diff options
Diffstat (limited to 'config/snort')
-rwxr-xr-x | config/snort/snort.inc | 18 | ||||
-rwxr-xr-x | config/snort/snort_check_for_rule_updates.php | 154 | ||||
-rwxr-xr-x | config/snort/snort_sync.xml | 2 |
3 files changed, 111 insertions, 63 deletions
diff --git a/config/snort/snort.inc b/config/snort/snort.inc index 46c66128..fe390a41 100755 --- a/config/snort/snort.inc +++ b/config/snort/snort.inc @@ -857,7 +857,7 @@ function sync_snort_package_config() { /* do not start config build if rules is empty or there are no Snort settings */ if (!is_array($config['installedpackages']['snortglobal']) || !is_array($config['installedpackages']['snortglobal']['rule'])) { - exec('/bin/rm /usr/local/etc/rc.d/snort.sh'); + exec("/bin/rm /usr/local/etc/rc.d/snort.sh"); conf_mount_ro(); return; } @@ -3053,7 +3053,7 @@ function snort_sync_on_changes() { global $config, $g, $is_postinstall; /* Do not attempt a package sync while booting up or installing package */ - if ($g['booting'] || $is_postinstall == true) + if ($g['booting'] || $is_postinstall) return; if (is_array($config['installedpackages']['snortsync']['config'])){ @@ -3118,7 +3118,7 @@ function snort_do_xmlrpc_sync($syncdownloadrules, $sync_to_ip, $username, $passw global $config, $g, $is_postinstall; /* Do not attempt a package sync while booting up or installing package */ - if ($g['booting'] || $is_postinstall == true) + if ($g['booting'] || $is_postinstall) return; if(!$username || !$password || !$sync_to_ip) { @@ -3161,8 +3161,7 @@ function snort_do_xmlrpc_sync($syncdownloadrules, $sync_to_ip, $username, $passw $msg = new XML_RPC_Message($method, $params); $cli = new XML_RPC_Client('/xmlrpc.php', $url, $port); $cli->setCredentials($username, $password); - if($g['debug']) - $cli->setDebug(1); + /* send our XMLRPC message and timeout after defined sync timeout value*/ $resp = $cli->send($msg, $synctimeout); if(!$resp) { @@ -3170,8 +3169,6 @@ function snort_do_xmlrpc_sync($syncdownloadrules, $sync_to_ip, $username, $passw log_error($error); file_notice("sync_settings", $error, "snort Settings Sync", ""); } elseif($resp->faultCode()) { - $cli->setDebug(1); - $resp = $cli->send($msg, $synctimeout); $error = "An error code was received while attempting snort XMLRPC sync with {$url}:{$port} - Code " . $resp->faultCode() . ": " . $resp->faultString(); log_error($error); file_notice("sync_settings", $error, "snort Settings Sync", ""); @@ -3181,14 +3178,16 @@ function snort_do_xmlrpc_sync($syncdownloadrules, $sync_to_ip, $username, $passw $downloadrulescmd = ""; if ($syncdownloadrules == "yes") { - $downloadrulescmd = "log_error(gettext(\"[snort] XMLRPC pkg sync: Requested update of downloaded rules files...\"));\n"; + $downloadrulescmd = "log_error(gettext(\"[snort] XMLRPC pkg sync: Update of downloaded rule sets requested...\"));\n"; $downloadrulescmd .= "include_once(\"/usr/local/pkg/snort/snort_check_for_rule_updates.php\");\n"; } $snortstart = ""; if ($syncstartsnort == "ON") { - $snortstart = "log_error(gettext(\"[snort] XMLRPC pkg sync: Requested restart of Snort...\"));\n"; + $snortstart = "log_error(gettext(\"[snort] XMLRPC pkg sync: Checking Snort status...\"));\n"; $snortstart .= "if (!is_process_running(\"snort\")) {\n"; + $snortstart .= "log_error(gettext(\"[snort] XMLRPC pkg sync: Snort not running. Sending a start command...\"));\n"; $snortstart .= "exec(\"/usr/local/etc/rc.d/snort.sh start 2>&1 &\");\n}\n"; + $snortstart .