aboutsummaryrefslogtreecommitdiffstats
path: root/config/snort
diff options
context:
space:
mode:
Diffstat (limited to 'config/snort')
-rw-r--r--config/snort/snort.inc2
-rw-r--r--config/snort/snort_check_for_rule_updates.php815
-rw-r--r--config/snort/snort_download_rules.php8
-rw-r--r--config/snort/snort_interfaces_suppress.php1
-rw-r--r--config/snort/snort_interfaces_suppress_edit.php1
-rw-r--r--config/snort/snort_interfaces_whitelist.php1
-rw-r--r--config/snort/snort_interfaces_whitelist_edit.php2
7 files changed, 447 insertions, 383 deletions
diff --git a/config/snort/snort.inc b/config/snort/snort.inc
index 6348fd6e..035865e2 100644
--- a/config/snort/snort.inc
+++ b/config/snort/snort.inc
@@ -870,7 +870,7 @@ function snort_rules_up_install_cron($should_install) {
$cron_item['month'] = "$snort_rules_up_month";
$cron_item['wday'] = "$snort_rules_up_wday";
$cron_item['who'] = "root";
- $cron_item['command'] = "/usr/bin/nice -n20 /usr/local/bin/php -f /usr/local/pkg/snort/snort_check_for_rule_updates.php >> /usr/local/etc/snort/snort_update.log";
+ $cron_item['command'] = "/usr/bin/nice -n20 /usr/local/bin/php -f /usr/local/pkg/snort/snort_check_for_rule_updates.php >> /tmp/snort_update.log";
$config['cron']['item'][] = $cron_item;
write_config("Installed 15 minute filter reload for Time Based Rules");
configure_cron();
diff --git a/config/snort/snort_check_for_rule_updates.php b/config/snort/snort_check_for_rule_updates.php
index e22c1b06..ba953c73 100644
--- a/config/snort/snort_check_for_rule_updates.php
+++ b/config/snort/snort_check_for_rule_updates.php
@@ -29,7 +29,7 @@
*/
/* Setup enviroment */
-$tmpfname = "/tmp/snort_rules_up";
+$tmpfname = "/usr/local/etc/snort/tmp/snort_rules_up";
$snortdir = "/usr/local/etc/snort";
$snortdir_wan = "/usr/local/etc/snort";
$snort_filename_md5 = "snortrules-snapshot-2.8.tar.gz.md5";
@@ -42,6 +42,73 @@ $pfsense_rules_filename = "pfsense_rules.tar.gz";
require_once("globals.inc");
require_once("/usr/local/pkg/snort/snort.inc");
+//////////////////////////////
+
+
+function download_file_with_progress_bar2($url_file, $destination_file) {
+ global $ch, $fout, $file_size, $downloaded, $pkg_interface;
+ $file_size = 1;
+ $downloaded = 1;
+ /* open destination file */
+ $fout = fopen($destination_file, "wb");
+
+ /*
+ * Originally by Author: Keyvan Minoukadeh
+ * Modified by Scott Ullrich to return Content-Length size
+ */
+
+ $ch = curl_init();
+ curl_setopt($ch, CURLOPT_URL, $url_file);
+ curl_setopt($ch, CURLOPT_HEADERFUNCTION, 'read_header2');
+ curl_setopt($ch, CURLOPT_WRITEFUNCTION, 'read_body2');
+ curl_setopt($ch, CURLOPT_NOPROGRESS, '1');
+ curl_setopt($ch, CURLOPT_TIMEOUT, 0);
+
+ curl_exec($ch);
+ $http_code = curl_getinfo($ch, CURLINFO_HTTP_CODE);
+ if($fout)
+ fclose($fout);
+ curl_close($ch);
+ return ($http_code == 200) ? true : $http_code;
+}
+
+function read_header2($ch, $string) {
+ global $file_size, $fout;
+ $length = strlen($string);
+ $regs = "";
+ ereg("(Content-Length:) (.*)", $string, $regs);
+ if($regs[2] <> "") {
+ $file_size = intval($regs[2]);
+ }
+ ob_flush();
+ return $length;
+}
+
+function read_body2($ch, $string) {
+ global $fout, $file_size, $downloaded, $sendto, $static_status, $static_output, $lastseen, $pkg_interface;
+ $length = strlen($string);
+ $downloaded += intval($length);
+ $downloadProgress = round(100 * (1 - $downloaded / $file_size), 0);
+ $downloadProgress = 100 - $downloadProgress;
+ if($lastseen <> $downloadProgress and $downloadProgress < 101) {
+ if($sendto == "status") {
+ $tostatus = $static_status . $downloadProgress . "%";
+ echo "$tostatus";
+ } else {
+ $tooutput = $static_output . $downloadProgress . "%";
+ echo "$tooutput";
+ }
+ echo "$downloadProgress";
+ $lastseen = $downloadProgress;
+ }
+ if($fout)
+ fwrite($fout, $string);
+ ob_flush();
+ return $length;
+}
+
+//////////////////////////////
+
/* define checks */
$oinkid = $config['installedpackages']['snortglobal']['oinkmastercode'];
$snortdownload = $config['installedpackages']['snortglobal']['snortdownload'];
@@ -61,8 +128,6 @@ if ($snortdownload != "on" && $emergingthreats != "on")
exit;
}
-conf_mount_rw();
-
/* Time stamps define */
$last_md5_download = $config['installedpackages']['snortglobal']['last_md5_download'];
$last_rules_install = $config['installedpackages']['snortglobal']['last_rules_install'];
@@ -77,6 +142,12 @@ echo "\n\n";
exec("/usr/bin/logger -p daemon.info -i -t SnortStartup 'Checking for needed updates...'");
/* Begin main code */
+conf_mount_rw();
+
+if (!file_exists('/usr/local/etc/snort/tmp')) {
+ exec('/bin/mkdir -p /usr/local/etc/snort/tmp');
+}
+
/* Set user agent to Mozilla */
ini_set('user_agent','Mozilla/4.0 (compatible; MSIE 6.0)');
ini_set("memory_limit","125M");
@@ -88,11 +159,6 @@ $config['installedpackages']['snortglobal']['last_md5_download'] = date("Y-M-jS-
ob_flush();
conf_mount_rw();
-/* premium_subscriber check */
-//unset($config['installedpackages']['snort']['config'][0]['subscriber']);
-//write_config(); // Will cause switch back to read-only on nanobsd
-//conf_mount_rw(); // Uncomment this if the previous line is uncommented
-
$premium_subscriber_chk = $config['installedpackages']['snortglobal']['snortdownload'];
if ($premium_subscriber_chk == "premium") {
@@ -123,6 +189,7 @@ if (file_exists("{$tmpfname}")) {
exec("/bin/mkdir -p {$snortdir}");
exec("/bin/mkdir -p {$snortdir}/rules");
exec("/bin/mkdir -p {$snortdir}/signatures");
+exec("/bin/mkdir -p /usr/local/lib/snort/dynamicrules/");
/* send current buffer */
ob_flush();
@@ -136,35 +203,39 @@ if (file_exists($tmpfname)) {
}
/* download md5 sig from snort.org */
-if (file_exists("{$tmpfname}/{$snort_filename_md5}")) {
- echo "md5 temp file exists...\n";
-} else {
- echo "Downloading md5 file...\n";
- ini_set('user_agent','Mozilla/4.0 (compatible; MSIE 6.0)');
- $image = @file_get_contents("http://dl.snort.org/{$premium_url}/snortrules-snapshot-2.8{$premium_subscriber}.tar.gz.md5?oink_code={$oinkid}");
