diff options
Diffstat (limited to 'config/snort')
| -rwxr-xr-x | config/snort/snort.inc | 18 | ||||
| -rw-r--r-- | config/snort/snort_alerts.php | 2 | ||||
| -rw-r--r-- | config/snort/snort_check_for_rule_updates.php | 11 | ||||
| -rw-r--r-- | config/snort/snort_download_rules.php | 16 | ||||
| -rw-r--r-- | config/snort/snort_rules.php | 8 | ||||
| -rw-r--r-- | config/snort/snort_rulesets.php | 5 |
6 files changed, 46 insertions, 14 deletions
diff --git a/config/snort/snort.inc b/config/snort/snort.inc index 575192b9..3eabcc0e 100755 --- a/config/snort/snort.inc +++ b/config/snort/snort.inc @@ -56,6 +56,7 @@ function sync_package_snort_reinstall() function sync_package_snort() { global $config, $g; + conf_mount_rw(); mwexec("mkdir -p /var/log/snort/"); @@ -73,7 +74,6 @@ function sync_package_snort() else $snort_performance = "ac-bnfa"; - conf_mount_rw(); /* create a few directories and ensure the sample files are in place */ exec("/bin/mkdir -p /usr/local/etc/snort"); exec("/bin/mkdir -p /var/log/snort"); @@ -195,6 +195,7 @@ if ($config['installedpackages']['snort']['config'][0]['autorulesupdate7'] != "" function create_barnyard2_conf() { global $bconfig, $bg; /* write out barnyard2_conf */ + conf_mount_rw(); $barnyard2_conf_text = generate_barnyard2_conf(); $bconf = fopen("/usr/local/etc/barnyard2.conf", "w"); if(!$bconf) { @@ -203,6 +204,7 @@ function create_barnyard2_conf() { } fwrite($bconf, $barnyard2_conf_text); fclose($bconf); + conf_mount_ro(); } /* open barnyard2.conf for writing" */ function generate_barnyard2_conf() { @@ -265,7 +267,7 @@ input unified2 $snortbarnyardlog_database_info_chk EOD; - + conf_mount_rw(); return $barnyard2_conf_text; } @@ -679,7 +681,7 @@ else if ($snort_rm_blocked_info_ck != "") { function snort_rm_blocked_install_cron($should_install) { global $config, $g; - + conf_mount_rw(); if ($g['booting']==true) return; @@ -774,6 +776,7 @@ function snort_rm_blocked_install_cron($should_install) { $cron_item['command'] = "/usr/bin/nice -n20 /usr/local/sbin/expiretable -t $snort_rm_blocked_expire snort2c"; $config['cron']['item'][] = $cron_item; write_config("Installed 15 minute filter reload for Time Based Rules"); + conf_mount_rw(); configure_cron(); } break; @@ -782,6 +785,7 @@ function snort_rm_blocked_install_cron($should_install) { if($x > 0) { unset($config['cron']['item'][$x]); write_config(); + conf_mount_rw(); } configure_cron(); } @@ -802,7 +806,7 @@ function snort_rm_blocked_install_cron($should_install) { if ($snort_rules_up_info_ck != "") { function snort_rules_up_install_cron($should_install) { global $config, $g; - + conf_mount_rw(); if ($g['booting']==true) return; @@ -875,6 +879,7 @@ function snort_rules_up_install_cron($should_install) { $cron_item['command'] = "/usr/bin/nice -n20 /usr/local/bin/php -f /usr/local/pkg/snort_check_for_rule_updates.php >> /usr/local/etc/snort_bkup/snort_update.log"; $config['cron']['item'][] = $cron_item; write_config("Installed 15 minute filter reload for Time Based Rules"); + conf_mount_rw(); configure_cron(); } break; @@ -883,6 +888,7 @@ function snort_rules_up_install_cron($should_install) { if($x > 0) { unset($config['cron']['item'][$x]); write_config(); + conf_mount_rw(); } configure_cron(); } @@ -1400,7 +1406,7 @@ include /usr/local/etc/snort/threshold.conf {$selected_rules_sections} EOD; - + conf_mount_ro(); return $snort_conf_text; } @@ -1467,6 +1473,7 @@ function verify_downloaded_file($filename) { /* extract rules */ function extract_snort_rules_md5($tmpfname) { global $snort_filename, $snort_filename_md5, $console_mode; + conf_mount_rw(); ob_flush(); if(!