diff options
Diffstat (limited to 'config/snort')
-rw-r--r-- | config/snort/snort.inc | 2 | ||||
-rw-r--r-- | config/snort/snort_check_for_rule_updates.php | 815 | ||||
-rw-r--r-- | config/snort/snort_download_rules.php | 8 | ||||
-rw-r--r-- | config/snort/snort_interfaces_suppress.php | 1 | ||||
-rw-r--r-- | config/snort/snort_interfaces_suppress_edit.php | 1 | ||||
-rw-r--r-- | config/snort/snort_interfaces_whitelist.php | 1 | ||||
-rw-r--r-- | config/snort/snort_interfaces_whitelist_edit.php | 2 |
7 files changed, 447 insertions, 383 deletions
diff --git a/config/snort/snort.inc b/config/snort/snort.inc index 6348fd6e..035865e2 100644 --- a/config/snort/snort.inc +++ b/config/snort/snort.inc @@ -870,7 +870,7 @@ function snort_rules_up_install_cron($should_install) { $cron_item['month'] = "$snort_rules_up_month"; $cron_item['wday'] = "$snort_rules_up_wday"; $cron_item['who'] = "root"; - $cron_item['command'] = "/usr/bin/nice -n20 /usr/local/bin/php -f /usr/local/pkg/snort/snort_check_for_rule_updates.php >> /usr/local/etc/snort/snort_update.log"; + $cron_item['command'] = "/usr/bin/nice -n20 /usr/local/bin/php -f /usr/local/pkg/snort/snort_check_for_rule_updates.php >> /tmp/snort_update.log"; $config['cron']['item'][] = $cron_item; write_config("Installed 15 minute filter reload for Time Based Rules"); configure_cron(); diff --git a/config/snort/snort_check_for_rule_updates.php b/config/snort/snort_check_for_rule_updates.php index e22c1b06..ba953c73 100644 --- a/config/snort/snort_check_for_rule_updates.php +++ b/config/snort/snort_check_for_rule_updates.php @@ -29,7 +29,7 @@ */ /* Setup enviroment */ -$tmpfname = "/tmp/snort_rules_up"; +$tmpfname = "/usr/local/etc/snort/tmp/snort_rules_up"; $snortdir = "/usr/local/etc/snort"; $snortdir_wan = "/usr/local/etc/snort"; $snort_filename_md5 = "snortrules-snapshot-2.8.tar.gz.md5"; @@ -42,6 +42,73 @@ $pfsense_rules_filename = "pfsense_rules.tar.gz"; require_once("globals.inc"); require_once("/usr/local/pkg/snort/snort.inc"); +////////////////////////////// + + +function download_file_with_progress_bar2($url_file, $destination_file) { + global $ch, $fout, $file_size, $downloaded, $pkg_interface; + $file_size = 1; + $downloaded = 1; + /* open destination file */ + $fout = fopen($destination_file, "wb"); + + /* + * Originally by Author: Keyvan Minoukadeh + * Modified by Scott Ullrich to return Content-Length size + */ + + $ch = curl_init(); + curl_setopt($ch, CURLOPT_URL, $url_file); + curl_setopt($ch, CURLOPT_HEADERFUNCTION, 'read_header2'); + curl_setopt($ch, CURLOPT_WRITEFUNCTION, 'read_body2'); + curl_setopt($ch, CURLOPT_NOPROGRESS, '1'); + curl_setopt($ch, CURLOPT_TIMEOUT, 0); + + curl_exec($ch); + $http_code = curl_getinfo($ch, CURLINFO_HTTP_CODE); + if($fout) + fclose($fout); + curl_close($ch); + return ($http_code == 200) ? true : $http_code; +} + +function read_header2($ch, $string) { + global $file_size, $fout; + $length = strlen($string); + $regs = ""; + ereg("(Content-Length:) (.*)", $string, $regs); + if($regs[2] <> "") { + $file_size = intval($regs[2]); + } + ob_flush(); + return $length; +} + +function read_body2($ch, $string) { + global $fout, $file_size, $downloaded, $sendto, $static_status, $static_output, $lastseen, $pkg_interface; + $length = strlen($string); + $downloaded += intval($length); + $downloadProgress = round(100 * (1 - $downloaded / $file_size), 0); + $downloadProgress = 100 - $downloadProgress; + if($lastseen <> $downloadProgress and $downloadProgress < 101) { + if($sendto == "status") { + $tostatus = $static_status . $downloadProgress . "%"; + echo "$tostatus"; + } else { + $tooutput = $static_output . $downloadProgress . "%"; + echo "$tooutput"; + } + echo "$downloadProgress"; + $lastseen = $downloadProgress; + } + if($fout) + fwrite($fout, $string); + ob_flush(); + return $length; +} + +////////////////////////////// + /* define checks */ $oinkid = $config['installedpackages']['snortglobal']['oinkmastercode']; $snortdownload = $config['installedpackages']['snortglobal']['snortdownload']; @@ -61,8 +128,6 @@ if ($snortdownload != "on" && $emergingthreats != "on") exit; } -conf_mount_rw(); - /* Time stamps define */ $last_md5_download = $config['installedpackages']['snortglobal']['last_md5_download']; $last_rules_install = $config['installedpackages']['snortglobal']['last_rules_install']; @@ -77,6 +142,12 @@ echo "\n\n"; exec("/usr/bin/logger -p daemon.info -i -t SnortStartup 'Checking for needed updates...'"); /* Begin main code */ +conf_mount_rw(); + +if (!file_exists('/usr/local/etc/snort/tmp')) { + exec('/bin/mkdir -p /usr/local/etc/snort/tmp'); +} + /* Set user agent to Mozilla */ ini_set('user_agent','Mozilla/4.0 (compatible; MSIE 6.0)'); ini_set("memory_limit","125M"); @@ -88,11 +159,6 @@ $config['installedpackages']['snortglobal']['last_md5_download'] = date("Y-M-jS- ob_flush(); conf_mount_rw(); -/* premium_subscriber check */ -//unset($config['installedpackages']['snort']['config'][0]['subscriber']); -//write_config(); // Will cause switch back to read-only on nanobsd -//conf_mount_rw(); // Uncomment this if the previous line is uncommented - $premium_subscriber_chk = $config['installedpackages']['snortglobal']['snortdownload']; if ($premium_subscriber_chk == "premium") { @@ -123,6 +189,7 @@ if (file_exists("{$tmpfname}")) { exec("/bin/mkdir -p {$snortdir}"); exec("/bin/mkdir -p {$snortdir}/rules"); exec("/bin/mkdir -p {$snortdir}/signatures"); +exec("/bin/mkdir -p /usr/local/lib/snort/dynamicrules/"); /* send current buffer */ ob_flush(); @@ -136,35 +203,39 @@ if (file_exists($tmpfname)) { } /* download md5 sig from snort.org */ -if (file_exists("{$tmpfname}/{$snort_filename_md5}")) { - echo "md5 temp file exists...\n"; -} else { - echo "Downloading md5 file...\n"; - ini_set('user_agent','Mozilla/4.0 (compatible; MSIE 6.0)'); - $image = @file_get_contents("http://dl.snort.org/{$premium_url}/snortrules-snapshot-2.8{$premium_subscriber}.tar.gz.md5?oink_code={$oinkid}"); +if ($snortdownload == "basic" || $snortdownload == "premium") +{ + if (file_exists("{$tmpfname}/{$snort_filename_md5}") && + filesize("{$tmpfname}/{$snort_filename_md5}") > 0) { + echo "snort.org md5 temp file exists...