aboutsummaryrefslogtreecommitdiffstats
path: root/config/snort
diff options
context:
space:
mode:
Diffstat (limited to 'config/snort')
-rwxr-xr-xconfig/snort/snort.inc14
-rw-r--r--config/snort/snort_download_rules.php409
2 files changed, 217 insertions, 206 deletions
diff --git a/config/snort/snort.inc b/config/snort/snort.inc
index 6fa3fcca..1b8d5571 100755
--- a/config/snort/snort.inc
+++ b/config/snort/snort.inc
@@ -778,9 +778,11 @@ function verify_snort_rules_md5($tmpfname) {
$static_output = gettext("Verifying md5 signature...");
update_all_status($static_output);
}
- $md5 = file_get_contents("{$tmpfname}/{$snort_filename_md5}");
+
+ $md555 = file_get_contents("{$tmpfname}/{$snort_filename_md5}");
+ $md5 = `/bin/echo "{$md555}" | /usr/bin/awk '{ print $4 }'`;
$file_md5_ondisk = `/sbin/md5 {$tmpfname}/{$snort_filename} | /usr/bin/awk '{ print $4 }'`;
- if($md5 <> $file_md5_ondisk) {
+ if($md5 == $file_md5_ondisk) {
if(!$console_mode) {
$static_output = gettext("snort rules: md5 signature of rules mismatch.");
update_all_status($static_output);
@@ -801,6 +803,14 @@ function hide_progress_bar_status() {
echo "\n<script type=\"text/javascript\">document.progressbar.style.visibility='hidden';\n</script>";
}
+/* unhide progress bar */
+function unhide_progress_bar_status() {
+ global $snort_filename, $snort_filename_md5, $console_mode;
+ ob_flush();
+ if(!$console_mode)
+ echo "\n<script type=\"text/javascript\">document.progressbar.style.visibility='visible';\n</script>";
+}
+
/* update both top and bottom text box during an operation */
function update_all_status($status) {
global $snort_filename, $snort_filename_md5, $console_mode;
diff --git a/config/snort/snort_download_rules.php b/config/snort/snort_download_rules.php
index a378a2b2..259bcf86 100644
--- a/config/snort/snort_download_rules.php
+++ b/config/snort/snort_download_rules.php
@@ -1,9 +1,11 @@
<?php
/* $Id$ */
/*
- snort_download_rules.php
- part of pfSense (http://www.pfsense.com)
- Copyright (C) 2005 Scott Ullrich
+ snort_alerts.php
+ part of pfSense
+
+ Copyright (C) 2005 Bill Marquette <bill.marquette@gmail.com>.
+ Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>.
All rights reserved.
Redistribution and use in source and binary forms, with or without
@@ -26,46 +28,33 @@
CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
POSSIBILITY OF SUCH DAMAGE.
