aboutsummaryrefslogtreecommitdiffstats
path: root/config/snort
diff options
context:
space:
mode:
Diffstat (limited to 'config/snort')
-rwxr-xr-xconfig/snort/snort.inc95
-rwxr-xr-xconfig/snort/snort_sync.xml52
2 files changed, 86 insertions, 61 deletions
diff --git a/config/snort/snort.inc b/config/snort/snort.inc
index 3759f7be..46c66128 100755
--- a/config/snort/snort.inc
+++ b/config/snort/snort.inc
@@ -849,7 +849,7 @@ function snort_rules_up_install_cron($should_install) {
/* Only run when all ifaces needed to sync. Expects filesystem rw */
function sync_snort_package_config() {
global $config, $g, $flowbit_rules_file, $snort_enforcing_rules_file;
- global $snort_version, $rebuild_rules;
+ global $snort_version, $rebuild_rules, $is_postinstall;
$snortdir = SNORTDIR;
@@ -889,7 +889,9 @@ function sync_snort_package_config() {
configure_cron();
- snort_sync_on_changes();
+ /* Do not attempt package sync if reinstalling package or booting */
+ if (!$is_postinstall && !$g['booting'])
+ snort_sync_on_changes();
conf_mount_ro();
}
@@ -2048,6 +2050,7 @@ function snort_deinstall() {
if ($config['installedpackages']['snortglobal']['forcekeepsettings'] != 'on') {
log_error(gettext("Not saving settings... all Snort configuration info and logs deleted..."));
unset($config['installedpackages']['snortglobal']);
+ unset($config['installedpackages']['snortsync']);
@unlink("{$snort_rules_upd_log}");
mwexec("/bin/rm -rf {$snortlogdir}");
log_error(gettext("[Snort] The package has been removed from this system..."));
@@ -3047,11 +3050,17 @@ EOD;
/* Uses XMLRPC to synchronize the changes to a remote node */
function snort_sync_on_changes() {
- global $config, $g;
+ global $config, $g, $is_postinstall;
+
+ /* Do not attempt a package sync while booting up or installing package */
+ if ($g['booting'] || $is_postinstall == true)
+ return;
+
if (is_array($config['installedpackages']['snortsync']['config'])){
$snort_sync=$config['installedpackages']['snortsync']['config'][0];
$synconchanges = $snort_sync['varsynconchanges'];
$synctimeout = $snort_sync['varsynctimeout'];
+ $syncdownloadrules = $snort_sync['vardownloadrules'];
switch ($synconchanges){
case "manual":
if (is_array($snort_sync[row])){
@@ -3068,6 +3077,7 @@ function snort_sync_on_changes() {
$rs[0]['varsyncipaddress']=$system_carp['synchronizetoip'];
$rs[0]['varsyncusername']=$system_carp['username'];
$rs[0]['varsyncpassword']=$system_carp['password'];
+ $rs[0]['varsyncsnortstart']="no";
if ($system_carp['synchronizetoip'] ==""){
log_error("[snort] xmlrpc sync is enabled but there are no system backup hosts configured as replication targets.");
return;
@@ -3085,6 +3095,10 @@ function snort_sync_on_changes() {
if (is_array($rs)){
log_error("[snort] Snort pkg xmlrpc sync is starting.");
foreach($rs as $sh){
+ if ($sh['varsyncsnortstart'])
+ $syncstartsnort = $sh['varsyncsnortstart'];
+ else
+ $syncstartsnort = "OFF";
$sync_to_ip = $sh['varsyncipaddress'];
$password = $sh['varsyncpassword'];
if($sh['varsyncusername'])
@@ -3092,7 +3106,7 @@ function snort_sync_on_changes() {
else
$username = 'admin';
if($password && $sync_to_ip)
- snort_do_xmlrpc_sync($sync_to_ip, $username, $password, $synctimeout);
+ snort_do_xmlrpc_sync($syncdownloadrules, $sync_to_ip, $username, $password, $synctimeout, $syncstartsnort);
}
log_error("[snort] Snort pkg xmlrpc sync completed.");
}
@@ -3100,17 +3114,22 @@ function snort_sync_on_changes() {
}
/* Do the actual XMLRPC sync */
-function snort_do_xmlrpc_sync($sync_to_ip, $username, $password, $synctimeout) {
- global $config, $g;
+function snort_do_xmlrpc_sync($syncdownloadrules, $sync_to_ip, $username, $password, $synctimeout, $syncstartsnort) {
+ global $config, $g, $is_postinstall;
+
+ /* Do not attempt a package sync while booting up or installing package */
+ if ($g['booting'] || $is_postinstall == true)
+ return;
if(!$username || !$password || !$sync_to_ip) {
log_error("[snort] A required XMLRPC sync parameter (user, host IP or password) is empty ... aborting pkg sync");
return;
}
+ /* Test key variables and set defaults if empty */
if(!$synctimeout)
$synctimeout=150;
-
+
$xmlrpc_sync_neighbor = $sync_to_ip;
if($config['system']['webgui']['protocol'] != "") {
$synchronizetoip = $config['system']['webgui']['protocol'];