+if ($snortdownload == "basic" || $snortdownload == "premium")
+{
+ if (file_exists("{$tmpfname}/{$snort_filename_md5}") &&
+ filesize("{$tmpfname}/{$snort_filename_md5}") > 0) {
+ echo "snort.org md5 temp file exists...\n";
+ } else {
+ echo "Downloading snort.org md5 file...\n";
+ ini_set('user_agent','Mozilla/4.0 (compatible; MSIE 6.0)');
+ $image = @file_get_contents("http://dl.snort.org/{$premium_url}/snortrules-snapshot-2.8{$premium_subscriber}.tar.gz.md5?oink_code={$oinkid}");
// $image = @file_get_contents("http://www.mtest.local/pub-bin/oinkmaster.cgi/{$oinkid}/snortrules-snapshot-2.8{$premium_subscriber}.tar.gz.md5");
- $f = fopen("{$tmpfname}/snortrules-snapshot-2.8.tar.gz.md5", 'w');
- fwrite($f, $image);
- fclose($f);
- echo "Done. downloading md5\n";
+ $f = fopen("{$tmpfname}/snortrules-snapshot-2.8.tar.gz.md5", 'w');
+ fwrite($f, $image);
+ fclose($f);
+ echo "Done downloading snort.org md5\n";
+ }
}
/* download md5 sig from emergingthreats.net */
-$emergingthreats_url_chk = $config['installedpackages']['snortglobal']['emergingthreats'];
-if ($emergingthreats_url_chk == on) {
- echo "Downloading md5 file...\n";
- ini_set('user_agent','Mozilla/4.0 (compatible; MSIE 6.0)');
- $image = @file_get_contents("http://www.emergingthreats.net/version.txt");
+if ($emergingthreats == "on")
+{
+ echo "Downloading emergingthreats md5 file...\n";
+ ini_set('user_agent','Mozilla/4.0 (compatible; MSIE 6.0)');
+ $image = @file_get_contents("http://www.emergingthreats.net/version.txt");
// $image = @file_get_contents("http://www.mtest.local/pub-bin/oinkmaster.cgi/{$oinkid}/version.txt");
- $f = fopen("{$tmpfname}/version.txt", 'w');
- fwrite($f, $image);
- fclose($f);
- echo "Done. downloading md5\n";
+ $f = fopen("{$tmpfname}/version.txt", 'w');
+ fwrite($f, $image);
+ fclose($f);
+ echo "Done downloading emergingthreats md5\n";
}
/* download md5 sig from pfsense.org */
if (file_exists("{$tmpfname}/{$pfsense_rules_filename_md5}")) {
- echo "md5 temp file exists...\n";
+ echo "pfsense md5 temp file exists...\n";
} else {
echo "Downloading pfsense md5 file...\n";
ini_set('user_agent','Mozilla/4.0 (compatible; MSIE 6.0)');
@@ -173,15 +244,19 @@ if (file_exists("{$tmpfname}/{$pfsense_rules_filename_md5}")) {
$f = fopen("{$tmpfname}/pfsense_rules.tar.gz.md5", 'w');
fwrite($f, $image);
fclose($f);
- echo "Done. downloading md5\n";
+ echo "Done downloading pfsense md5.\n";
}
/* If md5 file is empty wait 15min exit */
-if (0 == filesize("{$tmpfname}/snortrules-snapshot-2.8.tar.gz.md5")){
- echo "Please wait... You may only check for New Rules every 15 minutes...\n";
- echo "Rules are released every month from snort.org. You may download the Rules at any time.\n";
- exec("/usr/bin/logger -p daemon.info -i -t SnortStartup 'Please wait... You may only check for New Rules every 15 minutes...'");
- exit(0);
+if ($snortdownload != "off")
+{
+ if (0 == filesize("{$tmpfname}/snortrules-snapshot-2.8.tar.gz.md5"))
+ {
+ echo "Please wait... You may only check for New Rules every 15 minutes...\n";
+ echo "Rules are released every month from snort.org. You may download the Rules at any time.\n";
+ conf_mount_ro();
+ exit(0);
+ }
}
/* If emergingthreats md5 file is empty wait 15min exit not needed */
@@ -190,171 +265,159 @@ if (0 == filesize("{$tmpfname}/snortrules-snapshot-2.8.tar.gz.md5")){
if (0 == filesize("{$tmpfname}/$pfsense_rules_filename_md5")){
echo "Please wait... You may only check for New Pfsense Rules every 15 minutes...\n";
echo "Rules are released to support Pfsense packages.\n";
- exec("/usr/bin/logger -p daemon.info -i -t SnortStartup 'Please wait... You may only check for New Pfsense Rules every 15 minutes...'");
+conf_mount_ro();
exit(0);
}
/* Check if were up to date snort.org */
-if (file_exists("{$snortdir}/snortrules-snapshot-2.8.tar.gz.md5")){
-$md5_check_new_parse = file_get_contents("{$tmpfname}/{$snort_filename_md5}");
-$md5_check_new = `/bin/echo "{$md5_check_new_parse}" | /usr/bin/awk '{ print $1 }'`;
-$md5_check_old_parse = file_get_contents("{$snortdir}/{$snort_filename_md5}");
-$md5_check_old = `/bin/echo "{$md5_check_old_parse}" | /usr/bin/awk '{ print $1 }'`;
-/* Write out time of last sucsessful md5 to cache */
-write_config(); // Will cause switch back to read-only on nanobsd
-conf_mount_rw();
-if ($md5_check_new == $md5_check_old) {
- echo "Your rules are up to date...\n";
- echo "You may start Snort now, check update.\n";
+if ($snortdownload != "off")
+{
+ if (file_exists("{$snortdir}/snortrules-snapshot-2.8.tar.gz.md5"))
+ {
+ $md5_check_new_parse = file_get_contents("{$tmpfname}/{$snort_filename_md5}");
+ $md5_check_new = `/bin/echo "{$md5_check_new_parse}" | /usr/bin/awk '{ print $1 }'`;
+ $md5_check_old_parse = file_get_contents("{$snortdir}/{$snort_filename_md5}");
+ $md5_check_old = `/bin/echo "{$md5_check_old_parse}" | /usr/bin/awk '{ print $1 }'`;
+ /* Write out time of last sucsessful md5 to cache */
+ write_config(); // Will cause switch back to read-only on nanobsd
+ conf_mount_rw();
+ if ($md5_check_new == $md5_check_old)
+ {
+ echo "Your rules are up to date...\n";
+ echo "You may start Snort now, check update.\n";
$snort_md5_check_ok = on;
- exec("/usr/bin/logger -p daemon.info -i -t SnortStartup 'Your snort rules are up to date...'");
- }
+ }
+ }
}
/* Check if were up to date emergingthreats.net */
-$emergingthreats_url_chk = $config['installedpackages']['snortglobal']['emergingthreats'];
-if ($emergingthreats_url_chk == on) {
-if (file_exists("{$snortdir}/version.txt")){
-$emerg_md5_check_new_parse = file_get_contents("{$tmpfname}/version.txt");
-$emerg_md5_check_new = `/bin/echo "{$emerg_md5_check_new_parse}" | /usr/bin/awk '{ print $1 }'`;
-$emerg_md5_check_old_parse = file_get_contents("{$snortdir}/version.txt");
-$emerg_md5_check_old = `/bin/echo "{$emerg_md5_check_old_parse}" | /usr/bin/awk '{ print $1 }'`;
-/* Write out time of last sucsessful md5 to cache */
-write_config(); // Will cause switch back to read-only on nanobsd
-conf_mount_rw();