-
*/
-/* do not require all of this if we already have. */
-if(!$start_me_up) {
- require_once("guiconfig.inc");
- require_once("functions.inc");
- require_once("service-utils.inc");
- require("/usr/local/pkg/snort.inc");
-}
+/* Setup enviroment */
+$tmpfname = "/tmp/snort_rules_up";
+$snortdir = "/usr/local/etc/snort";
+$snort_filename_md5 = "snortrules-snapshot-2.8.tar.gz.md5";
+$snort_filename = "snortrules-snapshot-2.8.tar.gz";
-/* Allow additional execution time 0 = no limit. */
-ini_set('max_execution_time', '9999');
-ini_set('max_input_time', '9999');
+require_once("guiconfig.inc");
+require_once("functions.inc");
+require_once("service-utils.inc");
+require("/usr/local/pkg/snort.inc");
$pgtitle = "Services: Snort: Update Rules";
-/* define oinkid */
-if($config['installedpackages']['snort'])
- $oinkid = $config['installedpackages']['snort']['config'][0]['oinkmastercode'];
-
-if($_GET['start'] or $_POST['start'])
- $start_me_up = true;
-else
- $start_me_up = false;
-
-if(!is_dir("/usr/local/etc/snort/rules"))
- $start_me_up = true;
-
-include("head.inc");
+include("/usr/local/www/head.inc");
?>
+
<script src="/javascript/scriptaculous/prototype.js" type="text/javascript"></script>
<body link="#0000CC" vlink="#0000CC" alink="#0000CC">
-<?php include("fbegin.inc"); ?>
+<?php include("/usr/local/www/fbegin.inc"); ?>
<?php
if(!$pgtitle_output)
- echo "<p class=\"pgtitle\"><?=$pgtitle?></p>";
+ echo "<p class=\"pgtitle\"><?=$pgtitle?></p>";
?>
<form action="snort_download_rules.php" method="post">
@@ -75,225 +64,237 @@ if(!$pgtitle_output)
<tr>
<td>
<?php
- $tab_array = array();
- $tab_array[] = array(gettext("Settings"), false, "/pkg_edit.php?xml=snort.xml&id=0");
- $tab_array[] = array(gettext("Update Rules"), true, "/snort_download_rules.php");
- $tab_array[] = array(gettext("Categories"), false, "/snort_rulesets.php");
- $tab_array[] = array(gettext("Rules"), false, "/snort_rules.php");
- $tab_array[] = array(gettext("Blocked"), false, "/snort_blocked.php");
- $tab_array[] = array(gettext("Whitelist"), false, "/pkg.php?xml=snort_whitelist.xml");
- $tab_array[] = array(gettext("Alerts"), false, "/snort_alerts.php");
- $tab_array[] = array(gettext("Advanced"), false, "/pkg_edit.php?xml=snort_advanced.xml&id=0");
- display_top_tabs($tab_array);
+ $tab_array = array();
+ $tab_array[] = array(gettext("Settings"), false, "/pkg_edit.php?xml=snort.xml&id=0");
+ $tab_array[] = array(gettext("Update Rules"), true, "/snort_download_rules.php");
+ $tab_array[] = array(gettext("Categories"), false, "/snort_rulesets.php");
+ $tab_array[] = array(gettext("Rules"), false, "/snort_rules.php");
+ $tab_array[] = array(gettext("Blocked"), false, "/snort_blocked.php");
+ $tab_array[] = array(gettext("Whitelist"), false, "/pkg.php?xml=snort_whitelist.xml");
+ $tab_array[] = array(gettext("Alerts"), false, "/snort_alerts.php");
+ $tab_array[] = array(gettext("Advanced"), false, "/pkg_edit.php?xml=snort_advanced.xml&id=0");
+ display_top_tabs($tab_array);
?>
</td>
</tr>
-<?php
- if($start_me_up == false) {
- echo "<tr>\n";
- echo "<td>\n";
- echo "<div id=\"mainarea\">\n";
- echo "<table class=\"tabcont\" width=\"100%\" border=\"0\" cellpadding=\"6\" cellspacing=\"0\">\n";
- echo "<tr>\n";
- echo "<td>\n";
- $last_ruleset_download = $config['installedpackages']['snort']['last_ruleset_download'];
- echo "<div id='loading' name='loading'>\n";
- echo "<img src=\"/themes/metallic/images/misc/loader_tab.gif\"> Getting release information from snort.org...\n";