@@ -3160,22 +3179,37 @@ function snort_do_xmlrpc_sync($sync_to_ip, $username, $password, $synctimeout) {
log_error("[snort] Snort pkg configuration XMLRPC sync successfully completed with {$url}:{$port}.");
}
- /* Build a series of commands for the secondary host to execute to will reload the new settings. */
+ $downloadrulescmd = "";
+ if ($syncdownloadrules == "yes") {
+ $downloadrulescmd = "log_error(gettext(\"[snort] XMLRPC pkg sync: Requested update of downloaded rules files...\"));\n";
+ $downloadrulescmd .= "include_once(\"/usr/local/pkg/snort/snort_check_for_rule_updates.php\");\n";
+ }
+ $snortstart = "";
+ if ($syncstartsnort == "ON") {
+ $snortstart = "log_error(gettext(\"[snort] XMLRPC pkg sync: Requested restart of Snort...\"));\n";
+ $snortstart .= "if (!is_process_running(\"snort\")) {\n";
+ $snortstart .= "exec(\"/usr/local/etc/rc.d/snort.sh start 2>&1 &\");\n}\n";
+ }
+
+ /* Build a series of commands for the secondary host to execute that will load the new settings. */
$execcmd = <<<EOD
- include_once("/usr/local/pkg/snort/snort.inc");
+ require_once("/usr/local/pkg/snort/snort.inc");
+ require_once("service-utils.inc");
global \$g, \$rebuild_rules, \$snort_gui_include, \$is_postinstall, \$pkg_interface;
+ \$orig_pkg_interface = \$pkg_interface;
\$is_postinstall = true;
\$snort_gui_include = false;
- log_error(gettext("[snort] XMLRPC pkg sync: Downloading and updating configured rule types..."));
- ob_start();
- include_once("/usr/local/pkg/snort/snort_check_for_rule_updates.php");
+ \$pkg_interface = "console";
+ {$downloadrulescmd}
\$is_postinstall = false;
- ob_end_clean();
log_error(gettext("[snort] XMLRPC pkg sync: Generating snort.conf file using Master Host's settings..."));
\$rebuild_rules = "on";
sync_snort_package_config();
\$rebuild_rules = "off";
+ {$snortstart}
log_error(gettext("[snort] XMLRPC pkg sync process on this host is complete..."));
+ \$pkg_interface = \$orig_pkg_interface;
+ return true;
EOD;
@@ -3199,45 +3233,10 @@ EOD;
} elseif($resp->faultCode()) {
$error = "An error code was received while attempting snort XMLRPC sync with {$url}:{$port} - Code " . $resp->faultCode() . ": " . $resp->faultString();
log_error($error);
- $value = $resp->value();
- log_error(print_r($value, true));
file_notice("sync_settings", $error, "snort Settings Sync", "");
} else {
log_error("[snort] Snort pkg XMLRPC reload configuration success with {$url}:{$port} (pfsense.exec_php).");
}
}
-function snort_sync_build_slave_conf() {
-
- /*************************************************/
- /* This function is called by the XMLRPC package */
- /* sync process on the master host and is used */
- /* to build the initial Snort configuration on */
- /* a slave (or secondary) host after the push */
- /* of the config.xml data. */
- /*************************************************/
-
- global $g, $rebuild_rules, $snort_gui_include, $is_postinstall;
-
- // First download fresh rules if necessary
- unset($snort_gui_include);
- $is_postinstall = true;
- log_error(gettext("[snort] XMLRPC pkg sync: Downloading and updating configured rule types..."));
-
- // Suppress all PHP output by swallowing it in the output buffer and then discarding it
- ob_start();
-
- // Now start the actual configuration build on the remote slave
- @include_once("/usr/local/pkg/snort/snort_check_for_rule_updates.php");
- $is_postinstall = false;
- log_error(gettext("[snort] XMLRPC pkg sync: Generating snort.conf file using Master Host's settings..."));
- $rebuild_rules = "on";
- sync_snort_package_config();
- $rebuild_rules = "off";
- log_error(gettext("[snort] XMLRPC pkg sync process on this host is complete..."));
-
- // Finally, discard any buffered PHP output and return
- ob_end_clean();
-}
-
?>
diff --git a/config/snort/snort_sync.xml b/config/snort/snort_sync.xml
index 5bfeba12..274d3fc9 100755
--- a/config/snort/snort_sync.xml
+++ b/config/snort/snort_sync.xml
@@ -47,7 +47,7 @@ POSSIBILITY OF SUCH DAMAGE.
<faq>Currently there are no FAQ items provided.</faq>
<name>snortsync</name>
<version>1.0</version>
- <title>Proxy server snort: XMLRPC Sync</title>
+ <title>Snort: XMLRPC Sync (EXPERIMENTAL)</title>
<include_file>/usr/local/pkg/snort/snort.inc</include_file>
<tabs>
<tab>
@@ -86,17 +86,17 @@ POSSIBILITY OF SUCH DAMAGE.