\n"; + } else { + echo "Downloading snort.org md5 file...\n"; + ini_set('user_agent','Mozilla/4.0 (compatible; MSIE 6.0)'); + $image = @file_get_contents("http://dl.snort.org/{$premium_url}/snortrules-snapshot-2.8{$premium_subscriber}.tar.gz.md5?oink_code={$oinkid}"); // $image = @file_get_contents("http://www.mtest.local/pub-bin/oinkmaster.cgi/{$oinkid}/snortrules-snapshot-2.8{$premium_subscriber}.tar.gz.md5"); - $f = fopen("{$tmpfname}/snortrules-snapshot-2.8.tar.gz.md5", 'w'); - fwrite($f, $image); - fclose($f); - echo "Done. downloading md5\n"; + $f = fopen("{$tmpfname}/snortrules-snapshot-2.8.tar.gz.md5", 'w'); + fwrite($f, $image); + fclose($f); + echo "Done downloading snort.org md5\n"; + } } /* download md5 sig from emergingthreats.net */ -$emergingthreats_url_chk = $config['installedpackages']['snortglobal']['emergingthreats']; -if ($emergingthreats_url_chk == on) { - echo "Downloading md5 file...\n"; - ini_set('user_agent','Mozilla/4.0 (compatible; MSIE 6.0)'); - $image = @file_get_contents("http://www.emergingthreats.net/version.txt"); +if ($emergingthreats == "on") +{ + echo "Downloading emergingthreats md5 file...\n"; + ini_set('user_agent','Mozilla/4.0 (compatible; MSIE 6.0)'); + $image = @file_get_contents("http://www.emergingthreats.net/version.txt"); // $image = @file_get_contents("http://www.mtest.local/pub-bin/oinkmaster.cgi/{$oinkid}/version.txt"); - $f = fopen("{$tmpfname}/version.txt", 'w'); - fwrite($f, $image); - fclose($f); - echo "Done. downloading md5\n"; + $f = fopen("{$tmpfname}/version.txt", 'w'); + fwrite($f, $image); + fclose($f); + echo "Done downloading emergingthreats md5\n"; } /* download md5 sig from pfsense.org */ if (file_exists("{$tmpfname}/{$pfsense_rules_filename_md5}")) { - echo "md5 temp file exists...\n"; + echo "pfsense md5 temp file exists...\n"; } else { echo "Downloading pfsense md5 file...\n"; ini_set('user_agent','Mozilla/4.0 (compatible; MSIE 6.0)'); @@ -173,15 +244,19 @@ if (file_exists("{$tmpfname}/{$pfsense_rules_filename_md5}")) { $f = fopen("{$tmpfname}/pfsense_rules.tar.gz.md5", 'w'); fwrite($f, $image); fclose($f); - echo "Done. downloading md5\n"; + echo "Done downloading pfsense md5.\n"; } /* If md5 file is empty wait 15min exit */ -if (0 == filesize("{$tmpfname}/snortrules-snapshot-2.8.tar.gz.md5")){ - echo "Please wait... You may only check for New Rules every 15 minutes...\n"; - echo "Rules are released every month from snort.org. You may download the Rules at any time.\n"; - exec("/usr/bin/logger -p daemon.info -i -t SnortStartup 'Please wait... You may only check for New Rules every 15 minutes...'"); - exit(0); +if ($snortdownload != "off") +{ + if (0 == filesize("{$tmpfname}/snortrules-snapshot-2.8.tar.gz.md5")) + { + echo "Please wait... You may only check for New Rules every 15 minutes...\n"; + echo "Rules are released every month from snort.org. You may download the Rules at any time.\n"; + conf_mount_ro(); + exit(0); + } } /* If emergingthreats md5 file is empty wait 15min exit not needed */ @@ -190,171 +265,159 @@ if (0 == filesize("{$tmpfname}/snortrules-snapshot-2.8.tar.gz.md5")){ if (0 == filesize("{$tmpfname}/$pfsense_rules_filename_md5")){ echo "Please wait... You may only check for New Pfsense Rules every 15 minutes...\n"; echo "Rules are released to support Pfsense packages.\n"; - exec("/usr/bin/logger -p daemon.info -i -t SnortStartup 'Please wait... You may only check for New Pfsense Rules every 15 minutes...'"); +conf_mount_ro(); exit(0); } /* Check if were up to date snort.org */ -if (file_exists("{$snortdir}/snortrules-snapshot-2.8.tar.gz.md5")){ -$md5_check_new_parse = file_get_contents("{$tmpfname}/{$snort_filename_md5}"); -$md5_check_new = `/bin/echo "{$md5_check_new_parse}" | /usr/bin/awk '{ print $1 }'`; -$md5_check_old_parse = file_get_contents("{$snortdir}/{$snort_filename_md5}"); -$md5_check_old = `/bin/echo "{$md5_check_old_parse}" | /usr/bin/awk '{ print $1 }'`; -/* Write out time of last sucsessful md5 to cache */ -write_config(); // Will cause switch back to read-only on nanobsd -conf_mount_rw(); -if ($md5_check_new == $md5_check_old) { - echo "Your rules are up to date...\n"; - echo "You may start Snort now, check update.\n"; +if ($snortdownload != "off") +{ + if (file_exists("{$snortdir}/snortrules-snapshot-2.8.tar.gz.md5")) + { + $md5_check_new_parse = file_get_contents("{$tmpfname}/{$snort_filename_md5}"); + $md5_check_new = `/bin/echo "{$md5_check_new_parse}" | /usr/bin/awk '{ print $1 }'`; + $md5_check_old_parse = file_get_contents("{$snortdir}/{$snort_filename_md5}"); + $md5_check_old = `/bin/echo "{$md5_check_old_parse}" | /usr/bin/awk '{ print $1 }'`; + /* Write out time of last sucsessful md5 to cache */ + write_config(); // Will cause switch back to read-only on nanobsd + conf_mount_rw(); + if ($md5_check_new == $md5_check_old) + { + echo "Your rules are up to date...\n"; + echo "You may start Snort now, check update.\n"; $snort_md5_check_ok = on; - exec("/usr/bin/logger -p daemon.info -i -t SnortStartup 'Your snort rules are up to date...'"); - } + } + } } /* Check if were up to date emergingthreats.net */ -$emergingthreats_url_chk = $config['installedpackages']['snortglobal']['emergingthreats']; -if ($emergingthreats_url_chk == on) { -if (file_exists("{$snortdir}/version.txt")){ -$emerg_md5_check_new_parse = file_get_contents("{$tmpfname}/version.txt"); -$emerg_md5_check_new = `/bin/echo "{$emerg_md5_check_new_parse}" | /usr/bin/awk '{ print $1 }'`; -$emerg_md5_check_old_parse = file_get_contents("{$snortdir}/version.txt"); -$emerg_md5_check_old = `/bin/echo "{$emerg_md5_check_old_parse}" | /usr/bin/awk '{ print $1 }'`; -/* Write out time of last sucsessful md5 to cache */ -write_config(); // Will cause switch back to read-only on nanobsd -conf_mount_rw(); -if ($emerg_md5_check_new == $emerg_md5_check_old) { - echo "Your emergingthreats rules are up to date...