aboutsummaryrefslogtreecommitdiffstats
path: root/config/snort
diff options
context:
space:
mode:
Diffstat (limited to 'config/snort')
-rwxr-xr-xconfig/snort/snort.inc54
-rw-r--r--config/snort/snort_check_cron_misc.inc4
-rwxr-xr-xconfig/snort/snort_check_for_rule_updates.php46
-rwxr-xr-xconfig/snort/snort_download_updates.php8
-rw-r--r--config/snort/snort_generate_conf.php8
-rw-r--r--config/snort/snort_ip_list_mgmt.php2
-rw-r--r--config/snort/snort_ip_reputation.php2
-rw-r--r--config/snort/snort_iprep_list_browser.php2
-rw-r--r--config/snort/snort_post_install.php10
-rw-r--r--config/snort/snort_sid_mgmt.php2
10 files changed, 72 insertions, 66 deletions
diff --git a/config/snort/snort.inc b/config/snort/snort.inc
index 7ff69396..1fdfb65b 100755
--- a/config/snort/snort.inc
+++ b/config/snort/snort.inc
@@ -71,18 +71,23 @@ else {
/* Be sure to include trailing slash on the URL defines */
define("SNORTLOGDIR", "/var/log/snort");
define("SNORT_BIN_VERSION", "2.9.6.2");
-define("ET_DNLD_FILENAME", "emerging.rules.tar.gz");
-define("ETPRO_DNLD_FILENAME", "etpro.rules.tar.gz");
-define("GPLV2_DNLD_FILENAME", "community-rules.tar.gz");
-define("FLOWBITS_FILENAME", "flowbit-required.rules");
-define("ENFORCING_RULES_FILENAME", "snort.rules");
-define("RULES_UPD_LOGFILE", SNORTLOGDIR . "/snort_rules_update.log");
-define("VRT_FILE_PREFIX", "snort_");
-define("GPL_FILE_PREFIX", "GPLv2_");
-define("ET_OPEN_FILE_PREFIX", "emerging-");
-define("ET_PRO_FILE_PREFIX", "etpro-");
-define("IPREP_PATH", "/var/db/snort/iprep/");
-define('SID_MODS_PATH', '/var/db/snort/sidmods/');
+define("SNORT_ET_DNLD_FILENAME", "emerging.rules.tar.gz");
+define("SNORT_ETPRO_DNLD_FILENAME", "etpro.rules.tar.gz");
+define("SNORT_GPLV2_DNLD_FILENAME", "community-rules.tar.gz");
+define("SNORT_ENFORCING_RULES_FILENAME", "snort.rules");
+define("SNORT_RULES_UPD_LOGFILE", SNORTLOGDIR . "/snort_rules_update.log");
+define("SNORT_IPREP_PATH", "/var/db/snort/iprep/");
+define('SNORT_SID_MODS_PATH', '/var/db/snort/sidmods/');
+if (!defined("FLOWBITS_FILENAME"))
+ define("FLOWBITS_FILENAME", "flowbit-required.rules");
+if (!defined("VRT_FILE_PREFIX"))
+ define("VRT_FILE_PREFIX", "snort_");
+if (!defined("GPL_FILE_PREFIX"))
+ define("GPL_FILE_PREFIX", "GPLv2_");
+if (!defined("ET_OPEN_FILE_PREFIX"))
+ define("ET_OPEN_FILE_PREFIX", "emerging-");
+if (!defined("ET_PRO_FILE_PREFIX"))
+ define("ET_PRO_FILE_PREFIX", "etpro-");
/* Rebuild Rules Flag -- if "true", rebuild enforcing rules and flowbit-rules files */
$rebuild_rules = false;
@@ -579,7 +584,7 @@ function snort_barnyard_start($snortcfg, $if_real, $background=FALSE) {
log_error("[Snort] Barnyard2 START for " . convert_real_interface_to_friendly_descr($if_real) . "({$if_real})...");
if ($background)
mwexec_bg("/usr/local/bin/barnyard2 -r {$snort_uuid} -f \"snort_{$snort_uuid}_{$if_real}.u2\" --pid-path {$g['varrun_path']} --nolock-pidfile -c {$snortdir}/snort_{$snort_uuid}_{$if_real}/barnyard2.conf -d {$snortlogdir}/snort_{$if_real}{$snort_uuid} -D -q");
- else
+ else