- echo "</div>\n";
- ob_flush();
- ini_set('user_agent','Mozilla/4.0 (compatible; MSIE 6.0)');
- $text = file_get_contents("http://www.snort.org/pub-bin/downloads.cgi");
- echo "<script type=\"text/javascript\">\n";
- echo "$('loading').style.visibility = 'hidden';\n";
- echo "</script>\n";
- if (preg_match_all("/.*RELEASED\: (.*)\</", $text, $matches))
- $last_update_date = trim($matches[1][0]);
- echo "<table>\n";
- if($last_update_date)
- echo "<tr><td><b>Last snort.org rule update:</b></td><td>{$last_update_date}</td></tr>\n";
- if($last_ruleset_download)
- echo "<tr><td><b>You last updated the ruleset:</b></td><td>{$last_ruleset_download}</td></tr>\n";
- else
- echo "<tr><td><b>You last updated the ruleset:</b></td><td>NEVER</td></tr>\n";
- echo "</td></tr></table>";
- if(!$oinkid) {
- echo "<tr><td colspan='2'>You must obtain an oinkid from snort.org and set its value in the Snort settings tab in order to start the download process.</td></tr>\n";
- } else {
- /* get time stamps for comparison operations */
- $date1ts = strtotime($last_update_date);
- $date2ts = strtotime($last_ruleset_download);
- /* is there a newer ruleset available? */
- if($date1ts > $date2ts or !$last_ruleset_download)
- echo "<tr><td colspan='2'>Press <a href='snort_download_rules.php?start=yes'>here</a> to start download.</td></tr>\n";
- else
- echo "<tr><td colspan='2'>Your snort rulesets are <b>up to date</b>.</td></tr>\n";
- }
- echo "</td>\n";
- echo " </tr>\n";
- echo " </table>\n";
- echo " </div>\n";
- echo "</td>\n";
- echo "</tr>\n";
- echo "</table>\n";
- include("fend.inc");
- exit;
- }
-?>
- <tr>
- <td>
- <div id="mainarea">
- <table class="tabcont" width="100%" border="0" cellpadding="6" cellspacing="0">
- <tr>
- <td align="center" valign="top">
- <!-- progress bar -->
- <table id="progholder" width='420' style='border-collapse: collapse; border: 1px solid #000000;' cellpadding='2' cellspacing='2'>
+
+ <tr>
+ <td>
+ <div id="mainarea">
+ <table class="tabcont" width="100%" border="0" cellpadding="6" cellspacing="0">
+ <tr>
+ <td align="center" valign="top">
+ <!-- progress bar -->
+ <table id="progholder" width='420' style='border-collapse: collapse; border: 1px solid #000000;' cellpadding='2' cellspacing='2'>
<tr>
<td>
<img border='0' src='./themes/<?= $g['theme']; ?>/images/misc/progress_bar.gif' width='280' height='23' name='progressbar' id='progressbar' alt='' />
</td>
</tr>
</table>
- <br />
- <!-- status box -->
- <textarea cols="60" rows="1" name="status" id="status" wrap="hard">
- <?=gettext("Initializing...");?>
- </textarea>
- <!-- command output box -->
- <textarea cols="60" rows="25" name="output" id="output" wrap="hard">
- </textarea>
- </td>
- </tr>
- </table>
- </div>
- </td>
- </tr>
+ <br />
+ <!-- status box -->
+ <textarea cols="60" rows="1" name="status" id="status" wrap="hard">
+ <?=gettext("Initializing...");?>
+ </textarea>
+ <!-- command output box -->
+ <textarea cols="60" rows="1" name="output" id="output" wrap="hard">
+ </textarea>
+ </td>
+ </tr>
+ </table>
+ </div>
+ </td>
+ </tr>
</table>
</form>
+
<?php include("fend.inc"); ?>
+
<?php
-if(!$oinkid) {
- $static_output = gettext("You must obtain an oinkid from snort.org and set its value in the Snort settings tab.");
- update_all_status($static_output);
- hide_progress_bar_status();
- exit;
+/* Begin main code */
+/* Set user agent to Mozilla */
+ini_set('user_agent','Mozilla/4.0 (compatible; MSIE 6.0)');