\n"; - echo "You may start Snort now, check update.\n"; - $emerg_md5_check_chk_ok = on; - exec("/usr/bin/logger -p daemon.info -i -t SnortStartup 'Your emergingthreats rules are up to date...'"); - } - } +if ($emergingthreats == "on") +{ + if (file_exists("{$snortdir}/version.txt")) + { + $emerg_md5_check_new_parse = file_get_contents("{$tmpfname}/version.txt"); + $emerg_md5_check_new = `/bin/echo "{$emerg_md5_check_new_parse}" | /usr/bin/awk '{ print $1 }'`; + $emerg_md5_check_old_parse = file_get_contents("{$snortdir}/version.txt"); + $emerg_md5_check_old = `/bin/echo "{$emerg_md5_check_old_parse}" | /usr/bin/awk '{ print $1 }'`; + /* Write out time of last sucsessful md5 to cache */ + // Will cause switch back to read-only on nanobsd + write_config(); + conf_mount_rw(); + if ($emerg_md5_check_new == $emerg_md5_check_old) + { + $emerg_md5_check_ok = on; + } + } } /* Check if were up to date pfsense.org */ -if (file_exists("{$snortdir}/$pfsense_rules_filename_md5")){ -$pfsense_md5_check_new_parse = file_get_contents("{$tmpfname}/{$snort_filename_md5}"); -$pfsense_md5_check_new = `/bin/echo "{$pfsense_md5_check_new_parse}" | /usr/bin/awk '{ print $1 }'`; -$pfsense_md5_check_old_parse = file_get_contents("{$snortdir}/{$snort_filename_md5}"); -$pfsense_md5_check_old = `/bin/echo "{$md5_check_old_parse}" | /usr/bin/awk '{ print $1 }'`; -if ($pfsense_md5_check_new == $pfsense_md5_check_old) { + if (file_exists("{$snortdir}/pfsense_rules.tar.gz.md5")) + { + $pfsense_check_new_parse = file_get_contents("{$tmpfname}/pfsense_rules.tar.gz.md5"); + $pfsense_md5_check_new = `/bin/echo "{$pfsense_md5_check_new_parse}" | /usr/bin/awk '{ print $1 }'`; + $pfsense_md5_check_old_parse = file_get_contents("{$snortdir}/pfsense_rules.tar.gz.md5"); + $pfsense_md5_check_old = `/bin/echo "{$pfsense_md5_check_old_parse}" | /usr/bin/awk '{ print $1 }'`; + /* Write out time of last sucsessful md5 to cache */ + // Will cause switch back to read-only on nanobsd + write_config(); + conf_mount_rw(); + if ($pfsense_md5_check_new == $pfsense_md5_check_old) + { $pfsense_md5_check_ok = on; - exec("/usr/bin/logger -p daemon.info -i -t SnortStartup 'Your pfsense rules are up to date...'"); - } -} + } + } -/* Make Clean Snort Directory emergingthreats not checked */ -if ($snort_md5_check_ok == on && $emergingthreats_url_chk != on) { - update_status(gettext("Cleaning the snort Directory...")); - update_output_window(gettext("removing...")); - exec("/bin/rm {$snortdir}/rules/emerging*"); - exec("/bin/rm {$snortdir}/version.txt"); - exec("/bin/rm {$snortdir_wan}/rules/emerging*"); - exec("/bin/rm {$snortdir_wan}/version.txt"); - echo "Done making cleaning emrg direcory.\n"; +/* Check if were up to date is so, exit */ +/* WARNING This code needs constant checks */ +if ($snortdownload != "off" && $emergingthreats != "off") +{ + if ($snort_md5_check_ok == "on" && $emerg_md5_check_ok == "on") + { + echo "All your rules are up to date...\n"; + echo "You may start Snort now...\n"; + conf_mount_ro(); + exit(0); + } } -/* Check if were up to date exits */ -if ($snort_md5_check_ok == on && $emerg_md5_check_chk_ok == on && $pfsense_md5_check_ok == on) { - echo "Your emergingthreats rules are up to date...\n"; - exec("/usr/bin/logger -p daemon.info -i -t SnortStartup 'Your emergingthreats rules are up to date...'"); - exit(0); +if ($snortdownload == "on" && $emergingthreats == "off") +{ + if ($snort_md5_check_ok == "on") + { + echo "Your snort.org rules are up to date...\n"; + echo "You may start Snort now...\n"; + conf_mount_ro(); + exit(0); + } } -if ($snort_md5_check_ok == on && $pfsense_md5_check_ok == on && $emergingthreats_url_chk != on) { - echo "Your pfsense rules are up to date...\n"; - exec("/usr/bin/logger -p daemon.info -i -t SnortStartup 'Your pfsense rules are up to date...'"); - exit(0); +if ($snortdownload == "off" && $emergingthreats == "on") +{ + if ($emerg_md5_check_ok == "on") + { + echo "Your Emergingthreats rules are up to date...\n"; + echo "You may start Snort now...\n"; + conf_mount_ro(); + exit(0); + } } /* You are Not Up to date, always stop snort when updating rules for low end machines */; echo "You are NOT up to date...\n"; -echo "Stopping All Snort Package services...\n"; -exec("/usr/bin/logger -p daemon.info -i -t SnortStartup 'SNORT RULES ARE OUT OF DATE, UPDATING...'"); -exec("/usr/bin/logger -p daemon.info -i -t SnortStartup 'Stopping All Snort Package Services...'"); +echo "Stopping Snort service...\n"; $chk_if_snort_up = exec("pgrep -x snort"); if ($chk_if_snort_up != "") { - - - exec("/usr/bin/touch /tmp/snort_download_halt.pid"); - - /* dont flood the syslog code */ - exec("/bin/cp /var/log/system.log /var/log/system.log.bk"); - sleep(3); - - exec("/usr/bin/killall snort"); - exec("/bin/rm /var/run/snort*"); - sleep(2); - exec("/usr/bin/killall barnyard2"); - exec("/bin/rm /var/run/barnyard2*"); - - /* stop syslog flood code */ - exec("/bin/cp /var/log/system.log /var/log/snort/snort_sys_rules_update.log"); - exec("/usr/bin/killall syslogd"); - exec("/usr/sbin/clog -i -s 262144 /var/log/system.log"); - exec("/usr/sbin/syslogd -c -ss -f /var/etc/syslog.conf"); - sleep(2); - exec("/bin/cp /var/log/system.log.bk /var/log/system.log"); - $after_mem = exec("/usr/bin/top | /usr/bin/grep Wired | /usr/bin/awk '{ print $2 }'"); - exec("/usr/bin/logger -p daemon.info -i -t SnortStartup 'MEM after snort STOP {$after_mem}'"); - + exec("/usr/bin/touch /tmp/snort_download_halt.pid"); + exec("/bin/sh /usr/local/etc/rc.d/snort.sh stop"); + sleep(2); } /* download snortrules file */ -if ($snort_md5_check_ok != on) { -if (file_exists("{$tmpfname}/{$snort_filename}")) { - echo "Snortrule tar file exists...\n"; -} else { - echo "There is a new set of Snort rules posted. Downloading...\n"; - echo "May take 4 to 10 min...