= "else {log_error(gettext(\"[snort] XMLRPC pkg sync: Snort is running...\"));\n}\n"; } /* Build a series of commands for the secondary host to execute that will load the new settings. */ @@ -3224,7 +3223,6 @@ EOD; $msg = new XML_RPC_Message($method, $params); $cli = new XML_RPC_Client('/xmlrpc.php', $url, $port); $cli->setCredentials($username, $password); - $cli->setDebug("1"); $resp = $cli->send($msg, $synctimeout); if(!$resp) { $error = "A communications error occurred while attempting snort XMLRPC sync with {$url}:{$port} (pfsense.exec_php)."; diff --git a/config/snort/snort_check_for_rule_updates.php b/config/snort/snort_check_for_rule_updates.php index f5810aff..da6f408c 100755 --- a/config/snort/snort_check_for_rule_updates.php +++ b/config/snort/snort_check_for_rule_updates.php @@ -32,7 +32,6 @@ require_once("functions.inc"); require_once("service-utils.inc"); require_once "/usr/local/pkg/snort/snort.inc"; -require_once("service-utils.inc"); global $snort_gui_include, $vrt_enabled, $et_enabled, $rebuild_rules, $snort_rules_upd_log; global $protect_preproc_rules, $is_postinstall, $snort_community_rules_filename; @@ -69,6 +68,54 @@ $emergingthreats_filename_md5 = "{$emergingthreats_filename}.md5"; /* Snort GPLv2 Community Rules MD5 file */ $snort_community_rules_filename_md5 = "{$snort_community_rules_filename}.md5"; +/* Custom function for rules file download via URL */ +function snort_download_file_url($url, $file_out) { + + /************************************************/ + /* This function downloads the file specified */ + /* by $url using the CURL library functions and */ + /* saves the content to the file specified by */ + /* $file. */ + /* */ + /************************************************/ + + global $g, $config, $pkg_interface; + + /* If not in console mode, use the built-in progress-bar function */ + if ($pkg_interface <> "console") + return download_file_with_progress_bar($url, $file_out); + + /* Otherwise, use our custom function with no output */ + /* (Note: required to suppress errors from XMLRPC) */ + $fp = fopen($file_out, "wb"); + if ($fp) { + $ch = curl_init($url); + if (!$ch) + return false; + curl_setopt($ch, CURLOPT_FILE, $fp); + curl_setopt($ch, CURLOPT_HEADER, 0); + curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true); + /* Don't verify SSL peers since we don't have the certificates to do so. */ + curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false); + curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, 60); + curl_setopt($ch, CURLOPT_TIMEOUT, 0); + $rc = curl_exec($ch); + if ($rc === false) { + curl_close($ch); + fclose($fp); + return $rc; + } + $http_code = curl_getinfo($ch, CURLINFO_HTTP_CODE); + curl_close($ch); + fclose($fp); + return ($http_code == 200) ? true : $http_code; + } + else + return false; + +} + + /* Start of code */ conf_mount_rw(); @@ -101,7 +148,7 @@ if ($snortdownload == 'on') { $max_tries = 4; $rc = true; while ($max_tries > 0) { - $rc = download_file_with_progress_bar("{$snort_rule_url}{$snort_filename_md5}", "{$tmpfname}/{$snort_filename_md5}"); + $rc = snort_download_file_url("{$snort_rule_url}{$snort_filename_md5}", "{$tmpfname}/{$snort_filename_md5}"); if ($rc == true) break; else { @@ -164,7 +211,7 @@ if ($snortdownload == 'on') { $max_tries = 4; $rc = true; while ($max_tries > 0) { - $rc = download_file_with_progress_bar("{$snort_rule_url}{$snort_filename}", "{$tmpfname}/{$snort_filename}"); + $rc = snort_download_file_url("{$snort_rule_url}{$snort_filename}", "{$tmpfname}/{$snort_filename}"); if ($rc == true) break; else { @@ -221,33 +268,35 @@ if ($snortcommunityrules == 'on') { if ($pkg_interface <> "console") update_status(gettext("Downloading Snort GPLv2 Community Rules md5 file...")); error_log(gettext("\tDownloading Snort GPLv2 Community Rules md5 file...