+ini_set("memory_limit","125M");
+
+
+/* hide progress bar and lets end this party */
+hide_progress_bar_status();
+
+/* remove old $tmpfname files */
+if (file_exists("{$tmpfname}")) {
+ /* echo "removing old {$tmpfname} files\n"; */
+ update_status(gettext("Removing old tmp files..."));
+ exec("/bin/rm -r {$tmpfname}");
}
/* send current buffer */
ob_flush();
-/* setup some variables */
-$premium_subscriber = "";
-
-/* Snort version */
-$snort_version = "2.8";
-
-/* Are we using the premium subscriber subscription? */
-if($config['installedpackages']['snortadvanced']['config'][0]['subscriber']) {
- // http://www.snort.org/pub-bin/downloads.cgi/Download/sub_rules/snortrules-snapshot-CURRENT_s.tar.gz.md5
- $premium_subscriber = "_s";
- $snort_download_prefix = "http://www.snort.org/pub-bin/oinkmaster.cgi";
+/* If tmp dir does not exist create it */
+if (file_exists($tmpfname)) {
+ /* echo "The directory $tmpfname exists\n"; */
+ update_status(gettext("The directory tmp exists..."));
} else {
- // http://www.snort.org/pub-bin/downloads.cgi/Download/vrt_os/snortrules-snapshot-CURRENT.tar.gz.md5
- $premium_subscriber = "";
- $snort_download_prefix = "http://www.snort.org/pub-bin/oinkmaster.cgi";
+ mkdir("{$tmpfname}", 700);
}
-/* Set snort rules download filename */
-$snort_filename = "snortrules-snapshot-{$snort_version}{$premium_subscriber}.tar.gz";
-$snort_filename_md5 = "snortrules-snapshot-{$snort_version}{$premium_subscriber}.tar.gz.md5";
+/* unhide progress bar and lets end this party */
+unhide_progress_bar_status();
-/* Set user agent to Mozilla */
+/* download md5 sig */
+if (file_exists("{$tmpfname}/{$snort_filename_md5}")) {
+ /* echo "{$snort_filename_md5} does exists\n"; */
+ update_status(gettext("md5 temp file exists..."));
+} else {
+ /* echo "downloading md5\n"; */
+ update_status(gettext("Downloading md5 file..."));
ini_set('user_agent','Mozilla/4.0 (compatible; MSIE 6.0)');
+$image = file_get_contents('http://dl.snort.org/reg-rules/snortrules-snapshot-2.8.tar.gz.md5?oink_code=658d6fe74f30ac3efd01e7ff551f63d91a926430');
+$f = fopen("{$tmpfname}/snortrules-snapshot-2.8.tar.gz.md5", 'w');
+fwrite($f, $image);
+fclose($f);
+ /* echo "done\n"; */
+ update_status(gettext("Done."));
+}
-/* Set download URL */
-$dl = "{$snort_download_prefix}/{$oinkid}/{$snort_filename}";
-$dl_md5 = "{$snort_download_prefix}/{$oinkid}/{$snort_filename_md5}";
+/* Check if were up to date */
+if (file_exists("{$snortdir}/{$snort_filename_md5}")) {
+$md5_check_new_parse = file_get_contents("{$tmpfname}/{$snort_filename_md5}");
+$md5_check_new = `/bin/echo "{$md5_check_new_parse}" | /usr/bin/awk '{ print $4 }'`;
+$md5_check_old_parse = file_get_contents("{$snortdir}/{$snort_filename_md5}");
+$md5_check_old = `/bin/echo "{$md5_check_old_parse}" | /usr/bin/awk '{ print $4 }'`;
+ if ($md5_check_new == $md5_check_old)
+ echo "You are Up to date!\n\n</body>\n</html>\n", update_status(gettext("Your rules are up to date...")), update_output_window(gettext("You may start Snort now.")), hide_progress_bar_status(), exit(0);
+}
-/* multi user system, request new filename and create directory */
-$tmpfname = tempnam("/tmp", "snortRules");
-exec("/bin/rm -rf {$tmpfname};/bin/mkdir -p {$tmpfname}");
+/* echo "You are Not Up to date!\n"; */
+update_status(gettext("You are NOT up to date..."));
-/* download snort rules */
-$static_output = gettext("Downloading current snort rules... ");
+/* remove old {$snortdir} files */
