aboutsummaryrefslogtreecommitdiffstats
path: root/config/snort
diff options
context:
space:
mode:
Diffstat (limited to 'config/snort')
-rwxr-xr-xconfig/snort/snort_alerts.php5
-rw-r--r--config/snort/snort_blocked.php3
-rwxr-xr-xconfig/snort/snort_define_servers.php2
-rwxr-xr-xconfig/snort/snort_download_updates.php2
-rw-r--r--config/snort/snort_edit_hat_data.php4
-rwxr-xr-xconfig/snort/snort_interfaces_edit.php2
-rw-r--r--config/snort/snort_interfaces_whitelist_edit.php2
-rw-r--r--config/snort/snort_migrate_config.php2
-rwxr-xr-xconfig/snort/snort_preprocessors.php14
-rwxr-xr-xconfig/snort/snort_rules.php10
-rwxr-xr-xconfig/snort/snort_rulesets.php6
11 files changed, 40 insertions, 12 deletions
diff --git a/config/snort/snort_alerts.php b/config/snort/snort_alerts.php
index 2b957f61..97174cdd 100755
--- a/config/snort/snort_alerts.php
+++ b/config/snort/snort_alerts.php
@@ -221,16 +221,17 @@ if ($_GET['action'] == "clear" || $_POST['delete']) {
$fd = @fopen("/var/log/snort/snort_{$if_real}{$snort_uuid}/alert", "w+");
if ($fd)
fclose($fd);
- conf_mount_ro();
/* XXX: This is needed if snort is run as snort user */
mwexec('/bin/chmod 660 /var/log/snort/*', true);
if (file_exists("{$g['varrun_path']}/snort_{$if_real}{$snort_uuid}.pid"))
mwexec("/bin/pkill -HUP -F {$g['varrun_path']}/snort_{$if_real}{$snort_uuid}.pid -a");
+ conf_mount_ro();
header("Location: /snort/snort_alerts.php?instance={$instanceid}");
exit;
}
if ($_POST['download']) {
+ conf_mount_rw();
$save_date = exec('/bin/date "+%Y-%m-%d-%H-%M-%S"');
$file_name = "snort_logs_{$save_date}_{$if_real}.tar.gz";
exec("cd /var/log/snort/snort_{$if_real}{$snort_uuid} && /usr/bin/tar -czf /tmp/{$file_name} *");
@@ -255,6 +256,8 @@ if ($_POST['download']) {
}
else
$savemsg = gettext("An error occurred while creating archive");
+
+ conf_mount_ro();
}
/* Load up an array with the current Suppression List GID,SID values */
diff --git a/config/snort/snort_blocked.php b/config/snort/snort_blocked.php
index 8d106a90..95109660 100644
--- a/config/snort/snort_blocked.php
+++ b/config/snort/snort_blocked.php
@@ -63,6 +63,7 @@ if ($_POST['remove']) {
/* TODO: build a file with block ip and disc */
if ($_POST['download'])
{
+ conf_mount_rw();
$blocked_ips_array_save = "";
exec('/sbin/pfctl -t snort2c -T show', $blocked_ips_array_save);
/* build the list */
@@ -104,6 +105,8 @@ if ($_POST['download'])
$savemsg = gettext("An error occurred while creating archive");
} else
$savemsg = gettext("No content on snort block list");
+
+ conf_mount_ro();
}
if ($_POST['save'])
diff --git a/config/snort/snort_define_servers.php b/config/snort/snort_define_servers.php
index e9fcfcab..7b729208 100755
--- a/config/snort/snort_define_servers.php
+++ b/config/snort/snort_define_servers.php
@@ -131,11 +131,13 @@ if ($_POST) {
$a_nat[$id] = $natent;
+ conf_mount_rw();
write_config();
/* Update the snort conf file for this interface. */
$rebuild_rules = false;
snort_generate_conf($a_nat[$id]);
+ conf_mount_ro();
/* after click go to this page */
header( 'Expires: Sat, 26 Jul 1997 05:00:00 GMT' );
diff --git a/config/snort/snort_download_updates.php b/config/snort/snort_download_updates.php
index 5c9b8210..fc97ab96 100755
--- a/config/snort/snort_download_updates.php
+++ b/config/snort/snort_download_updates.php