\n"), 3, $snort_rules_upd_log); - $image = file_get_contents("{$snort_community_rules_url}{$snort_community_rules_filename_md5}"); - if ($pkg_interface <> "console") - update_status(gettext("Done downloading Snort GPLv2 Community Rules md5")); - error_log(gettext("\tChecking Snort GPLv2 Community Rules md5.\n"), 3, $snort_rules_upd_log); - @file_put_contents("{$tmpfname}/{$snort_community_rules_filename_md5}", $image); - /* See if the file download was successful, and turn off Snort GPLv2 update if it failed. */ - if (0 == filesize("{$tmpfname}/{$snort_community_rules_filename_md5}")){ + $rc = snort_download_file_url("{$snort_community_rules_url}{$snort_community_rules_filename_md5}", "{$tmpfname}/{$snort_community_rules_filename_md5}"); + + if ($rc == true) { + if ($pkg_interface <> "console") + update_status(gettext("Done downloading Snort GPLv2 Community Rules md5")); + error_log(gettext("\tChecking Snort GPLv2 Community Rules md5.\n"), 3, $snort_rules_upd_log); + if (file_exists("{$snortdir}/{$snort_community_rules_filename_md5}") && $snortcommunityrules == "on") { + /* Check if were up to date Snort GPLv2 Community Rules */ + $snort_comm_md5_check_new = file_get_contents("{$tmpfname}/{$snort_community_rules_filename_md5}"); + $snort_comm_md5_check_old = file_get_contents("{$snortdir}/{$snort_community_rules_filename_md5}"); + if ($snort_comm_md5_check_new == $snort_comm_md5_check_old) { + if ($pkg_interface <> "console") + update_status(gettext("Snort GPLv2 Community Rules are up to date...")); + log_error(gettext("[Snort] Snort GPLv2 Community Rules are up to date...")); + error_log(gettext("\tSnort GPLv2 Community Rules are up to date.\n"), 3, $snort_rules_upd_log); + $snortcommunityrules = 'off'; + } + } + } + else { if ($pkg_interface <> "console") update_output_window(gettext("Snort GPLv2 Community Rules md5 file download failed. Community Rules will not be updated.")); - log_error(gettext("[Snort] Snort GPLv2 Community Rules md5 file download failed. Community Rules will not be updated.")); - error_log(gettext("\tSnort GPLv2 Community Rules md5 file download failed. Community Rules will not be updated.\n"), 3, $snort_rules_upd_log); + log_error(gettext("[Snort] Snort GPLv2 Community Rules md5 file download failed. Server returned error code '{$rc}'.")); + error_log(gettext("\tSnort GPLv2 Community Rules md5 file download failed. Server returned error code '{$rc}'.\n"), 3, $snort_rules_upd_log); + error_log(gettext("\tSnort GPLv2 Community Rules will not be updated.\n"), 3, $snort_rules_upd_log); $snortcommunityrules = 'off'; } - if (file_exists("{$snortdir}/{$snort_community_rules_filename_md5}") && $snortcommunityrules == "on") { - /* Check if were up to date Snort GPLv2 Community Rules */ - $snort_comm_md5_check_new = file_get_contents("{$tmpfname}/{$snort_community_rules_filename_md5}"); - $snort_comm_md5_check_old = file_get_contents("{$snortdir}/{$snort_community_rules_filename_md5}"); - if ($snort_comm_md5_check_new == $snort_comm_md5_check_old) { - if ($pkg_interface <> "console") - update_status(gettext("Snort GPLv2 Community Rules are up to date...")); - log_error(gettext("[Snort] Snort GPLv2 Community Rules are up to date...")); - error_log(gettext("\tSnort GPLv2 Community Rules are up to date.