'on') sleep(2); exec('/usr/local/bin/perl /usr/local/bin/snort_rename.pl s/^/snort_/ *.rules'); - /* extract so rules on for x86 for now */ - /* TODO: ask snort.org to build x64 version of so rules for Freebsd 8.1 Sept 05,2010 */ + /* extract so rules */ + exec('/bin/mkdir -p /usr/local/lib/snort/dynamicrules/'); if($snort_arch == 'x86'){ - exec("/usr/bin/tar xzf {$tmpfname}/{$snort_filename} -C {$snortdir} so_rules/precompiled/$freebsd_version_so/i386/2.8.6.1/"); - exec('/bin/mkdir -p /usr/local/lib/snort/dynamicrules/'); - exec("/bin/mv -f {$snortdir}/so_rules/precompiled/$freebsd_version_so/i386/2.8.6.1/* /usr/local/lib/snort/dynamicrules/"); - /* extract so rules none bin and rename */ - exec("/usr/bin/tar xzf {$tmpfname}/{$snort_filename} -C {$snortdir} so_rules/bad-traffic.rules/" . + exec("/usr/bin/tar xzf {$tmpfname}/{$snort_filename} -C {$snortdir} so_rules/precompiled/$freebsd_version_so/i386/2.9.0.5/"); + exec("/bin/mv -f {$snortdir}/so_rules/precompiled/$freebsd_version_so/i386/2.9.0.5/* /usr/local/lib/snort/dynamicrules/"); + } else if ($snort_arch == 'x64') { + exec("/usr/bin/tar xzf {$tmpfname}/{$snort_filename} -C {$snortdir} so_rules/precompiled/$freebsd_version_so/x86-64/2.9.0.5/"); + exec("/bin/mv -f {$snortdir}/so_rules/precompiled/$freebsd_version_so/x86-64/2.9.0.5/* /usr/local/lib/snort/dynamicrules/"); + } + /* extract so rules none bin and rename */ + exec("/usr/bin/tar xzf {$tmpfname}/{$snort_filename} -C {$snortdir} so_rules/bad-traffic.rules/" . " so_rules/chat.rules/" . " so_rules/dos.rules/" . " so_rules/exploit.rules/" . @@ -412,7 +412,6 @@ if ($snortdownload == 'on') update_output_window(gettext("Error Line 755")); $snortdownload = 'off'; } - } } /* Untar emergingthreats rules to tmp */ @@ -547,31 +546,36 @@ exec("/usr/local/bin/perl /usr/local/bin/create-sidmap.pl /usr/local/etc/snort/r ////////////////// - /* open oinkmaster_conf for writing" function */ function oinkmaster_conf($id, $if_real, $iface_uuid) { - global $config, $g, $snortdir_wan, $snortdir, $snort_md5_check_ok, $emerg_md5_check_ok, $pfsense_md5_check_ok; + global $config, $g, $snort_md5_check_ok, $emerg_md5_check_ok, $pfsense_md5_check_ok; + + @unlink("/usr/local/etc/snort/snort_{$iface_uuid}_{$if_real}/oinkmaster_{$iface_uuid}_{$if_real}.conf"); /* enable disable setting will carry over with updates */ /* TODO carry signature changes with the updates */ if ($snort_md5_check_ok != 'on' || $emerg_md5_check_ok != 'on' || $pfsense_md5_check_ok != 'on') { + $selected_sid_on_section = ""; + $selected_sid_off_sections = ""; + if (!empty($config['installedpackages']['snortglobal']['rule'][$id]['rule_sid_on'])) { - $enabled_sid_on = $config['installedpackages']['snortglobal']['rule'][$id]['rule_sid_on']; + $enabled_sid_on = trim($config['installedpackages']['snortglobal']['rule'][$id]['rule_sid_on']); $enabled_sid_on_array = split('\|\|', $enabled_sid_on); foreach($enabled_sid_on_array as $enabled_item_on) $selected_sid_on_sections .= "$enabled_item_on\n"; } if (!empty($config['installedpackages']['snortglobal']['rule'][$id]['rule_sid_off'])) { - $enabled_sid_off = $config['installedpackages']['snortglobal']['rule'][$id]['rule_sid_off']; + $enabled_sid_off = trim($config['installedpackages']['snortglobal']['rule'][$id]['rule_sid_off']); $enabled_sid_off_array = split('\|\|', $enabled_sid_off); foreach($enabled_sid_off_array as $enabled_item_off) $selected_sid_off_sections .