aboutsummaryrefslogtreecommitdiffstats
path: root/config/snort
diff options
context:
space:
mode:
Diffstat (limited to 'config/snort')
-rw-r--r--config/snort/NOTES.txt23
-rw-r--r--config/snort/snort.inc18
-rw-r--r--config/snort/snort_download_rules.php174
-rw-r--r--config/snort/snort_interfaces.php9
-rw-r--r--config/snort/snort_interfaces_global.php9
5 files changed, 104 insertions, 129 deletions
diff --git a/config/snort/NOTES.txt b/config/snort/NOTES.txt
index 39d93061..cde858e5 100644
--- a/config/snort/NOTES.txt
+++ b/config/snort/NOTES.txt
@@ -1,16 +1,25 @@
-March 26 2019
-Snort-dev 2.8.5.3 pk v. 22 final
+April 27 2010
+Snort-dev 2.8.5.3 pk v. 23 final
TODO:
-Create Threshold GUI
-Pf snort block table should survive reboots. Dont know how Im going to do this.
+Snort block table should survive reboots. Dont know how Im going to do this.
Create Upload GUI. Use Pierre POMES code.
-Use Chroot for snort.
Add log rotation and log dir size display
-Threshold tab needs to be added.
+Redo code for rule downloads so that changes in snort.org rule gzip file does not break the package.
+Add code suggested by Andrew Thompson.
+
+Long Term Goals:
+
+Use Chroot for snort.
+Isolate functions using classes so we dont have double $vars errors. ! Important
+The whitelist and supress code can be simplified.
+Go through each tab and delete old code.
+Snort Inline needs to be worked on. ! Important
+
+Any other Devs that read this.
+Please add your intials and date to any code blocks you add. It helps me keep track.
-Done.
diff --git a/config/snort/snort.inc b/config/snort/snort.inc
index ea5554cc..e03ec5d6 100644
--- a/config/snort/snort.inc
+++ b/config/snort/snort.inc
@@ -1033,6 +1033,13 @@ function sync_snort_package_empty()
{
global $config, $g;
conf_mount_rw();
+
+/* RedDevil suggested code */
+/* TODO: more testing needs to be done */
+exec("/sbin/sysctl net.bpf.bufsize=8388608");
+exec("/sbin/sysctl net.bpf.maxbufsize=4194304");
+exec("/sbin/sysctl net.bpf.maxinsns=512");
+exec("/sbin/sysctl net.inet.tcp.rfc1323=1");
/* do not start config build if rules is empty */
if (!empty($config['installedpackages']['snortglobal']['rule']))
@@ -1096,6 +1103,13 @@ function sync_snort_package_config()
{
global $config, $g;
conf_mount_rw();
+
+/* RedDevil suggested code */
+/* TODO: more testing needs to be done */
+exec("/sbin/sysctl net.bpf.bufsize=8388608");
+exec("/sbin/sysctl net.bpf.maxbufsize=4194304");
+exec("/sbin/sysctl net.bpf.maxinsns=512");
+exec("/sbin/sysctl net.inet.tcp.rfc1323=1");
/* do not start config build if rules is empty */
if (!empty($config['installedpackages']['snortglobal']['rule']))
@@ -1749,7 +1763,9 @@ snort_rules_up_deinstall_cron("");
/* Unset snort registers in conf.xml IMPORTANT snort will not start with out this */
/* Keep this as a last step */
- unset($config['installedpackages']['snortglobal']);
+ if($config['installedpackages']['snortglobal']['forcekeepsettings'] != 'on') {
+ unset($config['installedpackages']['snortglobal']);
+ }
write_config();
conf_mount_rw();
