diff options
Diffstat (limited to 'config/snort')
-rwxr-xr-x | config/snort/snort.inc | 30 | ||||
-rwxr-xr-x | config/snort/snort_alerts.php | 18 | ||||
-rw-r--r-- | config/snort/snort_blocked.php | 18 | ||||
-rw-r--r-- | config/snort/snort_post_install.php | 2 | ||||
-rw-r--r-- | config/snort/snort_sid_mgmt.php | 10 |
5 files changed, 50 insertions, 28 deletions
diff --git a/config/snort/snort.inc b/config/snort/snort.inc index 1fdfb65b..f0819b4e 100755 --- a/config/snort/snort.inc +++ b/config/snort/snort.inc @@ -44,7 +44,7 @@ require_once("filter.inc"); ini_set("memory_limit", "256M"); // Explicitly declare this as global so it works through function call includes -global $rebuild_rules, $pfSense_snort_version; +global $g, $config, $rebuild_rules, $pfSense_snort_version; // Grab the Snort binary version programmatically, but if that fails use a safe default $snortver = array(); @@ -69,15 +69,15 @@ else { /* Define some useful constants for Snort */ /* Be sure to include trailing slash on the URL defines */ -define("SNORTLOGDIR", "/var/log/snort"); +define("SNORTLOGDIR", "{$g['varlog_path']}/snort"); define("SNORT_BIN_VERSION", "2.9.6.2"); define("SNORT_ET_DNLD_FILENAME", "emerging.rules.tar.gz"); define("SNORT_ETPRO_DNLD_FILENAME", "etpro.rules.tar.gz"); define("SNORT_GPLV2_DNLD_FILENAME", "community-rules.tar.gz"); define("SNORT_ENFORCING_RULES_FILENAME", "snort.rules"); define("SNORT_RULES_UPD_LOGFILE", SNORTLOGDIR . "/snort_rules_update.log"); -define("SNORT_IPREP_PATH", "/var/db/snort/iprep/"); -define('SNORT_SID_MODS_PATH', '/var/db/snort/sidmods/'); +define("SNORT_IPREP_PATH", "{$g['vardb_path']}/snort/iprep/"); +define('SNORT_SID_MODS_PATH', "{$g['vardb_path']}/snort/sidmods/"); if (!defined("FLOWBITS_FILENAME")) define("FLOWBITS_FILENAME", "flowbit-required.rules"); if (!defined("VRT_FILE_PREFIX")) @@ -557,7 +557,18 @@ function snort_barnyard_stop($snortcfg, $if_real) { $snort_uuid = $snortcfg['uuid']; if (isvalidpid("{$g['varrun_path']}/barnyard2_{$if_real}{$snort_uuid}.pid")) { log_error("[Snort] Barnyard2 STOP for " . convert_real_interface_to_friendly_descr($if_real) . "({$if_real})..."); + touch("{$g['varrun_path']}/barnyard2_{$if_real}{$snort_uuid}.stopping"); killbypid("{$g['varrun_path']}/barnyard2_{$if_real}{$snort_uuid}.pid"); + + // Now wait up to 5 seconds for Barnyard2 to actually stop and clear its PID file + $count = 0; + do { + if (!isvalidpid("{$g['varrun_path']}/barnyard2_{$if_real}{$snort_uuid}.pid")) + break; + sleep(1); + $count++; + } while ($count < 5); + unlink_if_exists("{$g['varrun_path']}/barnyard2_{$if_real}{$snort_uuid}.stopping"); } } @@ -567,7 +578,18 @@ function snort_stop($snortcfg, $if_real) { $snort_uuid = $snortcfg['uuid']; if (isvalidpid("{$g['varrun_path']}/snort_{$if_real}{$snort_uuid}.pid")) { log_error("[Snort] Snort STOP for " . convert_real_interface_to_friendly_descr($if_real) . "({$if_real})..."); + touch("{$g['varrun_path']}/snort_{$if_real}{$snort_uuid}.stopping"); killbypid("{$g['varrun_path']}/snort_{$if_real}{$snort_uuid}.pid"); + + // Now wait up to 10 seconds for Snort to actually stop and clear its PID file + $count = 0; + do { + if (!isvalidpid("{$g['varrun_path']}/snort_{$if_real}{$snort_uuid}.pid")) + break; + sleep(1); + $count++; + } while ($count < 10); + unlink_if_exists("{$g['varrun_path']}/snort_{$if_real}{$snort_uuid}.stopping"); } snort_barnyard_stop($snortcfg, $if_real); diff --git