-if ($emerg_md5_check_new == $emerg_md5_check_old) {
- echo "Your emergingthreats rules are up to date...\n";
- echo "You may start Snort now, check update.\n";
- $emerg_md5_check_chk_ok = on;
- exec("/usr/bin/logger -p daemon.info -i -t SnortStartup 'Your emergingthreats rules are up to date...'");
- }
- }
+if ($emergingthreats == "on")
+{
+ if (file_exists("{$snortdir}/version.txt"))
+ {
+ $emerg_md5_check_new_parse = file_get_contents("{$tmpfname}/version.txt");
+ $emerg_md5_check_new = `/bin/echo "{$emerg_md5_check_new_parse}" | /usr/bin/awk '{ print $1 }'`;
+ $emerg_md5_check_old_parse = file_get_contents("{$snortdir}/version.txt");
+ $emerg_md5_check_old = `/bin/echo "{$emerg_md5_check_old_parse}" | /usr/bin/awk '{ print $1 }'`;
+ /* Write out time of last sucsessful md5 to cache */
+ // Will cause switch back to read-only on nanobsd
+ write_config();
+ conf_mount_rw();
+ if ($emerg_md5_check_new == $emerg_md5_check_old)
+ {
+ $emerg_md5_check_ok = on;
+ }
+ }
}
/* Check if were up to date pfsense.org */
-if (file_exists("{$snortdir}/$pfsense_rules_filename_md5")){
-$pfsense_md5_check_new_parse = file_get_contents("{$tmpfname}/{$snort_filename_md5}");
-$pfsense_md5_check_new = `/bin/echo "{$pfsense_md5_check_new_parse}" | /usr/bin/awk '{ print $1 }'`;
-$pfsense_md5_check_old_parse = file_get_contents("{$snortdir}/{$snort_filename_md5}");
-$pfsense_md5_check_old = `/bin/echo "{$md5_check_old_parse}" | /usr/bin/awk '{ print $1 }'`;
-if ($pfsense_md5_check_new == $pfsense_md5_check_old) {
+ if (file_exists("{$snortdir}/pfsense_rules.tar.gz.md5"))
+ {
+ $pfsense_check_new_parse = file_get_contents("{$tmpfname}/pfsense_rules.tar.gz.md5");
+ $pfsense_md5_check_new = `/bin/echo "{$pfsense_md5_check_new_parse}" | /usr/bin/awk '{ print $1 }'`;
+ $pfsense_md5_check_old_parse = file_get_contents("{$snortdir}/pfsense_rules.tar.gz.md5");
+ $pfsense_md5_check_old = `/bin/echo "{$pfsense_md5_check_old_parse}" | /usr/bin/awk '{ print $1 }'`;
+ /* Write out time of last sucsessful md5 to cache */
+ // Will cause switch back to read-only on nanobsd
+ write_config();
+ conf_mount_rw();
+ if ($pfsense_md5_check_new == $pfsense_md5_check_old)
+ {
$pfsense_md5_check_ok = on;
- exec("/usr/bin/logger -p daemon.info -i -t SnortStartup 'Your pfsense rules are up to date...'");
- }
-}
+ }
+ }
-/* Make Clean Snort Directory emergingthreats not checked */
-if ($snort_md5_check_ok == on && $emergingthreats_url_chk != on) {
- update_status(gettext("Cleaning the snort Directory..."));
- update_output_window(gettext("removing..."));
- exec("/bin/rm {$snortdir}/rules/emerging*");
- exec("/bin/rm {$snortdir}/version.txt");
- exec("/bin/rm {$snortdir_wan}/rules/emerging*");
- exec("/bin/rm {$snortdir_wan}/version.txt");
- echo "Done making cleaning emrg direcory.\n";
+/* Check if were up to date is so, exit */
+/* WARNING This code needs constant checks */
+if ($snortdownload != "off" && $emergingthreats != "off")
+{
+ if ($snort_md5_check_ok == "on" && $emerg_md5_check_ok == "on")
+ {
+ echo "All your rules are up to date...\n";
+ echo "You may start Snort now...\n";
+ conf_mount_ro();
+ exit(0);
+ }
}
-/* Check if were up to date exits */
-if ($snort_md5_check_ok == on && $emerg_md5_check_chk_ok == on && $pfsense_md5_check_ok == on) {
- echo "Your emergingthreats rules are up to date...\n";
- exec("/usr/bin/logger -p daemon.info -i -t SnortStartup 'Your emergingthreats rules are up to date...'");
- exit(0);
+if ($snortdownload == "on" && $emergingthreats == "off")
+{
+ if ($snort_md5_check_ok == "on")
+ {
+ echo "Your snort.org rules are up to date...\n";
+ echo "You may start Snort now...\n";
+ conf_mount_ro();
+ exit(0);
+ }
}
-if ($snort_md5_check_ok == on && $pfsense_md5_check_ok == on && $emergingthreats_url_chk != on) {
- echo "Your pfsense rules are up to date...\n";
- exec("/usr/bin/logger -p daemon.info -i -t SnortStartup 'Your pfsense rules are up to date...'");
- exit(0);
+if ($snortdownload == "off" && $emergingthreats == "on")
+{
+ if ($emerg_md5_check_ok == "on")
+ {
+ echo "Your Emergingthreats rules are up to date...\n";
+ echo "You may start Snort now...\n";
+ conf_mount_ro();
+ exit(0);
+ }
}
/* You are Not Up to date, always stop snort when updating rules for low end machines */;
echo "You are NOT up to date...\n";
-echo "Stopping All Snort Package services...\n";
-exec("/usr/bin/logger -p daemon.info -i -t SnortStartup 'SNORT RULES ARE OUT OF DATE, UPDATING...'");
-exec("/usr/bin/logger -p daemon.info -i -t SnortStartup 'Stopping All Snort Package Services...'");
+echo "Stopping Snort service...\n";
$chk_if_snort_up = exec("pgrep -x snort");
if ($chk_if_snort_up != "") {
-
-
- exec("/usr/bin/touch /tmp/snort_download_halt.pid");
-
- /* dont flood the syslog code */
- exec("/bin/cp /var/log/system.log /var/log/system.log.bk");
- sleep(3);
-
- exec("/usr/bin/killall snort");
- exec("/bin/rm /var/run/snort*");
- sleep(2);
- exec("/usr/bin/killall barnyard2");
- exec("/bin/rm /var/run/barnyard2*");
-
- /* stop syslog flood code */
- exec("/bin/cp /var/log/system.log /var/log/snort/snort_sys_rules_update.log");
- exec("/usr/bin/killall syslogd");
- exec("/usr/sbin/clog -i -s 262144 /var/log/system.log");
- exec("/usr/sbin/syslogd -c -ss -f /var/etc/syslog.conf");
- sleep(2);
- exec("/bin/cp /var/log/system.log.bk /var/log/system.log");
- $after_mem = exec("/usr/bin/top | /usr/bin/grep Wired | /usr/bin/awk '{ print $2 }'");
- exec("/usr/bin/logger -p daemon.info -i -t SnortStartup 'MEM after snort STOP {$after_mem}'");
-
+ exec("/usr/bin/touch /tmp/snort_download_halt.pid");
+ exec("/bin/sh /usr/local/etc/rc.d/snort.sh stop");
+ sleep(2);
}
/* download snortrules file */
-if ($snort_md5_check_ok != on) {
-if (file_exists("{$tmpfname}/{$snort_filename}")) {
- echo "Snortrule tar file exists...\n";
-} else {
- echo "There is a new set of Snort rules posted. Downloading...\n";
- echo "May take 4 to 10 min...\n";
- ini_set('user_agent','Mozilla/4.0 (compatible; MSIE 6.0)');
