aboutsummaryrefslogtreecommitdiffstats
path: root/config/snort
diff options
context:
space:
mode:
Diffstat (limited to 'config/snort')
-rwxr-xr-xconfig/snort/snort_check_for_rule_updates.php190
1 files changed, 110 insertions, 80 deletions
diff --git a/config/snort/snort_check_for_rule_updates.php b/config/snort/snort_check_for_rule_updates.php
index 2c8e39eb..f5810aff 100755
--- a/config/snort/snort_check_for_rule_updates.php
+++ b/config/snort/snort_check_for_rule_updates.php
@@ -42,7 +42,6 @@ $snortdir = SNORTDIR;
$snortlibdir = SNORTLIBDIR;
$snortlogdir = SNORTLOGDIR;
-$orig_pkg_interface = $pkg_interface;
if ($snort_gui_include)
$pkg_interface = "";
else
@@ -100,30 +99,44 @@ if ($snortdownload == 'on') {
update_status(gettext("Downloading Snort VRT md5 file..."));
error_log(gettext("\tDownloading Snort VRT md5 file...\n"), 3, $snort_rules_upd_log);
$max_tries = 4;
+ $rc = true;
while ($max_tries > 0) {
- $image = @file_get_contents("{$snort_rule_url}{$snort_filename_md5}");
- if (false === $image) {
- $max_tries--;
- if ($max_tries > 0)
- sleep(30);
- continue;
- } else
- break;
- }
- log_error("[Snort] Snort MD5 Attempts: " . (4 - $max_tries + 1));
- error_log("\tChecking Snort VRT md5 file...\n", 3, $snort_rules_upd_log);
- @file_put_contents("{$tmpfname}/{$snort_filename_md5}", $image);
- if (0 == filesize("{$tmpfname}/{$snort_filename_md5}")) {
+ $rc = download_file_with_progress_bar("{$snort_rule_url}{$snort_filename_md5}", "{$tmpfname}/{$snort_filename_md5}");
+ if ($rc == true)
+ break;
+ else {
+ /* If "forbidden" error, no need to retry so just exit */
+ if ($rc == 403)
+ break;
+ $max_tries--;
+ if ($max_tries > 0) {
+ if ($pkg_interface <> "console")
+ update_status(gettext("Server returned error code '{$rc}' ... retrying in 15 seconds..."));
+ log_error(gettext("[Snort] Snort VRT md5 download server returned error '{$rc}' ... retry in 15 seconds..."));
+ error_log(gettext("\tSnort VRT md5 download server returned error '{$rc}' ... retry in 15 secs...\n"), 3, $snort_rules_upd_log);
+ sleep(15);
+ }
+ continue;
+ }
+ }
+ log_error("[Snort] Snort MD5 Attempts: " . (4 - $max_tries + 1));
+ if ($rc == true) {
+ if ($pkg_interface <> "console")
+ update_status(gettext("Done downloading snort.org md5."));
+ error_log("\tChecking Snort VRT md5 file...\n", 3, $snort_rules_upd_log);
+ }
+ else {
+ if ($rc == 403)
+ $snort_err_msg = gettext("Too many attempts or Oinkcode not authorized for this level or version.");
+ else
+ $snort_err_msg = gettext("Server returned error code '{$rc}'.");
if ($pkg_interface <> "console") {
- update_status(gettext("Please wait... You may only check for New Rules every 15 minutes..."));
- update_output_window(gettext("Rules are released every month from snort.org. You may download the Rules at any time."));
+ update_status(gettext("Snort VRT md5 error ... {$snort_err_msg}..."));
+ update_output_window(gettext("You may download Snort VRT Rules once every 15 minutes."));
}
- log_error(gettext("[Snort] Please wait... You may only check for New Rules every 15 minutes..."));
+ log_error(gettext("[Snort] Snort VRT md5 download failed. {snort_err_msg}..."));
$snortdownload = 'off';
- error_log(gettext("\tSnort VRT md5 download failed. Site may be offline or Oinkcode is not authorized for this level or version.\n"), 3, $snort_rules_upd_log);
- } else {
- if ($pkg_interface <> "console")
- update_status(gettext("Done downloading snort.org md5."));
+ error_log(gettext("\tSnort VRT md5 download failed. {snort_err_msg}\n"), 3, $snort_rules_upd_log);
}
}
@@ -149,46 +162,33 @@ if ($snortdownload == 'on') {
log_error(gettext("[Snort] There is a new set of Snort VRT rules posted. Downloading..."));
error_log(gettext("\tThere is a new set of Snort VRT rules posted. Downloading...\n"), 3, $snort_rules_upd_log);
$max_tries = 4;
+ $rc = true;
while ($max_tries > 0) {