a/config/snort/snort_alerts.php b/config/snort/snort_alerts.php index f1cbb6c4..e7559660 100755 --- a/config/snort/snort_alerts.php +++ b/config/snort/snort_alerts.php @@ -383,9 +383,9 @@ if ($_POST['delete']) { if ($_POST['download']) { $save_date = date("Y-m-d-H-i-s"); $file_name = "snort_logs_{$save_date}_{$if_real}.tar.gz"; - exec("cd {$snortlogdir}/snort_{$if_real}{$snort_uuid} && /usr/bin/tar -czf /tmp/{$file_name} *"); + exec("cd {$snortlogdir}/snort_{$if_real}{$snort_uuid} && /usr/bin/tar -czf {$g['tmp_path']}/{$file_name} *"); - if (file_exists("/tmp/{$file_name}")) { + if (file_exists("{$g['tmp_path']}/{$file_name}")) { ob_start(); //important or other posts will fail if (isset($_SERVER['HTTPS'])) { header('Pragma: '); @@ -395,13 +395,13 @@ if ($_POST['download']) { header("Cache-Control: private, must-revalidate"); } header("Content-Type: application/octet-stream"); - header("Content-length: " . filesize("/tmp/{$file_name}")); + header("Content-length: " . filesize("{$g['tmp_path']}/{$file_name}")); header("Content-disposition: attachment; filename = {$file_name}"); ob_end_clean(); //important or other post will fail - readfile("/tmp/{$file_name}"); + readfile("{$g['tmp_path']}/{$file_name}"); // Clean up the temp file - unlink_if_exists("/tmp/{$file_name}"); + unlink_if_exists("{$g['tmp_path']}/{$file_name}"); } else $savemsg = gettext("An error occurred while creating archive"); @@ -623,13 +623,13 @@ if ($savemsg) { /* make sure alert file exists */ if (file_exists("{$snortlogdir}/snort_{$if_real}{$snort_uuid}/alert")) { - exec("tail -{$anentries} -r {$snortlogdir}/snort_{$if_real}{$snort_uuid}/alert > /tmp/alert_{$snort_uuid}"); - if (file_exists("/tmp/alert_{$snort_uuid}")) { + exec("tail -{$anentries} -r {$snortlogdir}/snort_{$if_real}{$snort_uuid}/alert > {$g['tmp_path']}/alert_{$snort_uuid}"); + if (file_exists("{$g['tmp_path']}/alert_{$snort_uuid}")) { $tmpblocked = array_flip(snort_get_blocked_ips()); $counter = 0; /* 0 1 2 3 4 5 6 7 8 9 10 11 12 */ /* File format timestamp,sig_generator,sig_id,sig_rev,msg,proto,src,srcport,dst,dstport,id,classification,priority */ - $fd = fopen("/tmp/alert_{$snort_uuid}", "r"); + $fd = fopen("{$g['tmp_path']}/alert_{$snort_uuid}", "r"); while (($fields = fgetcsv($fd, 1000, ',', '"')) !== FALSE) { if(count($fields) < 13) continue; @@ -748,7 +748,7 @@ if (file_exists("{$snortlogdir}/snort_{$if_real}{$snort_uuid}/alert")) { $counter++; } fclose($fd); - unlink_if_exists("/tmp/alert_{$snort_uuid}"); + unlink_if_exists("{$g['tmp_path']}/alert_{$snort_uuid}"); } } ?> diff --git a/config/snort/snort_blocked.php b/config/snort/snort_blocked.php index 2d0af2c3..39119210 100644 --- a/config/snort/snort_blocked.php +++ b/config/snort/snort_blocked.php @@ -91,20 +91,20 @@ if ($_POST['download']) if (is_array($blocked_ips_array_save) && count($blocked_ips_array_save) > 0) { $save_date = date("Y-m-d-H-i-s"); $file_name = "snort_blocked_{$save_date}.tar.gz"; - safe_mkdir("/tmp/snort_blocked"); - file_put_contents("/tmp/snort_blocked/snort_block.pf", ""); + safe_mkdir("{$g['tmp_path']}/snort_blocked"); + file_put_contents("{$g['tmp_path']}/snort_blocked/snort_block.pf", ""); foreach($blocked_ips_array_save as $counter => $fileline) { if (empty($fileline)) continue; $fileline = trim($fileline, " \n\t"); - file_put_contents("/tmp/snort_blocked/snort_block.pf", "{$fileline}\n", FILE_APPEND); + file_put_contents("{$g['tmp_path']}/snort_blocked/snort_block.pf", "{$fileline}\n", FILE_APPEND); } // Create