aboutsummaryrefslogtreecommitdiffstats
path: root/config/snort
diff options
context:
space:
mode:
Diffstat (limited to 'config/snort')
-rw-r--r--config/snort/snort.inc8
-rw-r--r--config/snort/snort_download_rules.php58
-rw-r--r--config/snort/snort_interfaces_whitelist_edit.php8
-rw-r--r--config/snort/snort_rulesets.php2
4 files changed, 48 insertions, 28 deletions
diff --git a/config/snort/snort.inc b/config/snort/snort.inc
index 0094cff3..409d1230 100644
--- a/config/snort/snort.inc
+++ b/config/snort/snort.inc
@@ -37,7 +37,7 @@ require_once("functions.inc");
require_once("filter.inc");
/* package version */
-$snort_package_version = 'Snort 2.8.6.1 pkg v. 1.33';
+$snort_package_version = 'Snort 2.8.6.1 pkg v. 1.34';
/* find out if were in 1.2.3-RELEASE */
$pfsense_ver_chk = exec('/bin/cat /etc/version');
@@ -546,6 +546,7 @@ if($snort_arch_ck[0] == 'i386') {
{
exec('/bin/rm /usr/local/lib/snort/dynamicpreprocessor/lib_sfdynamic_preprocessor_example*');
}
+
/* add snort user and group note: 920 keep the numbers < 2000, above this is reserved in pfSense 2.0 */
exec('/usr/sbin/pw groupadd snort -g 920');
@@ -577,6 +578,11 @@ if($snort_arch_ck[0] == 'i386') {
{
exec('/bin/mkdir -p /var/log/snort/barnyard2/');
}
+
+ if(!file_exists('/usr/local/lib/snort/dynamicrules/'))
+ {
+ exec('/bin/mkdir -p /usr/local/lib/snort/dynamicrules/');
+ }
if(!file_exists('/var/db/whitelist'))
{
diff --git a/config/snort/snort_download_rules.php b/config/snort/snort_download_rules.php
index bb71e049..dc093015 100644
--- a/config/snort/snort_download_rules.php
+++ b/config/snort/snort_download_rules.php
@@ -526,12 +526,15 @@ if ($snortdownload == 'on')
chdir ("/usr/local/etc/snort/rules");
sleep(2);
exec('/usr/local/bin/perl /usr/local/bin/snort_rename.pl s/^/snort_/ *.rules');
- /* extract so rules */
- exec("/usr/bin/tar xzf {$tmpfname}/{$snort_filename} -C {$snortdir} so_rules/precompiled/$freebsd_version_so/i386/2.8.6.1/");
- exec('/bin/mkdir -p /usr/local/lib/snort/dynamicrules/');
- exec("/bin/mv -f {$snortdir}/so_rules/precompiled/$freebsd_version_so/i386/2.8.6.1/* /usr/local/lib/snort/dynamicrules/");
- /* extract so rules none bin and rename */
- exec("/usr/bin/tar xzf {$tmpfname}/{$snort_filename} -C {$snortdir} so_rules/bad-traffic.rules/" .
+
+ /* extract so rules on for x86 for now */
+ /* TODO: ask snort.org to build x64 version of so rules for Freebsd 8.1 Sept 05,2010 */
+ if($snort_arch == 'x86'){
+ exec("/usr/bin/tar xzf {$tmpfname}/{$snort_filename} -C {$snortdir} so_rules/precompiled/$freebsd_version_so/i386/2.8.6.1/");
+ exec('/bin/mkdir -p /usr/local/lib/snort/dynamicrules/');
+ exec("/bin/mv -f {$snortdir}/so_rules/precompiled/$freebsd_version_so/i386/2.8.6.1/* /usr/local/lib/snort/dynamicrules/");
+ /* extract so rules none bin and rename */
+ exec("/usr/bin/tar xzf {$tmpfname}/{$snort_filename} -C {$snortdir} so_rules/bad-traffic.rules/" .
" so_rules/chat.rules/" .
" so_rules/dos.rules/" .
" so_rules/exploit.rules/" .
