diff options
Diffstat (limited to 'config/snort')
-rw-r--r-- | config/snort/NOTES.txt | 23 | ||||
-rw-r--r-- | config/snort/snort.inc | 18 | ||||
-rw-r--r-- | config/snort/snort_download_rules.php | 174 | ||||
-rw-r--r-- | config/snort/snort_interfaces.php | 9 | ||||
-rw-r--r-- | config/snort/snort_interfaces_global.php | 9 |
5 files changed, 104 insertions, 129 deletions
diff --git a/config/snort/NOTES.txt b/config/snort/NOTES.txt index 39d93061..cde858e5 100644 --- a/config/snort/NOTES.txt +++ b/config/snort/NOTES.txt @@ -1,16 +1,25 @@ -March 26 2019 -Snort-dev 2.8.5.3 pk v. 22 final +April 27 2010 +Snort-dev 2.8.5.3 pk v. 23 final TODO: -Create Threshold GUI -Pf snort block table should survive reboots. Dont know how Im going to do this. +Snort block table should survive reboots. Dont know how Im going to do this. Create Upload GUI. Use Pierre POMES code. -Use Chroot for snort. Add log rotation and log dir size display -Threshold tab needs to be added. +Redo code for rule downloads so that changes in snort.org rule gzip file does not break the package. +Add code suggested by Andrew Thompson. + +Long Term Goals: + +Use Chroot for snort. +Isolate functions using classes so we dont have double $vars errors. ! Important +The whitelist and supress code can be simplified. +Go through each tab and delete old code. +Snort Inline needs to be worked on. ! Important + +Any other Devs that read this. +Please add your intials and date to any code blocks you add. It helps me keep track. -Done. diff --git a/config/snort/snort.inc b/config/snort/snort.inc index ea5554cc..e03ec5d6 100644 --- a/config/snort/snort.inc +++ b/config/snort/snort.inc @@ -1033,6 +1033,13 @@ function sync_snort_package_empty() { global $config, $g; conf_mount_rw(); + +/* RedDevil suggested code */ +/* TODO: more testing needs to be done */ +exec("/sbin/sysctl net.bpf.bufsize=8388608"); +exec("/sbin/sysctl net.bpf.maxbufsize=4194304"); +exec("/sbin/sysctl net.bpf.maxinsns=512"); +exec("/sbin/sysctl net.inet.tcp.rfc1323=1"); /* do not start config build if rules is empty */ if (!empty($config['installedpackages']['snortglobal']['rule'])) @@ -1096,6 +1103,13 @@ function sync_snort_package_config() { global $config, $g; conf_mount_rw(); + +/* RedDevil suggested code */ +/* TODO: more testing needs to be done */ +exec("/sbin/sysctl net.bpf.bufsize=8388608"); +exec("/sbin/sysctl net.bpf.maxbufsize=4194304"); +exec("/sbin/sysctl net.bpf.maxinsns=512"); +exec("/sbin/sysctl net.inet.tcp.rfc1323=1"); /* do not start config build if rules is empty */ if (!empty($config['installedpackages']['snortglobal']['rule'])) @@ -1749,7 +1763,9 @@ snort_rules_up_deinstall_cron(""); /* Unset snort registers in conf.xml IMPORTANT snort will not start with out this */ /* Keep this as a last step */ - unset($config['installedpackages']['snortglobal']); + if($config['installedpackages']['snortglobal']['forcekeepsettings'] != 'on') { + unset($config['installedpackages']['snortglobal']); + } write_config(); conf_mount_rw(); diff --git a/config/snort/snort_download_rules.php b/config/snort/snort_download_rules.php index 6ba3c5df..2dd9a720 100644 --- a/config/snort/snort_download_rules.php +++ b/config/snort/snort_download_rules.php @@ -36,7 +36,7 @@ require_once("functions.inc"); require_once("service-utils.inc"); require_once("/usr/local/pkg/snort/snort.inc"); -$tmpfname = "/tmp/snort_rules_up"; +$tmpfname = "/usr/local/etc/snort/tmp/snort_rules_up"; $snortdir = "/usr/local/etc/snort"; $snortdir_wan = "/usr/local/etc/snort"; $snort_filename_md5 = "snortrules-snapshot-2.8.tar.gz.md5"; @@ -78,9 +78,7 @@ $emergingthreats = $config['installedpackages']['snortglobal']['emergingthreats' if (file_exists('/var/run/snort.conf.dirty')) { $snort_dirty_d = 'stop'; -} - - +} /* If no id show the user a button */ if ($id_d == "" || $snort_emrging_info == "stop" || $snort_oinkid_info == "stop" || $snort_dirty_d == 'stop') { @@ -317,9 +315,13 @@ setTimeout($.unblockUI, 2000); <?php +/* Begin main code */ conf_mount_rw(); -/* Begin main code */ +if (!file_exists('/usr/local/etc/snort/tmp')) { + exec('/bin/mkdir /usr/local/etc/snort/tmp -p'); +} + /* Set user agent to Mozilla */ ini_set('user_agent','Mozilla/4.0 (compatible; MSIE 6.0)'); ini_set("memory_limit","125M"); @@ -699,16 +701,25 @@ if ($snortdownload != "off") { if ($snort_md5_check_ok != on) { if (file_exists("{$tmpfname}/{$snort_filename}")) { - update_status(gettext("Extracting rules...")); + update_status(gettext("Extracting Snort.org rules...")); update_output_window(gettext("May take a while...")); - exec("/bin/mkdir -p {$snortdir}/rules_bk/"); - exec("/usr/bin/tar xzf {$tmpfname}/{$snort_filename} -C {$snortdir}/rules_bk rules/"); - exec("/usr/bin/tar xzf {$tmpfname}/{$snort_filename} -C {$snortdir} etc/" . - " so_rules/precompiled/FreeBSD-7.0/i386/2.8.5.1/" . - " so_rules/bad-traffic.rules/" . + /* extract snort.org rules and add prefix to all snort.org files*/ + exec("/bin/rm -r {$snortdir}/rules"); + sleep(2); + exec("/usr/bin/tar xzf {$tmpfname}/{$snort_filename} -C {$snortdir} rules/"); + chdir ("/usr/local/etc/snort/rules"); + sleep(2); + exec('/usr/local/bin/perl /usr/local/bin/snort_rename.pl s/^/snort_/ *.rules'); + /* extract so rules */ + exec("/usr/bin/tar xzf {$tmpfname}/{$snort_filename} -C {$snortdir} so_rules/precompiled/FreeBSD-7.0/i386/2.8.5.3/"); + exec('/bin/mkdir -p /usr/local/lib/snort/dynamicrules/'); + exec("/bin/mv -f {$snortdir}/so_rules/precompiled/FreeBSD-7.0/i386/2.8.5.3/* /usr/local/lib/snort/dynamicrules/"); + /* extract so rules none bin and rename */ + exec("/usr/bin/tar xzf {$tmpfname}/{$snort_filename} -C {$snortdir} so_rules/bad-traffic.rules/" . " so_rules/chat.rules/" . " so_rules/dos.rules/" . " so_rules/exploit.rules/" . + " so_rules/icmp.rules/" . " so_rules/imap.rules/" . " so_rules/misc.rules/" . " so_rules/multimedia.rules/" . @@ -717,17 +728,39 @@ if ($snortdownload != "off") " so_rules/p2p.rules/" . " so_rules/smtp.rules/" . " so_rules/sql.rules/" . + " so_rules/web-activex.rules/" . " so_rules/web-client.rules/" . + " so_rules/web-iis.rules/" . " so_rules/web-misc.rules/"); - /* add prefix to all snort.org files */ - /* remove this part and make it all php with the simplst code posible */ - chdir ("/usr/local/etc/snort/rules_bk/rules"); - sleep(2); - exec('/usr/local/bin/perl /usr/local/bin/snort_rename.pl s/^/snort_/ *.rules'); - update_status(gettext("Done extracting Rules.")); + + exec("/bin/mv -f {$snortdir}/so_rules/bad-traffic.rules {$snortdir}/rules/snort_bad-traffic.so.rules"); + exec("/bin/mv -f {$snortdir}/so_rules/chat.rules {$snortdir}/rules/snort_chat.so.rules"); + exec("/bin/mv -f {$snortdir}/so_rules/dos.rules {$snortdir}/rules/snort_dos.so.rules"); + exec("/bin/mv -f {$snortdir}/so_rules/exploit.rules {$snortdir}/rules/snort_exploit.so.rules"); + exec("/bin/mv -f {$snortdir}/so_rules/icmp.rules {$snortdir}/rules/snort_icmp.so.rules"); + exec("/bin/mv -f {$snortdir}/so_rules/imap.rules {$snortdir}/rules/snort_imap.so.rules"); + exec("/bin/mv -f {$snortdir}/so_rules/misc.rules {$snortdir}/rules/snort_misc.so.rules"); + exec("/bin/mv -f {$snortdir}/so_rules/multimedia.rules {$snortdir}/rules/snort_multimedia.so.rules"); + exec("/bin/mv -f {$snortdir}/so_rules/netbios.rules {$snortdir}/rules/snort_netbios.so.rules"); + exec("/bin/mv -f {$snortdir}/so_rules/nntp.rules {$snortdir}/rules/snort_nntp.so.rules"); + exec("/bin/mv -f {$snortdir}/so_rules/p2p.rules {$snortdir}/rules/snort_p2p.so.rules"); + exec("/bin/mv -f {$snortdir}/so_rules/smtp.rules {$snortdir}/rules/snort_smtp.so.rules"); + exec("/bin/mv -f {$snortdir}/so_rules/sql.rules {$snortdir}/rules/snort_sql.so.rules"); + exec("/bin/mv -f {$snortdir}/so_rules/web-activex.rules {$snortdir}/rules/snort_web-activex.so.rules"); + exec("/bin/mv -f {$snortdir}/so_rules/web-client.rules {$snortdir}/rules/snort_web-client.so.rules"); + exec("/bin/mv -f {$snortdir}/so_rules/web-iis.rules {$snortdir}/rules/snort_web-iis.so.rules"); + exec("/bin/mv -f {$snortdir}/so_rules/web.misc.rules {$snortdir}/rules/snort_web.misc.so.rules"); + exec("/bin/rm -r {$snortdir}/so_rules"); + + /* extract base etc files */ + exec("/usr/bin/tar xzf {$tmpfname}/{$snort_filename} -C {$snortdir} etc/"); + exec("/bin/mv -f {$snortdir}/etc/* {$snortdir}"); + exec("/bin/rm -r {$snortdir}/etc"); + + update_status(gettext("Done extracting Snort.org Rules.")); }else{ - update_status(gettext("The Download rules file missing...")); - update_output_window(gettext("Error rules extracting failed...")); + update_status(gettext("Error extracting Snort.org Rules...")); + update_output_window(gettext("Error Line 755")); echo ' <script type="text/javascript"> <!-- @@ -778,103 +811,6 @@ if ($premium_url_chk == on) { } } -/* Copy so_rules dir to snort lib dir */ -/* Disabed untill I find out why there is a segment failt coredump when using these rules on 2.8.5.3 */ -if ($snortdownload != "off") -{ - if ($snort_md5_check_ok != on) { - if (file_exists("{$snortdir}/so_rules/precompiled/FreeBSD-7.0/i386/2.8.5.1")) { - update_status(gettext("Copying so_rules...")); - update_output_window(gettext("May take a while...")); - exec("/bin/cp -f {$snortdir}/so_rules/precompiled/FreeBSD-7.0/i386/2.8.5.1/* /usr/local/lib/snort/dynamicrules/"); - exec("/bin/cp {$snortdir}/so_rules/bad-traffic.rules {$snortdir}/rules/snort_bad-traffic.so.rules"); - exec("/bin/cp {$snortdir}/so_rules/chat.rules {$snortdir}/rules/snort_chat.so.rules"); - exec("/bin/cp {$snortdir}/so_rules/dos.rules {$snortdir}/rules/snort_dos.so.rules"); - exec("/bin/cp {$snortdir}/so_rules/exploit.rules {$snortdir}/rules/snort_exploit.so.rules"); - exec("/bin/cp {$snortdir}/so_rules/imap.rules {$snortdir}/rules/snort_imap.so.rules"); - exec("/bin/cp {$snortdir}/so_rules/misc.rules {$snortdir}/rules/snort_misc.so.rules"); - exec("/bin/cp {$snortdir}/so_rules/multimedia.rules {$snortdir}/rules/snort_multimedia.so.rules"); - exec("/bin/cp {$snortdir}/so_rules/netbios.rules {$snortdir}/rules/snort_netbios.so.rules"); - exec("/bin/cp {$snortdir}/so_rules/nntp.rules {$snortdir}/rules/snort_nntp.so.rules"); - exec("/bin/cp {$snortdir}/so_rules/p2p.rules {$snortdir}/rules/snort_p2p.so.rules"); - exec("/bin/cp {$snortdir}/so_rules/smtp.rules {$snortdir}/rules/snort_smtp.so.rules"); - exec("/bin/cp {$snortdir}/so_rules/sql.rules {$snortdir}/rules/snort_sql.so.rules"); - exec("/bin/cp {$snortdir}/so_rules/web-activex.rules {$snortdir}/rules/snort_web-activex.so.rules"); - exec("/bin/cp {$snortdir}/so_rules/web-client.rules {$snortdir}/rules/snort_web-client.so.rules"); - exec("/bin/cp {$snortdir}/so_rules/web-iis.rules {$snortdir}/rules/snort_web-iis.so.rules"); - exec("/bin/cp {$snortdir}/so_rules/web.misc.rules {$snortdir}/rules/snort_web.misc.so.rules"); - exec("/bin/rm -r {$snortdir}/so_rules"); - update_status(gettext("Done copying so_rules.")); - }else{ - update_status(gettext("Directory so_rules does not exist...")); - update_output_window(gettext("Error copying so_rules...")); - echo ' -<script type="text/javascript"> -<!-- - displaymessagestop(); -// --> -</script>'; - echo "</body>"; - echo "</html>"; - conf_mount_ro(); - exit(0); - } - } -} - -/* Copy renamed snort.org rules to snort dir */ -if ($snortdownload != "off") -{ - if ($snort_md5_check_ok != on) - { - if (file_exists("{$snortdir}/rules_bk/rules/Makefile.am")) - { - update_status(gettext("Copying renamed snort.org rules to snort directory...")); - exec("/bin/cp {$snortdir}/rules_bk/rules/* {$snortdir}/rules/"); - }else{ - update_status(gettext("The renamed snort.org rules do not exist...")); - update_output_window(gettext("Error copying config...")); - echo ' -<script type="text/javascript"> -<!-- - displaymessagestop(); -// --> -</script>'; - echo "</body>"; - echo "</html>"; - conf_mount_ro(); - exit(0); - } - } -} - -/* Copy configs to snort dir */ -if ($snortdownload != "off") -{ - if ($snort_md5_check_ok != on) - { - if (file_exists("{$snortdir}/etc/Makefile.am")) { - update_status(gettext("Copying configs to snort directory...")); - exec("/bin/cp {$snortdir}/etc/* {$snortdir}"); - exec("/bin/rm -r {$snortdir}/etc"); - }else{ - update_status(gettext("The snort config does not exist...")); - update_output_window(gettext("Error copying config...")); - echo ' -<script type="text/javascript"> -<!-- - displaymessagestop(); -// --> -</script>'; -echo "</body>"; -echo "</html>"; -conf_mount_ro(); - exit(0); - } - } -} - - /* Copy md5 sig to snort dir */ if ($snortdownload != "off") { @@ -1133,12 +1069,12 @@ if (!empty($config['installedpackages']['snortglobal']['rule'])) $config['installedpackages']['snortglobal']['last_rules_install'] = date("Y-M-jS-h:i-A"); /* remove old $tmpfname files */ -if (file_exists("{$tmpfname}")) +if (file_exists('/usr/local/etc/snort/tmp')) { update_status(gettext("Cleaning up...")); - exec("/bin/rm -r /tmp/snort_rules_up"); + exec("/bin/rm -r /usr/local/etc/snort/tmp/snort_rules_up"); sleep(2); - exec("/bin/rm -r {$snortdir}/rules_bk/rules/"); + exec("/bin/rm -r /usr/local/etc/snort/tmp/rules_bk"); apc_clear_cache(); } diff --git a/config/snort/snort_interfaces.php b/config/snort/snort_interfaces.php index b644d567..c2c17d56 100644 --- a/config/snort/snort_interfaces.php +++ b/config/snort/snort_interfaces.php @@ -241,7 +241,7 @@ if ($_GET['act'] == 'toggle' && $_GET['id'] != '') -$pgtitle = "Services: Snort 2.8.5.3 pkg v. 1.21"; +$pgtitle = "Services: Snort 2.8.5.3 pkg v. 1.23"; include("head.inc"); ?