mwexec("/usr/local/bin/barnyard2 -r {$snort_uuid} -f \"snort_{$snort_uuid}_{$if_real}.u2\" --pid-path {$g['varrun_path']} --nolock-pidfile -c {$snortdir}/snort_{$snort_uuid}_{$if_real}/barnyard2.conf -d {$snortlogdir}/snort_{$if_real}{$snort_uuid} -D -q");
}
}
@@ -652,6 +657,7 @@ function snort_restart_all_interfaces() {
return;
snort_stop_all_interfaces();
+ sleep(2);
snort_start_all_interfaces(TRUE);
}
@@ -1900,7 +1906,7 @@ function snort_write_enforcing_rules_file($rule_map, $rule_path) {
/* rules file will be written. */
/************************************************/
- $rule_file = "/" . ENFORCING_RULES_FILENAME;
+ $rule_file = "/" . SNORT_ENFORCING_RULES_FILENAME;
/* See if we were passed a directory or full */
/* filename to write the rules to, and adjust */
@@ -2028,7 +2034,7 @@ function snort_sid_mgmt_auto_categories($snortcfg, $log_results = FALSE) {
/****************************************************/
global $config;
- $snort_sidmods_dir = SID_MODS_PATH;
+ $snort_sidmods_dir = SNORT_SID_MODS_PATH;
$sid_mods = array();
$enables = array();
$disables = array();
@@ -2567,7 +2573,7 @@ function snort_process_enablesid(&$rule_map, $snortcfg, $log_results = FALSE, $l
/* $rule_map array */
/**********************************************/
- $snort_sidmods_dir = SID_MODS_PATH;
+ $snort_sidmods_dir = SNORT_SID_MODS_PATH;
$snortlogdir = SNORTLOGDIR;
$sid_mods = array();
@@ -2614,7 +2620,7 @@ function snort_process_disablesid(&$rule_map, $snortcfg, $log_results = FALSE, $
/* $rule_map array */
/**********************************************/
- $snort_sidmods_dir = SID_MODS_PATH;
+ $snort_sidmods_dir = SNORT_SID_MODS_PATH;
$snortlogdir = SNORTLOGDIR;
$sid_mods = array();
@@ -2661,7 +2667,7 @@ function snort_process_modifysid(&$rule_map, $snortcfg, $log_results = FALSE, $l
/* $rule_map array */
/**********************************************/
- $snort_sidmods_dir = SID_MODS_PATH;
+ $snort_sidmods_dir = SNORT_SID_MODS_PATH;
$snortlogdir = SNORTLOGDIR;
$sid_mods = array();
@@ -2991,9 +2997,9 @@ function snort_deinstall() {
$snortlibdir = SNORTLIBDIR;
$snortlogdir = SNORTLOGDIR;
$rcdir = RCFILEPREFIX;
- $snort_rules_upd_log = RULES_UPD_LOGFILE;
- $iprep_path = IPREP_PATH;
- $sidmods_path = SID_MODS_PATH;
+ $snort_rules_upd_log = SNORT_RULES_UPD_LOGFILE;
+ $iprep_path = SNORT_IPREP_PATH;
+ $sidmods_path = SNORT_SID_MODS_PATH;
log_error(gettext("[Snort] Snort package uninstall in progress..."));
@@ -3137,7 +3143,7 @@ function snort_prepare_rule_files($snortcfg, $snortcfgdir) {
$snortdir = SNORTDIR;
$flowbit_rules_file = FLOWBITS_FILENAME;
- $snort_enforcing_rules_file = ENFORCING_RULES_FILENAME;
+ $snort_enforcing_rules_file = SNORT_ENFORCING_RULES_FILENAME;
$enabled_files = array();
$all_rules = array();
$cat_mods = array();
@@ -3543,7 +3549,7 @@ function snort_generate_conf($snortcfg) {
$snortlibdir = SNORTLIBDIR;
$snortlogdir = SNORTLOGDIR;
$flowbit_rules_file = FLOWBITS_FILENAME;
- $snort_enforcing_rules_file = ENFORCING_RULES_FILENAME;
+ $snort_enforcing_rules_file = SNORT_ENFORCING_RULES_FILENAME;
$if_real = get_real_interface($snortcfg['interface']);