diff --git a/config/snort/snort_download_rules.php b/config/snort/snort_download_rules.php
index 6ba3c5df..2dd9a720 100644
--- a/config/snort/snort_download_rules.php
+++ b/config/snort/snort_download_rules.php
@@ -36,7 +36,7 @@ require_once("functions.inc");
require_once("service-utils.inc");
require_once("/usr/local/pkg/snort/snort.inc");
-$tmpfname = "/tmp/snort_rules_up";
+$tmpfname = "/usr/local/etc/snort/tmp/snort_rules_up";
$snortdir = "/usr/local/etc/snort";
$snortdir_wan = "/usr/local/etc/snort";
$snort_filename_md5 = "snortrules-snapshot-2.8.tar.gz.md5";
@@ -78,9 +78,7 @@ $emergingthreats = $config['installedpackages']['snortglobal']['emergingthreats'
if (file_exists('/var/run/snort.conf.dirty')) {
$snort_dirty_d = 'stop';
-}
-
-
+}
/* If no id show the user a button */
if ($id_d == "" || $snort_emrging_info == "stop" || $snort_oinkid_info == "stop" || $snort_dirty_d == 'stop') {
@@ -317,9 +315,13 @@ setTimeout($.unblockUI, 2000);
<?php
+/* Begin main code */
conf_mount_rw();
-/* Begin main code */
+if (!file_exists('/usr/local/etc/snort/tmp')) {
+ exec('/bin/mkdir /usr/local/etc/snort/tmp -p');
+}
+
/* Set user agent to Mozilla */
ini_set('user_agent','Mozilla/4.0 (compatible; MSIE 6.0)');
ini_set("memory_limit","125M");
@@ -699,16 +701,25 @@ if ($snortdownload != "off")
{
if ($snort_md5_check_ok != on) {
if (file_exists("{$tmpfname}/{$snort_filename}")) {
- update_status(gettext("Extracting rules..."));
+ update_status(gettext("Extracting Snort.org rules..."));
update_output_window(gettext("May take a while..."));
- exec("/bin/mkdir -p {$snortdir}/rules_bk/");
- exec("/usr/bin/tar xzf {$tmpfname}/{$snort_filename} -C {$snortdir}/rules_bk rules/");
- exec("/usr/bin/tar xzf {$tmpfname}/{$snort_filename} -C {$snortdir} etc/" .
- " so_rules/precompiled/FreeBSD-7.0/i386/2.8.5.1/" .
- " so_rules/bad-traffic.rules/" .
+ /* extract snort.org rules and add prefix to all snort.org files*/
+ exec("/bin/rm -r {$snortdir}/rules");
+ sleep(2);
+ exec("/usr/bin/tar xzf {$tmpfname}/{$snort_filename} -C {$snortdir} rules/");
+ chdir ("/usr/local/etc/snort/rules");
+ sleep(2);
+ exec('/usr/local/bin/perl /usr/local/bin/snort_rename.pl s/^/snort_/ *.rules');
+ /* extract so rules */
+ exec("/usr/bin/tar xzf {$tmpfname}/{$snort_filename} -C {$snortdir} so_rules/precompiled/FreeBSD-7.0/i386/2.8.5.3/");
+ exec('/bin/mkdir -p /usr/local/lib/snort/dynamicrules/');
+ exec("/bin/mv -f {$snortdir}/so_rules/precompiled/FreeBSD-7.0/i386/2.8.5.3/* /usr/local/lib/snort/dynamicrules/");
+ /* extract so rules none bin and rename */
+ exec("/usr/bin/tar xzf {$tmpfname}/{$snort_filename} -C {$snortdir} so_rules/bad-traffic.rules/" .
" so_rules/chat.rules/" .
" so_rules/dos.rules/" .
" so_rules/exploit.rules/" .
+ " so_rules/icmp.rules/" .
" so_rules/imap.rules/" .
" so_rules/misc.rules/" .
" so_rules/multimedia.rules/" .
@@ -717,17 +728,39 @@ if ($snortdownload != "off")
" so_rules/p2p.rules/" .
" so_rules/smtp.rules/" .
" so_rules/sql.rules/" .
+ " so_rules/web-activex.rules/" .
" so_rules/web-client.rules/" .
+ " so_rules/web-iis.rules/" .