$rc = download_file_with_progress_bar("{$snort_rule_url}{$snort_filename}", "{$tmpfname}/{$snort_filename}");
if ($rc == true)
break;
else {
if ($rc >= 500) {
- if ($pkg_interface <> "console")
- update_status(gettext("Server returned error code {$rc} ... retrying in 30 seconds..."));
- log_error(gettext("[Snort] Server returned error code {$rc} ... will retry in 30 seconds..."));
- error_log(gettext("\tThe server returned error code {$rc} ... will retry in 30 seconds\n"), 3, $snort_rules_upd_log);
$max_tries--;
- if ($max_tries > 0)
- sleep(30);
+ if ($max_tries > 0) {
+ if ($pkg_interface <> "console")
+ update_status(gettext("Server returned error code '{$rc}' ... retrying in 15 seconds..."));
+ log_error(gettext("[Snort] Server returned error code '{$rc}' ... will retry in 15 seconds..."));
+ error_log(gettext("\tThe server returned error code '{$rc}' ... will retry in 15 seconds\n"), 3, $snort_rules_upd_log);
+ sleep(15);
+ }
continue;
}
else {
if ($pkg_interface <> "console")
- update_status(gettext("Server returned error code {$rc} ... try again in 15 minutes..."));
- log_error(gettext("[Snort] Server returned error code {$rc} .. try again in 15 minutes..."));
- error_log(gettext("\tThe server returned error code {$rc} ... try again in 15 minutes\n"), 3, $snort_rules_upd_log);
+ update_status(gettext("Server returned error code '{$rc}' ... try again in 15 minutes..."));
+ log_error(gettext("[Snort] Server returned error code '{$rc}' .. try again in 15 minutes..."));
+ error_log(gettext("\tThe server returned error code '{$rc}' ... try again in 15 minutes\n"), 3, $snort_rules_upd_log);
+ break;
}
}
-/* if (5000 > filesize("{$tmpfname}/{$snort_filename}")){
- $max_tries--;
- if ($max_tries > 0)
- sleep(30);
- continue;
- } else
- break;
-*/
-
}
- if (filesize("{$tmpfname}/{$snort_filename}") == 0) {
- if ($pkg_interface <> "console")
- update_output_window(gettext("Snort VRT rules file download failed..."));
- log_error(gettext("[Snort] Snort VRT rules file download failed..."));
- error_log(gettext("\tSnort VRT rules file download failed. Snort VRT rules will not be updated.\n"), 3, $snort_rules_upd_log);
- $snortdownload = 'off';
- }
- else {
+ if ($rc == true) {
if ($pkg_interface <> "console")
update_status(gettext("Done downloading Snort VRT rules file."));
log_error("[Snort] Snort VRT Rules Attempts: " . (4 - $max_tries + 1));
@@ -205,6 +205,15 @@ if ($snortdownload == 'on') {
$snortdownload = 'off';
}
}
+ else {
+ if ($pkg_interface <> "console")
+ update_output_window(gettext("Snort VRT rules file download failed..."));
+ log_error(gettext("[Snort] Snort VRT rules file download failed... server returned error '{$rc}'..."));
+ error_log(gettext("\tSnort VRT rules file download failed. Server returned error '{$rc}'.\n"), 3, $snort_rules_upd_log);
+ error_log(gettext("\tSnort VRT rules will not be updated.\n"), 3, $snort_rules_upd_log);
+ $snortdownload = 'off';
+ }
+
}
/* download md5 sig from Snort GPLv2 Community Rules */
@@ -247,25 +256,36 @@ if ($snortcommunityrules == "on") {
update_status(gettext("There is a new set of Snort GPLv2 Community Rules posted. Downloading..."));
log_error(gettext("[Snort] There is a new set of Snort GPLv2 Community Rules posted. Downloading..."));
error_log(gettext("\tThere is a new set of Snort GPLv2 Community Rules posted. Downloading...\n"), 3, $snort_rules_upd_log);
- download_file_with_progress_bar("{$snort_community_rules_url}{$snort_community_rules_filename}", "{$tmpfname}/{$snort_community_rules_filename}");
+ $rc = download_file_with_progress_bar("{$snort_community_rules_url}{$snort_community_rules_filename}", "{$tmpfname}/{$snort_community_rules_filename}");
/* Test for a valid rules file download. Turn off Snort Community update if download failed. */
- if (trim(file_get_contents("{$tmpfname}/{$snort_community_rules_filename_md5}")) != trim(md5_file("{$tmpfname}/{$snort_community_rules_filename}"))){