\n"; - ini_set('user_agent','Mozilla/4.0 (compatible; MSIE 6.0)'); - $image = @file_get_contents("http://dl.snort.org/{$premium_url}/snortrules-snapshot-2.8{$premium_subscriber}.tar.gz?oink_code={$oinkid}"); -// $image = @file_get_contents("http://www.mtest.local/pub-bin/oinkmaster.cgi/{$oinkid}/snortrules-snapshot-2.8{$premium_subscriber}.tar.gz"); - $f = fopen("{$tmpfname}/snortrules-snapshot-2.8.tar.gz", 'w'); - fwrite($f, $image); - fclose($f); - echo "Done downloading rules file.\n"; - if (150000 > filesize("{$tmpfname}/$snort_filename")){ - echo "Error with the snort rules download...\n"; - echo "Snort rules file downloaded failed...\n"; - exit(0); - } - } +if ($snortdownload != "off") +{ + if ($snort_md5_check_ok != on) { + if (file_exists("{$tmpfname}/{$snort_filename}")) { + echo "Snortrule tar file exists...\n"; + } else { + echo "There is a new set of Snort.org rules posted. Downloading...\n"; + echo "May take 4 to 10 min...\n"; + download_file_with_progress_bar2("http://dl.snort.org/{$premium_url}/snortrules-snapshot-2.8{$premium_subscriber}.tar.gz?oink_code={$oinkid}", $tmpfname . "/{$snort_filename}"); + echo "Done downloading rules file.\n"; + if (150000 > filesize("{$tmpfname}/{$snort_filename}")){ + echo "Error with the snort rules download...\n"; + echo "Snort rules file downloaded failed...\n"; + conf_mount_ro(); + exit(0); + } + } + } } - + /* download emergingthreats rules file */ -if ($emergingthreats_url_chk == on) { -if ($emerg_md5_check_chk_ok != on) { -if (file_exists("{$tmpfname}/{$emergingthreats_filename}")) { - echo "Emergingthreats tar file exists...\n"; -} else { - echo "There is a new set of Emergingthreats rules posted. Downloading...\n"; - echo "May take 4 to 10 min...\n"; - ini_set('user_agent','Mozilla/4.0 (compatible; MSIE 6.0)'); - $image = @file_get_contents("http://www.emergingthreats.net/rules/emerging.rules.tar.gz"); -// $image = @file_get_contents("http://www.emergingthreats.net/rules/emerging.rules.tar.gz"); - $f = fopen("{$tmpfname}/emerging.rules.tar.gz", 'w'); - fwrite($f, $image); - fclose($f); - echo "Done downloading Emergingthreats rules file.\n"; - } - } - } +if ($emergingthreats == "on") +{ + if ($emerg_md5_check_ok != on) + { + if (file_exists("{$tmpfname}/{$emergingthreats_filename}")) + { + echo "Emergingthreats tar file exists...\n"; + }else{ + echo "There is a new set of Emergingthreats rules posted. Downloading...\n"; + echo "May take 4 to 10 min...\n"; + download_file_with_progress_bar2("http://www.emergingthreats.net/rules/emerging.rules.tar.gz", $tmpfname . "/{$emergingthreats_filename}"); + echo "Done downloading Emergingthreats rules file.\n"; + } + } +} /* download pfsense rules file */ if ($pfsense_md5_check_ok != on) { if (file_exists("{$tmpfname}/{$pfsense_rules_filename}")) { echo "Snortrule tar file exists...\n"; } else { - echo "There is a new set of Pfsense rules posted. Downloading...\n"; - echo "May take 4 to 10 min...\n"; - ini_set('user_agent','Mozilla/4.0 (compatible; MSIE 6.0)'); - $image = @file_get_contents("http://www.pfsense.com/packages/config/snort/pfsense_rules/pfsense_rules.tar.gz"); -// $image = @file_get_contents("http://www.mtest.local/pub-bin/oinkmaster.cgi/{$oinkid}/pfsense_rules.tar.gz"); - $f = fopen("{$tmpfname}/pfsense_rules.tar.gz", 'w'); - fwrite($f, $image); - fclose($f); + echo "May take 4 to 10 min...\n"; + download_file_with_progress_bar2("http://www.pfsense.com/packages/config/snort/pfsense_rules/pfsense_rules.tar.gz", $tmpfname . "/{$pfsense_rules_filename}"); echo "Done downloading rules file.\n"; } } @@ -388,44 +451,88 @@ if (file_exists("{$tmpfname}/{$pfsense_rules_filename}")) { //} /* Untar snort rules file individually to help people with low system specs */ -if ($snort_md5_check_ok != on) { -if (file_exists("{$tmpfname}/{$snort_filename}")) { - echo "Extracting rules...\n"; - echo "May take a while...\n"; - exec("/usr/bin/tar xzf {$tmpfname}/{$snort_filename} -C {$snortdir} rules/" . - " etc/" . - " so_rules/precompiled/FreeBSD-7.0/i386/2.8.4" . - " so_rules/bad-traffic.rules/" . - " so_rules/chat.rules/" . - " so_rules/dos.rules/" . - " so_rules/exploit.rules/" . - " so_rules/imap.rules/" . - " so_rules/misc.rules/" . - " so_rules/multimedia.rules/" . - " so_rules/netbios.rules/" . - " so_rules/nntp.rules/" . - " so_rules/p2p.rules/" . - " so_rules/smtp.rules/" . - " so_rules/sql.rules/" . - " so_rules/web-client.rules/" . - " so_rules/web-misc.rules/"); - echo "Done extracting Rules.\n"; -} else { - echo "The Download rules file missing...\n"; - echo "Error rules extracting failed...\n"; - exit(0); - } +if ($snortdownload != "off") +{ + if ($snort_md5_check_ok != on) { + if (file_exists("{$tmpfname}/{$snort_filename}")) { + echo "Extracting Snort.org rules...\n"; + echo "May take a while...\n"; + /* extract snort.org rules and add prefix to all snort.org files*/ + exec("/bin/rm -r {$snortdir}/rules"); + sleep(2); + exec("/usr/bin/tar xzf {$tmpfname}/{$snort_filename} -C {$snortdir} rules/"); + chdir ("/usr/local/etc/snort/rules"); + sleep(2); + exec('/usr/local/bin/perl /usr/local/bin/snort_rename.pl s/^/snort_/ *.rules'); + /* extract so rules */ + exec("/usr/bin/tar xzf {$tmpfname}/{$snort_filename} -C {$snortdir} so_rules/precompiled/FreeBSD-7.0/i386/2.8.5.3/"); + exec('/bin/mkdir -p /usr/local/lib/snort/dynamicrules/'); + exec("/bin/mv -f {$snortdir}/so_rules/precompiled/FreeBSD-7.0/i386/2.8.5.3/* /usr/local/lib/snort/dynamicrules/"); + /* extract so rules none bin and rename */ + exec("/usr/bin/tar xzf {$tmpfname}/{$snort_filename} -C {$snortdir} so_rules/bad-traffic.rules/" . + " so_rules/chat.rules/" . + " so_rules/dos.rules/" . + " so_rules/exploit.rules/" . + " so_rules/icmp.rules/" . + " so_rules/imap.rules/" . + " so_rules/misc.rules/" . + " so_rules/multimedia.rules/" . + " so_rules/netbios.rules/" . + " so_rules/nntp.rules/" . + " so_rules/p2p.rules/" . + " so_rules/smtp.rules/" . + " so_rules/sql.rules/" . + " so_rules/web-activex.rules/" . + " so_rules/web-client.rules/" . + " so_rules/web-iis.rules/" . + " so_rules/web-misc.rules/"); + + exec("/bin/mv -f {$snortdir}/so_rules/bad-traffic.rules {$snortdir}/rules/snort_bad-traffic.so.rules"); + exec("/bin/mv -f {$snortdir}/so_rules/chat.rules {$snortdir}/rules/snort_chat.so.rules"); + exec("/bin/mv -f {$snortdir}/so_rules/dos.rules {$snortdir}/rules/snort_dos.so.rules"); + exec("/bin/mv -f {$snortdir}/so_rules/exploit.rules {$snortdir}/rules/snort_exploit.so.rules"); + exec("/bin/mv -f {$snortdir}/so_rules/icmp.rules {$snortdir}/rules/snort_icmp.so.rules"); + exec("/bin/mv -f {$snortdir}/so_rules/imap.rules {$snortdir}/rules/snort_imap.so.rules"); + exec("/bin/mv -f {$snortdir}/so_rules/misc.rules {$snortdir}/rules/snort_misc.so.rules"); + exec("/bin/mv -f {$snortdir}/so_rules/multimedia.rules {$snortdir}/rules/snort_multimedia.so.rules"); + exec("/bin/mv -f {$snortdir}/so_rules/netbios.rules {$snortdir}/rules/snort_netbios.so.rules"); + exec("/bin/mv -f {$snortdir}/so_rules/nntp.rules {$snortdir}/rules/snort_nntp.so.rules"); + exec("/bin/mv -f {$snortdir}/so_rules/p2p.rules {$snortdir}/rules/snort_p2p.so.rules"); + exec("/bin/mv -f {$snortdir}/so_rules/smtp.rules {$snortdir}/rules/snort_smtp.so.rules"); + exec("/bin/mv -f {$snortdir}/so_rules/sql.rules {$snortdir}/rules/snort_sql.so.rules"); + exec("/bin/mv -f {$snortdir}/so_rules/web-activex.rules {$snortdir}/rules/snort_web-activex.so.rules"); + exec("/bin/mv -f {$snortdir}/so_rules/web-client.rules {$snortdir}/rules/snort_web-client.so.rules"); + exec("/bin/mv -f {$snortdir}/so_rules/web-iis.rules {$snortdir}/rules/snort_web-iis.so.rules"); + exec("/bin/mv -f {$snortdir}/so_rules/web-misc.rules {$snortdir}/rules/snort_web-misc.so.rules"); + exec("/bin/rm -r {$snortdir}/so_rules"); + + /* extract base etc files */ + exec("/usr/bin/tar xzf {$tmpfname}/{$snort_filename} -C {$snortdir} etc/"); + exec("/bin/mv -f {$snortdir}/etc/* {$snortdir}"); + exec("/bin/rm -r {$snortdir}/etc"); + + echo "Done extracting Snort.org Rules.\n"; + }else{ + echo "Error extracting Snort.org Rules...\n"; + echo "Error Line 453\n"; + conf_mount_ro(); + exit(0); + } + } } /* Untar emergingthreats rules to tmp */ -if ($emergingthreats_url_chk == on) { -if ($emerg_md5_check_chk_ok != on) { -if (file_exists("{$tmpfname}/{$emergingthreats_filename}")) { - echo "Extracting rules...\n"; - echo "May take a while...\n"; - exec("/usr/bin/tar xzf {$tmpfname}/{$emergingthreats_filename} -C {$snortdir} rules/"); - } - } +if ($emergingthreats == "on") +{ + if ($emerg_md5_check_ok != on) + { + if (file_exists("{$tmpfname}/{$emergingthreats_filename}")) + { + echo "Extracting rules...\n"; + echo "May take a while...\n"; + exec("/usr/bin/tar xzf {$tmpfname}/{$emergingthreats_filename} -C {$snortdir} rules/"); + } + } } /* Untar Pfsense rules to tmp */ @@ -450,100 +557,38 @@ if ($premium_url_chk == on) { } } -/* Make Clean Snort Directory */ -//if ($snort_md5_check_ok != on && $emerg_md5_check_chk_ok != on && $pfsense_md5_check_ok != on) { -//if (file_exists("{$snortdir}/rules")) { -// update_status(gettext("Cleaning the snort Directory...")); -// update_output_window(gettext("removing...")); -// exec("/bin/mkdir -p {$snortdir}"); -// exec("/bin/mkdir -p {$snortdir}/rules"); -// exec("/bin/mkdir -p {$snortdir}/signatures"); -// exec("/bin/rm {$snortdir}/*"); -// exec("/bin/rm {$snortdir}/rules/*"); -// exec("/bin/rm {$snortdir_wan}/*"); -// exec("/bin/rm {$snortdir_wan}/rules/*"); - -// exec("/bin/rm /usr/local/lib/snort/dynamicrules/*"); -//} else { -// update_status(gettext("Making Snort Directory...")); -// update_output_window(gettext("should be fast...")); -// exec("/bin/mkdir -p {$snortdir}"); -// exec("/bin/mkdir -p {$snortdir}/rules"); -// exec("/bin/rm {$snortdir_wan}/*"); -// exec("/bin/rm {$snortdir_wan}/rules/*"); -// exec("/bin/rm /usr/local/lib/snort/dynamicrules/\*"); -// update_status(gettext("Done making snort direcory.")); -// } -//} - -/* Copy so_rules dir to snort lib dir */ -/* Disabled untill I figure out why there is a segment falut core dump on 2.8.5.3 */ -//if ($snort_md5_check_ok != on) { -//if (file_exists("{$snortdir}/so_rules/precompiled/FreeBSD-7.0/i386/2.8.4/")) { -// echo "Copying so_rules...\n"; -// echo "May take a while...\n"; -// exec("`/bin/cp -f {$snortdir}/so_rules/precompiled/FreeBSD-7.0/i386/2.8.4/* /usr/local/lib/snort/dynamicrules/`"); -// exec("/bin/cp {$snortdir}/so_rules/bad-traffic.rules {$snortdir}/rules/bad-traffic.so.rules"); -// exec("/bin/cp {$snortdir}/so_rules/chat.rules {$snortdir}/rules/chat.so.rules"); -// exec("/bin/cp {$snortdir}/so_rules/dos.rules {$snortdir}/rules/dos.so.rules"); -// exec("/bin/cp {$snortdir}/so_rules/exploit.rules {$snortdir}/rules/exploit.so.rules"); -// exec("/bin/cp {$snortdir}/so_rules/imap.rules {$snortdir}/rules/imap.so.rules"); -// exec("/bin/cp {$snortdir}/so_rules/misc.rules {$snortdir}/rules/misc.so.rules"); -// exec("/bin/cp {$snortdir}/so_rules/multimedia.rules {$snortdir}/rules/multimedia.so.rules"); -// exec("/bin/cp {$snortdir}/so_rules/netbios.rules {$snortdir}/rules/netbios.so.rules"); -// exec("/bin/cp {$snortdir}/so_rules/nntp.rules {$snortdir}/rules/nntp.so.rules"); -// exec("/bin/cp {$snortdir}/so_rules/p2p.rules {$snortdir}/rules/p2p.so.rules"); -// exec("/bin/cp {$snortdir}/so_rules/smtp.rules {$snortdir}/rules/smtp.so.rules"); -// exec("/bin/cp {$snortdir}/so_rules/sql.rules {$snortdir}/rules/sql.so.rules"); -// exec("/bin/cp {$snortdir}/so_rules/web-client.rules {$snortdir}/rules/web-client.so.rules"); -// exec("/bin/cp {$snortdir}/so_rules/web.misc.rules {$snortdir}/rules/web.misc.so.rules"); -// exec("/bin/rm -r {$snortdir}/so_rules"); -// echo "Done copying so_rules.\n"; -//} else { -// echo "Directory so_rules does not exist...\n"; -// echo "Error copying so_rules...\n"; -// exit(0); -// } -//} - -/* Copy configs to snort dir */ -if ($snort_md5_check_ok != on) { -if (file_exists("{$snortdir}/etc/Makefile.am")) { - echo "Copying configs to snort directory...\n"; - exec("/bin/cp {$snortdir}/etc/* {$snortdir}"); - exec("/bin/rm -r {$snortdir}/etc"); - -} else { - echo "The snort config does not exist...