- $image = @file_get_contents("http://dl.snort.org/{$premium_url}/snortrules-snapshot-2.8{$premium_subscriber}.tar.gz?oink_code={$oinkid}");
-// $image = @file_get_contents("http://www.mtest.local/pub-bin/oinkmaster.cgi/{$oinkid}/snortrules-snapshot-2.8{$premium_subscriber}.tar.gz");
- $f = fopen("{$tmpfname}/snortrules-snapshot-2.8.tar.gz", 'w');
- fwrite($f, $image);
- fclose($f);
- echo "Done downloading rules file.\n";
- if (150000 > filesize("{$tmpfname}/$snort_filename")){
- echo "Error with the snort rules download...\n";
- echo "Snort rules file downloaded failed...\n";
- exit(0);
- }
- }
+if ($snortdownload != "off")
+{
+ if ($snort_md5_check_ok != on) {
+ if (file_exists("{$tmpfname}/{$snort_filename}")) {
+ echo "Snortrule tar file exists...\n";
+ } else {
+ echo "There is a new set of Snort.org rules posted. Downloading...\n";
+ echo "May take 4 to 10 min...\n";
+ download_file_with_progress_bar2("http://dl.snort.org/{$premium_url}/snortrules-snapshot-2.8{$premium_subscriber}.tar.gz?oink_code={$oinkid}", $tmpfname . "/{$snort_filename}");
+ echo "Done downloading rules file.\n";
+ if (150000 > filesize("{$tmpfname}/{$snort_filename}")){
+ echo "Error with the snort rules download...\n";
+ echo "Snort rules file downloaded failed...\n";
+ conf_mount_ro();
+ exit(0);
+ }
+ }
+ }
}
-
+
/* download emergingthreats rules file */
-if ($emergingthreats_url_chk == on) {
-if ($emerg_md5_check_chk_ok != on) {
-if (file_exists("{$tmpfname}/{$emergingthreats_filename}")) {
- echo "Emergingthreats tar file exists...\n";
-} else {
- echo "There is a new set of Emergingthreats rules posted. Downloading...\n";
- echo "May take 4 to 10 min...\n";
- ini_set('user_agent','Mozilla/4.0 (compatible; MSIE 6.0)');
- $image = @file_get_contents("http://www.emergingthreats.net/rules/emerging.rules.tar.gz");
-// $image = @file_get_contents("http://www.emergingthreats.net/rules/emerging.rules.tar.gz");
- $f = fopen("{$tmpfname}/emerging.rules.tar.gz", 'w');
- fwrite($f, $image);
- fclose($f);
- echo "Done downloading Emergingthreats rules file.\n";
- }
- }
- }
+if ($emergingthreats == "on")
+{
+ if ($emerg_md5_check_ok != on)
+ {
+ if (file_exists("{$tmpfname}/{$emergingthreats_filename}"))
+ {
+ echo "Emergingthreats tar file exists...\n";
+ }else{
+ echo "There is a new set of Emergingthreats rules posted. Downloading...\n";
+ echo "May take 4 to 10 min...\n";
+ download_file_with_progress_bar2("http://www.emergingthreats.net/rules/emerging.rules.tar.gz", $tmpfname . "/{$emergingthreats_filename}");
+ echo "Done downloading Emergingthreats rules file.\n";
+ }
+ }
+}
/* download pfsense rules file */
if ($pfsense_md5_check_ok != on) {
if (file_exists("{$tmpfname}/{$pfsense_rules_filename}")) {
echo "Snortrule tar file exists...\n";
} else {
-
echo "There is a new set of Pfsense rules posted. Downloading...\n";
- echo "May take 4 to 10 min...\n";
- ini_set('user_agent','Mozilla/4.0 (compatible; MSIE 6.0)');
- $image = @file_get_contents("http://www.pfsense.com/packages/config/snort/pfsense_rules/pfsense_rules.tar.gz");
-// $image = @file_get_contents("http://www.mtest.local/pub-bin/oinkmaster.cgi/{$oinkid}/pfsense_rules.tar.gz");
- $f = fopen("{$tmpfname}/pfsense_rules.tar.gz", 'w');
- fwrite($f, $image);
- fclose($f);
+ echo "May take 4 to 10 min...\n";
+ download_file_with_progress_bar2("http://www.pfsense.com/packages/config/snort/pfsense_rules/pfsense_rules.tar.gz", $tmpfname . "/{$pfsense_rules_filename}");
echo "Done downloading rules file.\n";
}
}
@@ -388,44 +451,88 @@ if (file_exists("{$tmpfname}/{$pfsense_rules_filename}")) {
//}
/* Untar snort rules file individually to help people with low system specs */
-if ($snort_md5_check_ok != on) {
-if (file_exists("{$tmpfname}/{$snort_filename}")) {
- echo "Extracting rules...\n";
- echo "May take a while...\n";
- exec("/usr/bin/tar xzf {$tmpfname}/{$snort_filename} -C {$snortdir} rules/" .
- " etc/" .
- " so_rules/precompiled/FreeBSD-7.0/i386/2.8.4" .
- " so_rules/bad-traffic.rules/" .
- " so_rules/chat.rules/" .
- " so_rules/dos.rules/" .
- " so_rules/exploit.rules/" .
- " so_rules/imap.rules/" .
- " so_rules/misc.rules/" .
- " so_rules/multimedia.rules/" .
- " so_rules/netbios.rules/" .
- " so_rules/nntp.rules/" .
- " so_rules/p2p.rules/" .
- " so_rules/smtp.rules/" .
- " so_rules/sql.rules/" .
- " so_rules/web-client.rules/" .
- " so_rules/web-misc.rules/");
- echo "Done extracting Rules.\n";
-} else {
- echo "The Download rules file missing...\n";
- echo "Error rules extracting failed...\n";
- exit(0);
- }
+if ($snortdownload != "off")
+{
+ if ($snort_md5_check_ok != on) {
+ if (file_exists("{$tmpfname}/{$snort_filename}")) {
+ echo "Extracting Snort.org rules...\n";
+ echo "May take a while...\n";
+ /* extract snort.org rules and add prefix to all snort.org files*/
+ exec("/bin/rm -r {$snortdir}/rules");
+ sleep(2);
+ exec("/usr/bin/tar xzf {$tmpfname}/{$snort_filename} -C {$snortdir} rules/");
+ chdir ("/usr/local/etc/snort/rules");
+ sleep(2);
+ exec('/usr/local/bin/perl /usr/local/bin/snort_rename.pl s/^/snort_/ *.rules');
+ /* extract so rules */
+ exec("/usr/bin/tar xzf {$tmpfname}/{$snort_filename} -C {$snortdir} so_rules/precompiled/FreeBSD-7.0/i386/2.8.5.3/");
+ exec('/bin/mkdir -p /usr/local/lib/snort/dynamicrules/');
+ exec("/bin/mv -f {$snortdir}/so_rules/precompiled/FreeBSD-7.0/i386/2.8.5.3/* /usr/local/lib/snort/dynamicrules/");
+ /* extract so rules none bin and rename */
+ exec("/usr/bin/tar xzf {$tmpfname}/{$snort_filename} -C {$snortdir} so_rules/bad-traffic.rules/" .
+ " so_rules/chat.rules/" .
+ " so_rules/dos.rules/" .
+ " so_rules/exploit.rules/" .
+ " so_rules/icmp.rules/" .
+ " so_rules/imap.rules/" .
+ " so_rules/misc.rules/" .
+ " so_rules/multimedia.rules/" .
+ " so_rules/netbios.rules/" .
+ " so_rules/nntp.rules/" .
+ " so_rules/p2p.rules/" .
+ " so_rules/smtp.rules/" .
+ " so_rules/sql.rules/" .
+ " so_rules/web-activex.rules/" .
+ " so_rules/web-client.rules/" .
+ " so_rules/web-iis.rules/" .