- if ($pkg_interface <> "console")
- update_output_window(gettext("Snort GPLv2 Community Rules file MD5 checksum failed..."));
- log_error(gettext("[Snort] Snort GPLv2 Community Rules file download failed. Bad MD5 checksum..."));
- log_error(gettext("[Snort] Failed File MD5: " . md5_file("{$tmpfname}/{$snort_community_rules_filename}")));
- log_error(gettext("[Snort] Expected File MD5: " . file_get_contents("{$tmpfname}/{$snort_community_rules_filename_md5}")));
- error_log(gettext("\tSnort GPLv2 Community Rules file download failed. Community Rules will not be updated.\n"), 3, $snort_rules_upd_log);
- error_log(gettext("\tDownloaded Snort GPLv2 file MD5: " . md5_file("{$tmpfname}/{$snort_community_rules_filename}") . "\n"), 3, $snort_rules_upd_log);
- error_log(gettext("\tExpected Snort GPLv2 file MD5: " . file_get_contents("{$tmpfname}/{$snort_community_rules_filename_md5}") . "\n"), 3, $snort_rules_upd_log);
- $snortcommunityrules = 'off';
+ if ($rc == true) {
+ if (trim(file_get_contents("{$tmpfname}/{$snort_community_rules_filename_md5}")) != trim(md5_file("{$tmpfname}/{$snort_community_rules_filename}"))){
+ if ($pkg_interface <> "console")
+ update_output_window(gettext("Snort GPLv2 Community Rules file MD5 checksum failed..."));
+ log_error(gettext("[Snort] Snort GPLv2 Community Rules file download failed. Bad MD5 checksum..."));
+ log_error(gettext("[Snort] Failed File MD5: " . md5_file("{$tmpfname}/{$snort_community_rules_filename}")));
+ log_error(gettext("[Snort] Expected File MD5: " . file_get_contents("{$tmpfname}/{$snort_community_rules_filename_md5}")));
+ error_log(gettext("\tSnort GPLv2 Community Rules file download failed. Community Rules will not be updated.\n"), 3, $snort_rules_upd_log);
+ error_log(gettext("\tDownloaded Snort GPLv2 file MD5: " . md5_file("{$tmpfname}/{$snort_community_rules_filename}") . "\n"), 3, $snort_rules_upd_log);
+ error_log(gettext("\tExpected Snort GPLv2 file MD5: " . file_get_contents("{$tmpfname}/{$snort_community_rules_filename_md5}") . "\n"), 3, $snort_rules_upd_log);
+ $snortcommunityrules = 'off';
+ }
+ else {
+ if ($pkg_interface <> "console")
+ update_status(gettext('Done downloading Snort GPLv2 Community Rules file.'));
+ log_error("[Snort] Snort GPLv2 Community Rules file update downloaded successfully");
+ error_log(gettext("\tDone downloading Snort GPLv2 Community Rules file.\n"), 3, $snort_rules_upd_log);
+ }
}
else {
- if ($pkg_interface <> "console")
- update_status(gettext('Done downloading Snort GPLv2 Community Rules file.'));
- log_error("[Snort] Snort GPLv2 Community Rules file update downloaded successfully");
- error_log(gettext("\tDone downloading Snort GPLv2 Community Rules file.\n"), 3, $snort_rules_upd_log);
+ if ($pkg_interface <> "console") {
+ update_status(gettext("The server returned error code '{$rc}' ... skipping GPLv2 Community Rules..."));
+ update_output_window(gettext("Snort GPLv2 Community Rules file download failed..."));
+ }
+ log_error(gettext("[Snort] Snort GPLv2 Community Rules file download failed. Server returned error '{$rc}'..."));
+ error_log(gettext("\tSnort GPLv2 Community Rules download failed. Server returned error '{$rc}'...\n"), 3, $snort_rules_upd_log);
+ $snortcommunityrules = 'off';
}
}
@@ -351,28 +371,38 @@ if ($emergingthreats == "on") {
/* If using Sourcefire VRT rules with ET, then we should use the open-nogpl ET rules. */
if ($vrt_enabled == "on")
- download_file_with_progress_bar("http://rules.emergingthreats.net/open-nogpl/snort-{$emerging_threats_version}/emerging.rules.tar.gz", "{$tmpfname}/{$emergingthreats_filename}");
+ $rc = download_file_with_progress_bar("http://rules.emergingthreats.net/open-nogpl/snort-{$emerging_threats_version}/emerging.rules.tar.gz", "{$tmpfname}/{$emergingthreats_filename}");
else
