aboutsummaryrefslogtreecommitdiffstats
path: root/config/snort
diff options
context:
space:
mode:
Diffstat (limited to 'config/snort')
-rw-r--r--config/snort/snort.inc68
-rw-r--r--config/snort/snort_alerts.php8
-rw-r--r--config/snort/snort_check_cron_misc.inc6
-rw-r--r--config/snort/snort_check_for_rule_updates.php12
-rw-r--r--config/snort/snort_download_rules.php12
-rw-r--r--config/snort/snort_rules_edit.php34
6 files changed, 68 insertions, 72 deletions
diff --git a/config/snort/snort.inc b/config/snort/snort.inc
index 9ce41be3..8e3e5f88 100644
--- a/config/snort/snort.inc
+++ b/config/snort/snort.inc
@@ -546,27 +546,27 @@ function snort_postinstall()
@unlink('/usr/local/bin/barnyard2');
/* important */
- exec('/usr/sbin/chown -R snort:snort /var/log/snort');
- exec('/usr/sbin/chown -R snort:snort /usr/local/etc/snort');
- exec('/usr/sbin/chown -R snort:snort /usr/local/lib/snort');
- exec('/usr/sbin/chown snort:snort /tmp/snort*');
- exec('/usr/sbin/chown snort:snort /var/db/whitelist');
- exec('/bin/chmod 660 /var/log/snort/alert');
- exec('/bin/chmod 660 /var/db/whitelist');
- exec('/bin/chmod -R 660 /usr/local/etc/snort/*');
- exec('/bin/chmod -R 660 /tmp/snort*');
- exec('/bin/chmod -R 660 /var/run/snort*');
- exec('/bin/chmod -R 660 /var/snort/run/*');
- exec('/bin/chmod 770 /usr/local/lib/snort');
- exec('/bin/chmod 770 /usr/local/etc/snort');
- exec('/bin/chmod 770 /usr/local/etc/whitelist');
- exec('/bin/chmod 770 /var/log/snort');
- exec('/bin/chmod 770 /var/log/snort/run');
- exec('/bin/chmod 770 /var/log/snort/barnyard2');
+ mwexec('/usr/sbin/chown -R snort:snort /var/log/snort', true);
+ mwexec('/usr/sbin/chown -R snort:snort /usr/local/etc/snort', true);
+ mwexec('/usr/sbin/chown -R snort:snort /usr/local/lib/snort', true);
+ mwexec('/usr/sbin/chown snort:snort /tmp/snort*', true);
+ mwexec('/usr/sbin/chown snort:snort /var/db/whitelist', true);
+ mwexec('/bin/chmod 660 /var/log/snort/alert', true);
+ mwexec('/bin/chmod 660 /var/db/whitelist', true);
+ mwexec('/bin/chmod -R 660 /usr/local/etc/snort/*', true);
+ mwexec('/bin/chmod -R 660 /tmp/snort*', true);
+ mwexec('/bin/chmod -R 660 /var/run/snort*', true);
+ mwexec('/bin/chmod -R 660 /var/snort/run/*', true);
+ mwexec('/bin/chmod 770 /usr/local/lib/snort', true);
+ mwexec('/bin/chmod 770 /usr/local/etc/snort', true);
+ mwexec('/bin/chmod 770 /usr/local/etc/whitelist', true);
+ mwexec('/bin/chmod 770 /var/log/snort', true);
+ mwexec('/bin/chmod 770 /var/log/snort/run', true);
+ mwexec('/bin/chmod 770 /var/log/snort/barnyard2', true);
/* move files around, make it look clean */
- exec('/bin/mkdir -p /usr/local/www/snort/css');
- exec('/bin/mkdir -p /usr/local/www/snort/images');
+ mwexec('/bin/mkdir -p /usr/local/www/snort/css');
+ mwexec('/bin/mkdir -p /usr/local/www/snort/images');
chdir ("/usr/local/www/snort/css/");
exec('/usr/bin/fetch http://www.pfsense.com/packages/config/snort/css/style.css');
@@ -940,18 +940,18 @@ function sync_snort_package() {
exec('/usr/bin/touch /var/log/snort/alert');
/* important */
- exec('/usr/sbin/chown -R snort:snort /var/log/snort');
- exec('/usr/sbin/chown -R snort:snort /usr/local/etc/snort');
- exec('/usr/sbin/chown -R snort:snort /usr/local/lib/snort');
- exec('/usr/sbin/chown snort:snort /tmp/snort*');
- exec('/usr/sbin/chown snort:snort /var/db/whitelist');
-
- exec('/bin/chmod 770 /var/db/whitelist');
