diff options
Diffstat (limited to 'config/snort')
-rw-r--r-- | config/snort/snort.inc | 8 | ||||
-rw-r--r-- | config/snort/snort_download_rules.php | 58 | ||||
-rw-r--r-- | config/snort/snort_interfaces_whitelist_edit.php | 8 | ||||
-rw-r--r-- | config/snort/snort_rulesets.php | 2 |
4 files changed, 48 insertions, 28 deletions
diff --git a/config/snort/snort.inc b/config/snort/snort.inc index 0094cff3..409d1230 100644 --- a/config/snort/snort.inc +++ b/config/snort/snort.inc @@ -37,7 +37,7 @@ require_once("functions.inc"); require_once("filter.inc"); /* package version */ -$snort_package_version = 'Snort 2.8.6.1 pkg v. 1.33'; +$snort_package_version = 'Snort 2.8.6.1 pkg v. 1.34'; /* find out if were in 1.2.3-RELEASE */ $pfsense_ver_chk = exec('/bin/cat /etc/version'); @@ -546,6 +546,7 @@ if($snort_arch_ck[0] == 'i386') { { exec('/bin/rm /usr/local/lib/snort/dynamicpreprocessor/lib_sfdynamic_preprocessor_example*'); } + /* add snort user and group note: 920 keep the numbers < 2000, above this is reserved in pfSense 2.0 */ exec('/usr/sbin/pw groupadd snort -g 920'); @@ -577,6 +578,11 @@ if($snort_arch_ck[0] == 'i386') { { exec('/bin/mkdir -p /var/log/snort/barnyard2/'); } + + if(!file_exists('/usr/local/lib/snort/dynamicrules/')) + { + exec('/bin/mkdir -p /usr/local/lib/snort/dynamicrules/'); + } if(!file_exists('/var/db/whitelist')) { diff --git a/config/snort/snort_download_rules.php b/config/snort/snort_download_rules.php index bb71e049..dc093015 100644 --- a/config/snort/snort_download_rules.php +++ b/config/snort/snort_download_rules.php @@ -526,12 +526,15 @@ if ($snortdownload == 'on') chdir ("/usr/local/etc/snort/rules"); sleep(2); exec('/usr/local/bin/perl /usr/local/bin/snort_rename.pl s/^/snort_/ *.rules'); - /* extract so rules */ - exec("/usr/bin/tar xzf {$tmpfname}/{$snort_filename} -C {$snortdir} so_rules/precompiled/$freebsd_version_so/i386/2.8.6.1/"); - exec('/bin/mkdir -p /usr/local/lib/snort/dynamicrules/'); - exec("/bin/mv -f {$snortdir}/so_rules/precompiled/$freebsd_version_so/i386/2.8.6.1/* /usr/local/lib/snort/dynamicrules/"); - /* extract so rules none bin and rename */ - exec("/usr/bin/tar xzf {$tmpfname}/{$snort_filename} -C {$snortdir} so_rules/bad-traffic.rules/" . + + /* extract so rules on for x86 for now */ + /* TODO: ask snort.org to build x64 version of so rules for Freebsd 8.1 Sept 05,2010 */ + if($snort_arch == 'x86'){ + exec("/usr/bin/tar xzf {$tmpfname}/{$snort_filename} -C {$snortdir} so_rules/precompiled/$freebsd_version_so/i386/2.8.6.1/"); + exec('/bin/mkdir -p /usr/local/lib/snort/dynamicrules/'); + exec("/bin/mv -f {$snortdir}/so_rules/precompiled/$freebsd_version_so/i386/2.8.6.1/* /usr/local/lib/snort/dynamicrules/"); + /* extract so rules none bin and rename */ + exec("/usr/bin/tar xzf {$tmpfname}/{$snort_filename} -C {$snortdir} so_rules/bad-traffic.rules/" . " so_rules/chat.rules/" . " so_rules/dos.rules/" . " so_rules/exploit.rules/" . @@ -549,24 +552,25 @@ if ($snortdownload == 'on') " so_rules/web-iis.rules/" . " so_rules/web-misc.rules/"); - exec("/bin/mv -f {$snortdir}/so_rules/bad-traffic.rules {$snortdir}/rules/snort_bad-traffic.so.rules"); - exec("/bin/mv -f {$snortdir}/so_rules/chat.rules {$snortdir}/rules/snort_chat.so.rules"); - exec("/bin/mv -f {$snortdir}/so_rules/dos.rules {$snortdir}/rules/snort_dos.so.rules"); - exec("/bin/mv -f {$snortdir}/so_rules/exploit.rules {$snortdir}/rules/snort_exploit.so.rules"); - exec("/bin/mv -f {$snortdir}/so_rules/icmp.rules {$snortdir}/rules/snort_icmp.so.rules"); - exec("/bin/mv -f {$snortdir}/so_rules/imap.rules {$snortdir}/rules/snort_imap.so.rules"); - exec("/bin/mv -f {$snortdir}/so_rules/misc.rules {$snortdir}/rules/snort_misc.so.rules"); - exec("/bin/mv -f {$snortdir}/so_rules/multimedia.rules {$snortdir}/rules/snort_multimedia.so.rules"); - exec("/bin/mv -f {$snortdir}/so_rules/netbios.rules {$snortdir}/rules/snort_netbios.so.rules"); - exec("/bin/mv -f {$snortdir}/so_rules/nntp.rules {$snortdir}/rules/snort_nntp.so.rules"); - exec("/bin/mv -f {$snortdir}/so_rules/p2p.rules {$snortdir}/rules/snort_p2p.so.rules"); - exec("/bin/mv -f {$snortdir}/so_rules/smtp.rules {$snortdir}/rules/snort_smtp.so.rules"); - exec("/bin/mv -f {$snortdir}/so_rules/sql.rules {$snortdir}/rules/snort_sql.so.rules"); - exec("/bin/mv -f {$snortdir}/so_rules/web-activex.rules {$snortdir}/rules/snort_web-activex.so.rules"); - exec("/bin/mv -f {$snortdir}/so_rules/web-client.rules {$snortdir}/rules/snort_web-client.so.rules"); - exec("/bin/mv -f {$snortdir}/so_rules/web-iis.rules {$snortdir}/rules/snort_web-iis.so.rules"); - exec("/bin/mv -f {$snortdir}/so_rules/web-misc.rules {$snortdir}/rules/snort_web-misc.so.rules"); - exec("/bin/rm -r {$snortdir}/so_rules"); + exec("/bin/mv -f {$snortdir}/so_rules/bad-traffic.rules {$snortdir}/rules/snort_bad-traffic.so.rules"); + exec("/bin/mv -f {$snortdir}/so_rules/chat.rules {$snortdir}/rules/snort_chat.so.rules"); + exec("/bin/mv -f {$snortdir}/so_rules/dos.rules {$snortdir}/rules/snort_dos.so.rules"); + exec("/bin/mv -f {$snortdir}/so_rules/exploit.rules {$snortdir}/rules/snort_exploit.so.rules"); + exec("/bin/mv -f {$snortdir}/so_rules/icmp.rules {$snortdir}/rules/snort_icmp.so.rules"); + exec("/bin/mv -f {$snortdir}/so_rules/imap.rules {$snortdir}/rules/snort_imap.so.rules"); + exec("/bin/mv -f {$snortdir}/so_rules/misc.rules {$snortdir}/rules/snort_misc.so.rules"); + exec("/bin/mv -f {$snortdir}/so_rules/multimedia.rules {$snortdir}/rules/snort_multimedia.so.rules"); + exec("/bin/mv -f {$snortdir}/so_rules/netbios.rules {$snortdir}/rules/snort_netbios.so.rules"); + exec("/bin/mv -f {$snortdir}/so_rules/nntp.rules {$snortdir}/rules/snort_nntp.so.rules"); + exec("/bin/mv -f {$snortdir}/so_rules/p2p.rules {$snortdir}/rules/snort_p2p.so.rules"); + exec("/bin/mv -f {$snortdir}/so_rules/smtp.rules {$snortdir}/rules/snort_smtp.so.rules"); + exec("/bin/mv -f {$snortdir}/so_rules/sql.rules {$snortdir}/rules/snort_sql.so.rules"); + exec("/bin/mv -f {$snortdir}/so_rules/web-activex.rules {$snortdir}/rules/snort_web-activex.so.rules"); + exec("/bin/mv -f {$snortdir}/so_rules/web-client.rules {$snortdir}/rules/snort_web-client.so.rules"); + exec("/bin/mv -f {$snortdir}/so_rules/web-iis.rules {$snortdir}/rules/snort_web-iis.so.rules"); + exec("/bin/mv -f {$snortdir}/so_rules/web-misc.rules {$snortdir}/rules/snort_web-misc.so.rules"); + exec("/bin/rm -r {$snortdir}/so_rules"); + } /* extract base etc files */ exec("/usr/bin/tar xzf {$tmpfname}/{$snort_filename} -C {$snortdir} etc/"); @@ -824,6 +828,12 @@ function oinkmaster_run($id, $if_real, $iface_uuid) /* might have to add a sleep for 3sec for flash drives or old drives */ exec("/usr/local/bin/perl /usr/local/bin/oinkmaster.pl -C /usr/local/etc/snort/snort_{$iface_uuid}_{$if_real}/oinkmaster_{$iface_uuid}_{$if_real}.conf -o /usr/local/etc/snort/snort_{$iface_uuid}_{$if_real}/rules > /usr/local/etc/snort/oinkmaster_{$iface_uuid}_{$if_real}.log"); + + /* TODO: Remove this code when x64 so rules are ready */ + if($snort_arch == 'x64'){ + exec("/bin/rm -r /usr/local/etc/snort/snort_{$iface_uuid}_{$if_real}/rules/*.so.rules"); + } + } } } diff --git a/config/snort/snort_interfaces_whitelist_edit.php b/config/snort/snort_interfaces_whitelist_edit.php index 5ccc9965..6723ec8a 100644 --- a/config/snort/snort_interfaces_whitelist_edit.php +++ b/config/snort/snort_interfaces_whitelist_edit.php @@ -106,13 +106,16 @@ if (isset($id) && $a_whitelist[$id]) { if (file_exists("$d_snort_whitelist_dirty_path")) { conf_mount_rw(); - write_config(); - sync_snort_package_config(); + /* create whitelist and homenet file then sync files */ + sync_snort_package_empty(); sync_snort_package(); unlink("$d_snort_whitelist_dirty_path"); + write_config(); + conf_mount_ro(); + } } @@ -233,6 +236,7 @@ if ($_POST['submit']) { $pconfig['address'] = $address; $pconfig['detail'] = $final_address_details; } + } $pgtitle = "Services: Snort: Whitelist: Edit $whitelist_uuid"; diff --git a/config/snort/snort_rulesets.php b/config/snort/snort_rulesets.php index 29e4b51a..e7838c9f 100644 --- a/config/snort/snort_rulesets.php +++ b/config/snort/snort_rulesets.php @@ -260,7 +260,7 @@ echo '</div>' . "\n"; <table id="sortabletable1" class="sortable" width="100%" border="0" cellpadding="0" cellspacing="0"> <tr id="frheader"> <td width="5%" class="listhdrr">Enabled</td> - <td class="listhdrr">Ruleset: Rules that end with "so.rules" are shared object rules.</td> + <td class="listhdrr"><?php if($snort_arch == 'x86'){echo 'Ruleset: Rules that end with "so.rules" are shared object rules.';}else{echo 'Shared object rules are "so.rules" and not available on Pfsense 2.0 64 bit.';}?></td> <!-- <td class="listhdrr">Description</td> --> </tr> <?php |