+if (file_exists("{$snortdir}")) {
+ /* echo "removing old {$snortdir} files\n"; */
+ update_status(gettext("Removing old snort rules..."));
+ update_output_window(gettext("May take a while..."));
+ exec("/bin/rm -r {$snortdir}/*");
+}
-/* Set URL we are downloading in bottom textarea and
- * download snort rules
- */
-update_all_status($static_output);
-update_output_window("{$dl}");
-download_file_with_progress_bar($dl, $tmpfname . "/{$snort_filename}", "read_body_firmware");
-verify_downloaded_file($tmpfname . "/{$snort_filename}");
+/* download snortrules file */
+if (file_exists("{$tmpfname}/{$snort_filename}")) {
+ /* echo "{$snort_filename} does exists\n"; */
+ update_status(gettext("Snortrule tar file exists..."));
+} else {
+ /* echo "downloading rules\n"; */
+ update_status(gettext("Downloading rules..."));
+ update_output_window(gettext("May take 4 to 10 min..."));
-/* download snort rules md5 file */
-$static_output = gettext("Downloading current snort rules md5... ");
+update_output_window("{$snort_filename}");
+download_file_with_progress_bar("http://dl.snort.org/reg-rules/snortrules-snapshot-2.8.tar.gz?oink_code=658d6fe74f30ac3efd01e7ff551f63d91a926430", $tmpfname . "/{$snort_filename}", "read_body_firmware");
update_all_status($static_output);
-update_output_window("{$dl_md5}");
-download_file_with_progress_bar($dl_md5, $tmpfname . "/{$snort_filename_md5}", "read_body_firmware");
-verify_downloaded_file($tmpfname . "/{$snort_filename_md5}");
+ /* echo "done\n"; */
+ update_status(gettext("Done."));
+}
-/* verify downloaded rules signature */
-update_status(gettext("Verifying MD5 Signature..."));
-verify_snort_rules_md5($tmpfname);
-/* extract rules */
-update_status(gettext("Extracting rules..."));
-extract_snort_rules_md5($tmpfname);
+/* Compair md5 sigs */
+$md555 = file_get_contents("{$tmpfname}/{$snort_filename_md5}");
+$md5 = `/bin/echo "{$md555}" | /usr/bin/awk '{ print $4 }'`;
+$file_md5_ondisk = `/sbin/md5 {$tmpfname}/{$snort_filename} | /usr/bin/awk '{ print $4 }'`;
-$static_output = gettext("Your snort rules are now up to date.");
-update_all_status($static_output);
+ if ($md5 == $file_md5_ondisk)
+ /* echo "Valid checksum pass\n"; */
+ update_status(gettext("Valid checksum pass"));
-$config['installedpackages']['snort']['last_ruleset_download'] = date("Y-m-d");
-write_config();
+/* Untar snort rules file */
+if (file_exists("{$tmpfname}/rules")) {
+ /* echo "The directory {$tmpfname}/rules exists\n"; */
+ update_status(gettext("The directory rules exists..."));
+} else {
+ /* echo "extracting rules\n"; */
+ update_status(gettext("Extracting rules..."));
+ update_output_window(gettext("May take a while..."));
+ exec("/usr/bin/tar xzf {$tmpfname}/{$snort_filename} -C {$tmpfname}");
+ update_status(gettext("Done."));
+}
-update_status(gettext("Stopping Snort..."));
-update_output_window(gettext("One moment please..."));
-stop_service("snort");
-update_status(gettext("Starting Snort..."));
-update_output_window(gettext("One moment please..."));
-start_service("snort");
+/* Copy rules dir to snort dir */
+if (file_exists("{$snortdir}/rules")) {
+ /* echo "The directory {$snortdir}/rules exists\n"; */
+ update_status(gettext("Directory rules exists..."));
+} else {
+ /* echo "copying rules to {$snortdir}\n"; */
+ update_status(gettext("Copying rules..."));
+ update_output_window(gettext("May take a while..."));
+ exec("/bin/cp -r {$tmpfname}/rules {$snortdir}/rules");