$console_mode) { $static_output = gettext("Extracting snort rules..."); @@ -1489,6 +1496,7 @@ function extract_snort_rules_md5($tmpfname) { log_error("Snort rules extracted."); echo "Snort rules extracted."; } + conf_mount_ro(); } /* verify MD5 against downloaded item */ diff --git a/config/snort/snort_alerts.php b/config/snort/snort_alerts.php index f463c0b9..e67b9b5f 100644 --- a/config/snort/snort_alerts.php +++ b/config/snort/snort_alerts.php @@ -42,7 +42,9 @@ if (!$nentries) if ($_POST['clear']) { exec("killall syslogd"); + conf_mount_rw(); exec("rm {$snort_logfile}; touch {$snort_logfile}"); + conf_mount_ro(); system_syslogd_start(); exec("/usr/bin/killall -HUP snort"); exec("/usr/bin/killall snort2c"); diff --git a/config/snort/snort_check_for_rule_updates.php b/config/snort/snort_check_for_rule_updates.php index 95adbaa6..17f56081 100644 --- a/config/snort/snort_check_for_rule_updates.php +++ b/config/snort/snort_check_for_rule_updates.php @@ -73,7 +73,8 @@ if(!$oinkid) { /* premium_subscriber check */ //unset($config['installedpackages']['snort']['config'][0]['subscriber']); -//write_config(); +//write_config(); // Will cause switch back to read-only on nanobsd +//conf_mount_rw(); // Uncomment this if the previous line is uncommented $premium_subscriber_chk = $config['installedpackages']['snort']['config'][0]['subscriber']; if ($premium_subscriber_chk === on) { @@ -92,6 +93,7 @@ if ($premium_url_chk === on) { /* send current buffer */ ob_flush(); +conf_mount_rw(); /* remove old $tmpfname files */ if (file_exists("{$tmpfname}")) { exec("/bin/rm -r {$tmpfname}"); @@ -177,7 +179,8 @@ $md5_check_old_parse = file_get_contents("{$snortdir}/{$snort_filename_md5}"); $md5_check_old = `/bin/echo "{$md5_check_old_parse}" | /usr/bin/awk '{ print $1 }'`; /* Write out time of last sucsessful md5 to cache */ $config['installedpackages']['snort']['last_md5_download'] = date("Y-M-jS-h:i-A"); -write_config(); +write_config(); // Will cause switch back to read-only on nanobsd +conf_mount_rw(); if ($md5_check_new == $md5_check_old) { echo "Your rules are up to date...\n"; echo "You may start Snort now, check update.\n"; @@ -195,7 +198,8 @@ $emerg_md5_check_old_parse = file_get_contents("{$snortdir}/version.txt"); $emerg_md5_check_old = `/bin/echo "{$emerg_md5_check_old_parse}" | /usr/bin/awk '{ print $1 }'`; /* Write out time of last sucsessful md5 to cache */ $config['installedpackages']['snort']['last_md5_download'] = date("Y-M-jS-h:i-A"); -write_config(); +write_config(); // Will cause switch back to read-only on nanobsd +conf_mount_rw(); if ($emerg_md5_check_new == $emerg_md5_check_old) { echo "Your emergingthreats rules are up to date...\n"; echo "You may start Snort now, check update.\n"; @@ -625,5 +629,6 @@ if (file_exists("/tmp/snort_download_halt.pid")) { echo "The Rules update finished...\n"; echo "You may start snort now...\n"; } +conf_mount_ro(); ?> diff --git a/config/snort/snort_download_rules.php b/config/snort/snort_download_rules.php index 133f2d2a..6cb2f808 100644 --- a/config/snort/snort_download_rules.php +++ b/config/snort/snort_download_rules.php @@ -140,7 +140,9 @@ if(!