diff options
Diffstat (limited to 'config/snort')
-rw-r--r-- | config/snort/snort.inc | 53 | ||||
-rw-r--r-- | config/snort/snort_barnyard.php | 2 | ||||
-rw-r--r-- | config/snort/snort_check_for_rule_updates.php | 2 | ||||
-rw-r--r-- | config/snort/snort_define_servers.php | 2 | ||||
-rw-r--r-- | config/snort/snort_download_rules.php | 2 | ||||
-rw-r--r-- | config/snort/snort_interfaces.php | 12 | ||||
-rw-r--r-- | config/snort/snort_interfaces_edit.php | 8 | ||||
-rw-r--r-- | config/snort/snort_interfaces_global.php | 6 | ||||
-rw-r--r-- | config/snort/snort_preprocessors.php | 2 | ||||
-rw-r--r-- | config/snort/snort_rules.php | 2 | ||||
-rw-r--r-- | config/snort/snort_rules_edit.php | 2 | ||||
-rw-r--r-- | config/snort/snort_rulesets.php | 2 |
12 files changed, 51 insertions, 44 deletions
diff --git a/config/snort/snort.inc b/config/snort/snort.inc index 5a967f3d..d4af6b85 100644 --- a/config/snort/snort.inc +++ b/config/snort/snort.inc @@ -67,7 +67,7 @@ $pfsense_theme_is = $config['theme']; /* use ob_clean to clear output buffer, this code needs to be watched */ ob_clean(); - $snort_up_prell = exec("/usr/bin/top -a -U snort -u | grep -v grep | grep \"R {$snort_uuid}_{$if_real}\" | awk '{print \$1;}'", $retval); + $snort_up_prell = exec("/usr/bin/top -a -U snort -u | grep -v grep | grep \"R {$snort_uuid}{$if_real}\" | awk '{print \$1;}'", $retval); if ($snort_up_prell != "") { $snort_uph = 'yes'; @@ -113,7 +113,7 @@ $pfsense_theme_is = $config['theme']; function Running_Stop($snort_uuid, $if_real, $id) { global $config; - $start_up_pre = exec("/usr/bin/top -a -U snort -u | grep -v grep | grep \"R {$snort_uuid}_{$if_real}\" | awk '{print \$1;}'"); + $start_up_pre = exec("/usr/bin/top -a -U snort -u | grep -v grep | grep \"R {$snort_uuid}{$if_real}\" | awk '{print \$1;}'"); $start_up_s = exec("/usr/bin/top -U snort -u | grep snort | grep {$start_up_pre} | awk '{ print $1; }'"); $start_up_r = exec("/usr/bin/top -U root -u | grep snort | grep {$start_up_pre} | awk '{ print $1; }'"); @@ -158,7 +158,7 @@ $pfsense_theme_is = $config['theme']; $snort_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['enable']; if ($snort_info_chk == 'on') { - exec("/usr/local/bin/snort -u snort -g snort -R \"{$snort_uuid}_{$if_real}\" -D -q -l /var/log/snort -G {$snort_uuid} -c /usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/snort.conf -i {$if_real}"); + exec("/usr/local/bin/snort -u snort -g snort -R \"{$snort_uuid}{$if_real}\" -D -q -l /var/log/snort -G {$snort_uuid} -c /usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/snort.conf -i {$if_real}"); } /* define snortbarnyardlog_chk */ /* top will have trouble if the uuid is to far back */ @@ -177,7 +177,7 @@ function convert_friendly_interface_to_real_interface_name2($interface) { global $config; - $lc_interface = strtolower($interface); + $lc_interface = strtolower($interface); if($lc_interface == "lan") return $config['interfaces']['lan']['if']; if($lc_interface == "wan") return $config['interfaces']['wan']['if']; $ifdescrs = array(); @@ -194,7 +194,7 @@ function convert_friendly_interface_to_real_interface_name2($interface) return $interface; } -$if_real_wan = convert_friendly_interface_to_real_interface_name2($interface_fake); +//$if_real_wan = convert_friendly_interface_to_real_interface_name2($interface_fake); /* Allow additional execution time 0 = no limit. */ ini_set('max_execution_time', '9999'); @@ -323,6 +323,16 @@ function snort_postinstall() /* back to default */ chdir ("/root/"); + /* make sure snort-pld is deinstalled */ + /* remove when snort-old is removed */ + unset($config['installedpackages']['snort']); + unset($config['installedpackages']['snortdefservers']); + unset($config['installedpackages']['snortwhitelist']); + unset($config['installedpackages']['snortthreshold']); + unset($config['installedpackages']['snortadvanced']); + write_config(); + conf_mount_rw(); + conf_mount_ro(); } @@ -595,7 +605,7 @@ class array_ereg { $id += 1; $result_lan = $config['installedpackages']['snortglobal']['rule'][$id]['interface']; - $if_real = convert_friendly_interface_to_real_interface_name($result_lan); + $if_real = convert_friendly_interface_to_real_interface_name2($result_lan); $snort_rules_list[] = "snort_$id$if_real"; @@ -659,7 +669,7 @@ if ($id != '' && $if_real != '') //new $snort_uuid = $config['installedpackages']['snortglobal']['rule'][$id]['uuid']; $result_lan = $config['installedpackages']['snortglobal']['rule'][$id]['interface']; - $if_real = convert_friendly_interface_to_real_interface_name($result_lan); + $if_real = convert_friendly_interface_to_real_interface_name2($result_lan); /* create snort configuration file */ create_snort_conf($id, $if_real, $snort_uuid); @@ -706,7 +716,7 @@ function sync_snort_package_empty() $id += 1; $result_lan = $config['installedpackages']['snortglobal']['rule'][$id]['interface']; - $if_real = convert_friendly_interface_to_real_interface_name($result_lan); + $if_real = convert_friendly_interface_to_real_interface_name2($result_lan); $snort_uuid = $config['installedpackages']['snortglobal']['rule'][$id]['uuid']; if ($if_real != '' && $snort_uuid != '') { @@ -758,7 +768,7 @@ function sync_snort_package_config() $id += 1; $result_lan = $config['installedpackages']['snortglobal']['rule'][$id]['interface']; - $if_real = convert_friendly_interface_to_real_interface_name($result_lan); + $if_real = convert_friendly_interface_to_real_interface_name2($result_lan); $snort_uuid = $config['installedpackages']['snortglobal']['rule'][$id]['uuid']; if ($if_real != '' && $snort_uuid != '') { @@ -808,7 +818,7 @@ function create_snort_sh() $snort_uuid = $config['installedpackages']['snortglobal']['rule'][$id]['uuid']; $result_lan = $config['installedpackages']['snortglobal']['rule'][$id]['interface']; - $if_real = convert_friendly_interface_to_real_interface_name($result_lan); + $if_real = convert_friendly_interface_to_real_interface_name2($result_lan); /* define snortbarnyardlog_chk */ $snortbarnyardlog_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['barnyard_enable']; @@ -824,7 +834,7 @@ $snort_sh_text2[] = <<<EOD ###### For Each Iface # If Snort proc is NOT running - if [ "`/bin/ps -auwx | grep -v grep | grep "R {$snort_uuid}_{$if_real}" | awk '{print $2;}'`" = "" ]; then + if [ "`/bin/ps -auwx | grep -v grep | grep "R {$snort_uuid}{$if_real}" | awk '{print $2;}'`" = "" ]; then /bin/echo "snort.sh run" > /tmp/snort.sh.pid @@ -832,7 +842,7 @@ $snort_sh_text2[] = <<<EOD /bin/rm /var/run/snort_{$snort_uuid}_{$if_real}.pid /bin/rm /var/run/snort_{$snort_uuid}_{$if_real}.pid.lck - /usr/local/bin/snort -u snort -g snort -R {$snort_uuid}_{$if_real} -D -q -l /var/log/snort -G {$snort_uuid} -c /usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/snort.conf -i {$if_real} + /usr/local/bin/snort -u snort -g snort -R {$snort_uuid}{$if_real} -D -q -l /var/log/snort -G {$snort_uuid} -c /usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/snort.conf -i {$if_real} $start_barnyard2 /usr/bin/logger -p daemon.info -i -t SnortStartup "Snort HARD Reload For {$snort_uuid}_{$if_real}..." @@ -846,9 +856,9 @@ $snort_sh_text3[] = <<<EOE #### Fake start only used on bootup and Pfsense IP changes #### Only try to restart if snort is running on Iface - if [ "`/bin/ps -auwx | /usr/bin/grep -v grep | /usr/bin/grep "R {$snort_uuid}_{$if_real}" | /usr/bin/awk '{print $2;}'`" != "" ]; then + if [ "`/bin/ps -auwx | /usr/bin/grep -v grep | /usr/bin/grep "R {$snort_uuid}{$if_real}" | /usr/bin/awk '{print $2;}'`" != "" ]; then - snort_pid="`/bin/ps -auwx | /usr/bin/grep -v grep | /usr/bin/grep "R {$snort_uuid}_{$if_real}" | /usr/bin/awk '{print $2;}'`" + snort_pid="`/bin/ps -auwx | /usr/bin/grep -v grep | /usr/bin/grep "R {$snort_uuid}{$if_real}" | /usr/bin/awk '{print $2;}'`" /usr/bin/logger -p daemon.info -i -t SnortStartup "Snort already running, soft restart" #### Restart Iface @@ -861,7 +871,7 @@ EOE; $snort_sh_text4[] = <<<EOF - pid_s=`/bin/ps -auwx | /usr/bin/grep -v grep | /usr/bin/grep "R {$snort_uuid}_{$if_real}" | /usr/bin/awk '{print \$2;}'` + pid_s=`/bin/ps -auwx | /usr/bin/grep -v grep | /usr/bin/grep "R {$snort_uuid}{$if_real}" | /usr/bin/awk '{print \$2;}'` sleep 3 pid_b=`/bin/ps -auwx | /usr/bin/grep -v grep | /usr/bin/grep "snort_{$snort_uuid}_{$if_real}.u2" | /usr/bin/awk '{print \$2;}'` @@ -924,7 +934,7 @@ $start_snort_iface_restart /bin/rm /tmp/snort.sh.pid #### If on Fake start snort is NOT running DO a real start. - if [ "`/bin/ps -auwx | grep -v grep | grep "R {$snort_uuid}_{$if_real}" | awk '{print $2;}'`" = "" ]; then + if [ "`/bin/ps -auwx | grep -v grep | grep "R {$snort_uuid}{$if_real}" | awk '{print $2;}'`" = "" ]; then rc_start_real @@ -1228,10 +1238,11 @@ snort_rules_up_deinstall_cron(""); write_config(); conf_mount_rw(); - exec("rm -r /usr/local/www/snort"); - exec("rm -r /usr/local/pkg/snort"); - exec("rm -r /usr/local/lib/snort/"); - exec("rm -r /var/log/snort/"); + exec('rm -rf /usr/local/www/snort'); + exec('rm -rf /usr/local/pkg/snort'); + exec('rm -rf /usr/local/lib/snort/'); + exec('rm -rf /var/log/snort/'); + exec('rm -rf /usr/local/pkg/snort*'); conf_mount_ro(); @@ -1587,7 +1598,7 @@ else $home_net .= "{$ip} "; /* Add Gateway on WAN interface to whitelist (For RRD graphs) */ - $int = convert_friendly_interface_to_real_interface_name("WAN"); + $int = convert_friendly_interface_to_real_interface_name2("WAN"); $gw = get_interface_gateway($int); if($gw) $home_net .= "{$gw} "; diff --git a/config/snort/snort_barnyard.php b/config/snort/snort_barnyard.php index db03a2d1..7a587330 100644 --- a/config/snort/snort_barnyard.php +++ b/config/snort/snort_barnyard.php @@ -128,7 +128,7 @@ if (isset($id) && $a_nat[$id]) { if (isset($_GET['dup'])) unset($id); -$if_real = convert_friendly_interface_to_real_interface_name($pconfig['interface']); +$if_real = convert_friendly_interface_to_real_interface_name2($pconfig['interface']); $snort_uuid = $config['installedpackages']['snortglobal']['rule'][$id]['uuid']; diff --git a/config/snort/snort_check_for_rule_updates.php b/config/snort/snort_check_for_rule_updates.php index 6f95b101..3c4e98eb 100644 --- a/config/snort/snort_check_for_rule_updates.php +++ b/config/snort/snort_check_for_rule_updates.php @@ -619,7 +619,7 @@ foreach ($rule_array as $value) { $id += 1; $result_lan = $config['installedpackages']['snortglobal']['rule'][$id]['interface']; -$if_real = convert_friendly_interface_to_real_interface_name($result_lan); +$if_real = convert_friendly_interface_to_real_interface_name2($result_lan); /* make oinkmaster.conf for each interface rule */ oinkmaster_conf(); diff --git a/config/snort/snort_define_servers.php b/config/snort/snort_define_servers.php index b22e206b..5e9b0f31 100644 --- a/config/snort/snort_define_servers.php +++ b/config/snort/snort_define_servers.php @@ -126,7 +126,7 @@ if (isset($_GET['dup'])) } /* convert fake interfaces to real */ -$if_real = convert_friendly_interface_to_real_interface_name($pconfig['interface']); +$if_real = convert_friendly_interface_to_real_interface_name2($pconfig['interface']); $snort_uuid = $config['installedpackages']['snortglobal']['rule'][$id]['uuid']; diff --git a/config/snort/snort_download_rules.php b/config/snort/snort_download_rules.php