\n"), 3, $snort_rules_upd_log); - $snortcommunityrules = 'off'; - } - } } /* download Snort GPLv2 Community rules file */ @@ -256,7 +305,7 @@ if ($snortcommunityrules == "on") { update_status(gettext("There is a new set of Snort GPLv2 Community Rules posted. Downloading...")); log_error(gettext("[Snort] There is a new set of Snort GPLv2 Community Rules posted. Downloading...")); error_log(gettext("\tThere is a new set of Snort GPLv2 Community Rules posted. Downloading...\n"), 3, $snort_rules_upd_log); - $rc = download_file_with_progress_bar("{$snort_community_rules_url}{$snort_community_rules_filename}", "{$tmpfname}/{$snort_community_rules_filename}"); + $rc = snort_download_file_url("{$snort_community_rules_url}{$snort_community_rules_filename}", "{$tmpfname}/{$snort_community_rules_filename}"); /* Test for a valid rules file download. Turn off Snort Community update if download failed. */ if ($rc == true) { @@ -330,36 +379,36 @@ if ($emergingthreats == 'on') { /* If using Sourcefire VRT rules with ET, then we should use the open-nogpl ET rules. */ if ($vrt_enabled == "on") - $image = @file_get_contents("http://rules.emergingthreats.net/open-nogpl/snort-{$emerging_threats_version}/{$emergingthreats_filename_md5}"); + $rc = snort_download_file_url("http://rules.emergingthreats.net/open-nogpl/snort-{$emerging_threats_version}/{$emergingthreats_filename_md5}", "{$tmpfname}/{$emergingthreats_filename_md5}"); else - $image = @file_get_contents("http://rules.emergingthreats.net/open/snort-{$emerging_threats_version}/{$emergingthreats_filename_md5}"); - - if ($pkg_interface <> "console") - update_status(gettext("Done downloading EmergingThreats md5")); - error_log(gettext("\tChecking EmergingThreats md5.\n"), 3, $snort_rules_upd_log); - @file_put_contents("{$tmpfname}/{$emergingthreats_filename_md5}", $image); + $rc = snort_download_file_url("http://rules.emergingthreats.net/open/snort-{$emerging_threats_version}/{$emergingthreats_filename_md5}", "{$tmpfname}/{$emergingthreats_filename_md5}"); - /* See if the file download was successful, and turn off ET update if it failed. */ - if (0 == filesize("{$tmpfname}/{$emergingthreats_filename_md5}")){ + if ($rc == true) { + if ($pkg_interface <> "console") + update_status(gettext("Done downloading EmergingThreats md5")); + error_log(gettext("\tChecking EmergingThreats md5.\n"), 3, $snort_rules_upd_log); + + if (file_exists("{$snortdir}/{$emergingthreats_filename_md5}") && $emergingthreats == "on") { + /* Check if were up to date emergingthreats.net */ + $emerg_md5_check_new = file_get_contents("{$tmpfname}/{$emergingthreats_filename_md5}"); + $emerg_md5_check_old = file_get_contents("{$snortdir}/{$emergingthreats_filename_md5}"); + if ($emerg_md5_check_new == $emerg_md5_check_old) { + if ($pkg_interface <> "console") + update_status(gettext("Emerging Threats rules are up to date...")); + log_error(gettext("[Snort] Emerging Threat rules are up to date...")); + error_log(gettext("\tEmerging Threats rules are up to date.\n"), 3, $snort_rules_upd_log); + $emergingthreats = 'off'; + } + } + } + else { if ($pkg_interface <> "console") update_output_window(gettext("EmergingThreats md5 file download failed. EmergingThreats rules will not be updated.")); - log_error(gettext("[Snort] EmergingThreats md5 file download failed. EmergingThreats rules will not be updated.")); - error_log(gettext("\tEmergingThreats md5 file download failed. EmergingThreats rules will not be updated.