+ " so_rules/web-misc.rules/");
+
+ exec("/bin/mv -f {$snortdir}/so_rules/bad-traffic.rules {$snortdir}/rules/snort_bad-traffic.so.rules");
+ exec("/bin/mv -f {$snortdir}/so_rules/chat.rules {$snortdir}/rules/snort_chat.so.rules");
+ exec("/bin/mv -f {$snortdir}/so_rules/dos.rules {$snortdir}/rules/snort_dos.so.rules");
+ exec("/bin/mv -f {$snortdir}/so_rules/exploit.rules {$snortdir}/rules/snort_exploit.so.rules");
+ exec("/bin/mv -f {$snortdir}/so_rules/icmp.rules {$snortdir}/rules/snort_icmp.so.rules");
+ exec("/bin/mv -f {$snortdir}/so_rules/imap.rules {$snortdir}/rules/snort_imap.so.rules");
+ exec("/bin/mv -f {$snortdir}/so_rules/misc.rules {$snortdir}/rules/snort_misc.so.rules");
+ exec("/bin/mv -f {$snortdir}/so_rules/multimedia.rules {$snortdir}/rules/snort_multimedia.so.rules");
+ exec("/bin/mv -f {$snortdir}/so_rules/netbios.rules {$snortdir}/rules/snort_netbios.so.rules");
+ exec("/bin/mv -f {$snortdir}/so_rules/nntp.rules {$snortdir}/rules/snort_nntp.so.rules");
+ exec("/bin/mv -f {$snortdir}/so_rules/p2p.rules {$snortdir}/rules/snort_p2p.so.rules");
+ exec("/bin/mv -f {$snortdir}/so_rules/smtp.rules {$snortdir}/rules/snort_smtp.so.rules");
+ exec("/bin/mv -f {$snortdir}/so_rules/sql.rules {$snortdir}/rules/snort_sql.so.rules");
+ exec("/bin/mv -f {$snortdir}/so_rules/web-activex.rules {$snortdir}/rules/snort_web-activex.so.rules");
+ exec("/bin/mv -f {$snortdir}/so_rules/web-client.rules {$snortdir}/rules/snort_web-client.so.rules");
+ exec("/bin/mv -f {$snortdir}/so_rules/web-iis.rules {$snortdir}/rules/snort_web-iis.so.rules");
+ exec("/bin/mv -f {$snortdir}/so_rules/web-misc.rules {$snortdir}/rules/snort_web-misc.so.rules");
+ exec("/bin/rm -r {$snortdir}/so_rules");
+
+ /* extract base etc files */
+ exec("/usr/bin/tar xzf {$tmpfname}/{$snort_filename} -C {$snortdir} etc/");
+ exec("/bin/mv -f {$snortdir}/etc/* {$snortdir}");
+ exec("/bin/rm -r {$snortdir}/etc");
+
+ echo "Done extracting Snort.org Rules.\n";
+ }else{
+ echo "Error extracting Snort.org Rules...\n";
+ echo "Error Line 453\n";
+ conf_mount_ro();
+ exit(0);
+ }
+ }
}
/* Untar emergingthreats rules to tmp */
-if ($emergingthreats_url_chk == on) {
-if ($emerg_md5_check_chk_ok != on) {
-if (file_exists("{$tmpfname}/{$emergingthreats_filename}")) {
- echo "Extracting rules...\n";
- echo "May take a while...\n";
- exec("/usr/bin/tar xzf {$tmpfname}/{$emergingthreats_filename} -C {$snortdir} rules/");
- }
- }
+if ($emergingthreats == "on")
+{
+ if ($emerg_md5_check_ok != on)
+ {
+ if (file_exists("{$tmpfname}/{$emergingthreats_filename}"))
+ {
+ echo "Extracting rules...\n";
+ echo "May take a while...\n";
+ exec("/usr/bin/tar xzf {$tmpfname}/{$emergingthreats_filename} -C {$snortdir} rules/");
+ }
+ }
}
/* Untar Pfsense rules to tmp */
@@ -450,100 +557,38 @@ if ($premium_url_chk == on) {
}
}
-/* Make Clean Snort Directory */
-//if ($snort_md5_check_ok != on && $emerg_md5_check_chk_ok != on && $pfsense_md5_check_ok != on) {
-//if (file_exists("{$snortdir}/rules")) {
-// update_status(gettext("Cleaning the snort Directory..."));
-// update_output_window(gettext("removing..."));
-// exec("/bin/mkdir -p {$snortdir}");
-// exec("/bin/mkdir -p {$snortdir}/rules");
-// exec("/bin/mkdir -p {$snortdir}/signatures");
-// exec("/bin/rm {$snortdir}/*");
-// exec("/bin/rm {$snortdir}/rules/*");
-// exec("/bin/rm {$snortdir_wan}/*");
-// exec("/bin/rm {$snortdir_wan}/rules/*");
-
-// exec("/bin/rm /usr/local/lib/snort/dynamicrules/*");
-//} else {
-// update_status(gettext("Making Snort Directory..."));
-// update_output_window(gettext("should be fast..."));
-// exec("/bin/mkdir -p {$snortdir}");
-// exec("/bin/mkdir -p {$snortdir}/rules");
-// exec("/bin/rm {$snortdir_wan}/*");
-// exec("/bin/rm {$snortdir_wan}/rules/*");
-// exec("/bin/rm /usr/local/lib/snort/dynamicrules/\*");
-// update_status(gettext("Done making snort direcory."));
-// }
-//}
-
-/* Copy so_rules dir to snort lib dir */
-/* Disabled untill I figure out why there is a segment falut core dump on 2.8.5.3 */
-//if ($snort_md5_check_ok != on) {
-//if (file_exists("{$snortdir}/so_rules/precompiled/FreeBSD-7.0/i386/2.8.4/")) {
-// echo "Copying so_rules...\n";
-// echo "May take a while...\n";
-// exec("`/bin/cp -f {$snortdir}/so_rules/precompiled/FreeBSD-7.0/i386/2.8.4/* /usr/local/lib/snort/dynamicrules/`");
-// exec("/bin/cp {$snortdir}/so_rules/bad-traffic.rules {$snortdir}/rules/bad-traffic.so.rules");
-// exec("/bin/cp {$snortdir}/so_rules/chat.rules {$snortdir}/rules/chat.so.rules");
-// exec("/bin/cp {$snortdir}/so_rules/dos.rules {$snortdir}/rules/dos.so.rules");
-// exec("/bin/cp {$snortdir}/so_rules/exploit.rules {$snortdir}/rules/exploit.so.rules");
-// exec("/bin/cp {$snortdir}/so_rules/imap.rules {$snortdir}/rules/imap.so.rules");
-// exec("/bin/cp {$snortdir}/so_rules/misc.rules {$snortdir}/rules/misc.so.rules");
-// exec("/bin/cp {$snortdir}/so_rules/multimedia.rules {$snortdir}/rules/multimedia.so.rules");
-// exec("/bin/cp {$snortdir}/so_rules/netbios.rules {$snortdir}/rules/netbios.so.rules");
-// exec("/bin/cp {$snortdir}/so_rules/nntp.rules {$snortdir}/rules/nntp.so.rules");
-// exec("/bin/cp {$snortdir}/so_rules/p2p.rules {$snortdir}/rules/p2p.so.rules");
-// exec("/bin/cp {$snortdir}/so_rules/smtp.rules {$snortdir}/rules/smtp.so.rules");
-// exec("/bin/cp {$snortdir}/so_rules/sql.rules {$snortdir}/rules/sql.so.rules");
-// exec("/bin/cp {$snortdir}/so_rules/web-client.rules {$snortdir}/rules/web-client.so.rules");
-// exec("/bin/cp {$snortdir}/so_rules/web.misc.rules {$snortdir}/rules/web.misc.so.rules");
-// exec("/bin/rm -r {$snortdir}/so_rules");
-// echo "Done copying so_rules.\n";
-//} else {
-// echo "Directory so_rules does not exist...\n";
-// echo "Error copying so_rules...\n";
-// exit(0);
-// }
-//}
-
-/* Copy configs to snort dir */
-if ($snort_md5_check_ok != on) {
-if (file_exists("{$snortdir}/etc/Makefile.am")) {
- echo "Copying configs to snort directory...\n";
- exec("/bin/cp {$snortdir}/etc/* {$snortdir}");