index b2bcb748..b3b20582 100644 --- a/config/snort/snort_download_rules.php +++ b/config/snort/snort_download_rules.php @@ -1113,7 +1113,7 @@ if (!empty($config['installedpackages']['snortglobal']['rule'])) $id += 1; $result_lan = $config['installedpackages']['snortglobal']['rule'][$id]['interface']; - $if_real = convert_friendly_interface_to_real_interface_name($result_lan); + $if_real = convert_friendly_interface_to_real_interface_name2($result_lan); $iface_uuid = $config['installedpackages']['snortglobal']['rule'][$id]['uuid']; /* make oinkmaster.conf for each interface rule */ diff --git a/config/snort/snort_interfaces.php b/config/snort/snort_interfaces.php index d11422cc..30fed8e5 100644 --- a/config/snort/snort_interfaces.php +++ b/config/snort/snort_interfaces.php @@ -88,7 +88,7 @@ if (isset($_POST['del_x'])) { foreach ($_POST['rule'] as $rulei) { /* convert fake interfaces to real */ - $if_real = convert_friendly_interface_to_real_interface_name($a_nat[$rulei]['interface']); + $if_real = convert_friendly_interface_to_real_interface_name2($a_nat[$rulei]['interface']); $snort_uuid = $a_nat[$rulei]['uuid']; /* cool code to check if any snort is up */ @@ -97,7 +97,7 @@ if (isset($_POST['del_x'])) { if ($snort_up_ck != "") { - $start_up_pre = exec("/usr/bin/top -a -U snort -u | grep -v grep | grep \"R {$snort_uuid}_{$if_real}\" | awk '{print \$1;}'"); + $start_up_pre = exec("/usr/bin/top -a -U snort -u | grep -v grep | grep \"R {$snort_uuid}{$if_real}\" | awk '{print \$1;}'"); $start_up_s = exec("/usr/bin/top -U snort -u | grep snort | grep {$start_up_pre} | awk '{ print $1; }'"); $start_up_r = exec("/usr/bin/top -U root -u | grep snort | grep {$start_up_pre} | awk '{ print $1; }'"); @@ -141,7 +141,7 @@ if (isset($_POST['del_x'])) { /* stop syslog flood code */ //$if_real_wan_rulei = $a_nat[$rulei]['interface']; - //$if_real_wan_rulei2 = convert_friendly_interface_to_real_interface_name($if_real_wan_rulei); + //$if_real_wan_rulei2 = convert_friendly_interface_to_real_interface_name2($if_real_wan_rulei); //exec("/sbin/ifconfig $if_real_wan_rulei2 -promisc"); //exec("/bin/cp /var/log/system.log /var/log/snort/snort_sys_$rulei$if_real.log"); //exec("/usr/bin/killall syslogd"); @@ -199,7 +199,7 @@ if (isset($_POST['del_x'])) { if ($_GET['act'] == 'toggle' && $_GET['id'] != '') { - $if_real = convert_friendly_interface_to_real_interface_name($config['installedpackages']['snortglobal']['rule'][$id]['interface']); + $if_real = convert_friendly_interface_to_real_interface_name2($config['installedpackages']['snortglobal']['rule'][$id]['interface']); $snort_uuid = $config['installedpackages']['snortglobal']['rule'][$id]['uuid']; /* Log Iface stop */ @@ -241,7 +241,7 @@ if ($_GET['act'] == 'toggle' && $_GET['id'] != '') -$pgtitle = "Services: Snort 2.8.5.3 pkg v. 1.19"; +$pgtitle = "Services: Snort 2.8.5.3 pkg v. 1.20"; include("head.inc"); ?> @@ -361,7 +361,7 @@ padding: 15px 10px 50% 50px; /* convert fake interfaces to real and check if iface is up */ /* There has to be a smarter way to do this */ - $if_real = convert_friendly_interface_to_real_interface_name($natent['interface']); + $if_real = convert_friendly_interface_to_real_interface_name2($natent['interface']); $snort_uuid = $natent['uuid']; $tester2 = Running_Ck($snort_uuid, $if_real, $id); diff --git a/config/snort/snort_interfaces_edit.php b/config/snort/snort_interfaces_edit.php index dddca3af..cba0cc8a 100644 --- a/config/snort/snort_interfaces_edit.php +++ b/config/snort/snort_interfaces_edit.php @@ -74,7 +74,7 @@ while ($snort_uuid > 65535 || $snort_uuid == 0) { } /* convert fake interfaces to real */ -$if_real = convert_friendly_interface_to_real_interface_name($a_nat[$id]['interface']); +$if_real = convert_friendly_interface_to_real_interface_name2($a_nat[$id]['interface']); if ($config['installedpackages']['snortglobal']['rule'][$id]['uuid'] != '') { $snort_uuid = $config['installedpackages']['snortglobal']['rule'][$id]['uuid']; @@ -162,7 +162,7 @@ $d_snortconfdirty_path = "/var/run/snort_conf_{$snort_uuid}_{$if_real}.dirty"; write_config(); - $if_real = convert_friendly_interface_to_real_interface_name($a_nat[$id]['interface']); + $if_real = convert_friendly_interface_to_real_interface_name2($a_nat[$id]['interface']); sync_snort_package_all($id, $if_real, $snort_uuid); sync_snort_package(); @@ -202,7 +202,7 @@ if ($_POST["Submit"]) { $id_c += 1; $result_lan = $config['installedpackages']['snortglobal']['rule'][$id_c]['interface']; - $if_real = convert_friendly_interface_to_real_interface_name($result_lan); + $if_real = convert_friendly_interface_to_real_interface_name2($result_lan); if ($_POST['interface'] == $result_lan) { $input_errors[] = "Interface $result_lan is in use. Please select another interface."; @@ -457,7 +457,7 @@ if ($a_nat[$id]['interface'] != '') { //print_r($if_array); if($if_array) { foreach($if_array as $iface2) { - $if2 = convert_friendly_interface_to_real_interface_name($iface2); + $if2 = convert_friendly_interface_to_real_interface_name2($iface2); if($config['interfaces'][$iface2]['ipaddr'] == "pppoe") { $if2 = "ng0"; diff --git a/config/snort/snort_interfaces_global.php b/config/snort/snort_interfaces_global.php index 648b5bda..3c487ce0 100644 --- a/config/snort/snort_interfaces_global.php +++ b/config/snort/snort_interfaces_global.php @@ -369,11 +369,7 @@ include("head.inc"); </tr> </table> </form> -<script language="JavaScript"> -<!-- -enable_change(false); -//--> -</script> + <?php include("fend.inc"); ?> </body> </html> diff --git a/config/snort/snort_preprocessors.php b/config/snort/snort_preprocessors.php index cb00099e..0d7fdde3 100644 --- a/config/snort/snort_preprocessors.php +++ b/config/snort/snort_preprocessors.php @@ -119,7 +119,7 @@ if (isset($_GET['dup'])) } /* convert fake interfaces to real */ -$if_real = convert_friendly_interface_to_real_interface_name($pconfig['interface']); +$if_real = convert_friendly_interface_to_real_interface_name2($pconfig['interface']); $snort_uuid = $pconfig['uuid']; diff --git a/config/snort/snort_rules.php b/config/snort/snort_rules.php index c95d76ca..b5fa2fb2 100644 --- a/config/snort/snort_rules.php +++ b/config/snort/snort_rules.php @@ -52,7 +52,7 @@ if (isset($id) && $a_nat[$id]) { } /* convert fake interfaces to real */ -$if_real = convert_friendly_interface_to_real_interface_name($pconfig['interface']); +$if_real = convert_friendly_interface_to_real_interface_name2($pconfig['interface']); $iface_uuid = $a_nat[$id]['uuid']; diff --git a/config/snort/snort_rules_edit.php b/config/snort/snort_rules_edit.php index b770867f..759193c8 100644 --- a/config/snort/snort_rules_edit.php +++ b/config/snort/snort_rules_edit.php @@ -65,7 +65,7 @@ if (isset($id) && $a_nat[$id]) { } /* convert fake interfaces to real */ -$if_real = convert_friendly_interface_to_real_interface_name($pconfig['interface']); +$if_real = convert_friendly_interface_to_real_interface_name2($pconfig['interface']); $file = $_GET['openruleset']; diff --git a/config/snort/snort_rulesets.php b/config/snort/snort_rulesets.php index 0a726a76..d232c097 100644 --- a/config/snort/snort_rulesets.php +++ b/config/snort/snort_rulesets.php @@ -55,7 +55,7 @@ if (isset($id) && $a_nat[$id]) { } /* convert fake interfaces to real */ -$if_real = convert_friendly_interface_to_real_interface_name($pconfig['interface']); +$if_real = convert_friendly_interface_to_real_interface_name2($pconfig['interface']); $iface_uuid = $a_nat[$id]['uuid']; |