= "$enabled_item_off\n"; } - $snort_sid_text = <<<EOD + if (!empty($selected_sid_off_sections) || !empty($selected_sid_on_section)) { + $snort_sid_text = <<<EOD ########################################### # # @@ -591,8 +595,9 @@ $selected_sid_off_sections EOD; - /* open snort's oinkmaster.conf for writing */ - @file_put_contents("/usr/local/etc/snort/snort_{$iface_uuid}_{$if_real}/oinkmaster_{$iface_uuid}_{$if_real}.conf", $snort_sid_text); + /* open snort's oinkmaster.conf for writing */ + @file_put_contents("/usr/local/etc/snort/snort_{$iface_uuid}_{$if_real}/oinkmaster_{$iface_uuid}_{$if_real}.conf", $snort_sid_text); + } } } @@ -603,11 +608,8 @@ function oinkmaster_run($id, $if_real, $iface_uuid) { global $config, $g, $snortdir_wan, $snortdir, $snort_md5_check_ok, $emerg_md5_check_ok, $pfsense_md5_check_ok; - if ($snort_md5_check_ok != 'on' || $emerg_md5_check_ok != 'on' || $pfsense_md5_check_ok != 'on') - { - - if ($config['installedpackages']['snortglobal']['rule'][$id]['rule_sid_on'] == '' && $config['installedpackages']['snortglobal']['rule'][$id]['rule_sid_off'] == '') - { + if ($snort_md5_check_ok != 'on' || $emerg_md5_check_ok != 'on' || $pfsense_md5_check_ok != 'on') { + if (empty($config['installedpackages']['snortglobal']['rule'][$id]['rule_sid_on']) && empty($config['installedpackages']['snortglobal']['rule'][$id]['rule_sid_off'])) { update_status(gettext("Your first set of rules are being copied...")); update_output_window(gettext("May take a while...")); exec("/bin/cp {$snortdir}/rules/* {$snortdir_wan}/snort_{$iface_uuid}_{$if_real}/rules/"); @@ -618,7 +620,7 @@ function oinkmaster_run($id, $if_real, $iface_uuid) exec("/bin/cp {$snortdir}/sid {$snortdir_wan}/snort_{$iface_uuid}_{$if_real}"); exec("/bin/cp {$snortdir}/sid-msg.map {$snortdir_wan}/snort_{$iface_uuid}_{$if_real}"); exec("/bin/cp {$snortdir}/unicode.map {$snortdir_wan}/snort_{$iface_uuid}_{$if_real}"); - }else{ + } else { update_status(gettext("Your enable and disable changes are being applied to your fresh set of rules...")); update_output_window(gettext("May take a while...")); exec("/bin/cp {$snortdir}/rules/* {$snortdir_wan}/snort_{$iface_uuid}_{$if_real}/rules/"); @@ -633,11 +635,6 @@ function oinkmaster_run($id, $if_real, $iface_uuid) /* might have to add a sleep for 3sec for flash drives or old drives */ exec("/usr/local/bin/perl /usr/local/bin/oinkmaster.pl -C /usr/local/etc/snort/snort_{$iface_uuid}_{$if_real}/oinkmaster_{$iface_uuid}_{$if_real}.conf -o /usr/local/etc/snort/snort_{$iface_uuid}_{$if_real}/rules > /usr/local/etc/snort/oinkmaster_{$iface_uuid}_{$if_real}.log"); - /* TODO: Remove this code when x64 so rules are ready */ - if($snort_arch == 'x64'){ - exec("/bin/rm -r /usr/local/etc/snort/snort_{$iface_uuid}_{$if_real}/rules/*.so.rules"); - } - } } } @@ -672,10 +669,12 @@ if (is_dir('/usr/local/etc/snort/tmp')) { exec("/bin/rm -r /usr/local/etc/snort/tmp/rules_bk"); } -/* make all dirs snorts */ +/* XXX: These are needed if snort is run as snort user mwexec("/usr/sbin/chown -R snort:snort /var/log/snort", true); mwexec("/usr/sbin/chown -R snort:snort /usr/local/etc/snort", true); mwexec("/usr/sbin/chown -R snort:snort /usr/local/lib/snort", true); +*/ +/* make all dirs snorts */ mwexec("/bin/chmod -R 755 /var/log/snort", true); mwexec("/bin/chmod -R 755 /usr/local/etc/snort", true); mwexec("/bin/chmod -R 755 /usr/local/lib/snort", true); @@ -687,14 +686,6 @@ else if ($snort_md5_check_ok == 'on' && $emerg_md5_check_ok == 'on' && $pfsense_ else { /* You are Not Up to date, always stop snort when updating rules for low end machines */; update_status(gettext("You are NOT up to date...")); - $chk_if_snort_up = exec("pgrep -x snort"); - if ($chk_if_snort_up != "") { - update_output_window(gettext("Stopping Snort service...")); - exec("/usr/bin/touch /tmp/snort_download_halt.pid"); - exec("/bin/sh /usr/local/etc/rc.d/snort.sh stop"); - sleep(2); - } - exec("/bin/sh /usr/local/etc/rc.d/snort.sh start"); update_status(gettext("The Rules update finished...")); update_output_window(gettext("Snort has restarted with your new set of rules...")); |