\n"; - echo "Error copying config...\n"; - exit(0); - } -} - /* Copy md5 sig to snort dir */ -if ($snort_md5_check_ok != on) { -if (file_exists("{$tmpfname}/$snort_filename_md5")) { - echo "Copying md5 sig to snort directory...\n"; - exec("/bin/cp {$tmpfname}/$snort_filename_md5 {$snortdir}/$snort_filename_md5"); -} else { - echo "The md5 file does not exist...\n"; - echo "Error copying config...\n"; - exit(0); - } -} - +if ($snortdownload != "off") +{ + if ($snort_md5_check_ok != on) { + if (file_exists("{$tmpfname}/$snort_filename_md5")) { + echo "Copying md5 sig to snort directory...\n"; + exec("/bin/cp {$tmpfname}/$snort_filename_md5 {$snortdir}/$snort_filename_md5"); + }else{ + echo "The md5 file does not exist...\n"; + echo "Error copying config...\n"; + conf_mount_ro(); + exit(0); + } + } +} + /* Copy emergingthreats md5 sig to snort dir */ -if ($emergingthreats_url_chk == on) { -if ($emerg_md5_check_chk_ok != on) { -if (file_exists("{$tmpfname}/$emergingthreats_filename_md5")) { - echo "Copying md5 sig to snort directory...\n"; - exec("/bin/cp {$tmpfname}/$emergingthreats_filename_md5 {$snortdir}/$emergingthreats_filename_md5"); -} else { - echo "The emergingthreats md5 file does not exist...\n"; - echo "Error copying config...\n"; - exit(0); - } - } +if ($emergingthreats == "on") +{ + if ($emerg_md5_check_ok != on) + { + if (file_exists("{$tmpfname}/$emergingthreats_filename_md5")) + { + echo "Copying md5 sig to snort directory...\n"; + exec("/bin/cp {$tmpfname}/$emergingthreats_filename_md5 {$snortdir}/$emergingthreats_filename_md5"); + }else{ + echo "The emergingthreats md5 file does not exist...\n"; + echo "Error copying config...\n"; + conf_mount_ro(); + exit(0); + } + } } /* Copy Pfsense md5 sig to snort dir */ @@ -554,26 +599,33 @@ if (file_exists("{$tmpfname}/$pfsense_rules_filename_md5")) { } else { echo "The Pfsense md5 file does not exist...\n"; echo "Error copying config...\n"; - exit(0); + conf_mount_ro(); + exit(0); } } /* Copy signatures dir to snort dir */ -if ($snort_md5_check_ok != on) { -$signature_info_chk = $config['installedpackages']['snortglobal']['signatureinfo']; -if ($premium_url_chk == on) { -if (file_exists("{$snortdir}/doc/signatures")) { - echo "Copying signatures...\n"; - echo "May take a while...\n"; - exec("/bin/mv -f {$snortdir}/doc/signatures {$snortdir}/signatures"); - exec("/bin/rm -r {$snortdir}/doc/signatures"); - echo "Done copying signatures.\n"; -} else { - echo "Directory signatures exist...\n"; - echo "Error copying signature...\n"; - exit(0); - } - } +if ($snortdownload != "off") +{ + if ($snort_md5_check_ok != on) + { + $signature_info_chk = $config['installedpackages']['snortglobal']['signatureinfo']; + if ($premium_url_chk == on) + { + if (file_exists("{$snortdir}/doc/signatures")) { + echo "Copying signatures...\n"; + echo "May take a while...\n"; + exec("/bin/mv -f {$snortdir}/doc/signatures {$snortdir}/signatures"); + exec("/bin/rm -r {$snortdir}/doc/signatures"); + echo "Done copying signatures.\n"; + }else{ + echo "Directory signatures exist...\n"; + echo "Error copying signature...\n"; + conf_mount_ro(); + exit(0); + } + } + } } /* double make shure cleanup emerg rules that dont belong */ @@ -606,37 +658,16 @@ exec("/usr/local/bin/perl /usr/local/bin/create-sidmap.pl /usr/local/etc/snort/r ////////////////// -/* Start the proccess for every interface rule */ -/* TODO: try to make the code smother */ - -if (!empty($config['installedpackages']['snortglobal']['rule'])) { - -$rule_array = $config['installedpackages']['snortglobal']['rule']; -$id = -1; -foreach ($rule_array as $value) { - -$id += 1; - -$result_lan = $config['installedpackages']['snortglobal']['rule'][$id]['interface']; -$if_real = convert_friendly_interface_to_real_interface_name2($result_lan); - - /* make oinkmaster.conf for each interface rule */ - oinkmaster_conf(); - - /* run oinkmaster for each interface rule */ - oinkmaster_run(); - - } -} - /* open oinkmaster_conf for writing" function */ -function oinkmaster_conf() { +function oinkmaster_conf($id, $if_real, $iface_uuid) +{ - global $config, $g, $id, $if_real, $snortdir_wan, $snortdir, $snort_md5_check_ok, $emerg_md5_check_chk_ok, $pfsense_md5_check_ok; + global $config, $g, $id, $if_real, $snortdir_wan, $snortdir, $snort_md5_check_ok, $emerg_md5_check_ok, $pfsense_md5_check_ok; + conf_mount_rw(); /* enable disable setting will carry over with updates */ /* TODO carry signature changes with the updates */ -if ($snort_md5_check_ok != on || $emerg_md5_check_chk_ok != on || $pfsense_md5_check_ok != on) { +if ($snort_md5_check_ok != on || $emerg_md5_check_ok != on || $pfsense_md5_check_ok != on) { if (!empty($config['installedpackages']['snortglobal']['rule'][$id]['rule_sid_on'])) { $enabled_sid_on = $config['installedpackages']['snortglobal']['rule'][$id]['rule_sid_on']; @@ -673,7 +704,7 @@ $selected_sid_off_sections EOD; /* open snort's oinkmaster.conf for writing */ - $oinkmasterlist = fopen("/usr/local/etc/snort/oinkmaster_$if_real.conf", "w"); + $oinkmasterlist = fopen("/usr/local/etc/snort/snort_{$iface_uuid}_{$if_real}/oinkmaster_{$iface_uuid}_{$if_real}.conf", "w"); fwrite($oinkmasterlist, "$snort_sid_text"); @@ -686,56 +717,83 @@ EOD; /* Run oinkmaster to snort_wan and cp configs */ /* If oinkmaster is not needed cp rules normally */ /* TODO add per interface settings here */ -function oinkmaster_run() { - - global $config, $g, $id, $if_real, $snortdir_wan, $snortdir, $snort_md5_check_ok, $emerg_md5_check_chk_ok, $pfsense_md5_check_ok; +function oinkmaster_run($id, $if_real, $iface_uuid) +{ -if ($snort_md5_check_ok != on || $emerg_md5_check_chk_ok != on || $pfsense_md5_check_ok != on) { + global $config, $g, $id, $if_real, $snortdir_wan, $snortdir, $snort_md5_check_ok, $emerg_md5_check_ok, $pfsense_md5_check_ok; + conf_mount_rw(); - if (empty($config['installedpackages']['snortglobal']['rule'][$id]['rule_sid_on']) || empty($config['installedpackages']['snortglobal']['rule'][$id]['rule_sid_off'])) { - echo "Your first set of rules are being copied...