- download_file_with_progress_bar("http://rules.emergingthreats.net/open/snort-{$emerging_threats_version}/emerging.rules.tar.gz", "{$tmpfname}/{$emergingthreats_filename}");
+ $rc = download_file_with_progress_bar("http://rules.emergingthreats.net/open/snort-{$emerging_threats_version}/emerging.rules.tar.gz", "{$tmpfname}/{$emergingthreats_filename}");
/* Test for a valid rules file download. Turn off ET update if download failed. */
-
- if (trim(file_get_contents("{$tmpfname}/{$emergingthreats_filename_md5}")) != trim(md5_file("{$tmpfname}/{$emergingthreats_filename}"))){
- if ($pkg_interface <> "console")
- update_output_window(gettext("EmergingThreats rules file MD5 checksum failed..."));
- log_error(gettext("[Snort] EmergingThreats rules file download failed. Bad MD5 checksum..."));
- log_error(gettext("[Snort] Failed File MD5: " . md5_file("{$tmpfname}/{$emergingthreats_filename}")));
- log_error(gettext("[Snort] Expected File MD5: " . file_get_contents("{$tmpfname}/{$emergingthreats_filename_md5}")));
- error_log(gettext("\tEmergingThreats rules file download failed. EmergingThreats rules will not be updated.\n"), 3, $snort_rules_upd_log);
- error_log(gettext("\tDownloaded ET file MD5: " . md5_file("{$tmpfname}/{$emergingthreats_filename}") . "\n"), 3, $snort_rules_upd_log);
- error_log(gettext("\tExpected ET file MD5: " . file_get_contents("{$tmpfname}/{$emergingthreats_filename_md5}") . "\n"), 3, $snort_rules_upd_log);
- $emergingthreats = 'off';
+ if ($rc == true) {
+ if (trim(file_get_contents("{$tmpfname}/{$emergingthreats_filename_md5}")) != trim(md5_file("{$tmpfname}/{$emergingthreats_filename}"))){
+ if ($pkg_interface <> "console")
+ update_output_window(gettext("EmergingThreats rules file MD5 checksum failed..."));
+ log_error(gettext("[Snort] EmergingThreats rules file download failed. Bad MD5 checksum..."));
+ log_error(gettext("[Snort] Failed File MD5: " . md5_file("{$tmpfname}/{$emergingthreats_filename}")));
+ log_error(gettext("[Snort] Expected File MD5: " . file_get_contents("{$tmpfname}/{$emergingthreats_filename_md5}")));
+ error_log(gettext("\tEmergingThreats rules file download failed. EmergingThreats rules will not be updated.\n"), 3, $snort_rules_upd_log);
+ error_log(gettext("\tDownloaded ET file MD5: " . md5_file("{$tmpfname}/{$emergingthreats_filename}") . "\n"), 3, $snort_rules_upd_log);
+ error_log(gettext("\tExpected ET file MD5: " . file_get_contents("{$tmpfname}/{$emergingthreats_filename_md5}") . "\n"), 3, $snort_rules_upd_log);
+ $emergingthreats = 'off';
+ }
+ else {
+ if ($pkg_interface <> "console")
+ update_status(gettext('Done downloading EmergingThreats rules file.'));
+ log_error("[Snort] EmergingThreats rules file update downloaded successfully");
+ error_log(gettext("\tDone downloading EmergingThreats rules file.\n"), 3, $snort_rules_upd_log);
+ }
}
else {
- if ($pkg_interface <> "console")
- update_status(gettext('Done downloading EmergingThreats rules file.'));
- log_error("[Snort] EmergingThreats rules file update downloaded successfully");
- error_log(gettext("\tDone downloading EmergingThreats rules file.\n"), 3, $snort_rules_upd_log);
+ if ($pkg_interface <> "console") {
+ update_status(gettext("The server returned error code '{$rc}' ... skipping EmergingThreats update..."));
+ update_output_window(gettext("EmergingThreats rules file download failed..."));
+ }
+ log_error(gettext("[Snort] EmergingThreats rules file download failed. Server returned error '{$rc}'..."));
+ error_log(gettext("\tEmergingThreats rules file download failed. Server returned error '{$rc}'...\n"), 3, $snort_rules_upd_log);
+ $emergingthreats = 'off';
}
}
@@ -644,5 +674,5 @@ if ($pkg_interface <> "console")
log_error(gettext("[Snort] The Rules update has finished."));
error_log(gettext("The Rules update has finished. Time: " . date("Y-m-d H:i:s"). "\n\n"), 3, $snort_rules_upd_log);
conf_mount_ro();
-$pkg_interface = $orig_pkg_interface;
+
?>