$oinkid) { /* premium_subscriber check */ //unset($config['installedpackages']['snort']['config'][0]['subscriber']); -//write_config(); +//write_config(); // Will cause switch back to read-only on nanobsd +//conf_mount_rw(); // Uncomment this if the previous line is uncommented + $premium_subscriber_chk = $config['installedpackages']['snort']['config'][0]['subscriber']; if ($premium_subscriber_chk === on) { @@ -187,6 +189,8 @@ if (file_exists($tmpfname)) { /* unhide progress bar and lets end this party */ unhide_progress_bar_status(); +conf_mount_rw(); + /* download md5 sig from snort.org */ if (file_exists("{$tmpfname}/{$snort_filename_md5}")) { update_status(gettext("md5 temp file exists...")); @@ -266,7 +270,8 @@ $md5_check_old_parse = file_get_contents("{$snortdir}/{$snort_filename_md5}"); $md5_check_old = `/bin/echo "{$md5_check_old_parse}" | /usr/bin/awk '{ print $1 }'`; /* Write out time of last sucsessful md5 to cache */ $config['installedpackages']['snort']['last_md5_download'] = date("Y-M-jS-h:i-A"); -write_config(); +write_config(); // Will cause switch back to read-only on nanobsd +conf_mount_rw(); if ($md5_check_new == $md5_check_old) { update_status(gettext("Your rules are up to date...")); update_output_window(gettext("You may start Snort now, check update.")); @@ -290,7 +295,8 @@ $emerg_md5_check_old_parse = file_get_contents("{$snortdir}/version.txt"); $emerg_md5_check_old = `/bin/echo "{$emerg_md5_check_old_parse}" | /usr/bin/awk '{ print $1 }'`; /* Write out time of last sucsessful md5 to cache */ $config['installedpackages']['snort']['last_md5_download'] = date("Y-M-jS-h:i-A"); -write_config(); +write_config(); // Will cause switch back to read-only on nanobsd +conf_mount_rw(); if ($emerg_md5_check_new == $emerg_md5_check_old) { update_status(gettext("Your emergingthreats rules are up to date...")); update_output_window(gettext("You may start Snort now, check update.")); @@ -747,7 +753,7 @@ if (file_exists("/tmp/snort_download_halt.pid")) { /* hide progress bar and lets end this party */ hide_progress_bar_status(); - +conf_mount_ro(); ?> <?php @@ -772,7 +778,9 @@ function read_body_firmware($ch, $string) { flush(); $counter = 0; } + conf_mount_rw(); fwrite($fout, $string); + conf_mount_ro(); return $length; } diff --git a/config/snort/snort_rules.php b/config/snort/snort_rules.php index 233841b1..94c99f0e 100644 --- a/config/snort/snort_rules.php +++ b/config/snort/snort_rules.php @@ -29,8 +29,11 @@ require("guiconfig.inc"); require("config.inc"); -if(!is_dir("/usr/local/etc/snort/rules")) +if(!is_dir("/usr/local/etc/snort/rules")) { + conf_mount_rw(); exec('mkdir /usr/local/etc/snort/rules/'); + conf_mount_ro(); +} /* Check if the rules dir is empy if so warn the user */ /* TODO give the user the option to delete the installed rules rules */ @@ -102,6 +105,8 @@ function get_middle($source, $beginning, $ending, $init_pos) { function write_rule_file($content_changed, $received_file) { + conf_mount_rw(); + //read snort file with writing enabled $filehandle = fopen($received_file, "w"); @@ -117,6 +122,7 @@ function write_rule_file($content_changed, $received_file) //close file handle fclose($filehandle); + conf_mount_rw(); } function load_rule_file($incoming_file) diff --git a/config/snort/snort_rulesets.php b/config/snort/snort_rulesets.php index 8e5179d6..d839ae7a 100644 --- a/config/snort/snort_rulesets.php +++ b/config/snort/snort_rulesets.php @@ -31,8 +31,11 @@ require("guiconfig.inc"); require_once("service-utils.inc"); require("/usr/local/pkg/snort.inc"); -if(!is_dir("/usr/local/etc/snort/rules")) +if(!is_dir("/usr/local/etc/snort/rules")) { + conf_mount_rw(); exec('mkdir /usr/local/etc/snort/rules/'); + conf_mount_ro(); +} /* Check if the rules dir is empy if so warn the user */ /* TODO give the user the option to delete the installed rules rules */ |