$snort_uuid = $snortcfg['uuid'];
@@ -3676,7 +3682,7 @@ function snort_do_xmlrpc_sync($syncdownloadrules, $sync_to_ip, $port, $username,
/*************************************************/
/* Send over any auto-SID management files */
/*************************************************/
- $sid_files = glob(SID_MODS_PATH . '*');
+ $sid_files = glob(SNORT_SID_MODS_PATH . '*');
foreach ($sid_files as $file) {
$content = base64_encode(file_get_contents($file));
$payload = "@file_put_contents('{$file}', base64_decode('{$content}'));";
diff --git a/config/snort/snort_check_cron_misc.inc b/config/snort/snort_check_cron_misc.inc
index 0f9b80ab..5e5be98a 100644
--- a/config/snort/snort_check_cron_misc.inc
+++ b/config/snort/snort_check_cron_misc.inc
@@ -57,9 +57,9 @@ function snort_check_dir_size_limit($snortloglimitsize) {
conf_mount_rw();
// Truncate the Rules Update Log file if it exists
- if (file_exists(RULES_UPD_LOGFILE)) {
+ if (file_exists(SNORT_RULES_UPD_LOGFILE)) {
log_error(gettext("[Snort] Truncating the Rules Update Log file..."));
- @file_put_contents(RULES_UPD_LOGFILE, "");
+ @file_put_contents(SNORT_RULES_UPD_LOGFILE, "");
}
// Clean-up the logs for each configured Snort instance
diff --git a/config/snort/snort_check_for_rule_updates.php b/config/snort/snort_check_for_rule_updates.php
index 218883a2..50a54440 100755
--- a/config/snort/snort_check_for_rule_updates.php
+++ b/config/snort/snort_check_for_rule_updates.php
@@ -46,16 +46,16 @@ if (!defined("ET_BASE_DNLD_URL"))
define("ET_BASE_DNLD_URL", "http://rules.emergingthreats.net/");
if (!defined("ETPRO_BASE_DNLD_URL"))
define("ETPRO_BASE_DNLD_URL", "https://rules.emergingthreatspro.com/");
-if (!defined("ET_DNLD_FILENAME"))
- define("ET_DNLD_FILENAME", "emerging.rules.tar.gz");
-if (!defined("ETPRO_DNLD_FILENAME"))
- define("ETPRO_DNLD_FILENAME", "etpro.rules.tar.gz");
-if (!defined("GPLV2_DNLD_FILENAME"))
- define("GPLV2_DNLD_FILENAME", "community-rules.tar.gz");
+if (!defined("SNORT_ET_DNLD_FILENAME"))
+ define("SNORT_ET_DNLD_FILENAME", "emerging.rules.tar.gz");
+if (!defined("SNORT_ETPRO_DNLD_FILENAME"))
+ define("SNORT_ETPRO_DNLD_FILENAME", "etpro.rules.tar.gz");
+if (!defined("SNORT_GPLV2_DNLD_FILENAME"))
+ define("SNORT_GPLV2_DNLD_FILENAME", "community-rules.tar.gz");
if (!defined("GPLV2_DNLD_URL"))
define("GPLV2_DNLD_URL", "https://s3.amazonaws.com/snort-org/www/rules/community/");
-if (!defined("RULES_UPD_LOGFILE"))
- define("RULES_UPD_LOGFILE", SNORTLOGDIR . "/snort_rules_update.log");
+if (!defined("SNORT_RULES_UPD_LOGFILE"))
+ define("SNORT_RULES_UPD_LOGFILE", SNORTLOGDIR . "/snort_rules_update.log");
if (!defined("VRT_FILE_PREFIX"))
define("VRT_FILE_PREFIX", "snort_");
if (!defined("GPL_FILE_PREFIX"))
@@ -64,14 +64,14 @@ if (!defined("ET_OPEN_FILE_PREFIX"))
define("ET_OPEN_FILE_PREFIX", "emerging-");
if (!defined("ET_PRO_FILE_PREFIX"))
define("ET_PRO_FILE_PREFIX", "etpro-");
-if (!defined("IPREP_PATH"))
- define("IPREP_PATH", "/var/db/snort/iprep/");
+if (!defined("SNORT_IPREP_PATH"))
+ define("SNORT_IPREP_PATH", "/var/db/snort/iprep/");