@@ -87,8 +87,10 @@ if (file_exists("{$snortdir}/{$snort_community_rules_filename}.md5"))
/* Check for postback to see if we should clear the update log file. */
if (isset($_POST['clear'])) {
+ conf_mount_rw();
if (file_exists("{$snort_rules_upd_log}"))
mwexec("/bin/rm -f {$snort_rules_upd_log}");
+ conf_mount_ro();
}
if (isset($_POST['update'])) {
diff --git a/config/snort/snort_edit_hat_data.php b/config/snort/snort_edit_hat_data.php
index f6d00b0b..9189c936 100644
--- a/config/snort/snort_edit_hat_data.php
+++ b/config/snort/snort_edit_hat_data.php
@@ -61,19 +61,23 @@ else
$pconfig['host_attribute_data'] = "";
if ($_POST['clear']) {
+ conf_mount_rw();
unset($a_nat[$id]['host_attribute_data']);
write_config();
$rebuild_rules = false;
snort_generate_conf($a_nat[$id]);
+ conf_mount_ro();
header("Location: /snort/snort_edit_hat_data.php?id={$id}");
exit;
}
if ($_POST['host_attribute_data']) {
+ conf_mount_rw();
$a_nat[$id]['host_attribute_data'] = base64_encode($_POST['host_attribute_data']);
write_config();
$rebuild_rules = false;
snort_generate_conf($a_nat[$id]);
+ conf_mount_ro();
header("Location: /snort/snort_preprocessors.php?id={$id}");
exit;
}
diff --git a/config/snort/snort_interfaces_edit.php b/config/snort/snort_interfaces_edit.php
index 9d488207..0a99e60a 100755
--- a/config/snort/snort_interfaces_edit.php
+++ b/config/snort/snort_interfaces_edit.php
@@ -150,8 +150,10 @@ if ($_POST["Submit"]) {
if ($natent['interface'] != $a_rule[$id]['interface']) {
$oif_real = snort_get_real_interface($a_rule[$id]['interface']);
snort_stop($a_rule[$id], $oif_real);
+ conf_mount_rw();
exec("rm -r /var/log/snort_{$oif_real}" . $a_rule[$id]['uuid']);
exec("mv -f {$snortdir}/snort_" . $a_rule[$id]['uuid'] . "_{$oif_real} {$snortdir}/snort_" . $a_rule[$id]['uuid'] . "_{$if_real}");
+ conf_mount_ro();
}
$a_rule[$id] = $natent;
} else {
diff --git a/config/snort/snort_interfaces_whitelist_edit.php b/config/snort/snort_interfaces_whitelist_edit.php
index cbc31378..882c2b6f 100644
--- a/config/snort/snort_interfaces_whitelist_edit.php
+++ b/config/snort/snort_interfaces_whitelist_edit.php
@@ -100,8 +100,6 @@ if ($_GET['act'] == "import") {
}
if ($_POST['submit']) {
- conf_mount_rw();
-
unset($input_errors);
$pconfig = $_POST;
diff --git a/config/snort/snort_migrate_config.php b/config/snort/snort_migrate_config.php
index 1a555408..61989e99 100644
--- a/config/snort/snort_migrate_config.php
+++ b/config/snort/snort_migrate_config.php
@@ -296,7 +296,7 @@ unset($r);
// Write out the new configuration to disk if we changed anything
if ($updated_cfg) {
- $config['installedpackages']['snortglobal']['snort_config_ver'] = "3.0.1";
+ $config['installedpackages']['snortglobal']['snort_config_ver'] = "3.0.2";
log_error("[Snort] Saving configuration settings in new format...");
write_config();
log_error("[Snort] Settings successfully migrated to new configuration format...");
diff --git a/config/snort/snort_preprocessors.php b/config/snort/snort_preprocessors.php
index 289a3941..d1b3e5be 100755
--- a/config/snort/snort_preprocessors.php
+++ b/config/snort/snort_preprocessors.php
@@ -509,25 +509,27 @@ elseif ($_POST['Submit']) {
$natent['stream5_track_udp'] = $_POST['stream5_track_udp'] ? 'on' : 'off';