- exec("/bin/rm -r {$snortdir}/etc");
-
-} else {
- echo "The snort config does not exist...\n";
- echo "Error copying config...\n";
- exit(0);
- }
-}
-
/* Copy md5 sig to snort dir */
-if ($snort_md5_check_ok != on) {
-if (file_exists("{$tmpfname}/$snort_filename_md5")) {
- echo "Copying md5 sig to snort directory...\n";
- exec("/bin/cp {$tmpfname}/$snort_filename_md5 {$snortdir}/$snort_filename_md5");
-} else {
- echo "The md5 file does not exist...\n";
- echo "Error copying config...\n";
- exit(0);
- }
-}
-
+if ($snortdownload != "off")
+{
+ if ($snort_md5_check_ok != on) {
+ if (file_exists("{$tmpfname}/$snort_filename_md5")) {
+ echo "Copying md5 sig to snort directory...\n";
+ exec("/bin/cp {$tmpfname}/$snort_filename_md5 {$snortdir}/$snort_filename_md5");
+ }else{
+ echo "The md5 file does not exist...\n";
+ echo "Error copying config...\n";
+ conf_mount_ro();
+ exit(0);
+ }
+ }
+}
+
/* Copy emergingthreats md5 sig to snort dir */
-if ($emergingthreats_url_chk == on) {
-if ($emerg_md5_check_chk_ok != on) {
-if (file_exists("{$tmpfname}/$emergingthreats_filename_md5")) {
- echo "Copying md5 sig to snort directory...\n";
- exec("/bin/cp {$tmpfname}/$emergingthreats_filename_md5 {$snortdir}/$emergingthreats_filename_md5");
-} else {
- echo "The emergingthreats md5 file does not exist...\n";
- echo "Error copying config...\n";
- exit(0);
- }
- }
+if ($emergingthreats == "on")
+{
+ if ($emerg_md5_check_ok != on)
+ {
+ if (file_exists("{$tmpfname}/$emergingthreats_filename_md5"))
+ {
+ echo "Copying md5 sig to snort directory...\n";
+ exec("/bin/cp {$tmpfname}/$emergingthreats_filename_md5 {$snortdir}/$emergingthreats_filename_md5");
+ }else{
+ echo "The emergingthreats md5 file does not exist...\n";
+ echo "Error copying config...\n";
+ conf_mount_ro();
+ exit(0);
+ }
+ }
}
/* Copy Pfsense md5 sig to snort dir */
@@ -554,26 +599,33 @@ if (file_exists("{$tmpfname}/$pfsense_rules_filename_md5")) {
} else {
echo "The Pfsense md5 file does not exist...\n";
echo "Error copying config...\n";
- exit(0);
+ conf_mount_ro();
+ exit(0);
}
}
/* Copy signatures dir to snort dir */
-if ($snort_md5_check_ok != on) {
-$signature_info_chk = $config['installedpackages']['snortglobal']['signatureinfo'];
-if ($premium_url_chk == on) {
-if (file_exists("{$snortdir}/doc/signatures")) {
- echo "Copying signatures...\n";
- echo "May take a while...\n";
- exec("/bin/mv -f {$snortdir}/doc/signatures {$snortdir}/signatures");
- exec("/bin/rm -r {$snortdir}/doc/signatures");
- echo "Done copying signatures.\n";
-} else {
- echo "Directory signatures exist...\n";
- echo "Error copying signature...\n";
- exit(0);
- }
- }
+if ($snortdownload != "off")
+{
+ if ($snort_md5_check_ok != on)
+ {
+ $signature_info_chk = $config['installedpackages']['snortglobal']['signatureinfo'];
+ if ($premium_url_chk == on)
+ {
+ if (file_exists("{$snortdir}/doc/signatures")) {
+ echo "Copying signatures...\n";
+ echo "May take a while...\n";
+ exec("/bin/mv -f {$snortdir}/doc/signatures {$snortdir}/signatures");
+ exec("/bin/rm -r {$snortdir}/doc/signatures");
+ echo "Done copying signatures.\n";
+ }else{
+ echo "Directory signatures exist...\n";
+ echo "Error copying signature...\n";
+ conf_mount_ro();
+ exit(0);
+ }
+ }
+ }
}
/* double make shure cleanup emerg rules that dont belong */
@@ -606,37 +658,16 @@ exec("/usr/local/bin/perl /usr/local/bin/create-sidmap.pl /usr/local/etc/snort/r
//////////////////
-/* Start the proccess for every interface rule */
-/* TODO: try to make the code smother */
-
-if (!empty($config['installedpackages']['snortglobal']['rule'])) {
-
-$rule_array = $config['installedpackages']['snortglobal']['rule'];
-$id = -1;
-foreach ($rule_array as $value) {
-
-$id += 1;
-
-$result_lan = $config['installedpackages']['snortglobal']['rule'][$id]['interface'];
-$if_real = convert_friendly_interface_to_real_interface_name2($result_lan);
-
- /* make oinkmaster.conf for each interface rule */
- oinkmaster_conf();
-
- /* run oinkmaster for each interface rule */
- oinkmaster_run();
-
- }
-}
-
/* open oinkmaster_conf for writing" function */
-function oinkmaster_conf() {
+function oinkmaster_conf($id, $if_real, $iface_uuid)
+{
- global $config, $g, $id, $if_real, $snortdir_wan, $snortdir, $snort_md5_check_ok, $emerg_md5_check_chk_ok, $pfsense_md5_check_ok;
+ global $config, $g, $id, $if_real, $snortdir_wan, $snortdir, $snort_md5_check_ok, $emerg_md5_check_ok, $pfsense_md5_check_ok;
+ conf_mount_rw();
/* enable disable setting will carry over with updates */
/* TODO carry signature changes with the updates */
-if ($snort_md5_check_ok != on || $emerg_md5_check_chk_ok != on || $pfsense_md5_check_ok != on) {
+if ($snort_md5_check_ok != on || $emerg_md5_check_ok != on || $pfsense_md5_check_ok != on) {
if (!empty($config['installedpackages']['snortglobal']['rule'][$id]['rule_sid_on'])) {
$enabled_sid_on = $config['installedpackages']['snortglobal']['rule'][$id]['rule_sid_on'];
@@ -673,7 +704,7 @@ $selected_sid_off_sections
EOD;
/* open snort's oinkmaster.conf for writing */
- $oinkmasterlist = fopen("/usr/local/etc/snort/oinkmaster_$if_real.conf", "w");
+ $oinkmasterlist = fopen("/usr/local/etc/snort/snort_{$iface_uuid}_{$if_real}/oinkmaster_{$iface_uuid}_{$if_real}.conf", "w");
fwrite($oinkmasterlist, "$snort_sid_text");
@@ -686,56 +717,83 @@ EOD;
/* Run oinkmaster to snort_wan and cp configs */
/* If oinkmaster is not needed cp rules normally */
/* TODO add per interface settings here */
-function oinkmaster_run() {
-
- global $config, $g, $id, $if_real, $snortdir_wan, $snortdir, $snort_md5_check_ok, $emerg_md5_check_chk_ok, $pfsense_md5_check_ok;
+function oinkmaster_run($id, $if_real, $iface_uuid)
+{
-if ($snort_md5_check_ok != on || $emerg_md5_check_chk_ok != on || $pfsense_md5_check_ok != on) {
+ global $config, $g, $id, $if_real, $snortdir_wan, $snortdir, $snort_md5_check_ok, $emerg_md5_check_ok, $pfsense_md5_check_ok;
+ conf_mount_rw();