</tabs>
<fields>
<field>
- <name>Snort XMLRPC Sync</name>
+ <name>Snort Package XMLRPC Sync Settings</name>
<type>listtopic</type>
</field>
<field>
<fielddescr>Enable Sync</fielddescr>
<fieldname>varsynconchanges</fieldname>
- <description><![CDATA[All changes will be synced with apply config to the IPs listed below if this option is checked.<br>
+ <description><![CDATA[All changes will be synced with apply config to the IPs listed below if this option is checked.<br/><br/>
<b>Important:</b> While using "Sync to hosts defined below", only sync from host A to B, A to C but <b>do not</B> enable XMLRPC sync <b>to</b> A. This will result in a loop!]]></description>
<type>select</type>
<required/>
- <default_value>auto</default_value>
+ <default_value>disabled</default_value>
<options>
<option><name>Sync to configured system backup server</name><value>auto</value></option>
<option><name>Sync to host(s) defined below</name><value>manual</value></option>
@@ -104,26 +104,42 @@ POSSIBILITY OF SUCH DAMAGE.
</options>
</field>
<field>
- <fielddescr>XMLRPC timeout</fielddescr>
+ <fielddescr>XMLRPC Timeout</fielddescr>
<fieldname>varsynctimeout</fieldname>
<description><![CDATA[Timeout in seconds for the XMLRPC timeout. Default: 150]]></description>
<type>input</type>
- <default_value>150</default_value>
+ <default_value>150</default_value>
<size>5</size>
</field>
<field>
- <fielddescr>Destination Server</fielddescr>
+ <fielddescr>Refresh Rule Sets</fielddescr>
+ <fieldname>vardownloadrules</fieldname>
+ <description><![CDATA[Ask target hosts to refresh rule sets files on each sync operation.<br/><br/>
+ During each Snort package sync operation, ask the target host to check for
+ a new set of posted rule sets files and refresh the local copies if necessary. The default is
+ to refresh the files if newer versions have been posted.]]></description>
+ <type>select</type>
+ <default_value>yes</default_value>
+ <options>
+ <option><name>Signal target hosts to refresh rules files</name><value>yes</value></option>
+ <option><name>Do NOT ask target host to refresh rules files</name><value>no</value></option>
+ </options>
+ </field>
+
+ <field>
+ <fielddescr>Replication Targets</fielddescr>
<fieldname>none</fieldname>
<type>rowhelper</type>
<rowhelper>
<rowhelperfield>
<fielddescr>Enable</fielddescr>
<fieldname>varsyncdestinenable</fieldname>
+ <description><![CDATA[Enable this host as a replication target]]></description>
<type>checkbox</type>
</rowhelperfield>
<rowhelperfield>
- <fielddescr>GUI Protocol</fielddescr>
+ <fielddescr>Protocol</fielddescr>
<fieldname>varsyncprotocol</fieldname>
<description><![CDATA[Choose the protocol of the destination host. Probably <b>http</b> or <b>https</b>]]></description>
<type>select</type>
@@ -134,28 +150,38 @@ POSSIBILITY OF SUCH DAMAGE.
</options>
</rowhelperfield>
<rowhelperfield>
- <fielddescr>GUI IP-Address</fielddescr>
+ <fielddescr>IP-Address</fielddescr>
<fieldname>varsyncipaddress</fieldname>
<description><![CDATA[IP Address of the destination host.]]></description>
<type>input</type>
<size>15</size>
</rowhelperfield>
<rowhelperfield>
- <fielddescr>GUI Port</fielddescr>
+ <fielddescr>Port</fielddescr>
<fieldname>varsyncport</fieldname>
- <description><![CDATA[Choose the port of the destination host.]]></description>
+ <description><![CDATA[Choose the sync port of the destination host.]]></description>
<type>input</type>
<size>3</size>
</rowhelperfield>
- <rowhelperfield>
- <fielddescr>GUI Admin Password</fielddescr>
+ <rowhelperfield>
+ <fielddescr>Admin Password</fielddescr>
<fieldname>varsyncpassword</fieldname>
<description><![CDATA[Password of the user "admin" on the destination host.]]></description>
<type>password</type>
<size>20</size>
</rowhelperfield>
+ <rowhelperfield>
+ <fielddescr>Start Snort</fielddescr>
+ <fieldname>varsyncsnortstart</fieldname>
+ <description><![CDATA[Start Snort on target host if not already running.]]></description>
+ <type>checkbox</type>
+ </rowhelperfield>
</rowhelper>
</field>
+ <field>
+ <name>WARNING: This feature is considered experimental and not recommended for production use</name>
+ <type>listtopic</type>
+ </field>
</fields>
<custom_delete_php_command>
write_config();snort_sync_on_changes();