diff options
Diffstat (limited to 'config/snort')
-rw-r--r-- | config/snort/snort.inc | 68 | ||||
-rw-r--r-- | config/snort/snort_alerts.php | 8 | ||||
-rw-r--r-- | config/snort/snort_check_cron_misc.inc | 6 | ||||
-rw-r--r-- | config/snort/snort_check_for_rule_updates.php | 12 | ||||
-rw-r--r-- | config/snort/snort_download_rules.php | 12 | ||||
-rw-r--r-- | config/snort/snort_rules_edit.php | 34 |
6 files changed, 68 insertions, 72 deletions
diff --git a/config/snort/snort.inc b/config/snort/snort.inc index 9ce41be3..8e3e5f88 100644 --- a/config/snort/snort.inc +++ b/config/snort/snort.inc @@ -546,27 +546,27 @@ function snort_postinstall() @unlink('/usr/local/bin/barnyard2'); /* important */ - exec('/usr/sbin/chown -R snort:snort /var/log/snort'); - exec('/usr/sbin/chown -R snort:snort /usr/local/etc/snort'); - exec('/usr/sbin/chown -R snort:snort /usr/local/lib/snort'); - exec('/usr/sbin/chown snort:snort /tmp/snort*'); - exec('/usr/sbin/chown snort:snort /var/db/whitelist'); - exec('/bin/chmod 660 /var/log/snort/alert'); - exec('/bin/chmod 660 /var/db/whitelist'); - exec('/bin/chmod -R 660 /usr/local/etc/snort/*'); - exec('/bin/chmod -R 660 /tmp/snort*'); - exec('/bin/chmod -R 660 /var/run/snort*'); - exec('/bin/chmod -R 660 /var/snort/run/*'); - exec('/bin/chmod 770 /usr/local/lib/snort'); - exec('/bin/chmod 770 /usr/local/etc/snort'); - exec('/bin/chmod 770 /usr/local/etc/whitelist'); - exec('/bin/chmod 770 /var/log/snort'); - exec('/bin/chmod 770 /var/log/snort/run'); - exec('/bin/chmod 770 /var/log/snort/barnyard2'); + mwexec('/usr/sbin/chown -R snort:snort /var/log/snort', true); + mwexec('/usr/sbin/chown -R snort:snort /usr/local/etc/snort', true); + mwexec('/usr/sbin/chown -R snort:snort /usr/local/lib/snort', true); + mwexec('/usr/sbin/chown snort:snort /tmp/snort*', true); + mwexec('/usr/sbin/chown snort:snort /var/db/whitelist', true); + mwexec('/bin/chmod 660 /var/log/snort/alert', true); + mwexec('/bin/chmod 660 /var/db/whitelist', true); + mwexec('/bin/chmod -R 660 /usr/local/etc/snort/*', true); + mwexec('/bin/chmod -R 660 /tmp/snort*', true); + mwexec('/bin/chmod -R 660 /var/run/snort*', true); + mwexec('/bin/chmod -R 660 /var/snort/run/*', true); + mwexec('/bin/chmod 770 /usr/local/lib/snort', true); + mwexec('/bin/chmod 770 /usr/local/etc/snort', true); + mwexec('/bin/chmod 770 /usr/local/etc/whitelist', true); + mwexec('/bin/chmod 770 /var/log/snort', true); + mwexec('/bin/chmod 770 /var/log/snort/run', true); + mwexec('/bin/chmod 770 /var/log/snort/barnyard2', true); /* move files around, make it look clean */ - exec('/bin/mkdir -p /usr/local/www/snort/css'); - exec('/bin/mkdir -p /usr/local/www/snort/images'); + mwexec('/bin/mkdir -p /usr/local/www/snort/css'); + mwexec('/bin/mkdir -p /usr/local/www/snort/images'); chdir ("/usr/local/www/snort/css/"); exec('/usr/bin/fetch http://www.pfsense.com/packages/config/snort/css/style.css'); @@ -940,18 +940,18 @@ function sync_snort_package() { exec('/usr/bin/touch /var/log/snort/alert'); /* important */ - exec('/usr/sbin/chown -R snort:snort /var/log/snort'); - exec('/usr/sbin/chown -R snort:snort /usr/local/etc/snort'); - exec('/usr/sbin/chown -R snort:snort /usr/local/lib/snort'); - exec('/usr/sbin/chown snort:snort /tmp/snort*'); - exec('/usr/sbin/chown snort:snort /var/db/whitelist'); - - exec('/bin/chmod 770 /var/db/whitelist'); - exec('/bin/chmod 