$natent['stream5_track_icmp'] = $_POST['stream5_track_icmp'] ? 'on' : 'off';
- /* If 'preproc_auto_rule_disable' is off, then clear log file */
- if ($natent['preproc_auto_rule_disable'] == 'off')
- @unlink("{$disabled_rules_log}");
-
if (isset($id) && $a_nat[$id]) {
$a_nat[$id] = $natent;
write_config();
}
- /* Set flag to rebuild rules for this interface */
- $rebuild_rules = true;
+ conf_mount_rw();
/*************************************************/
/* Update the snort.conf file and rebuild the */
/* rules for this interface. */
/*************************************************/
+ $rebuild_rules = true;
snort_generate_conf($natent);
$rebuild_rules = false;
+ /* If 'preproc_auto_rule_disable' is off, then clear log file */
+ if ($natent['preproc_auto_rule_disable'] == 'off')
+ @unlink("{$disabled_rules_log}");
+
+ conf_mount_ro();
+
/*******************************************************/
/* Signal Snort to reload Host Attribute Table if one */
/* is configured and saved. */
diff --git a/config/snort/snort_rules.php b/config/snort/snort_rules.php
index 0434f88f..37b06914 100755
--- a/config/snort/snort_rules.php
+++ b/config/snort/snort_rules.php
@@ -319,21 +319,25 @@ if ($_GET['act'] == "resetall" && !empty($rules_map)) {
}
if ($_POST['clear']) {
+ conf_mount_rw();
unset($a_rule[$id]['customrules']);
write_config();
$rebuild_rules = true;
snort_generate_conf($a_rule[$id]);
$rebuild_rules = false;
+ conf_mount_ro();
header("Location: /snort/snort_rules.php?id={$id}&openruleset={$currentruleset}");
exit;
}
if ($_POST['customrules']) {
+ conf_mount_rw();
$a_rule[$id]['customrules'] = base64_encode($_POST['customrules']);
write_config();
$rebuild_rules = true;
snort_generate_conf($a_rule[$id]);
$rebuild_rules = false;
+ conf_mount_ro();
$output = "";
$retcode = "";
exec("/usr/local/bin/snort -T -c {$snortdir}/snort_{$snort_uuid}_{$if_real}/snort.conf 2>&1", $output, $retcode);
@@ -352,7 +356,7 @@ if ($_POST['customrules']) {
}
else if ($_POST['apply']) {
-
+ conf_mount_rw();
/* Save new configuration */
write_config();
@@ -363,6 +367,10 @@ else if ($_POST['apply']) {
$rebuild_rules = true;
snort_generate_conf($a_rule[$id]);
$rebuild_rules = false;
+ conf_mount_ro();
+
+ /* Soft-restart Snort to live-load new rules */
+ snort_reload_config($a_rule[$id]);
/* Return to this same page */
header("Location: /snort/snort_rules.php?id={$id}&openruleset={$currentruleset}");
diff --git a/config/snort/snort_rulesets.php b/config/snort/snort_rulesets.php
index 62b68a1b..dc37cb10 100755
--- a/config/snort/snort_rulesets.php
+++ b/config/snort/snort_rulesets.php
@@ -118,7 +118,6 @@ if ($a_nat[$id]['ips_policy_enable'] == 'on') {
else
$disable_vrt_rules = "";
-/* alert file */
if ($_POST["Submit"]) {
if ($_POST['ips_policy_enable'] == "on") {
@@ -146,6 +145,7 @@ if ($_POST["Submit"]) {
@unlink("{$snortdir}/snort_{$snort_uuid}_{$if_real}/rules/{$flowbit_rules_file}");
}
+ conf_mount_rw();
write_config();
/*************************************************/
@@ -155,6 +155,10 @@ if ($_POST["Submit"]) {
$rebuild_rules = true;
snort_generate_conf($a_nat[$id]);
$rebuild_rules = false;
+ conf_mount_ro();
+
+ /* Soft-restart Snort to live-load new rules */
+ snort_reload_config($a_nat[$id]);
header("Location: /snort/snort_rulesets.php?id=$id");
exit;