- if (empty($config['installedpackages']['snortglobal']['rule'][$id]['rule_sid_on']) || empty($config['installedpackages']['snortglobal']['rule'][$id]['rule_sid_off'])) {
- echo "Your first set of rules are being copied...\n";
- echo "May take a while...\n";
- exec("/bin/echo \"test {$snortdir} {$snortdir_wan} $id$if_real\" >> /root/debug");
- exec("/bin/cp {$snortdir}/rules/* {$snortdir_wan}/snort_$id$if_real/rules/");
- exec("/bin/cp {$snortdir}/classification.config {$snortdir_wan}/snort_$id$if_real");
- exec("/bin/cp {$snortdir}/gen-msg.map {$snortdir_wan}/snort_$id$if_real");
- exec("/bin/cp {$snortdir}/generators {$snortdir_wan}/snort_$id$if_real");
- exec("/bin/cp {$snortdir}/reference.config {$snortdir_wan}/snort_$id$if_real");
- exec("/bin/cp {$snortdir}/sid {$snortdir_wan}/snort_$id$if_real");
- exec("/bin/cp {$snortdir}/sid-msg.map {$snortdir_wan}/snort_$id$if_real");
- exec("/bin/cp {$snortdir}/unicode.map {$snortdir_wan}/snort_$id$if_real");
+ if ($snort_md5_check_ok != on || $emerg_md5_check_ok != on || $pfsense_md5_check_ok != on)
+ {
-} else {
+ if ($config['installedpackages']['snortglobal']['rule'][$id]['rule_sid_on'] == '' && $config['installedpackages']['snortglobal']['rule'][$id]['rule_sid_off'] == '')
+ {
+ echo "Your first set of rules are being copied...\n";
+ echo "May take a while...\n";
+ exec("/bin/cp {$snortdir}/rules/* {$snortdir_wan}/snort_{$iface_uuid}_{$if_real}/rules/");
+ exec("/bin/cp {$snortdir}/classification.config {$snortdir_wan}/snort_{$iface_uuid}_{$if_real}");
+ exec("/bin/cp {$snortdir}/gen-msg.map {$snortdir_wan}/snort_{$iface_uuid}_{$if_real}");
+ exec("/bin/cp {$snortdir}/generators {$snortdir_wan}/snort_{$iface_uuid}_{$if_real}");
+ exec("/bin/cp {$snortdir}/reference.config {$snortdir_wan}/snort_{$iface_uuid}_{$if_real}");
+ exec("/bin/cp {$snortdir}/sid {$snortdir_wan}/snort_{$iface_uuid}_{$if_real}");
+ exec("/bin/cp {$snortdir}/sid-msg.map {$snortdir_wan}/snort_{$iface_uuid}_{$if_real}");
+ exec("/bin/cp {$snortdir}/unicode.map {$snortdir_wan}/snort_{$iface_uuid}_{$if_real}");
+ }else{
echo "Your enable and disable changes are being applied to your fresh set of rules...\n";
echo "May take a while...\n";
- exec("/bin/echo \"test2 {$snortdir} {$snortdir_wan} $id$if_real\" > /root/debug");
- exec("/bin/cp {$snortdir}/rules/* {$snortdir_wan}/snort_$id$if_real/rules/");
- exec("/bin/cp {$snortdir}/classification.config {$snortdir_wan}/snort_$id$if_real");
- exec("/bin/cp {$snortdir}/gen-msg.map {$snortdir_wan}/snort_$id$if_real");
- exec("/bin/cp {$snortdir}/generators {$snortdir_wan}/snort_$id$if_real");
- exec("/bin/cp {$snortdir}/reference.config {$snortdir_wan}/snort_$id$if_real");
- exec("/bin/cp {$snortdir}/sid {$snortdir_wan}/snort_$id$if_real");
- exec("/bin/cp {$snortdir}/sid-msg.map {$snortdir_wan}/snort_$id$if_real");
- exec("/bin/cp {$snortdir}/unicode.map {$snortdir_wan}/snort_$id$if_real");
-
- /* oinkmaster.pl will convert saved changes for the new updates then we have to change #alert to # alert for the gui */
- /* might have to add a sleep for 3sec for flash drives or old drives */
- exec("/usr/local/bin/perl /usr/local/bin/oinkmaster.pl -C /usr/local/etc/snort/oinkmaster_$id$if_real.conf -o /usr/local/etc/snort/snort_$id$if_real/rules > /usr/local/etc/snort/oinkmaster_$id$if_real.log");
+ exec("/bin/cp {$snortdir}/rules/* {$snortdir_wan}/snort_{$iface_uuid}_{$if_real}/rules/");
+ exec("/bin/cp {$snortdir}/classification.config {$snortdir_wan}/snort_{$iface_uuid}_{$if_real}");
+ exec("/bin/cp {$snortdir}/gen-msg.map {$snortdir_wan}/snort_{$iface_uuid}_{$if_real}");
+ exec("/bin/cp {$snortdir}/generators {$snortdir_wan}/snort_{$iface_uuid}_{$if_real}");
+ exec("/bin/cp {$snortdir}/reference.config {$snortdir_wan}/snort_{$iface_uuid}_{$if_real}");
+ exec("/bin/cp {$snortdir}/sid {$snortdir_wan}/snort_{$iface_uuid}_{$if_real}");
+ exec("/bin/cp {$snortdir}/sid-msg.map {$snortdir_wan}/snort_{$iface_uuid}_{$if_real}");
+ exec("/bin/cp {$snortdir}/unicode.map {$snortdir_wan}/snort_{$iface_uuid}_{$if_real}");
+ /* might have to add a sleep for 3sec for flash drives or old drives */
+ exec("/usr/local/bin/perl /usr/local/bin/oinkmaster.pl -C /usr/local/etc/snort/snort_{$iface_uuid}_{$if_real}/oinkmaster_{$iface_uuid}_{$if_real}.conf -o /usr/local/etc/snort/snort_{$iface_uuid}_{$if_real}/rules > /usr/local/etc/snort/oinkmaster_{$iface_uuid}_{$if_real}.log");
}
}
}
+/* Start the proccess for every interface rule */
+/* TODO: try to make the code smother */
+
+if (!empty($config['installedpackages']['snortglobal']['rule']))
+{
+
+ $rule_array = $config['installedpackages']['snortglobal']['rule'];
+ $id = -1;
+ foreach ($rule_array as $value) {
+
+ $id += 1;
+
+ $result_lan = $config['installedpackages']['snortglobal']['rule'][$id]['interface'];
+ $if_real = convert_friendly_interface_to_real_interface_name2($result_lan);
+ $iface_uuid = $config['installedpackages']['snortglobal']['rule'][$id]['uuid'];
+
+ /* make oinkmaster.conf for each interface rule */
+ oinkmaster_conf($id, $if_real, $iface_uuid);
+
+ /* run oinkmaster for each interface rule */
+ oinkmaster_run($id, $if_real, $iface_uuid);
+
+ }
+}
+
//////////////
/* mark the time update finnished */
$config['installedpackages']['snortglobal']['last_rules_install'] = date("Y-M-jS-h:i-A");
/* remove old $tmpfname files */
-if (file_exists("{$tmpfname}")) {
- echo "Cleaning up...\n";
- exec("/bin/rm -r /tmp/snort_rules_up");
-// apc_clear_cache();
+if (file_exists('/usr/local/etc/snort/tmp'))
+{
+ echo "Cleaning up...\n";
+ exec("/bin/rm -r /usr/local/etc/snort/tmp/snort_rules_up");
+ sleep(2);
+ exec("/bin/rm -r /usr/local/etc/snort/tmp/rules_bk");
+ apc_clear_cache();
}
/* php code to flush out cache some people are reportting missing files this might help */
@@ -743,26 +801,29 @@ sleep(2);
apc_clear_cache();
exec("/bin/sync ;/bin/sync ;/bin/sync ;/bin/sync ;/bin/sync ;/bin/sync ;/bin/sync ;/bin/sync");
- /* make snort the owner */
- exec("/usr/sbin/chown -R snort:snort /var/log/snort");
- exec("/usr/sbin/chown -R snort:snort /usr/local/etc/snort");