$snortdir = SNORTDIR;
$snortlibdir = SNORTLIBDIR;
$snortlogdir = SNORTLOGDIR;
-$snortiprepdir = IPREP_PATH;
-$snort_rules_upd_log = RULES_UPD_LOGFILE;
+$snortiprepdir = SNORT_IPREP_PATH;
+$snort_rules_upd_log = SNORT_RULES_UPD_LOGFILE;
/* Save the state of $pkg_interface so we can restore it */
$pkg_interface_orig = $pkg_interface;
@@ -113,30 +113,30 @@ conf_mount_rw();
/* Set up Emerging Threats rules filenames and URL */
if ($etpro == "on") {
- $emergingthreats_filename = ETPRO_DNLD_FILENAME;
- $emergingthreats_filename_md5 = ETPRO_DNLD_FILENAME . ".md5";
+ $emergingthreats_filename = SNORT_ETPRO_DNLD_FILENAME;
+ $emergingthreats_filename_md5 = SNORT_ETPRO_DNLD_FILENAME . ".md5";
$emergingthreats_url = ETPRO_BASE_DNLD_URL;
$emergingthreats_url .= "{$etproid}/snort-" . ET_VERSION . "/";
$emergingthreats = "on";
$et_name = "Emerging Threats Pro";
- $et_md5_remove = ET_DNLD_FILENAME . ".md5";
+ $et_md5_remove = SNORT_ET_DNLD_FILENAME . ".md5";
unlink_if_exists("{$snortdir}/{$et_md5_remove}");
}
else {
- $emergingthreats_filename = ET_DNLD_FILENAME;
- $emergingthreats_filename_md5 = ET_DNLD_FILENAME . ".md5";
+ $emergingthreats_filename = SNORT_ET_DNLD_FILENAME;
+ $emergingthreats_filename_md5 = SNORT_ET_DNLD_FILENAME . ".md5";
$emergingthreats_url = ET_BASE_DNLD_URL;
// If using Sourcefire VRT rules with ET, then we should use the open-nogpl ET rules
$emergingthreats_url .= $vrt_enabled == "on" ? "open-nogpl/" : "open/";
$emergingthreats_url .= "snort-" . ET_VERSION . "/";
$et_name = "Emerging Threats Open";
- $et_md5_remove = ETPRO_DNLD_FILENAME . ".md5";
+ $et_md5_remove = SNORT_ETPRO_DNLD_FILENAME . ".md5";
unlink_if_exists("{$snortdir}/{$et_md5_remove}");
}
/* Snort GPLv2 Community Rules filenames and URL */
-$snort_community_rules_filename = GPLV2_DNLD_FILENAME;
-$snort_community_rules_filename_md5 = GPLV2_DNLD_FILENAME . ".md5";
+$snort_community_rules_filename = SNORT_GPLV2_DNLD_FILENAME;
+$snort_community_rules_filename_md5 = SNORT_GPLV2_DNLD_FILENAME . ".md5";
$snort_community_rules_url = GPLV2_DNLD_URL;
function snort_download_file_url($url, $file_out) {
@@ -634,11 +634,11 @@ if ($emergingthreats == 'on') {
foreach ($files as $file) {
$newfile = basename($file);
if ($etpro == "on") {
- @copy($file, IPREP_PATH . ET_PRO_FILE_PREFIX . "{$newfile}");
+ @copy($file, SNORT_IPREP_PATH . ET_PRO_FILE_PREFIX . "{$newfile}");
@copy($file, "{$snortdir}/rules/" . ET_PRO_FILE_PREFIX . "{$newfile}");
}
else {
- @copy($file, IPREP_PATH . ET_OPEN_FILE_PREFIX . "{$newfile}");
+ @copy($file, SNORT_IPREP_PATH . ET_OPEN_FILE_PREFIX . "{$newfile}");
@copy($file, "{$snortdir}/rules/" . ET_OPEN_FILE_PREFIX . "{$newfile}");
}
}
@@ -792,7 +792,7 @@ if ($snortdownload == 'on' || $emergingthreats == 'on' || $snortcommunityrules =
touch("{$g['varrun_path']}/snort_{$snortcfg['uuid']}.disabled");
touch("{$g['varrun_path']}/barnyard2_{$snortcfg['uuid']}.disabled");
snort_stop($snortcfg, $if_real);
- sleep(1);
+ sleep(2);
if ($pkg_interface <> "console") {