- exec('/bin/chmod 770 /var/run/snort*');
- exec('/bin/chmod 770 /tmp/snort*');
- exec('/bin/chmod -R 770 /var/log/snort');
- exec('/bin/chmod -R 770 /usr/local/lib/snort');
- exec('/bin/chmod -R 770 /usr/local/etc/snort/');
+ mwexec('/usr/sbin/chown -R snort:snort /var/log/snort', true);
+ mwexec('/usr/sbin/chown -R snort:snort /usr/local/etc/snort', true);
+ mwexec('/usr/sbin/chown -R snort:snort /usr/local/lib/snort', true);
+ mwexec('/usr/sbin/chown snort:snort /tmp/snort*', true);
+ mwexec('/usr/sbin/chown snort:snort /var/db/whitelist', true);
+
+ mwexec('/bin/chmod 770 /var/db/whitelist', true);
+ mwexec('/bin/chmod 770 /var/run/snort*', true);
+ mwexec('/bin/chmod 770 /tmp/snort*', true);
+ mwexec('/bin/chmod -R 770 /var/log/snort', true);
+ mwexec('/bin/chmod -R 770 /usr/local/lib/snort', true);
+ mwexec('/bin/chmod -R 770 /usr/local/etc/snort/', true);
}
/* only run when a single iface needs to sync */
@@ -1428,9 +1428,9 @@ function create_barnyard2_conf($id, $if_real, $snort_uuid) {
exec("/usr/bin/touch /usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/barnyard2.conf");
if (!file_exists("/var/log/snort/barnyard2/{$snort_uuid}_{$if_real}.waldo")) {
- exec("/usr/bin/touch /var/log/snort/barnyard2/{$snort_uuid}_{$if_real}.waldo");
- exec("/usr/sbin/chown snort:snort /var/log/snort/barnyard2/{$snort_uuid}_{$if_real}.waldo");
- exec("/bin/chmod 770 /var/log/snort/barnyard2/{$snort_uuid}_{$if_real}.waldo");
+ mwexec("/usr/bin/touch /var/log/snort/barnyard2/{$snort_uuid}_{$if_real}.waldo", true);
+ mwexec("/usr/sbin/chown snort:snort /var/log/snort/barnyard2/{$snort_uuid}_{$if_real}.waldo", true);
+ mwexec("/bin/chmod 770 /var/log/snort/barnyard2/{$snort_uuid}_{$if_real}.waldo", true);
}
$barnyard2_conf_text = generate_barnyard2_conf($id, $if_real, $snort_uuid);
diff --git a/config/snort/snort_alerts.php b/config/snort/snort_alerts.php
index e5e85237..8e81d16a 100644
--- a/config/snort/snort_alerts.php
+++ b/config/snort/snort_alerts.php
@@ -89,12 +89,12 @@ if ($_POST['delete'])
conf_mount_rw();
if(file_exists('/var/log/snort/alert'))
{
- exec('/bin/echo "" > /var/log/snort/alert');
+ @file_put_content("/var/log/snort/alert", "");
post_delete_logs();
- exec('/usr/sbin/chown snort:snort /var/log/snort/*');
- exec('/bin/chmod 660 /var/log/snort/*');
+ mwexec('/usr/sbin/chown snort:snort /var/log/snort/*', true);
+ mwexec('/bin/chmod 660 /var/log/snort/*', true);
sleep(2);
- exec('/usr/bin/killall -HUP snort');
+ mwexec('/usr/bin/killall -HUP snort', true);
}
conf_mount_ro();
}
diff --git a/config/snort/snort_check_cron_misc.inc b/config/snort/snort_check_cron_misc.inc
index bf8566e2..0529f79b 100644
--- a/config/snort/snort_check_cron_misc.inc
+++ b/config/snort/snort_check_cron_misc.inc
@@ -65,10 +65,8 @@ if (snort_Getdirsize('/var/log/snort/') >= $snortloglimitsizeKB ) {
exec('/bin/echo "" > /var/log/snort/alert');
}
post_delete_logs();
- exec('/usr/sbin/chown snort:snort /var/log/snort/*');
- exec('/bin/chmod 660 /var/log/snort/*');
- //sleep(2);
- //exec('/usr/bin/killall -HUP snort');
+ mwexec('/usr/sbin/chown snort:snort /var/log/snort/*', true);
+ mwexec('/bin/chmod 660 /var/log/snort/*', true);
}
conf_mount_ro();
diff --git a/config/snort/snort_check_for_rule_updates.php b/config/snort/snort_check_for_rule_updates.php
index 596ba09e..cb85e0ef 100644
--- a/config/snort/snort_check_for_rule_updates.php