@@ -549,24 +552,25 @@ if ($snortdownload == 'on')
" so_rules/web-iis.rules/" .
" so_rules/web-misc.rules/");
- exec("/bin/mv -f {$snortdir}/so_rules/bad-traffic.rules {$snortdir}/rules/snort_bad-traffic.so.rules");
- exec("/bin/mv -f {$snortdir}/so_rules/chat.rules {$snortdir}/rules/snort_chat.so.rules");
- exec("/bin/mv -f {$snortdir}/so_rules/dos.rules {$snortdir}/rules/snort_dos.so.rules");
- exec("/bin/mv -f {$snortdir}/so_rules/exploit.rules {$snortdir}/rules/snort_exploit.so.rules");
- exec("/bin/mv -f {$snortdir}/so_rules/icmp.rules {$snortdir}/rules/snort_icmp.so.rules");
- exec("/bin/mv -f {$snortdir}/so_rules/imap.rules {$snortdir}/rules/snort_imap.so.rules");
- exec("/bin/mv -f {$snortdir}/so_rules/misc.rules {$snortdir}/rules/snort_misc.so.rules");
- exec("/bin/mv -f {$snortdir}/so_rules/multimedia.rules {$snortdir}/rules/snort_multimedia.so.rules");
- exec("/bin/mv -f {$snortdir}/so_rules/netbios.rules {$snortdir}/rules/snort_netbios.so.rules");
- exec("/bin/mv -f {$snortdir}/so_rules/nntp.rules {$snortdir}/rules/snort_nntp.so.rules");
- exec("/bin/mv -f {$snortdir}/so_rules/p2p.rules {$snortdir}/rules/snort_p2p.so.rules");
- exec("/bin/mv -f {$snortdir}/so_rules/smtp.rules {$snortdir}/rules/snort_smtp.so.rules");
- exec("/bin/mv -f {$snortdir}/so_rules/sql.rules {$snortdir}/rules/snort_sql.so.rules");
- exec("/bin/mv -f {$snortdir}/so_rules/web-activex.rules {$snortdir}/rules/snort_web-activex.so.rules");
- exec("/bin/mv -f {$snortdir}/so_rules/web-client.rules {$snortdir}/rules/snort_web-client.so.rules");
- exec("/bin/mv -f {$snortdir}/so_rules/web-iis.rules {$snortdir}/rules/snort_web-iis.so.rules");
- exec("/bin/mv -f {$snortdir}/so_rules/web-misc.rules {$snortdir}/rules/snort_web-misc.so.rules");
- exec("/bin/rm -r {$snortdir}/so_rules");
+ exec("/bin/mv -f {$snortdir}/so_rules/bad-traffic.rules {$snortdir}/rules/snort_bad-traffic.so.rules");
+ exec("/bin/mv -f {$snortdir}/so_rules/chat.rules {$snortdir}/rules/snort_chat.so.rules");
+ exec("/bin/mv -f {$snortdir}/so_rules/dos.rules {$snortdir}/rules/snort_dos.so.rules");
+ exec("/bin/mv -f {$snortdir}/so_rules/exploit.rules {$snortdir}/rules/snort_exploit.so.rules");
+ exec("/bin/mv -f {$snortdir}/so_rules/icmp.rules {$snortdir}/rules/snort_icmp.so.rules");
+ exec("/bin/mv -f {$snortdir}/so_rules/imap.rules {$snortdir}/rules/snort_imap.so.rules");
+ exec("/bin/mv -f {$snortdir}/so_rules/misc.rules {$snortdir}/rules/snort_misc.so.rules");
+ exec("/bin/mv -f {$snortdir}/so_rules/multimedia.rules {$snortdir}/rules/snort_multimedia.so.rules");
+ exec("/bin/mv -f {$snortdir}/so_rules/netbios.rules {$snortdir}/rules/snort_netbios.so.rules");
+ exec("/bin/mv -f {$snortdir}/so_rules/nntp.rules {$snortdir}/rules/snort_nntp.so.rules");
+ exec("/bin/mv -f {$snortdir}/so_rules/p2p.rules {$snortdir}/rules/snort_p2p.so.rules");
+ exec("/bin/mv -f {$snortdir}/so_rules/smtp.rules {$snortdir}/rules/snort_smtp.so.rules");