" so_rules/web-misc.rules/");
- /* add prefix to all snort.org files */
- /* remove this part and make it all php with the simplst code posible */
- chdir ("/usr/local/etc/snort/rules_bk/rules");
- sleep(2);
- exec('/usr/local/bin/perl /usr/local/bin/snort_rename.pl s/^/snort_/ *.rules');
- update_status(gettext("Done extracting Rules."));
+
+ exec("/bin/mv -f {$snortdir}/so_rules/bad-traffic.rules {$snortdir}/rules/snort_bad-traffic.so.rules");
+ exec("/bin/mv -f {$snortdir}/so_rules/chat.rules {$snortdir}/rules/snort_chat.so.rules");
+ exec("/bin/mv -f {$snortdir}/so_rules/dos.rules {$snortdir}/rules/snort_dos.so.rules");
+ exec("/bin/mv -f {$snortdir}/so_rules/exploit.rules {$snortdir}/rules/snort_exploit.so.rules");
+ exec("/bin/mv -f {$snortdir}/so_rules/icmp.rules {$snortdir}/rules/snort_icmp.so.rules");
+ exec("/bin/mv -f {$snortdir}/so_rules/imap.rules {$snortdir}/rules/snort_imap.so.rules");
+ exec("/bin/mv -f {$snortdir}/so_rules/misc.rules {$snortdir}/rules/snort_misc.so.rules");
+ exec("/bin/mv -f {$snortdir}/so_rules/multimedia.rules {$snortdir}/rules/snort_multimedia.so.rules");
+ exec("/bin/mv -f {$snortdir}/so_rules/netbios.rules {$snortdir}/rules/snort_netbios.so.rules");
+ exec("/bin/mv -f {$snortdir}/so_rules/nntp.rules {$snortdir}/rules/snort_nntp.so.rules");
+ exec("/bin/mv -f {$snortdir}/so_rules/p2p.rules {$snortdir}/rules/snort_p2p.so.rules");
+ exec("/bin/mv -f {$snortdir}/so_rules/smtp.rules {$snortdir}/rules/snort_smtp.so.rules");
+ exec("/bin/mv -f {$snortdir}/so_rules/sql.rules {$snortdir}/rules/snort_sql.so.rules");
+ exec("/bin/mv -f {$snortdir}/so_rules/web-activex.rules {$snortdir}/rules/snort_web-activex.so.rules");
+ exec("/bin/mv -f {$snortdir}/so_rules/web-client.rules {$snortdir}/rules/snort_web-client.so.rules");
+ exec("/bin/mv -f {$snortdir}/so_rules/web-iis.rules {$snortdir}/rules/snort_web-iis.so.rules");
+ exec("/bin/mv -f {$snortdir}/so_rules/web.misc.rules {$snortdir}/rules/snort_web.misc.so.rules");
+ exec("/bin/rm -r {$snortdir}/so_rules");
+
+ /* extract base etc files */
+ exec("/usr/bin/tar xzf {$tmpfname}/{$snort_filename} -C {$snortdir} etc/");
+ exec("/bin/mv -f {$snortdir}/etc/* {$snortdir}");
+ exec("/bin/rm -r {$snortdir}/etc");
+
+ update_status(gettext("Done extracting Snort.org Rules."));
}else{
- update_status(gettext("The Download rules file missing..."));
- update_output_window(gettext("Error rules extracting failed..."));
+ update_status(gettext("Error extracting Snort.org Rules..."));
+ update_output_window(gettext("Error Line 755"));
echo '
<script type="text/javascript">
<!--
@@ -778,103 +811,6 @@ if ($premium_url_chk == on) {
}
}
-/* Copy so_rules dir to snort lib dir */
-/* Disabed untill I find out why there is a segment failt coredump when using these rules on 2.8.5.3 */
-if ($snortdownload != "off")
-{
- if ($snort_md5_check_ok != on) {
- if (file_exists("{$snortdir}/so_rules/precompiled/FreeBSD-7.0/i386/2.8.5.1")) {
- update_status(gettext("Copying so_rules..."));
- update_output_window(gettext("May take a while..."));
- exec("/bin/cp -f {$snortdir}/so_rules/precompiled/FreeBSD-7.0/i386/2.8.5.1/* /usr/local/lib/snort/dynamicrules/");
- exec("/bin/cp {$snortdir}/so_rules/bad-traffic.rules {$snortdir}/rules/snort_bad-traffic.so.rules");
- exec("/bin/cp {$snortdir}/so_rules/chat.rules {$snortdir}/rules/snort_chat.so.rules");
- exec("/bin/cp {$snortdir}/so_rules/dos.rules {$snortdir}/rules/snort_dos.so.rules");
- exec("/bin/cp {$snortdir}/so_rules/exploit.rules {$snortdir}/rules/snort_exploit.so.rules");
- exec("/bin/cp {$snortdir}/so_rules/imap.rules {$snortdir}/rules/snort_imap.so.rules");
- exec("/bin/cp {$snortdir}/so_rules/misc.rules {$snortdir}/rules/snort_misc.so.rules");
- exec("/bin/cp {$snortdir}/so_rules/multimedia.rules {$snortdir}/rules/snort_multimedia.so.rules");
- exec("/bin/cp {$snortdir}/so_rules/netbios.rules {$snortdir}/rules/snort_netbios.so.rules");
