diff options
Diffstat (limited to 'config/snort')
-rwxr-xr-x | config/snort/snort.inc | 54 | ||||
-rw-r--r-- | config/snort/snort_check_cron_misc.inc | 4 | ||||
-rwxr-xr-x | config/snort/snort_check_for_rule_updates.php | 46 | ||||
-rwxr-xr-x | config/snort/snort_download_updates.php | 8 | ||||
-rw-r--r-- | config/snort/snort_generate_conf.php | 8 | ||||
-rw-r--r-- | config/snort/snort_ip_list_mgmt.php | 2 | ||||
-rw-r--r-- | config/snort/snort_ip_reputation.php | 2 | ||||
-rw-r--r-- | config/snort/snort_iprep_list_browser.php | 2 | ||||
-rw-r--r-- | config/snort/snort_post_install.php | 10 | ||||
-rw-r--r-- | config/snort/snort_sid_mgmt.php | 2 |
10 files changed, 72 insertions, 66 deletions
diff --git a/config/snort/snort.inc b/config/snort/snort.inc index 7ff69396..1fdfb65b 100755 --- a/config/snort/snort.inc +++ b/config/snort/snort.inc @@ -71,18 +71,23 @@ else { /* Be sure to include trailing slash on the URL defines */ define("SNORTLOGDIR", "/var/log/snort"); define("SNORT_BIN_VERSION", "2.9.6.2"); -define("ET_DNLD_FILENAME", "emerging.rules.tar.gz"); -define("ETPRO_DNLD_FILENAME", "etpro.rules.tar.gz"); -define("GPLV2_DNLD_FILENAME", "community-rules.tar.gz"); -define("FLOWBITS_FILENAME", "flowbit-required.rules"); -define("ENFORCING_RULES_FILENAME", "snort.rules"); -define("RULES_UPD_LOGFILE", SNORTLOGDIR . "/snort_rules_update.log"); -define("VRT_FILE_PREFIX", "snort_"); -define("GPL_FILE_PREFIX", "GPLv2_"); -define("ET_OPEN_FILE_PREFIX", "emerging-"); -define("ET_PRO_FILE_PREFIX", "etpro-"); -define("IPREP_PATH", "/var/db/snort/iprep/"); -define('SID_MODS_PATH', '/var/db/snort/sidmods/'); +define("SNORT_ET_DNLD_FILENAME", "emerging.rules.tar.gz"); +define("SNORT_ETPRO_DNLD_FILENAME", "etpro.rules.tar.gz"); +define("SNORT_GPLV2_DNLD_FILENAME", "community-rules.tar.gz"); +define("SNORT_ENFORCING_RULES_FILENAME", "snort.rules"); +define("SNORT_RULES_UPD_LOGFILE", SNORTLOGDIR . "/snort_rules_update.log"); +define("SNORT_IPREP_PATH", "/var/db/snort/iprep/"); +define('SNORT_SID_MODS_PATH', '/var/db/snort/sidmods/'); +if (!defined("FLOWBITS_FILENAME")) + define("FLOWBITS_FILENAME", "flowbit-required.rules"); +if (!defined("VRT_FILE_PREFIX")) + define("VRT_FILE_PREFIX", "snort_"); +if (!defined("GPL_FILE_PREFIX")) + define("GPL_FILE_PREFIX", "GPLv2_"); +if (!defined("ET_OPEN_FILE_PREFIX")) + define("ET_OPEN_FILE_PREFIX", "emerging-"); +if (!defined("ET_PRO_FILE_PREFIX")) + define("ET_PRO_FILE_PREFIX", "etpro-"); /* Rebuild Rules Flag -- if "true", rebuild enforcing rules and flowbit-rules files */ $rebuild_rules = false; @@ -579,7 +584,7 @@ function snort_barnyard_start($snortcfg, $if_real, $background=FALSE) { log_error("[Snort] Barnyard2 START for " . convert_real_interface_to_friendly_descr($if_real) . "({$if_real})..."); if ($background) mwexec_bg("/usr/local/bin/barnyard2 -r {$snort_uuid} -f \"snort_{$snort_uuid}_{$if_real}.u2\" --pid-path {$g['varrun_path']} --nolock-pidfile -c {$snortdir}/snort_{$snort_uuid}_{$if_real}/barnyard2.conf -d {$snortlogdir}/snort_{$if_real}{$snort_uuid} -D -q"); - else + else mwexec("/usr/local/bin/barnyard2 -r {$snort_uuid} -f \"snort_{$snort_uuid}_{$if_real}.u2\" --pid-path {$g['varrun_path']} --nolock-pidfile -c {$snortdir}/snort_{$snort_uuid}_{$if_real}/barnyard2.conf -d {$snortlogdir}/snort_{$if_real}{$snort_uuid} -D -q"); } } @@ -652,6 +657,7 @@ function snort_restart_all_interfaces() { return; snort_stop_all_interfaces(); + sleep(2); snort_start_all_interfaces(TRUE); } @@ -1900,7 +1906,7 @@ function snort_write_enforcing_rules_file($rule_map, $rule_path) { /* rules file will be written. */ /************************************************/ - $rule_file = "/" . ENFORCING_RULES_FILENAME; + $rule_file = "/" . SNORT_ENFORCING_RULES_FILENAME; /* See if we were passed a directory or full */ /* filename to write the rules to, and adjust */ @@ -2028,7 +2034,7 @@ function snort_sid_mgmt_auto_categories($snortcfg, $log_results = FALSE) { /****************************************************/ global $config; - $snort_sidmods_dir = SID_MODS_PATH; + $snort_sidmods_dir = SNORT_SID_MODS_PATH; $sid_mods = array(); $enables = array(); $disables = array(); @@ -2567,7 +2573,7 @@ function snort_process_enablesid(&$rule_map, $snortcfg, $log_results = FALSE, $l /* $rule_map array */ /**********************************************/ - $snort_sidmods_dir = SID_MODS_PATH; + $snort_sidmods_dir = SNORT_SID_MODS_PATH; $snortlogdir = SNORTLOGDIR; $sid_mods = array(); @@ -2614,7 +2620,7 @@ function snort_process_disablesid(&$rule_map, $snortcfg, $log_results = FALSE, $ /* $rule_map array */ /**********************************************/ - $snort_sidmods_dir = SID_MODS_PATH; + $snort_sidmods_dir = SNORT_SID_MODS_PATH; $snortlogdir = SNORTLOGDIR; $sid_mods = array(); @@ -2661,7 +2667,7 @@ function snort_process_modifysid(&$rule_map, $snortcfg, $log_results = FALSE, $l /* $rule_map array */ /**********************************************/ - $snort_sidmods_dir = SID_MODS_PATH; + $snort_sidmods_dir = SNORT_SID_MODS_PATH; $snortlogdir = SNORTLOGDIR; $sid_mods = array(); @@ -2991,9 +2997,9 @@ function snort_deinstall() { $snortlibdir = SNORTLIBDIR; $snortlogdir = SNORTLOGDIR; $rcdir = RCFILEPREFIX; - $snort_rules_upd_log = RULES_UPD_LOGFILE; - $iprep_path = IPREP_PATH; - $sidmods_path = SID_MODS_PATH; + $snort_rules_upd_log = SNORT_RULES_UPD_LOGFILE; + $iprep_path = SNORT_IPREP_PATH; + $sidmods_path = SNORT_SID_MODS_PATH; log_error(gettext("[Snort] Snort package uninstall in progress...")); @@ -3137,7 +3143,7 @@ function snort_prepare_rule_files($snortcfg, $snortcfgdir) { $snortdir = SNORTDIR; $flowbit_rules_file = FLOWBITS_FILENAME; - $snort_enforcing_rules_file = ENFORCING_RULES_FILENAME; + $snort_enforcing_rules_file = SNORT_ENFORCING_RULES_FILENAME; $enabled_files = array(); $all_rules = array(); $cat_mods = array(); @@ -3543,7 +3549,7 @@ function snort_generate_conf($snortcfg) { $snortlibdir = SNORTLIBDIR; $snortlogdir = SNORTLOGDIR; $flowbit_rules_file = FLOWBITS_FILENAME; - $snort_enforcing_rules_file = ENFORCING_RULES_FILENAME; + $snort_enforcing_rules_file = SNORT_ENFORCING_RULES_FILENAME; $if_real = get_real_interface($snortcfg['interface']); $snort_uuid = $snortcfg['uuid']; @@ -3676,7 +3682,7 @@ function snort_do_xmlrpc_sync($syncdownloadrules, $sync_to_ip, $port, $username, /*************************************************/ /* Send over any auto-SID management files */ /*************************************************/ - $sid_files = glob(SID_MODS_PATH . '*'); + $sid_files = glob(SNORT_SID_MODS_PATH . '*'); foreach ($sid_files as $file) { $content = base64_encode(file_get_contents($file)); $payload = "@file_put_contents('{$file}', base64_decode('{$content}'));"; diff --git a/config/snort/snort_check_cron_misc.inc b/config/snort/snort_check_cron_misc.inc index 0f9b80ab..5e5be98a 100644 --- a/config/snort/snort_check_cron_misc.inc +++ b/config/snort/snort_check_cron_misc.inc @@ -57,9 +57,9 @@ function snort_check_dir_size_limit($snortloglimitsize) { conf_mount_rw(); // Truncate the Rules Update Log file if it exists - if (file_exists(RULES_UPD_LOGFILE)) { + if (file_exists(SNORT_RULES_UPD_LOGFILE)) { log_error(gettext("[Snort] Truncating the Rules Update Log file...")); - @file_put_contents(RULES_UPD_LOGFILE, ""); + @file_put_contents(SNORT_RULES_UPD_LOGFILE, ""); } // Clean-up the logs for each configured Snort instance diff --git a/config/snort/snort_check_for_rule_updates.php b/config/snort/snort_check_for_rule_updates.php index 218883a2..50a54440 100755 --- a/config/snort/snort_check_for_rule_updates.php +++ b/config/snort/snort_check_for_rule_updates.php @@ -46,16 +46,16 @@ if (!defined("ET_BASE_DNLD_URL")) define("ET_BASE_DNLD_URL", "http://rules.emergingthreats.net/"); if (!defined("ETPRO_BASE_DNLD_URL")) define("ETPRO_BASE_DNLD_URL", "https://rules.emergingthreatspro.com/"); -if (!defined("ET_DNLD_FILENAME")) - define("ET_DNLD_FILENAME", "emerging.rules.tar.gz"); -if (!defined("ETPRO_DNLD_FILENAME")) - define("ETPRO_DNLD_FILENAME", "etpro.rules.tar.gz"); -if (!defined("GPLV2_DNLD_FILENAME")) - define("GPLV2_DNLD_FILENAME", "community-rules.tar.gz"); +if (!defined("SNORT_ET_DNLD_FILENAME")) + define("SNORT_ET_DNLD_FILENAME", "emerging.rules.tar.gz"); +if (!defined("SNORT_ETPRO_DNLD_FILENAME")) + define("SNORT_ETPRO_DNLD_FILENAME", "etpro.rules.tar.gz"); +if (!defined("SNORT_GPLV2_DNLD_FILENAME")) + define("SNORT_GPLV2_DNLD_FILENAME", "community-rules.tar.gz"); if (!defined("GPLV2_DNLD_URL")) define("GPLV2_DNLD_URL", "https://s3.amazonaws.com/snort-org/www/rules/community/"); -if (!defined("RULES_UPD_LOGFILE")) - define("RULES_UPD_LOGFILE", SNORTLOGDIR . "/snort_rules_update.log"); +if (!defined("SNORT_RULES_UPD_LOGFILE")) + define("SNORT_RULES_UPD_LOGFILE", SNORTLOGDIR . "/snort_rules_update.log"); if (!defined("VRT_FILE_PREFIX")) define("VRT_FILE_PREFIX", "snort_"); if (!defined("GPL_FILE_PREFIX")) @@ -64,14 +64,14 @@ if (!defined("ET_OPEN_FILE_PREFIX")) define("ET_OPEN_FILE_PREFIX", "emerging-"); if (!defined("ET_PRO_FILE_PREFIX")) define("ET_PRO_FILE_PREFIX", "etpro-"); -if (!defined("IPREP_PATH")) - define("IPREP_PATH", "/var/db/snort/iprep/"); +if (!defined("SNORT_IPREP_PATH")) + define("SNORT_IPREP_PATH", "/var/db/snort/iprep/"); $snortdir = SNORTDIR; $snortlibdir = SNORTLIBDIR; $snortlogdir = SNORTLOGDIR; -$snortiprepdir = IPREP_PATH; -$snort_rules_upd_log = RULES_UPD_LOGFILE; +$snortiprepdir = SNORT_IPREP_PATH; +$snort_rules_upd_log = SNORT_RULES_UPD_LOGFILE; /* Save the state of $pkg_interface so we can restore it */ $pkg_interface_orig = $pkg_interface; @@ -113,30 +113,30 @@ conf_mount_rw(); /* Set up Emerging Threats rules filenames and URL */ if ($etpro == "on") { - $emergingthreats_filename = ETPRO_DNLD_FILENAME; - $emergingthreats_filename_md5 = ETPRO_DNLD_FILENAME . ".md5"; + $emergingthreats_filename = SNORT_ETPRO_DNLD_FILENAME; + $emergingthreats_filename_md5 = SNORT_ETPRO_DNLD_FILENAME . ".md5"; $emergingthreats_url = ETPRO_BASE_DNLD_URL; $emergingthreats_url .= "{$etproid}/snort-" . ET_VERSION . "/"; $emergingthreats = "on"; $et_name = "Emerging Threats Pro"; - $et_md5_remove = ET_DNLD_FILENAME . ".md5"; + $et_md5_remove = SNORT_ET_DNLD_FILENAME . ".md5"; unlink_if_exists("{$snortdir}/{$et_md5_remove}"); } else { - $emergingthreats_filename = ET_DNLD_FILENAME; - $emergingthreats_filename_md5 = ET_DNLD_FILENAME . ".md5"; + $emergingthreats_filename = SNORT_ET_DNLD_FILENAME; + $emergingthreats_filename_md5 = SNORT_ET_DNLD_FILENAME . ".md5"; $emergingthreats_url = ET_BASE_DNLD_URL; // If using Sourcefire VRT rules with ET, then we should use the open-nogpl ET rules $emergingthreats_url .= $vrt_enabled == "on" ? "open-nogpl/" : "open/"; $emergingthreats_url .= "snort-" . ET_VERSION . "/"; $et_name = "Emerging Threats Open"; - $et_md5_remove = ETPRO_DNLD_FILENAME . ".md5"; + $et_md5_remove = SNORT_ETPRO_DNLD_FILENAME . ".md5"; unlink_if_exists("{$snortdir}/{$et_md5_remove}"); } /* Snort GPLv2 Community Rules filenames and URL */ -$snort_community_rules_filename = GPLV2_DNLD_FILENAME; -$snort_community_rules_filename_md5 = GPLV2_DNLD_FILENAME . ".md5"; +$snort_community_rules_filename = SNORT_GPLV2_DNLD_FILENAME; +$snort_community_rules_filename_md5 = SNORT_GPLV2_DNLD_FILENAME . ".md5"; $snort_community_rules_url = GPLV2_DNLD_URL; function snort_download_file_url($url, $file_out) { @@ -634,11 +634,11 @@ if ($emergingthreats == 'on') { foreach ($files as $file) { $newfile = basename($file); if ($etpro == "on") { - @copy($file, IPREP_PATH . ET_PRO_FILE_PREFIX . "{$newfile}"); + @copy($file, SNORT_IPREP_PATH . ET_PRO_FILE_PREFIX . "{$newfile}"); @copy($file, "{$snortdir}/rules/" . ET_PRO_FILE_PREFIX . "{$newfile}"); } else { - @copy($file, IPREP_PATH . ET_OPEN_FILE_PREFIX . "{$newfile}"); + @copy($file, SNORT_IPREP_PATH . ET_OPEN_FILE_PREFIX . "{$newfile}"); @copy($file, "{$snortdir}/rules/" . ET_OPEN_FILE_PREFIX . "{$newfile}"); } } @@ -792,7 +792,7 @@ if ($snortdownload == 'on' || $emergingthreats == 'on' || $snortcommunityrules = touch("{$g['varrun_path']}/snort_{$snortcfg['uuid']}.disabled"); touch("{$g['varrun_path']}/barnyard2_{$snortcfg['uuid']}.disabled"); snort_stop($snortcfg, $if_real); - sleep(1); + sleep(2); if ($pkg_interface <> "console") { update_output_window(gettext("Starting Snort on " . convert_friendly_interface_to_friendly_descr($snortcfg['interface']) . "...")); snort_start($snortcfg, $if_real, FALSE); diff --git a/config/snort/snort_download_updates.php b/config/snort/snort_download_updates.php index 9d677619..e74a9ce6 100755 --- a/config/snort/snort_download_updates.php +++ b/config/snort/snort_download_updates.php @@ -38,7 +38,7 @@ require_once("/usr/local/pkg/snort/snort.inc"); /* Define some locally required variables from Snort constants */ $snortdir = SNORTDIR; -$snort_rules_upd_log = RULES_UPD_LOGFILE; +$snort_rules_upd_log = SNORT_RULES_UPD_LOGFILE; /* Grab the Snort binary version programmatically and */ /* use it to construct the proper Snort VRT rules */ @@ -51,7 +51,7 @@ if (empty($snortver[0])) $snortver[0] = str_replace(".", "", $snortver[0]); $snort_rules_file = "snortrules-snapshot-{$snortver[0]}.tar.gz"; -$snort_community_rules_filename = GPLV2_DNLD_FILENAME; +$snort_community_rules_filename = SNORT_GPLV2_DNLD_FILENAME; $snortdownload = $config['installedpackages']['snortglobal']['snortdownload']; $emergingthreats = $config['installedpackages']['snortglobal']['emergingthreats']; @@ -69,11 +69,11 @@ else $last_rule_upd_status = gettext("Unknown"); if ($etpro == "on") { - $emergingthreats_filename = ETPRO_DNLD_FILENAME; + $emergingthreats_filename = SNORT_ETPRO_DNLD_FILENAME; $et_name = "Emerging Threats Pro Rules"; } else { - $emergingthreats_filename = ET_DNLD_FILENAME; + $emergingthreats_filename = SNORT_ET_DNLD_FILENAME; $et_name = "Emerging Threats Open Rules"; } diff --git a/config/snort/snort_generate_conf.php b/config/snort/snort_generate_conf.php index e3b38301..fb5c750f 100644 --- a/config/snort/snort_generate_conf.php +++ b/config/snort/snort_generate_conf.php @@ -852,11 +852,11 @@ if (is_array($snortcfg['blist_files']['item'])) { $bIsFirst = TRUE; foreach ($snortcfg['blist_files']['item'] as $blist) { if ($bIsFirst) { - $blist_files .= "blacklist " . IPREP_PATH . $blist; + $blist_files .= "blacklist " . SNORT_IPREP_PATH . $blist; $bIsFirst = FALSE; } else - $blist_files .= ", \\ \n\tblacklist " . IPREP_PATH . $blist; + $blist_files .= ", \\ \n\tblacklist " . SNORT_IPREP_PATH . $blist; } } if (is_array($snortcfg['wlist_files']['item'])) { @@ -864,11 +864,11 @@ if (is_array($snortcfg['wlist_files']['item'])) { $bIsFirst = TRUE; foreach ($snortcfg['wlist_files']['item'] as $wlist) { if ($bIsFirst) { - $wlist_files .= "whitelist " . IPREP_PATH . $wlist; + $wlist_files .= "whitelist " . SNORT_IPREP_PATH . $wlist; $bIsFirst = FALSE; } else - $wlist_files .= ", \\ \n\twhitelist " . IPREP_PATH . $wlist; + $wlist_files .= ", \\ \n\twhitelist " . SNORT_IPREP_PATH . $wlist; } } if (!empty($blist_files)) diff --git a/config/snort/snort_ip_list_mgmt.php b/config/snort/snort_ip_list_mgmt.php index 4fa09b83..8311ea1c 100644 --- a/config/snort/snort_ip_list_mgmt.php +++ b/config/snort/snort_ip_list_mgmt.php @@ -43,7 +43,7 @@ if (!is_array($config['installedpackages']['snortglobal']['rule'])) // Hard-code the path where IP Lists are stored // and disregard any user-supplied path element. -$iprep_path = IPREP_PATH; +$iprep_path = SNORT_IPREP_PATH; // Set default to not show IP List editor