+++ b/config/snort/snort_check_for_rule_updates.php
@@ -673,12 +673,12 @@ if (is_dir('/usr/local/etc/snort/tmp')) {
}
/* make all dirs snorts */
-exec("/usr/sbin/chown -R snort:snort /var/log/snort");
-exec("/usr/sbin/chown -R snort:snort /usr/local/etc/snort");
-exec("/usr/sbin/chown -R snort:snort /usr/local/lib/snort");
-exec("/bin/chmod -R 755 /var/log/snort");
-exec("/bin/chmod -R 755 /usr/local/etc/snort");
-exec("/bin/chmod -R 755 /usr/local/lib/snort");
+mwexec("/usr/sbin/chown -R snort:snort /var/log/snort", true);
+mwexec("/usr/sbin/chown -R snort:snort /usr/local/etc/snort", true);
+mwexec("/usr/sbin/chown -R snort:snort /usr/local/lib/snort", true);
+mwexec("/bin/chmod -R 755 /var/log/snort", true);
+mwexec("/bin/chmod -R 755 /usr/local/etc/snort", true);
+mwexec("/bin/chmod -R 755 /usr/local/lib/snort", true);
if ($snortdownload == 'off' && $emergingthreats == 'off' && $pfsensedownload == 'off')
update_output_window(gettext("Finished..."));
diff --git a/config/snort/snort_download_rules.php b/config/snort/snort_download_rules.php
index b1a5d4a8..0e4ce635 100644
--- a/config/snort/snort_download_rules.php
+++ b/config/snort/snort_download_rules.php
@@ -734,12 +734,12 @@ if (is_dir('/usr/local/etc/snort/tmp')) {
}
/* make all dirs snorts */
-exec("/usr/sbin/chown -R snort:snort /var/log/snort");
-exec("/usr/sbin/chown -R snort:snort /usr/local/etc/snort");
-exec("/usr/sbin/chown -R snort:snort /usr/local/lib/snort");
-exec("/bin/chmod -R 755 /var/log/snort");
-exec("/bin/chmod -R 755 /usr/local/etc/snort");
-exec("/bin/chmod -R 755 /usr/local/lib/snort");
+mwexec("/usr/sbin/chown -R snort:snort /var/log/snort", true);
+mwexec("/usr/sbin/chown -R snort:snort /usr/local/etc/snort", true);
+mwexec("/usr/sbin/chown -R snort:snort /usr/local/lib/snort", true);
+mwexec("/bin/chmod -R 755 /var/log/snort", true);
+mwexec("/bin/chmod -R 755 /usr/local/etc/snort", true);
+mwexec("/bin/chmod -R 755 /usr/local/lib/snort", true);
/* hide progress bar and lets end this party */
hide_progress_bar_status();
diff --git a/config/snort/snort_rules_edit.php b/config/snort/snort_rules_edit.php
index 49356b4e..bac04f68 100644
--- a/config/snort/snort_rules_edit.php
+++ b/config/snort/snort_rules_edit.php
@@ -79,29 +79,28 @@ $delimiter = "\n";
//split the contents of the string file into an array using the delimiter
$splitcontents = explode($delimiter, $contents2);
-if($_POST['highlight'] <> "") {
- if($_POST['highlight'] == "yes" or
- $_POST['highlight'] == "enabled") {
- $highlight = "yes";
+if ($_POST) {
+ if($_POST['highlight'] <> "") {
+ if($_POST['highlight'] == "yes" or
+ $_POST['highlight'] == "enabled") {
+ $highlight = "yes";
+ } else {
+ $highlight = "no";
+ }
} else {
$highlight = "no";
}
-} else {
- $highlight = "no";
-}
-if($_POST['rows'] <> "")
- $rows = $_POST['rows'];
-else
- $rows = 1;
+ if($_POST['rows'] <> "")
+ $rows = $_POST['rows'];
+ else
+ $rows = 1;
-if($_POST['cols'] <> "")
- $cols = $_POST['cols'];
-else
- $cols = 66;
+ if($_POST['cols'] <> "")
+ $cols = $_POST['cols'];
+ else
+ $cols = 66;
-if ($_POST)
-{
if ($_POST['save']) {
/* get the changes */
@@ -114,7 +113,6 @@ if ($_POST)
@file_put_contents($file, implode($delimiter, $splitcontents));
echo "<script> window.close(); </script>";
- //header("Location: /snort/snort_view_edit.php?id=$id&openruleset=$file&ids=$ids");
exit;
}
}