aboutsummaryrefslogtreecommitdiffstats
path: root/config/snort
diff options
context:
space:
mode:
Diffstat (limited to 'config/snort')
-rwxr-xr-xconfig/snort/snort.inc30
-rwxr-xr-xconfig/snort/snort_alerts.php18
-rw-r--r--config/snort/snort_blocked.php18
-rw-r--r--config/snort/snort_post_install.php2
-rw-r--r--config/snort/snort_sid_mgmt.php10
5 files changed, 50 insertions, 28 deletions
diff --git a/config/snort/snort.inc b/config/snort/snort.inc
index 1fdfb65b..f0819b4e 100755
--- a/config/snort/snort.inc
+++ b/config/snort/snort.inc
@@ -44,7 +44,7 @@ require_once("filter.inc");
ini_set("memory_limit", "256M");
// Explicitly declare this as global so it works through function call includes
-global $rebuild_rules, $pfSense_snort_version;
+global $g, $config, $rebuild_rules, $pfSense_snort_version;
// Grab the Snort binary version programmatically, but if that fails use a safe default
$snortver = array();
@@ -69,15 +69,15 @@ else {
/* Define some useful constants for Snort */
/* Be sure to include trailing slash on the URL defines */
-define("SNORTLOGDIR", "/var/log/snort");
+define("SNORTLOGDIR", "{$g['varlog_path']}/snort");
define("SNORT_BIN_VERSION", "2.9.6.2");
define("SNORT_ET_DNLD_FILENAME", "emerging.rules.tar.gz");
define("SNORT_ETPRO_DNLD_FILENAME", "etpro.rules.tar.gz");
define("SNORT_GPLV2_DNLD_FILENAME", "community-rules.tar.gz");
define("SNORT_ENFORCING_RULES_FILENAME", "snort.rules");
define("SNORT_RULES_UPD_LOGFILE", SNORTLOGDIR . "/snort_rules_update.log");
-define("SNORT_IPREP_PATH", "/var/db/snort/iprep/");
-define('SNORT_SID_MODS_PATH', '/var/db/snort/sidmods/');
+define("SNORT_IPREP_PATH", "{$g['vardb_path']}/snort/iprep/");
+define('SNORT_SID_MODS_PATH', "{$g['vardb_path']}/snort/sidmods/");
if (!defined("FLOWBITS_FILENAME"))
define("FLOWBITS_FILENAME", "flowbit-required.rules");
if (!defined("VRT_FILE_PREFIX"))
@@ -557,7 +557,18 @@ function snort_barnyard_stop($snortcfg, $if_real) {
$snort_uuid = $snortcfg['uuid'];
if (isvalidpid("{$g['varrun_path']}/barnyard2_{$if_real}{$snort_uuid}.pid")) {
log_error("[Snort] Barnyard2 STOP for " . convert_real_interface_to_friendly_descr($if_real) . "({$if_real})...");
+ touch("{$g['varrun_path']}/barnyard2_{$if_real}{$snort_uuid}.stopping");
killbypid("{$g['varrun_path']}/barnyard2_{$if_real}{$snort_uuid}.pid");
+
+ // Now wait up to 5 seconds for Barnyard2 to actually stop and clear its PID file
+ $count = 0;
+ do {
+ if (!isvalidpid("{$g['varrun_path']}/barnyard2_{$if_real}{$snort_uuid}.pid"))
+ break;
+ sleep(1);
+ $count++;
+ } while ($count < 5);
+ unlink_if_exists("{$g['varrun_path']}/barnyard2_{$if_real}{$snort_uuid}.stopping");
}
}
@@ -567,7 +578,18 @@ function snort_stop($snortcfg, $if_real) {
$snort_uuid = $snortcfg['uuid'];
if (isvalidpid("{$g['varrun_path']}/snort_{$if_real}{$snort_uuid}.pid")) {
log_error("[Snort] Snort STOP for " . convert_real_interface_to_friendly_descr($if_real) . "({$if_real})...");
+ touch("{$g['varrun_path']}/snort_{$if_real}{$snort_uuid}.stopping");
killbypid("{$g['varrun_path']}/snort_{$if_real}{$snort_uuid}.pid");
+
+ // Now wait up to 10 seconds for Snort to actually stop and clear its PID file
+ $count = 0;
+ do {
+ if (!isvalidpid("{$g['varrun_path']}/snort_{$if_real}{$snort_uuid}.pid"))
+ break;
+ sleep(1);
+ $count++;
+ } while ($count < 10);
+ unlink_if_exists("{$g['varrun_path']}/snort_{$if_real}{$snort_uuid}.stopping");
}
snort_barnyard_stop($snortcfg, $if_real);
diff --git a/config/snort/snort_alerts.php b/config/snort/snort_alerts.php
index f1cbb6c4..e7559660 100755
--- a/config/snort/snort_alerts.php
+++ b/config/snort/snort_alerts.php