+ exec("/bin/mv -f {$snortdir}/so_rules/sql.rules {$snortdir}/rules/snort_sql.so.rules");
+ exec("/bin/mv -f {$snortdir}/so_rules/web-activex.rules {$snortdir}/rules/snort_web-activex.so.rules");
+ exec("/bin/mv -f {$snortdir}/so_rules/web-client.rules {$snortdir}/rules/snort_web-client.so.rules");
+ exec("/bin/mv -f {$snortdir}/so_rules/web-iis.rules {$snortdir}/rules/snort_web-iis.so.rules");
+ exec("/bin/mv -f {$snortdir}/so_rules/web-misc.rules {$snortdir}/rules/snort_web-misc.so.rules");
+ exec("/bin/rm -r {$snortdir}/so_rules");
+ }
/* extract base etc files */
exec("/usr/bin/tar xzf {$tmpfname}/{$snort_filename} -C {$snortdir} etc/");
@@ -824,6 +828,12 @@ function oinkmaster_run($id, $if_real, $iface_uuid)
/* might have to add a sleep for 3sec for flash drives or old drives */
exec("/usr/local/bin/perl /usr/local/bin/oinkmaster.pl -C /usr/local/etc/snort/snort_{$iface_uuid}_{$if_real}/oinkmaster_{$iface_uuid}_{$if_real}.conf -o /usr/local/etc/snort/snort_{$iface_uuid}_{$if_real}/rules > /usr/local/etc/snort/oinkmaster_{$iface_uuid}_{$if_real}.log");
+
+ /* TODO: Remove this code when x64 so rules are ready */
+ if($snort_arch == 'x64'){
+ exec("/bin/rm -r /usr/local/etc/snort/snort_{$iface_uuid}_{$if_real}/rules/*.so.rules");
+ }
+
}
}
}
diff --git a/config/snort/snort_interfaces_whitelist_edit.php b/config/snort/snort_interfaces_whitelist_edit.php
index 5ccc9965..6723ec8a 100644
--- a/config/snort/snort_interfaces_whitelist_edit.php
+++ b/config/snort/snort_interfaces_whitelist_edit.php
@@ -106,13 +106,16 @@ if (isset($id) && $a_whitelist[$id]) {
if (file_exists("$d_snort_whitelist_dirty_path")) {
conf_mount_rw();
- write_config();
- sync_snort_package_config();
+ /* create whitelist and homenet file then sync files */
+ sync_snort_package_empty();
sync_snort_package();
unlink("$d_snort_whitelist_dirty_path");
+ write_config();
+ conf_mount_ro();
+
}
}
@@ -233,6 +236,7 @@ if ($_POST['submit']) {
$pconfig['address'] = $address;
$pconfig['detail'] = $final_address_details;
}
+
}
$pgtitle = "Services: Snort: Whitelist: Edit $whitelist_uuid";
diff --git a/config/snort/snort_rulesets.php b/config/snort/snort_rulesets.php
index 29e4b51a..e7838c9f 100644
--- a/config/snort/snort_rulesets.php
+++ b/config/snort/snort_rulesets.php
@@ -260,7 +260,7 @@ echo '</div>' . "\n";
<table id="sortabletable1" class="sortable" width="100%" border="0" cellpadding="0" cellspacing="0">
<tr id="frheader">
<td width="5%" class="listhdrr">Enabled</td>
- <td class="listhdrr">Ruleset: Rules that end with "so.rules" are shared object rules.</td>
+ <td class="listhdrr"><?php if($snort_arch == 'x86'){echo 'Ruleset: Rules that end with "so.rules" are shared object rules.';}else{echo 'Shared object rules are "so.rules" and not available on Pfsense 2.0 64 bit.';}?></td>
<!-- <td class="listhdrr">Description</td> -->
</tr>
<?php