770 /var/run/snort*'); - exec('/bin/chmod 770 /tmp/snort*'); - exec('/bin/chmod -R 770 /var/log/snort'); - exec('/bin/chmod -R 770 /usr/local/lib/snort'); - exec('/bin/chmod -R 770 /usr/local/etc/snort/'); + mwexec('/usr/sbin/chown -R snort:snort /var/log/snort', true); + mwexec('/usr/sbin/chown -R snort:snort /usr/local/etc/snort', true); + mwexec('/usr/sbin/chown -R snort:snort /usr/local/lib/snort', true); + mwexec('/usr/sbin/chown snort:snort /tmp/snort*', true); + mwexec('/usr/sbin/chown snort:snort /var/db/whitelist', true); + + mwexec('/bin/chmod 770 /var/db/whitelist', true); + mwexec('/bin/chmod 770 /var/run/snort*', true); + mwexec('/bin/chmod 770 /tmp/snort*', true); + mwexec('/bin/chmod -R 770 /var/log/snort', true); + mwexec('/bin/chmod -R 770 /usr/local/lib/snort', true); + mwexec('/bin/chmod -R 770 /usr/local/etc/snort/', true); } /* only run when a single iface needs to sync */ @@ -1428,9 +1428,9 @@ function create_barnyard2_conf($id, $if_real, $snort_uuid) { exec("/usr/bin/touch /usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/barnyard2.conf"); if (!file_exists("/var/log/snort/barnyard2/{$snort_uuid}_{$if_real}.waldo")) { - exec("/usr/bin/touch /var/log/snort/barnyard2/{$snort_uuid}_{$if_real}.waldo"); - exec("/usr/sbin/chown snort:snort /var/log/snort/barnyard2/{$snort_uuid}_{$if_real}.waldo"); - exec("/bin/chmod 770 /var/log/snort/barnyard2/{$snort_uuid}_{$if_real}.waldo"); + mwexec("/usr/bin/touch /var/log/snort/barnyard2/{$snort_uuid}_{$if_real}.waldo", true); + mwexec("/usr/sbin/chown snort:snort /var/log/snort/barnyard2/{$snort_uuid}_{$if_real}.waldo", true); + mwexec("/bin/chmod 770 /var/log/snort/barnyard2/{$snort_uuid}_{$if_real}.waldo", true); } $barnyard2_conf_text = generate_barnyard2_conf($id, $if_real, $snort_uuid); diff --git a/config/snort/snort_alerts.php b/config/snort/snort_alerts.php index e5e85237..8e81d16a 100644 --- a/config/snort/snort_alerts.php +++ b/config/snort/snort_alerts.php @@ -89,12 +89,12 @@ if ($_POST['delete']) conf_mount_rw(); if(file_exists('/var/log/snort/alert')) { - exec('/bin/echo "" > /var/log/snort/alert'); + @file_put_content("/var/log/snort/alert", ""); post_delete_logs(); - exec('/usr/sbin/chown snort:snort /var/log/snort/*'); - exec('/bin/chmod 660 /var/log/snort/*'); + mwexec('/usr/sbin/chown snort:snort /var/log/snort/*', true); + mwexec('/bin/chmod 660 /var/log/snort/*', true); sleep(2); - exec('/usr/bin/killall -HUP snort'); + mwexec('/usr/bin/killall -HUP snort', true); } conf_mount_ro(); } diff --git a/config/snort/snort_check_cron_misc.inc b/config/snort/snort_check_cron_misc.inc index bf8566e2..0529f79b 100644 --- a/config/snort/snort_check_cron_misc.inc +++ b/config/snort/snort_check_cron_misc.inc @@ -65,10 +65,8 @@ if (snort_Getdirsize('/var/log/snort/') >= $snortloglimitsizeKB ) { exec('/bin/echo "" > /var/log/snort/alert'); } post_delete_logs(); - exec('/usr/sbin/chown snort:snort /var/log/snort/*'); - exec('/bin/chmod 660 /var/log/snort/*'); - //sleep(2); - //exec('/usr/bin/killall -HUP snort'); + mwexec('/usr/sbin/chown snort:snort /var/log/snort/*', true); + mwexec('/bin/chmod 660 /var/log/snort/*', true); } conf_mount_ro(); diff --git a/config/snort/snort_check_for_rule_updates.php b/config/snort/snort_check_for_rule_updates.php index 596ba09e..cb85e0ef 100644 --- a/config/snort/snort_check_for_rule_updates.php +++ b/config/snort/snort_check_for_rule_updates.php @@ -673,12 +673,12 @@ if (is_dir('/usr/local/etc/snort/tmp')) { } /* make all dirs snorts */ -exec("/usr/sbin/chown -R snort:snort /var/log/snort"); -exec("/usr/sbin/chown -R snort:snort /usr/local/etc/snort"); -exec("/usr/sbin/chown -R snort:snort /usr/local/lib/snort"); -exec("/bin/chmod -R 755 /var/log/snort"); -exec("/bin/chmod -R 755 /usr/local/etc/snort"); -exec("/bin/chmod -R 755 /usr/local/lib/snort"); +mwexec("/usr/sbin/chown -R snort:snort /var/log/snort", true); +mwexec("/usr/sbin/chown -R snort:snort /usr/local/etc/snort", true); +mwexec("/usr/sbin/chown -R snort:snort /usr/local/lib/snort", true); +mwexec("/bin/chmod -R 755 /var/log/snort", true); +mwexec("/bin/chmod -R 755 /usr/local/etc/snort", true); +mwexec("/bin/chmod -R 755 /usr/local/lib/snort", true); if ($snortdownload == 'off' && $emergingthreats == 'off' && $pfsensedownload == 'off') update_output_window(gettext("Finished...")); diff --git a/config/snort/snort_download_rules.php b/config/snort/snort_download_rules.php index b1a5d4a8..0e4ce635 100644 --- a/config/snort/snort_download_rules.php +++ b/config/snort/snort_download_rules.php @@ -734,12 +734,12 @@ if (is_dir('/usr/local/etc/snort/tmp')) { } /* make all dirs snorts */ -exec("/usr/sbin/chown -R snort:snort /var/log/snort"); -exec("/usr/sbin/chown -R snort:snort /usr/local/etc/snort"); -exec("/usr/sbin/chown -R snort:snort /usr/local/lib/snort"); -exec("/bin/chmod -R 755 /var/log/snort"); -exec("/bin/chmod -R 755 /usr/local/etc/snort"); -exec("/bin/chmod -R 755 /usr/local/lib/snort"); +mwexec("/usr/sbin/chown -R snort:snort /var/log/snort", true); +mwexec("/usr/sbin/chown -R snort:snort /usr/local/etc/snort", true); +mwexec("/usr/sbin/chown -R snort:snort /usr/local/lib/snort", true); +mwexec("/bin/chmod -R 755 /var/log/snort", true); +mwexec("/bin/chmod -R 755 /usr/local/etc/snort", true); +mwexec("/bin/chmod -R 755 /usr/local/lib/snort", true); /* hide progress bar and lets end this party */ hide_progress_bar_status(); diff --git a/config/snort/snort_rules_edit.php b/config/snort/snort_rules_edit.php index 49356b4e..bac04f68 100644 --- a/config/snort/snort_rules_edit.php +++ b/config/snort/snort_rules_edit.php @@ -79,29 +79,28 @@ $delimiter = "\n"; //split the contents of the string file into an array using the delimiter $splitcontents = explode($delimiter, $contents2); -if($_POST['highlight'] <> "") { - if($_POST['highlight'] == "yes" or - $_POST['highlight'] == "enabled") { - $highlight = "yes"; +if ($_POST) { + if($_POST['highlight'] <> "") { + if($_POST['highlight'] == "yes" or + $_POST['highlight'] == "enabled") { + $highlight = "yes"; + } else { + $highlight = "no"; + } } else { $highlight = "no"; } -} else { - $highlight = "no"; -} -if($_POST['rows'] <> "") - $rows = $_POST['rows']; -else - $rows = 1; + if($_POST['rows'] <> "") + $rows = $_POST['rows']; + else + $rows = 1; -if($_POST['cols'] <> "") - $cols = $_POST['cols']; -else - $cols = 66; + if($_POST['cols'] <> "") + $cols = $_POST['cols']; + else + $cols = 66; -if ($_POST) -{ if ($_POST['save']) { /* get the changes */ @@ -114,7 +113,6 @@ if ($_POST) @file_put_contents($file, implode($delimiter, $splitcontents)); echo "<script> window.close(); </script>"; - //header("Location: /snort/snort_view_edit.php?id=$id&openruleset=$file&ids=$ids"); exit; } } |