@@ -383,9 +383,9 @@ if ($_POST['delete']) {
if ($_POST['download']) {
$save_date = date("Y-m-d-H-i-s");
$file_name = "snort_logs_{$save_date}_{$if_real}.tar.gz";
- exec("cd {$snortlogdir}/snort_{$if_real}{$snort_uuid} && /usr/bin/tar -czf /tmp/{$file_name} *");
+ exec("cd {$snortlogdir}/snort_{$if_real}{$snort_uuid} && /usr/bin/tar -czf {$g['tmp_path']}/{$file_name} *");
- if (file_exists("/tmp/{$file_name}")) {
+ if (file_exists("{$g['tmp_path']}/{$file_name}")) {
ob_start(); //important or other posts will fail
if (isset($_SERVER['HTTPS'])) {
header('Pragma: ');
@@ -395,13 +395,13 @@ if ($_POST['download']) {
header("Cache-Control: private, must-revalidate");
}
header("Content-Type: application/octet-stream");
- header("Content-length: " . filesize("/tmp/{$file_name}"));
+ header("Content-length: " . filesize("{$g['tmp_path']}/{$file_name}"));
header("Content-disposition: attachment; filename = {$file_name}");
ob_end_clean(); //important or other post will fail
- readfile("/tmp/{$file_name}");
+ readfile("{$g['tmp_path']}/{$file_name}");
// Clean up the temp file
- unlink_if_exists("/tmp/{$file_name}");
+ unlink_if_exists("{$g['tmp_path']}/{$file_name}");
}
else
$savemsg = gettext("An error occurred while creating archive");
@@ -623,13 +623,13 @@ if ($savemsg) {
/* make sure alert file exists */
if (file_exists("{$snortlogdir}/snort_{$if_real}{$snort_uuid}/alert")) {
- exec("tail -{$anentries} -r {$snortlogdir}/snort_{$if_real}{$snort_uuid}/alert > /tmp/alert_{$snort_uuid}");
- if (file_exists("/tmp/alert_{$snort_uuid}")) {
+ exec("tail -{$anentries} -r {$snortlogdir}/snort_{$if_real}{$snort_uuid}/alert > {$g['tmp_path']}/alert_{$snort_uuid}");
+ if (file_exists("{$g['tmp_path']}/alert_{$snort_uuid}")) {
$tmpblocked = array_flip(snort_get_blocked_ips());
$counter = 0;
/* 0 1 2 3 4 5 6 7 8 9 10 11 12 */
/* File format timestamp,sig_generator,sig_id,sig_rev,msg,proto,src,srcport,dst,dstport,id,classification,priority */
- $fd = fopen("/tmp/alert_{$snort_uuid}", "r");
+ $fd = fopen("{$g['tmp_path']}/alert_{$snort_uuid}", "r");
while (($fields = fgetcsv($fd, 1000, ',', '"')) !== FALSE) {
if(count($fields) < 13)
continue;
@@ -748,7 +748,7 @@ if (file_exists("{$snortlogdir}/snort_{$if_real}{$snort_uuid}/alert")) {
$counter++;
}
fclose($fd);
- unlink_if_exists("/tmp/alert_{$snort_uuid}");
+ unlink_if_exists("{$g['tmp_path']}/alert_{$snort_uuid}");
}
}
?>
diff --git a/config/snort/snort_blocked.php b/config/snort/snort_blocked.php
index 2d0af2c3..39119210 100644
--- a/config/snort/snort_blocked.php
+++ b/config/snort/snort_blocked.php
@@ -91,20 +91,20 @@ if ($_POST['download'])
if (is_array($blocked_ips_array_save) && count($blocked_ips_array_save) > 0) {
$save_date = date("Y-m-d-H-i-s");
$file_name = "snort_blocked_{$save_date}.tar.gz";
- safe_mkdir("/tmp/snort_blocked");
- file_put_contents("/tmp/snort_blocked/snort_block.pf", "");
+ safe_mkdir("{$g['tmp_path']}/snort_blocked");
+ file_put_contents("{$g['tmp_path']}/snort_blocked/snort_block.pf", "");
foreach($blocked_ips_array_save as $counter => $fileline) {
if (empty($fileline))
continue;
$fileline = trim($fileline, " \n\t");
- file_put_contents("/tmp/snort_blocked/snort_block.pf", "{$fileline}\n", FILE_APPEND);
+ file_put_contents("{$g['tmp_path']}/snort_blocked/snort_block.pf", "{$fileline}\n", FILE_APPEND);
}
// Create a tar gzip archive of blocked host IP addresses
- exec("/usr/bin/tar -czf /tmp/{$file_name} -C/tmp/snort_blocked snort_block.pf");
+ exec("/usr/bin/tar -czf {$g['tmp_path']}/{$file_name} -C{$g['tmp_path']}/snort_blocked snort_block.pf");
// If we successfully created the archive, send it to the browser.