a tar gzip archive of blocked host IP addresses - exec("/usr/bin/tar -czf /tmp/{$file_name} -C/tmp/snort_blocked snort_block.pf"); + exec("/usr/bin/tar -czf {$g['tmp_path']}/{$file_name} -C{$g['tmp_path']}/snort_blocked snort_block.pf"); // If we successfully created the archive, send it to the browser. - if(file_exists("/tmp/{$file_name}")) { + if(file_exists("{$g['tmp_path']}/{$file_name}")) { ob_start(); //important or other posts will fail if (isset($_SERVER['HTTPS'])) { header('Pragma: '); @@ -114,14 +114,14 @@ if ($_POST['download']) header("Cache-Control: private, must-revalidate"); } header("Content-Type: application/octet-stream"); - header("Content-length: " . filesize("/tmp/{$file_name}")); + header("Content-length: " . filesize("{$g['tmp_path']}/{$file_name}")); header("Content-disposition: attachment; filename = {$file_name}"); ob_end_clean(); //important or other post will fail - readfile("/tmp/{$file_name}"); + readfile("{$g['tmp_path']}/{$file_name}"); // Clean up the temp files and directory - unlink_if_exists("/tmp/{$file_name}"); - rmdir_recursive("/tmp/snort_blocked"); + unlink_if_exists("{$g['tmp_path']}/{$file_name}"); + rmdir_recursive("{$g['tmp_path']}/snort_blocked"); } else $savemsg = gettext("An error occurred while creating archive"); } else diff --git a/config/snort/snort_post_install.php b/config/snort/snort_post_install.php index d3bc4d63..040858b9 100644 --- a/config/snort/snort_post_install.php +++ b/config/snort/snort_post_install.php @@ -58,7 +58,7 @@ global $config, $g, $rebuild_rules, $pkg_interface, $snort_gui_include; * updated GUI package. * ****************************************/ if (!defined('SNORT_SID_MODS_PATH')) - define('SNORT_SID_MODS_PATH', '/var/db/snort/sidmods/'); + define('SNORT_SID_MODS_PATH', "{$g['vardb_path']}/snort/sidmods/"); /**************************************** * End of PHP caching workaround * diff --git a/config/snort/snort_sid_mgmt.php b/config/snort/snort_sid_mgmt.php index 2ca8dba9..ea1a5b99 100644 --- a/config/snort/snort_sid_mgmt.php +++ b/config/snort/snort_sid_mgmt.php @@ -215,9 +215,9 @@ if (isset($_POST['sidlist_dnload']) && isset($_POST['sidlist_fname'])) { if (isset($_POST['sidlist_dnload_all_x'])) { $save_date = date("Y-m-d-H-i-s"); $file_name = "snort_sid_conf_files_{$save_date}.tar.gz"; - exec("cd {$sidmods_path} && /usr/bin/tar -czf /tmp/{$file_name} *"); + exec("cd {$sidmods_path} && /usr/bin/tar -czf {$g['tmp_path']}/{$file_name} *"); - if (file_exists("/tmp/{$file_name}")) { + if (file_exists("{$g['tmp_path']}/{$file_name}")) { ob_start(); //important or other posts will fail if (isset($_SERVER['HTTPS'])) { header('Pragma: '); @@ -227,13 +227,13 @@ if (isset($_POST['sidlist_dnload_all_x'])) { header("Cache-Control: private, must-revalidate"); } header("Content-Type: application/octet-stream"); - header("Content-length: " . filesize("/tmp/{$file_name}")); + header("Content-length: " . filesize("{$g['tmp_path']}/{$file_name}")); header("Content-disposition: attachment; filename = {$file_name}"); ob_end_clean(); //important or other post will fail - readfile("/tmp/{$file_name}"); + readfile("{$g['tmp_path']}/{$file_name}"); // Clean up the temp file - unlink_if_exists("/tmp/{$file_name}"); + unlink_if_exists("{$g['tmp_path']}/{$file_name}"); } else $savemsg = gettext("An error occurred while creating the gzip archive!"); |