\n"), 3, $snort_rules_upd_log); + log_error(gettext("[Snort] EmergingThreats md5 file download failed. Server returned error code '{$rc}'.")); + error_log(gettext("\tEmergingThreats md5 file download failed. Server returned error code '{$rc}'.\n"), 3, $snort_rules_upd_log); + error_log(gettext("\tEmergingThreats rules will not be updated.\n"), 3, $snort_rules_upd_log); $emergingthreats = 'off'; } - - if (file_exists("{$snortdir}/{$emergingthreats_filename_md5}") && $emergingthreats == "on") { - /* Check if were up to date emergingthreats.net */ - $emerg_md5_check_new = file_get_contents("{$tmpfname}/{$emergingthreats_filename_md5}"); - $emerg_md5_check_old = file_get_contents("{$snortdir}/{$emergingthreats_filename_md5}"); - if ($emerg_md5_check_new == $emerg_md5_check_old) { - if ($pkg_interface <> "console") - update_status(gettext("Emerging Threats rules are up to date...")); - log_error(gettext("[Snort] Emerging Threat rules are up to date...")); - error_log(gettext("\tEmerging Threats rules are up to date.\n"), 3, $snort_rules_upd_log); - $emergingthreats = 'off'; - } - } } /* download emergingthreats rules file */ @@ -371,9 +420,9 @@ if ($emergingthreats == "on") { /* If using Sourcefire VRT rules with ET, then we should use the open-nogpl ET rules. */ if ($vrt_enabled == "on") - $rc = download_file_with_progress_bar("http://rules.emergingthreats.net/open-nogpl/snort-{$emerging_threats_version}/emerging.rules.tar.gz", "{$tmpfname}/{$emergingthreats_filename}"); + $rc = snort_download_file_url("http://rules.emergingthreats.net/open-nogpl/snort-{$emerging_threats_version}/emerging.rules.tar.gz", "{$tmpfname}/{$emergingthreats_filename}"); else - $rc = download_file_with_progress_bar("http://rules.emergingthreats.net/open/snort-{$emerging_threats_version}/emerging.rules.tar.gz", "{$tmpfname}/{$emergingthreats_filename}"); + $rc = snort_download_file_url("http://rules.emergingthreats.net/open/snort-{$emerging_threats_version}/emerging.rules.tar.gz", "{$tmpfname}/{$emergingthreats_filename}"); /* Test for a valid rules file download. Turn off ET update if download failed. */ if ($rc == true) { @@ -434,7 +483,8 @@ if ($emergingthreats == 'on') { /* Copy emergingthreats md5 sig to snort dir */ if (file_exists("{$tmpfname}/{$emergingthreats_filename_md5}")) { - update_status(gettext("Copying md5 signature to snort directory...")); + if ($pkg_interface <> "console") + update_status(gettext("Copying md5 signature to snort directory...")); @copy("{$tmpfname}/{$emergingthreats_filename_md5}", "{$snortdir}/{$emergingthreats_filename_md5}"); } if ($pkg_interface <> "console") diff --git a/config/snort/snort_sync.xml b/config/snort/snort_sync.xml index 274d3fc9..24cf9cfa 100755 --- a/config/snort/snort_sync.xml +++ b/config/snort/snort_sync.xml @@ -175,6 +175,7 @@ POSSIBILITY OF SUCH DAMAGE. <fieldname>varsyncsnortstart</fieldname> <description><![CDATA[Start Snort on target host if not already running.]]></description> <type>checkbox</type> + <value>ON</value> </rowhelperfield> </rowhelper> </field> @@ -184,7 +185,6 @@ POSSIBILITY OF SUCH DAMAGE. </field> </fields> <custom_delete_php_command> - write_config();snort_sync_on_changes(); </custom_delete_php_command> <custom_php_resync_config_command> write_config();snort_sync_on_changes(); |