- if(file_exists("/tmp/{$file_name}")) {
+ if(file_exists("{$g['tmp_path']}/{$file_name}")) {
ob_start(); //important or other posts will fail
if (isset($_SERVER['HTTPS'])) {
header('Pragma: ');
@@ -114,14 +114,14 @@ if ($_POST['download'])
header("Cache-Control: private, must-revalidate");
}
header("Content-Type: application/octet-stream");
- header("Content-length: " . filesize("/tmp/{$file_name}"));
+ header("Content-length: " . filesize("{$g['tmp_path']}/{$file_name}"));
header("Content-disposition: attachment; filename = {$file_name}");
ob_end_clean(); //important or other post will fail
- readfile("/tmp/{$file_name}");
+ readfile("{$g['tmp_path']}/{$file_name}");
// Clean up the temp files and directory
- unlink_if_exists("/tmp/{$file_name}");
- rmdir_recursive("/tmp/snort_blocked");
+ unlink_if_exists("{$g['tmp_path']}/{$file_name}");
+ rmdir_recursive("{$g['tmp_path']}/snort_blocked");
} else
$savemsg = gettext("An error occurred while creating archive");
} else
diff --git a/config/snort/snort_post_install.php b/config/snort/snort_post_install.php
index d3bc4d63..040858b9 100644
--- a/config/snort/snort_post_install.php
+++ b/config/snort/snort_post_install.php
@@ -58,7 +58,7 @@ global $config, $g, $rebuild_rules, $pkg_interface, $snort_gui_include;
* updated GUI package. *
****************************************/
if (!defined('SNORT_SID_MODS_PATH'))
- define('SNORT_SID_MODS_PATH', '/var/db/snort/sidmods/');
+ define('SNORT_SID_MODS_PATH', "{$g['vardb_path']}/snort/sidmods/");
/****************************************
* End of PHP caching workaround *
diff --git a/config/snort/snort_sid_mgmt.php b/config/snort/snort_sid_mgmt.php
index 2ca8dba9..ea1a5b99 100644
--- a/config/snort/snort_sid_mgmt.php
+++ b/config/snort/snort_sid_mgmt.php
@@ -215,9 +215,9 @@ if (isset($_POST['sidlist_dnload']) && isset($_POST['sidlist_fname'])) {
if (isset($_POST['sidlist_dnload_all_x'])) {
$save_date = date("Y-m-d-H-i-s");
$file_name = "snort_sid_conf_files_{$save_date}.tar.gz";
- exec("cd {$sidmods_path} && /usr/bin/tar -czf /tmp/{$file_name} *");
+ exec("cd {$sidmods_path} && /usr/bin/tar -czf {$g['tmp_path']}/{$file_name} *");
- if (file_exists("/tmp/{$file_name}")) {
+ if (file_exists("{$g['tmp_path']}/{$file_name}")) {
ob_start(); //important or other posts will fail
if (isset($_SERVER['HTTPS'])) {
header('Pragma: ');
@@ -227,13 +227,13 @@ if (isset($_POST['sidlist_dnload_all_x'])) {
header("Cache-Control: private, must-revalidate");
}
header("Content-Type: application/octet-stream");
- header("Content-length: " . filesize("/tmp/{$file_name}"));
+ header("Content-length: " . filesize("{$g['tmp_path']}/{$file_name}"));
header("Content-disposition: attachment; filename = {$file_name}");
ob_end_clean(); //important or other post will fail
- readfile("/tmp/{$file_name}");
+ readfile("{$g['tmp_path']}/{$file_name}");
// Clean up the temp file
- unlink_if_exists("/tmp/{$file_name}");
+ unlink_if_exists("{$g['tmp_path']}/{$file_name}");
}
else
$savemsg = gettext("An error occurred while creating the gzip archive!");