\n"; - echo "May take a while...\n"; - exec("/bin/echo \"test {$snortdir} {$snortdir_wan} $id$if_real\" >> /root/debug"); - exec("/bin/cp {$snortdir}/rules/* {$snortdir_wan}/snort_$id$if_real/rules/"); - exec("/bin/cp {$snortdir}/classification.config {$snortdir_wan}/snort_$id$if_real"); - exec("/bin/cp {$snortdir}/gen-msg.map {$snortdir_wan}/snort_$id$if_real"); - exec("/bin/cp {$snortdir}/generators {$snortdir_wan}/snort_$id$if_real"); - exec("/bin/cp {$snortdir}/reference.config {$snortdir_wan}/snort_$id$if_real"); - exec("/bin/cp {$snortdir}/sid {$snortdir_wan}/snort_$id$if_real"); - exec("/bin/cp {$snortdir}/sid-msg.map {$snortdir_wan}/snort_$id$if_real"); - exec("/bin/cp {$snortdir}/unicode.map {$snortdir_wan}/snort_$id$if_real"); + if ($snort_md5_check_ok != on || $emerg_md5_check_ok != on || $pfsense_md5_check_ok != on) + { -} else { + if ($config['installedpackages']['snortglobal']['rule'][$id]['rule_sid_on'] == '' && $config['installedpackages']['snortglobal']['rule'][$id]['rule_sid_off'] == '') + { + echo "Your first set of rules are being copied...\n"; + echo "May take a while...\n"; + exec("/bin/cp {$snortdir}/rules/* {$snortdir_wan}/snort_{$iface_uuid}_{$if_real}/rules/"); + exec("/bin/cp {$snortdir}/classification.config {$snortdir_wan}/snort_{$iface_uuid}_{$if_real}"); + exec("/bin/cp {$snortdir}/gen-msg.map {$snortdir_wan}/snort_{$iface_uuid}_{$if_real}"); + exec("/bin/cp {$snortdir}/generators {$snortdir_wan}/snort_{$iface_uuid}_{$if_real}"); + exec("/bin/cp {$snortdir}/reference.config {$snortdir_wan}/snort_{$iface_uuid}_{$if_real}"); + exec("/bin/cp {$snortdir}/sid {$snortdir_wan}/snort_{$iface_uuid}_{$if_real}"); + exec("/bin/cp {$snortdir}/sid-msg.map {$snortdir_wan}/snort_{$iface_uuid}_{$if_real}"); + exec("/bin/cp {$snortdir}/unicode.map {$snortdir_wan}/snort_{$iface_uuid}_{$if_real}"); + }else{ echo "Your enable and disable changes are being applied to your fresh set of rules...\n"; echo "May take a while...\n"; - exec("/bin/echo \"test2 {$snortdir} {$snortdir_wan} $id$if_real\" > /root/debug"); - exec("/bin/cp {$snortdir}/rules/* {$snortdir_wan}/snort_$id$if_real/rules/"); - exec("/bin/cp {$snortdir}/classification.config {$snortdir_wan}/snort_$id$if_real"); - exec("/bin/cp {$snortdir}/gen-msg.map {$snortdir_wan}/snort_$id$if_real"); - exec("/bin/cp {$snortdir}/generators {$snortdir_wan}/snort_$id$if_real"); - exec("/bin/cp {$snortdir}/reference.config {$snortdir_wan}/snort_$id$if_real"); - exec("/bin/cp {$snortdir}/sid {$snortdir_wan}/snort_$id$if_real"); - exec("/bin/cp {$snortdir}/sid-msg.map {$snortdir_wan}/snort_$id$if_real"); - exec("/bin/cp {$snortdir}/unicode.map {$snortdir_wan}/snort_$id$if_real"); - - /* oinkmaster.pl will convert saved changes for the new updates then we have to change #alert to # alert for the gui */ - /* might have to add a sleep for 3sec for flash drives or old drives */ - exec("/usr/local/bin/perl /usr/local/bin/oinkmaster.pl -C /usr/local/etc/snort/oinkmaster_$id$if_real.conf -o /usr/local/etc/snort/snort_$id$if_real/rules > /usr/local/etc/snort/oinkmaster_$id$if_real.log"); + exec("/bin/cp {$snortdir}/rules/* {$snortdir_wan}/snort_{$iface_uuid}_{$if_real}/rules/"); + exec("/bin/cp {$snortdir}/classification.config {$snortdir_wan}/snort_{$iface_uuid}_{$if_real}"); + exec("/bin/cp {$snortdir}/gen-msg.map {$snortdir_wan}/snort_{$iface_uuid}_{$if_real}"); + exec("/bin/cp {$snortdir}/generators {$snortdir_wan}/snort_{$iface_uuid}_{$if_real}"); + exec("/bin/cp {$snortdir}/reference.config {$snortdir_wan}/snort_{$iface_uuid}_{$if_real}"); + exec("/bin/cp {$snortdir}/sid {$snortdir_wan}/snort_{$iface_uuid}_{$if_real}"); + exec("/bin/cp {$snortdir}/sid-msg.map {$snortdir_wan}/snort_{$iface_uuid}_{$if_real}"); + exec("/bin/cp {$snortdir}/unicode.map {$snortdir_wan}/snort_{$iface_uuid}_{$if_real}"); + /* might have to add a sleep for 3sec for flash drives or old drives */ + exec("/usr/local/bin/perl /usr/local/bin/oinkmaster.pl -C /usr/local/etc/snort/snort_{$iface_uuid}_{$if_real}/oinkmaster_{$iface_uuid}_{$if_real}.conf -o /usr/local/etc/snort/snort_{$iface_uuid}_{$if_real}/rules > /usr/local/etc/snort/oinkmaster_{$iface_uuid}_{$if_real}.log"); } } } +/* Start the proccess for every interface rule */ +/* TODO: try to make the code smother */ + +if (!empty($config['installedpackages']['snortglobal']['rule'])) +{ + + $rule_array = $config['installedpackages']['snortglobal']['rule']; + $id = -1; + foreach ($rule_array as $value) { + + $id += 1; + + $result_lan = $config['installedpackages']['snortglobal']['rule'][$id]['interface']; + $if_real = convert_friendly_interface_to_real_interface_name2($result_lan); + $iface_uuid = $config['installedpackages']['snortglobal']['rule'][$id]['uuid']; + + /* make oinkmaster.conf for each interface rule */ + oinkmaster_conf($id, $if_real, $iface_uuid); + + /* run oinkmaster for each interface rule */ + oinkmaster_run($id, $if_real, $iface_uuid); + + } +} + ////////////// /* mark the time update finnished */ $config['installedpackages']['snortglobal']['last_rules_install'] = date("Y-M-jS-h:i-A"); /* remove old $tmpfname files */ -if (file_exists("{$tmpfname}")) { - echo "Cleaning up...\n"; - exec("/bin/rm -r /tmp/snort_rules_up"); -// apc_clear_cache(); +if (file_exists('/usr/local/etc/snort/tmp')) +{ + echo "Cleaning up...