controls $iplist_edit_style = "display: none;"; diff --git a/config/snort/snort_ip_reputation.php b/config/snort/snort_ip_reputation.php index 47e2cd19..891f3773 100644 --- a/config/snort/snort_ip_reputation.php +++ b/config/snort/snort_ip_reputation.php @@ -56,7 +56,7 @@ if (!is_array($config['installedpackages']['snortglobal']['rule'][$id]['blist_fi $a_nat = &$config['installedpackages']['snortglobal']['rule']; $pconfig = $a_nat[$id]; -$iprep_path = IPREP_PATH; +$iprep_path = SNORT_IPREP_PATH; $if_real = get_real_interface($a_nat[$id]['interface']); $snort_uuid = $config['installedpackages']['snortglobal']['rule'][$id]['uuid']; diff --git a/config/snort/snort_iprep_list_browser.php b/config/snort/snort_iprep_list_browser.php index 3e4d6b6a..a13a2d37 100644 --- a/config/snort/snort_iprep_list_browser.php +++ b/config/snort/snort_iprep_list_browser.php @@ -23,7 +23,7 @@ function get_content($dir) { return $files; } -$path = IPREP_PATH; +$path = SNORT_IPREP_PATH; $container = htmlspecialchars($_GET['container']); $target = htmlspecialchars($_GET['target']); diff --git a/config/snort/snort_post_install.php b/config/snort/snort_post_install.php index 36a54298..d3bc4d63 100644 --- a/config/snort/snort_post_install.php +++ b/config/snort/snort_post_install.php @@ -57,8 +57,8 @@ global $config, $g, $rebuild_rules, $pkg_interface, $snort_gui_include; * updated version icluded with the * * updated GUI package. * ****************************************/ -if (!defined('SID_MODS_PATH')) - define('SID_MODS_PATH', '/var/db/snort/sidmods/'); +if (!defined('SNORT_SID_MODS_PATH')) + define('SNORT_SID_MODS_PATH', '/var/db/snort/sidmods/'); /**************************************** * End of PHP caching workaround * @@ -69,7 +69,7 @@ $snortlogdir = SNORTLOGDIR; $snortlibdir = SNORTLIBDIR; $rcdir = RCFILEPREFIX; $flowbit_rules_file = FLOWBITS_FILENAME; -$snort_enforcing_rules_file = ENFORCING_RULES_FILENAME; +$snort_enforcing_rules_file = SNORT_ENFORCING_RULES_FILENAME; /* Hard kill any running Snort processes that may have been started by any */ /* of the pfSense scripts such as check_reload_status() or rc.start_packages */ @@ -118,8 +118,8 @@ unlink_if_exists("{$rcdir}barnyard2"); /* Create required log and db directories in /var */ safe_mkdir(SNORTLOGDIR); -safe_mkdir(IPREP_PATH); -safe_mkdir(SID_MODS_PATH); +safe_mkdir(SNORT_IPREP_PATH); +safe_mkdir(SNORT_SID_MODS_PATH); /* If installed, absorb the Snort Dashboard Widget into this package */ /* by removing it as a separately installed package. */ diff --git a/config/snort/snort_sid_mgmt.php b/config/snort/snort_sid_mgmt.php index 9fb23392..2ca8dba9 100644 --- a/config/snort/snort_sid_mgmt.php +++ b/config/snort/snort_sid_mgmt.php @@ -52,7 +52,7 @@ $pconfig['auto_manage_sids'] = $config['installedpackages']['snortglobal']['auto // Hard-code the path where SID Mods Lists are stored // and disregard any user-supplied path element. -$sidmods_path = SID_MODS_PATH; +$sidmods_path = SNORT_SID_MODS_PATH; // Set default to not show SID modification lists editor controls $sidmodlist_edit_style = "display: none;"; |