update_output_window(gettext("Starting Snort on " . convert_friendly_interface_to_friendly_descr($snortcfg['interface']) . "..."));
snort_start($snortcfg, $if_real, FALSE);
diff --git a/config/snort/snort_download_updates.php b/config/snort/snort_download_updates.php
index 9d677619..e74a9ce6 100755
--- a/config/snort/snort_download_updates.php
+++ b/config/snort/snort_download_updates.php
@@ -38,7 +38,7 @@ require_once("/usr/local/pkg/snort/snort.inc");
/* Define some locally required variables from Snort constants */
$snortdir = SNORTDIR;
-$snort_rules_upd_log = RULES_UPD_LOGFILE;
+$snort_rules_upd_log = SNORT_RULES_UPD_LOGFILE;
/* Grab the Snort binary version programmatically and */
/* use it to construct the proper Snort VRT rules */
@@ -51,7 +51,7 @@ if (empty($snortver[0]))
$snortver[0] = str_replace(".", "", $snortver[0]);
$snort_rules_file = "snortrules-snapshot-{$snortver[0]}.tar.gz";
-$snort_community_rules_filename = GPLV2_DNLD_FILENAME;
+$snort_community_rules_filename = SNORT_GPLV2_DNLD_FILENAME;
$snortdownload = $config['installedpackages']['snortglobal']['snortdownload'];
$emergingthreats = $config['installedpackages']['snortglobal']['emergingthreats'];
@@ -69,11 +69,11 @@ else
$last_rule_upd_status = gettext("Unknown");
if ($etpro == "on") {
- $emergingthreats_filename = ETPRO_DNLD_FILENAME;
+ $emergingthreats_filename = SNORT_ETPRO_DNLD_FILENAME;
$et_name = "Emerging Threats Pro Rules";
}
else {
- $emergingthreats_filename = ET_DNLD_FILENAME;
+ $emergingthreats_filename = SNORT_ET_DNLD_FILENAME;
$et_name = "Emerging Threats Open Rules";
}
diff --git a/config/snort/snort_generate_conf.php b/config/snort/snort_generate_conf.php
index e3b38301..fb5c750f 100644
--- a/config/snort/snort_generate_conf.php
+++ b/config/snort/snort_generate_conf.php
@@ -852,11 +852,11 @@ if (is_array($snortcfg['blist_files']['item'])) {
$bIsFirst = TRUE;
foreach ($snortcfg['blist_files']['item'] as $blist) {
if ($bIsFirst) {
- $blist_files .= "blacklist " . IPREP_PATH . $blist;
+ $blist_files .= "blacklist " . SNORT_IPREP_PATH . $blist;
$bIsFirst = FALSE;
}
else
- $blist_files .= ", \\ \n\tblacklist " . IPREP_PATH . $blist;
+ $blist_files .= ", \\ \n\tblacklist " . SNORT_IPREP_PATH . $blist;
}
}
if (is_array($snortcfg['wlist_files']['item'])) {
@@ -864,11 +864,11 @@ if (is_array($snortcfg['wlist_files']['item'])) {
$bIsFirst = TRUE;
foreach ($snortcfg['wlist_files']['item'] as $wlist) {
if ($bIsFirst) {
- $wlist_files .= "whitelist " . IPREP_PATH . $wlist;
+ $wlist_files .= "whitelist " . SNORT_IPREP_PATH . $wlist;
$bIsFirst = FALSE;
}
else
- $wlist_files .= ", \\ \n\twhitelist " . IPREP_PATH . $wlist;
+ $wlist_files .= ", \\ \n\twhitelist " . SNORT_IPREP_PATH . $wlist;
}
}
if (!empty($blist_files))
diff --git a/config/snort/snort_ip_list_mgmt.php b/config/snort/snort_ip_list_mgmt.php
index 4fa09b83..8311ea1c 100644
--- a/config/snort/snort_ip_list_mgmt.php
+++ b/config/snort/snort_ip_list_mgmt.php
@@ -43,7 +43,7 @@ if (!is_array($config['installedpackages']['snortglobal']['rule']))
// Hard-code the path where IP Lists are stored
// and disregard any user-supplied path element.