\n"; + exec("/bin/rm -r /usr/local/etc/snort/tmp/snort_rules_up"); + sleep(2); + exec("/bin/rm -r /usr/local/etc/snort/tmp/rules_bk"); + apc_clear_cache(); } /* php code to flush out cache some people are reportting missing files this might help */ @@ -743,26 +801,29 @@ sleep(2); apc_clear_cache(); exec("/bin/sync ;/bin/sync ;/bin/sync ;/bin/sync ;/bin/sync ;/bin/sync ;/bin/sync ;/bin/sync"); - /* make snort the owner */ - exec("/usr/sbin/chown -R snort:snort /var/log/snort"); - exec("/usr/sbin/chown -R snort:snort /usr/local/etc/snort"); - exec("/usr/sbin/chown -R snort:snort /usr/local/lib/snort"); - exec("/bin/chmod -R 755 /var/log/snort"); - exec("/bin/chmod -R 755 /usr/local/etc/snort"); - exec("/bin/chmod -R 755 /usr/local/lib/snort"); +/* make all dirs snorts */ +exec("/usr/sbin/chown -R snort:snort /var/log/snort"); +exec("/usr/sbin/chown -R snort:snort /usr/local/etc/snort"); +exec("/usr/sbin/chown -R snort:snort /usr/local/lib/snort"); +exec("/bin/chmod -R 755 /var/log/snort"); +exec("/bin/chmod -R 755 /usr/local/etc/snort"); +exec("/bin/chmod -R 755 /usr/local/lib/snort"); + /* if snort is running hardrestart, if snort is not running do nothing */ if (file_exists("/tmp/snort_download_halt.pid")) { exec("/bin/sh /usr/local/etc/rc.d/snort.sh start"); echo "The Rules update finished...\n"; echo "Snort has restarted with your new set of rules...\n"; - exec("/usr/bin/logger -p daemon.info -i -t SnortStartup 'SNORT RULE UPDATE FINNISHED...'"); exec("/bin/rm /tmp/snort_download_halt.pid"); } else { echo "The Rules update finished...\n"; - exec("/usr/bin/logger -p daemon.info -i -t SnortStartup 'SNORT RULE UPDATE FINNISHED...'"); + echo "You may start snort now...\n"; } +/* copy log to snortdir */ +exec('/bin/cp /tmp/snort_update.log /usr/local/etc/snort/snort_update.log'); + conf_mount_ro(); ?> diff --git a/config/snort/snort_download_rules.php b/config/snort/snort_download_rules.php index 2dd9a720..36000827 100644 --- a/config/snort/snort_download_rules.php +++ b/config/snort/snort_download_rules.php @@ -319,7 +319,7 @@ setTimeout($.unblockUI, 2000); conf_mount_rw(); if (!file_exists('/usr/local/etc/snort/tmp')) { - exec('/bin/mkdir /usr/local/etc/snort/tmp -p'); + exec('/bin/mkdir -p /usr/local/etc/snort/tmp'); } /* Set user agent to Mozilla */ @@ -610,7 +610,7 @@ if ($snortdownload != "off") update_status(gettext("Snortrule tar file exists...")); } else { unhide_progress_bar_status(); - update_status(gettext("There is a new set of Snort rules posted. Downloading...")); + update_status(gettext("There is a new set of Snort.org rules posted. Downloading...")); update_output_window(gettext("May take 4 to 10 min...")); // download_file_with_progress_bar("http://www.mtest.local/pub-bin/oinkmaster.cgi/{$oinkid}/snortrules-snapshot-2.8{$premium_subscriber}.tar.gz", $tmpfname . "/{$snort_filename}", "read_body_firmware"); download_file_with_progress_bar("http://dl.snort.org/{$premium_url}/snortrules-snapshot-2.8{$premium_subscriber}.tar.gz?oink_code={$oinkid}", $tmpfname . "/{$snort_filename}", "read_body_firmware"); @@ -749,7 +749,7 @@ if ($snortdownload != "off") exec("/bin/mv -f {$snortdir}/so_rules/web-activex.rules {$snortdir}/rules/snort_web-activex.so.rules"); exec("/bin/mv -f {$snortdir}/so_rules/web-client.rules {$snortdir}/rules/snort_web-client.so.rules"); exec("/bin/mv -f {$snortdir}/so_rules/web-iis.rules {$snortdir}/rules/snort_web-iis.so.rules"); - exec("/bin/mv -f {$snortdir}/so_rules/web.misc.rules {$snortdir}/rules/snort_web.misc.so.rules"); + exec("/bin/mv -f {$snortdir}/so_rules/web-misc.rules {$snortdir}/rules/snort_web-misc.so.rules"); exec("/bin/rm -r {$snortdir}/so_rules"); /* extract base etc files */ @@ -1010,7 +1010,6 @@ function oinkmaster_run($id, $if_real, $iface_uuid) { update_status(gettext("Your first set of rules are being copied...")); update_output_window(gettext("May take a while...")); - exec("/bin/echo \"test {$snortdir} {$snortdir_wan} {$iface_uuid}_{$if_real}\" > /root/debug"); exec("/bin/cp {$snortdir}/rules/* {$snortdir_wan}/snort_{$iface_uuid}_{$if_real}/rules/"); exec("/bin/cp {$snortdir}/classification.config {$snortdir_wan}/snort_{$iface_uuid}_{$if_real}"); exec("/bin/cp {$snortdir}/gen-msg.map {$snortdir_wan}/snort_{$iface_uuid}_{$if_real}"); @@ -1022,7 +1021,6 @@ function oinkmaster_run($id, $if_real, $iface_uuid) }else{ update_status(gettext("Your enable and disable changes are being applied to your fresh set of rules...")); update_output_window(gettext("May take a while...")); - exec("/bin/echo \"test2 {$snortdir} {$snortdir_wan} {$iface_uuid}_{$if_real}\" > /root/debug"); exec("/bin/cp {$snortdir}/rules/* {$snortdir_wan}/snort_{$iface_uuid}_{$if_real}/rules/"); exec("/bin/cp {$snortdir}/classification.config {$snortdir_wan}/snort_{$iface_uuid}_{$if_real}"); exec("/bin/cp {$snortdir}/gen-msg.map {$snortdir_wan}/snort_{$iface_uuid}_{$if_real}"); diff --git a/config/snort/snort_interfaces_suppress.php b/config/snort/snort_interfaces_suppress.php index 3f67cca8..e2793664 100644 --- a/config/snort/snort_interfaces_suppress.php +++ b/config/snort/snort_interfaces_suppress.php @@ -35,6 +35,7 @@ POSSIBILITY OF SUCH DAMAGE.
*/
+/* make sure I need these includes */
require("guiconfig.inc");
diff --git a/config/snort/snort_interfaces_suppress_edit.php b/config/snort/snort_interfaces_suppress_edit.php index 5b9553f1..84be8c90 100644 --- a/config/snort/snort_interfaces_suppress_edit.php +++ b/config/snort/snort_interfaces_suppress_edit.php @@ -35,6 +35,7 @@ POSSIBILITY OF SUCH DAMAGE.
*/
+/* make sure I need these includes */
require_once("guiconfig.inc");
require_once("/usr/local/pkg/snort/snort.inc");
require_once("/usr/local/pkg/snort/snort_gui.inc");
diff --git a/config/snort/snort_interfaces_whitelist.php b/config/snort/snort_interfaces_whitelist.php index 87da2f57..81011d85 100644 --- a/config/snort/snort_interfaces_whitelist.php +++ b/config/snort/snort_interfaces_whitelist.php @@ -35,6 +35,7 @@ POSSIBILITY OF SUCH DAMAGE.
*/
+/* make sure I need these includes */
require("guiconfig.inc");
diff --git a/config/snort/snort_interfaces_whitelist_edit.php b/config/snort/snort_interfaces_whitelist_edit.php index ef96c429..2a335c01 100644 --- a/config/snort/snort_interfaces_whitelist_edit.php +++ b/config/snort/snort_interfaces_whitelist_edit.php @@ -35,6 +35,8 @@ POSSIBILITY OF SUCH DAMAGE.
*/
+
+/* make sure I need these includes */
require_once("guiconfig.inc");
require_once("/usr/local/pkg/snort/snort.inc");
require_once("/usr/local/pkg/snort/snort_gui.inc");
|