> @@ -481,12 +481,17 @@ padding: 15px 10px 50% 50px; <br> <table class="tabcont" width="100%" border="0" cellpadding="0" cellspacing="0"> - <td width="100%"><span class="vexpl"><span class="red"><strong>Note:</strong></span> + <td width="100%"><span class="vexpl"> + <span class="red"><strong>Note:</strong></span> <br> This is the <strong>Snort Menu</strong> where you can see an over view of all your interface settings. <br> Please edit the <strong>Global Settings</strong> tab before adding an interface. <br><br> + <span class="red"><strong>Warning:</strong></span> + <br> + <strong>New settings will not take effect until interface restart.</strong> + <br><br> <strong>Click</strong> on the <img src="../themes/<?= $g['theme']; ?>/images/icons/icon_plus.gif" width="17" height="17" border="0" title="Add Icon"> icon to add a interface.<strong> Click</strong> on the <img src="../themes/<?= $g['theme']; ?>/images/icons/icon_pass.gif" width="13" height="13" border="0" title="Start Icon"> icon to <strong>start</strong> snort and barnyard2. <br> <strong>Click</strong> on the <img src="../themes/<?= $g['theme']; ?>/images/icons/icon_e.gif" width="17" height="17" border="0" title="Edit Icon"> icon to edit a interface and settings.<strong> Click</strong> on the <img src="../themes/<?= $g['theme']; ?>/images/icons/icon_block.gif" width="13" height="13" border="0" title="Stop Icon"> icon to <strong>stop</strong> snort and barnyard2. diff --git a/config/snort/snort_interfaces_global.php b/config/snort/snort_interfaces_global.php index 29257bc7..24922564 100644 --- a/config/snort/snort_interfaces_global.php +++ b/config/snort/snort_interfaces_global.php @@ -46,6 +46,8 @@ $pconfig['whitelistvpns'] = $config['installedpackages']['snortglobal']['whiteli $pconfig['clickablalerteurls'] = $config['installedpackages']['snortglobal']['clickablalerteurls']; $pconfig['associatealertip'] = $config['installedpackages']['snortglobal']['associatealertip']; $pconfig['snortalertlogtype'] = $config['installedpackages']['snortglobal']['snortalertlogtype']; +$pconfig['forcekeepsettings'] = $config['installedpackages']['snortglobal']['forcekeepsettings']; + if ($_POST) { @@ -74,6 +76,7 @@ if ($_POST) { $config['installedpackages']['snortglobal']['clickablalerteurls'] = $_POST['clickablalerteurls'] ? on : off; $config['installedpackages']['snortglobal']['associatealertip'] = $_POST['associatealertip'] ? on : off; $config['installedpackages']['snortglobal']['snortalertlogtype'] = $_POST['snortalertlogtype']; + $config['installedpackages']['snortglobal']['forcekeepsettings'] = $_POST['forcekeepsettings'] ? on : off; write_config(); sleep(2); @@ -352,6 +355,12 @@ include("head.inc"); <span class="vexpl">Please choose the type of Alert logging you will like see in your alert file.<br> Hint: Best pratice is to chose full logging.</span> <span class="red"><strong>WARNING:</strong></span> <strong>On change, alert file will be cleared.</strong></td> </tr> + <tr> + <td width="22%" valign="top" class="vncell">Keep snort settings after deinstall</td> + <td width="78%" class="vtable"> + <input name="forcekeepsettings" id="forcekeepsettings" type="checkbox" value="yes" <?php if ($config['installedpackages']['snortglobal']['forcekeepsettings']=="on") echo "checked"; ?> onClick="enable_change(false)"><br> + Settings will not be removed during deinstall.</td> + </tr> <tr> <td width="22%" valign="top"><input name="Reset" type="submit" class="formbtn" value="Reset" onclick="return confirm('Do you really want to delete all global and interface settings?')"><span class="red"><strong> WARNING:</strong><br> This will reset all global and interface settings.</span> |