- exec("/bin/cp {$snortdir}/so_rules/nntp.rules {$snortdir}/rules/snort_nntp.so.rules");
- exec("/bin/cp {$snortdir}/so_rules/p2p.rules {$snortdir}/rules/snort_p2p.so.rules");
- exec("/bin/cp {$snortdir}/so_rules/smtp.rules {$snortdir}/rules/snort_smtp.so.rules");
- exec("/bin/cp {$snortdir}/so_rules/sql.rules {$snortdir}/rules/snort_sql.so.rules");
- exec("/bin/cp {$snortdir}/so_rules/web-activex.rules {$snortdir}/rules/snort_web-activex.so.rules");
- exec("/bin/cp {$snortdir}/so_rules/web-client.rules {$snortdir}/rules/snort_web-client.so.rules");
- exec("/bin/cp {$snortdir}/so_rules/web-iis.rules {$snortdir}/rules/snort_web-iis.so.rules");
- exec("/bin/cp {$snortdir}/so_rules/web.misc.rules {$snortdir}/rules/snort_web.misc.so.rules");
- exec("/bin/rm -r {$snortdir}/so_rules");
- update_status(gettext("Done copying so_rules."));
- }else{
- update_status(gettext("Directory so_rules does not exist..."));
- update_output_window(gettext("Error copying so_rules..."));
- echo '
-<script type="text/javascript">
-<!--
- displaymessagestop();
-// -->
-</script>';
- echo "</body>";
- echo "</html>";
- conf_mount_ro();
- exit(0);
- }
- }
-}
-
-/* Copy renamed snort.org rules to snort dir */
-if ($snortdownload != "off")
-{
- if ($snort_md5_check_ok != on)
- {
- if (file_exists("{$snortdir}/rules_bk/rules/Makefile.am"))
- {
- update_status(gettext("Copying renamed snort.org rules to snort directory..."));
- exec("/bin/cp {$snortdir}/rules_bk/rules/* {$snortdir}/rules/");
- }else{
- update_status(gettext("The renamed snort.org rules do not exist..."));
- update_output_window(gettext("Error copying config..."));
- echo '
-<script type="text/javascript">
-<!--
- displaymessagestop();
-// -->
-</script>';
- echo "</body>";
- echo "</html>";
- conf_mount_ro();
- exit(0);
- }
- }
-}
-
-/* Copy configs to snort dir */
-if ($snortdownload != "off")
-{
- if ($snort_md5_check_ok != on)
- {
- if (file_exists("{$snortdir}/etc/Makefile.am")) {
- update_status(gettext("Copying configs to snort directory..."));
- exec("/bin/cp {$snortdir}/etc/* {$snortdir}");
- exec("/bin/rm -r {$snortdir}/etc");
- }else{
- update_status(gettext("The snort config does not exist..."));
- update_output_window(gettext("Error copying config..."));
- echo '
-<script type="text/javascript">
-<!--
- displaymessagestop();
-// -->
-</script>';
-echo "</body>";
-echo "</html>";
-conf_mount_ro();
- exit(0);
- }
- }
-}
-
-
/* Copy md5 sig to snort dir */
if ($snortdownload != "off")
{
@@ -1133,12 +1069,12 @@ if (!empty($config['installedpackages']['snortglobal']['rule']))
$config['installedpackages']['snortglobal']['last_rules_install'] = date("Y-M-jS-h:i-A");
/* remove old $tmpfname files */
-if (file_exists("{$tmpfname}"))
+if (file_exists('/usr/local/etc/snort/tmp'))
{
update_status(gettext("Cleaning up..."));
- exec("/bin/rm -r /tmp/snort_rules_up");
+ exec("/bin/rm -r /usr/local/etc/snort/tmp/snort_rules_up");
sleep(2);
- exec("/bin/rm -r {$snortdir}/rules_bk/rules/");
+ exec("/bin/rm -r /usr/local/etc/snort/tmp/rules_bk");
apc_clear_cache();
}
diff --git a/config/snort/snort_interfaces.php b/config/snort/snort_interfaces.php
index b644d567..c2c17d56 100644
--- a/config/snort/snort_interfaces.php
+++ b/config/snort/snort_interfaces.php
@@ -241,7 +241,7 @@ if ($_GET['act'] == 'toggle' && $_GET['id'] != '')
-$pgtitle = "Services: Snort 2.8.5.3 pkg v. 1.21";
+$pgtitle = "Services: Snort 2.8.5.3 pkg v. 1.23";
include("head.inc");
?>
@@ -481,12 +481,17 @@ padding: 15px 10px 50% 50px;
<br>
<table class="tabcont" width="100%" border="0" cellpadding="0" cellspacing="0">
- <td width="100%"><span class="vexpl"><span class="red"><strong>Note:</strong></span>
+ <td width="100%"><span class="vexpl">
+ <span class="red"><strong>Note:</strong></span>
<br>
This is the <strong>Snort Menu</strong> where you can see an over view of all your interface settings.