- exec("/usr/sbin/chown -R snort:snort /usr/local/lib/snort");
- exec("/bin/chmod -R 755 /var/log/snort");
- exec("/bin/chmod -R 755 /usr/local/etc/snort");
- exec("/bin/chmod -R 755 /usr/local/lib/snort");
+/* make all dirs snorts */
+exec("/usr/sbin/chown -R snort:snort /var/log/snort");
+exec("/usr/sbin/chown -R snort:snort /usr/local/etc/snort");
+exec("/usr/sbin/chown -R snort:snort /usr/local/lib/snort");
+exec("/bin/chmod -R 755 /var/log/snort");
+exec("/bin/chmod -R 755 /usr/local/etc/snort");
+exec("/bin/chmod -R 755 /usr/local/lib/snort");
+
/* if snort is running hardrestart, if snort is not running do nothing */
if (file_exists("/tmp/snort_download_halt.pid")) {
exec("/bin/sh /usr/local/etc/rc.d/snort.sh start");
echo "The Rules update finished...\n";
echo "Snort has restarted with your new set of rules...\n";
- exec("/usr/bin/logger -p daemon.info -i -t SnortStartup 'SNORT RULE UPDATE FINNISHED...'");
exec("/bin/rm /tmp/snort_download_halt.pid");
} else {
echo "The Rules update finished...\n";
- exec("/usr/bin/logger -p daemon.info -i -t SnortStartup 'SNORT RULE UPDATE FINNISHED...'");
+ echo "You may start snort now...\n";
}
+/* copy log to snortdir */
+exec('/bin/cp /tmp/snort_update.log /usr/local/etc/snort/snort_update.log');
+
conf_mount_ro();
?>
diff --git a/config/snort/snort_download_rules.php b/config/snort/snort_download_rules.php
index 2dd9a720..36000827 100644
--- a/config/snort/snort_download_rules.php
+++ b/config/snort/snort_download_rules.php
@@ -319,7 +319,7 @@ setTimeout($.unblockUI, 2000);
conf_mount_rw();
if (!file_exists('/usr/local/etc/snort/tmp')) {
- exec('/bin/mkdir /usr/local/etc/snort/tmp -p');
+ exec('/bin/mkdir -p /usr/local/etc/snort/tmp');
}
/* Set user agent to Mozilla */
@@ -610,7 +610,7 @@ if ($snortdownload != "off")
update_status(gettext("Snortrule tar file exists..."));
} else {
unhide_progress_bar_status();
- update_status(gettext("There is a new set of Snort rules posted. Downloading..."));
+ update_status(gettext("There is a new set of Snort.org rules posted. Downloading..."));
update_output_window(gettext("May take 4 to 10 min..."));
// download_file_with_progress_bar("http://www.mtest.local/pub-bin/oinkmaster.cgi/{$oinkid}/snortrules-snapshot-2.8{$premium_subscriber}.tar.gz", $tmpfname . "/{$snort_filename}", "read_body_firmware");
download_file_with_progress_bar("http://dl.snort.org/{$premium_url}/snortrules-snapshot-2.8{$premium_subscriber}.tar.gz?oink_code={$oinkid}", $tmpfname . "/{$snort_filename}", "read_body_firmware");
@@ -749,7 +749,7 @@ if ($snortdownload != "off")
exec("/bin/mv -f {$snortdir}/so_rules/web-activex.rules {$snortdir}/rules/snort_web-activex.so.rules");
exec("/bin/mv -f {$snortdir}/so_rules/web-client.rules {$snortdir}/rules/snort_web-client.so.rules");
exec("/bin/mv -f {$snortdir}/so_rules/web-iis.rules {$snortdir}/rules/snort_web-iis.so.rules");
- exec("/bin/mv -f {$snortdir}/so_rules/web.misc.rules {$snortdir}/rules/snort_web.misc.so.rules");
+ exec("/bin/mv -f {$snortdir}/so_rules/web-misc.rules {$snortdir}/rules/snort_web-misc.so.rules");
exec("/bin/rm -r {$snortdir}/so_rules");
/* extract base etc files */
@@ -1010,7 +1010,6 @@ function oinkmaster_run($id, $if_real, $iface_uuid)
{
update_status(gettext("Your first set of rules are being copied..."));
update_output_window(gettext("May take a while..."));
- exec("/bin/echo \"test {$snortdir} {$snortdir_wan} {$iface_uuid}_{$if_real}\" > /root/debug");
exec("/bin/cp {$snortdir}/rules/* {$snortdir_wan}/snort_{$iface_uuid}_{$if_real}/rules/");
exec("/bin/cp {$snortdir}/classification.config {$snortdir_wan}/snort_{$iface_uuid}_{$if_real}");
exec("/bin/cp {$snortdir}/gen-msg.map {$snortdir_wan}/snort_{$iface_uuid}_{$if_real}");
@@ -1022,7 +1021,6 @@ function oinkmaster_run($id, $if_real, $iface_uuid)
}else{
update_status(gettext("Your enable and disable changes are being applied to your fresh set of rules..."));
update_output_window(gettext("May take a while..."));
- exec("/bin/echo \"test2 {$snortdir} {$snortdir_wan} {$iface_uuid}_{$if_real}\" > /root/debug");
exec("/bin/cp {$snortdir}/rules/* {$snortdir_wan}/snort_{$iface_uuid}_{$if_real}/rules/");
exec("/bin/cp {$snortdir}/classification.config {$snortdir_wan}/snort_{$iface_uuid}_{$if_real}");
exec("/bin/cp {$snortdir}/gen-msg.map {$snortdir_wan}/snort_{$iface_uuid}_{$if_real}");
diff --git a/config/snort/snort_interfaces_suppress.php b/config/snort/snort_interfaces_suppress.php
index 3f67cca8..e2793664 100644
--- a/config/snort/snort_interfaces_suppress.php
+++ b/config/snort/snort_interfaces_suppress.php
@@ -35,6 +35,7 @@
POSSIBILITY OF SUCH DAMAGE.
*/
+/* make sure I need these includes */
require("guiconfig.inc");
diff --git a/config/snort/snort_interfaces_suppress_edit.php b/config/snort/snort_interfaces_suppress_edit.php
index 5b9553f1..84be8c90 100644
--- a/config/snort/snort_interfaces_suppress_edit.php
+++ b/config/snort/snort_interfaces_suppress_edit.php
@@ -35,6 +35,7 @@
POSSIBILITY OF SUCH DAMAGE.
*/
+/* make sure I need these includes */
require_once("guiconfig.inc");
require_once("/usr/local/pkg/snort/snort.inc");
require_once("/usr/local/pkg/snort/snort_gui.inc");
diff --git a/config/snort/snort_interfaces_whitelist.php b/config/snort/snort_interfaces_whitelist.php
index 87da2f57..81011d85 100644
--- a/config/snort/snort_interfaces_whitelist.php
+++ b/config/snort/snort_interfaces_whitelist.php
@@ -35,6 +35,7 @@
POSSIBILITY OF SUCH DAMAGE.
*/
+/* make sure I need these includes */
require("guiconfig.inc");
diff --git a/config/snort/snort_interfaces_whitelist_edit.php b/config/snort/snort_interfaces_whitelist_edit.php
index ef96c429..2a335c01 100644
--- a/config/snort/snort_interfaces_whitelist_edit.php
+++ b/config/snort/snort_interfaces_whitelist_edit.php
@@ -35,6 +35,8 @@
POSSIBILITY OF SUCH DAMAGE.
*/
+
+/* make sure I need these includes */
require_once("guiconfig.inc");
require_once("/usr/local/pkg/snort/snort.inc");
require_once("/usr/local/pkg/snort/snort_gui.inc");