+ update_status(gettext("Done."));
+}
-/* cleanup temporary directory */
-update_status(gettext("Cleaning up..."));
-update_output_window(gettext("One moment please..."));
-exec("/bin/rm -rf {$tmpfname};");
+/* Copy md5 sig to snort dir */
+if (file_exists("{$snortdir}/$snort_filename_md5")) {
+ /* echo "The {$snort_filename_md5} exists in the {$snortdir} exists\n"; */
+ update_status(gettext("The md5 file exists..."));
+} else {
+ /* echo "copying sig to {$snortdir}\n"; */
+ update_status(gettext("Copying md5 sig to snort directory..."));
+ exec("/bin/cp {$tmpfname}/$snort_filename_md5 {$snortdir}/$snort_filename_md5");
+}
+
+/* Copy configs to snort dir */
+if (file_exists("{$snortdir}/Makefile.am")) {
+ /* echo "The Snort configs exists in the {$snortdir} exists\n"; */
+ update_status(gettext("The snort configs exists..."));
+} else {
+ /* echo "copying sig to {$snortdir}\n"; */
+ update_status(gettext("Copying configs to snort directory..."));
+ exec("/bin/cp {$tmpfname}/etc/* {$snortdir}");
+}
+
+/* Copy signatures dir to snort dir */
+if (file_exists("{$snortdir}/doc/signatures")) {
+ /* echo "The directory {$snortdir}/signatures exists\n"; */
+ update_status(gettext("Directory signatures exists..."));
+} else {
+ /* echo "copying signatures to {$snortdir}\n"; */
+ update_status(gettext("Copying signatures..."));
+ update_output_window(gettext("May take a while..."));
+ exec("/bin/cp -r {$tmpfname}/doc/signatures {$snortdir}/signatures");
+ update_status(gettext("Done."));
+}
+
+/* echo "done finnal\n"; */
+update_status(gettext("Rules update finished..."));
+update_output_window(gettext("You may start Snort now."));
/* hide progress bar and lets end this party */
hide_progress_bar_status();
?>
-</body>
-</html>
-
-<script type="text/javascript">
- document.location.href='snort_download_rules.php?ran=1';
-</script>
-
<?php
function read_body_firmware($ch, $string) {
- global $fout, $file_size, $downloaded, $counter, $version, $latest_version, $current_installed_pfsense_version;
- $length = strlen($string);
- $downloaded += intval($length);
- $downloadProgress = round(100 * (1 - $downloaded / $file_size), 0);
- $downloadProgress = 100 - $downloadProgress;
- $a = $file_size;
- $b = $downloaded;
- $c = $downloadProgress;
- $text = " Snort download in progress\\n";
- $text .= "----------------------------------------------------\\n";
- $text .= " Downloaded : {$b}\\n";
- $text .= "----------------------------------------------------\\n";
- $counter++;
- if($counter > 150) {
- update_output_window($text);
- update_progress_bar($downloadProgress);
- flush();
- $counter = 0;
- }
- fwrite($fout, $string);
- return $length;
+ global $fout, $file_size, $downloaded, $counter, $version, $latest_version, $current_installed_pfsense_version;
+ $length = strlen($string);
+ $downloaded += intval($length);
+ $downloadProgress = round(100 * (1 - $downloaded / $file_size), 0);
+ $downloadProgress = 100 - $downloadProgress;
+ $a = $file_size;
+ $b = $downloaded;
+ $c = $downloadProgress;
+ $text = " Snort download in progress\\n";
+ $text .= "----------------------------------------------------\\n";
+ $text .= " Downloaded : {$b}\\n";
+ $text .= "----------------------------------------------------\\n";
+ $counter++;
+ if($counter > 150) {
+ update_output_window($text);
+ update_progress_bar($downloadProgress);
+ flush();
+ $counter = 0;
+ }
+ fwrite($fout, $string);
+ return $length;
}
-?> \ No newline at end of file
+?>