-$iprep_path = IPREP_PATH;
+$iprep_path = SNORT_IPREP_PATH;
// Set default to not show IP List editor controls
$iplist_edit_style = "display: none;";
diff --git a/config/snort/snort_ip_reputation.php b/config/snort/snort_ip_reputation.php
index 47e2cd19..891f3773 100644
--- a/config/snort/snort_ip_reputation.php
+++ b/config/snort/snort_ip_reputation.php
@@ -56,7 +56,7 @@ if (!is_array($config['installedpackages']['snortglobal']['rule'][$id]['blist_fi
$a_nat = &$config['installedpackages']['snortglobal']['rule'];
$pconfig = $a_nat[$id];
-$iprep_path = IPREP_PATH;
+$iprep_path = SNORT_IPREP_PATH;
$if_real = get_real_interface($a_nat[$id]['interface']);
$snort_uuid = $config['installedpackages']['snortglobal']['rule'][$id]['uuid'];
diff --git a/config/snort/snort_iprep_list_browser.php b/config/snort/snort_iprep_list_browser.php
index 3e4d6b6a..a13a2d37 100644
--- a/config/snort/snort_iprep_list_browser.php
+++ b/config/snort/snort_iprep_list_browser.php
@@ -23,7 +23,7 @@ function get_content($dir) {
return $files;
}
-$path = IPREP_PATH;
+$path = SNORT_IPREP_PATH;
$container = htmlspecialchars($_GET['container']);
$target = htmlspecialchars($_GET['target']);
diff --git a/config/snort/snort_post_install.php b/config/snort/snort_post_install.php
index 36a54298..d3bc4d63 100644
--- a/config/snort/snort_post_install.php
+++ b/config/snort/snort_post_install.php
@@ -57,8 +57,8 @@ global $config, $g, $rebuild_rules, $pkg_interface, $snort_gui_include;
* updated version icluded with the *
* updated GUI package. *
****************************************/
-if (!defined('SID_MODS_PATH'))
- define('SID_MODS_PATH', '/var/db/snort/sidmods/');
+if (!defined('SNORT_SID_MODS_PATH'))
+ define('SNORT_SID_MODS_PATH', '/var/db/snort/sidmods/');
/****************************************
* End of PHP caching workaround *
@@ -69,7 +69,7 @@ $snortlogdir = SNORTLOGDIR;
$snortlibdir = SNORTLIBDIR;
$rcdir = RCFILEPREFIX;
$flowbit_rules_file = FLOWBITS_FILENAME;
-$snort_enforcing_rules_file = ENFORCING_RULES_FILENAME;
+$snort_enforcing_rules_file = SNORT_ENFORCING_RULES_FILENAME;
/* Hard kill any running Snort processes that may have been started by any */
/* of the pfSense scripts such as check_reload_status() or rc.start_packages */
@@ -118,8 +118,8 @@ unlink_if_exists("{$rcdir}barnyard2");
/* Create required log and db directories in /var */
safe_mkdir(SNORTLOGDIR);
-safe_mkdir(IPREP_PATH);
-safe_mkdir(SID_MODS_PATH);
+safe_mkdir(SNORT_IPREP_PATH);
+safe_mkdir(SNORT_SID_MODS_PATH);
/* If installed, absorb the Snort Dashboard Widget into this package */
/* by removing it as a separately installed package. */
diff --git a/config/snort/snort_sid_mgmt.php b/config/snort/snort_sid_mgmt.php
index 9fb23392..2ca8dba9 100644
--- a/config/snort/snort_sid_mgmt.php
+++ b/config/snort/snort_sid_mgmt.php
@@ -52,7 +52,7 @@ $pconfig['auto_manage_sids'] = $config['installedpackages']['snortglobal']['auto
// Hard-code the path where SID Mods Lists are stored
// and disregard any user-supplied path element.
-$sidmods_path = SID_MODS_PATH;
+$sidmods_path = SNORT_SID_MODS_PATH;
// Set default to not show SID modification lists editor controls
$sidmodlist_edit_style = "display: none;";