<br>
Please edit the <strong>Global Settings</strong> tab before adding an interface.
<br><br>
+ <span class="red"><strong>Warning:</strong></span>
+ <br>
+ <strong>New settings will not take effect until interface restart.</strong>
+ <br><br>
<strong>Click</strong> on the <img src="../themes/<?= $g['theme']; ?>/images/icons/icon_plus.gif" width="17" height="17" border="0" title="Add Icon"> icon to add a interface.<strong>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Click</strong> on the <img src="../themes/<?= $g['theme']; ?>/images/icons/icon_pass.gif" width="13" height="13" border="0" title="Start Icon"> icon to <strong>start</strong> snort and barnyard2.
<br>
<strong>Click</strong> on the <img src="../themes/<?= $g['theme']; ?>/images/icons/icon_e.gif" width="17" height="17" border="0" title="Edit Icon"> icon to edit a interface and settings.<strong>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Click</strong> on the <img src="../themes/<?= $g['theme']; ?>/images/icons/icon_block.gif" width="13" height="13" border="0" title="Stop Icon"> icon to <strong>stop</strong> snort and barnyard2.
diff --git a/config/snort/snort_interfaces_global.php b/config/snort/snort_interfaces_global.php
index 29257bc7..24922564 100644
--- a/config/snort/snort_interfaces_global.php
+++ b/config/snort/snort_interfaces_global.php
@@ -46,6 +46,8 @@ $pconfig['whitelistvpns'] = $config['installedpackages']['snortglobal']['whiteli
$pconfig['clickablalerteurls'] = $config['installedpackages']['snortglobal']['clickablalerteurls'];
$pconfig['associatealertip'] = $config['installedpackages']['snortglobal']['associatealertip'];
$pconfig['snortalertlogtype'] = $config['installedpackages']['snortglobal']['snortalertlogtype'];
+$pconfig['forcekeepsettings'] = $config['installedpackages']['snortglobal']['forcekeepsettings'];
+
if ($_POST) {
@@ -74,6 +76,7 @@ if ($_POST) {
$config['installedpackages']['snortglobal']['clickablalerteurls'] = $_POST['clickablalerteurls'] ? on : off;
$config['installedpackages']['snortglobal']['associatealertip'] = $_POST['associatealertip'] ? on : off;
$config['installedpackages']['snortglobal']['snortalertlogtype'] = $_POST['snortalertlogtype'];
+ $config['installedpackages']['snortglobal']['forcekeepsettings'] = $_POST['forcekeepsettings'] ? on : off;
write_config();
sleep(2);
@@ -352,6 +355,12 @@ include("head.inc");
<span class="vexpl">Please choose the type of Alert logging you will like see in your alert file.<br>
Hint: Best pratice is to chose full logging.</span>&nbsp;<span class="red"><strong>WARNING:</strong></span>&nbsp;<strong>On change, alert file will be cleared.</strong></td>
</tr>
+ <tr>
+ <td width="22%" valign="top" class="vncell">Keep snort settings after deinstall</td>
+ <td width="78%" class="vtable">
+ <input name="forcekeepsettings" id="forcekeepsettings" type="checkbox" value="yes" <?php if ($config['installedpackages']['snortglobal']['forcekeepsettings']=="on") echo "checked"; ?> onClick="enable_change(false)"><br>
+ Settings will not be removed during deinstall.</td>
+ </tr>
<tr>
<td width="22%" valign="top"><input name="Reset" type="submit" class="formbtn" value="Reset" onclick="return confirm('Do you really want to delete all global and interface settings?')"><span class="red"><strong>&nbsp;WARNING:</strong><br>
This will reset all global and interface settings.</span>