aboutsummaryrefslogtreecommitdiffstats
path: root/config/snort
diff options
context:
space:
mode:
Diffstat (limited to 'config/snort')
-rw-r--r--config/snort/snort.inc53
-rw-r--r--config/snort/snort_barnyard.php2
-rw-r--r--config/snort/snort_check_for_rule_updates.php2
-rw-r--r--config/snort/snort_define_servers.php2
-rw-r--r--config/snort/snort_download_rules.php2
-rw-r--r--config/snort/snort_interfaces.php12
-rw-r--r--config/snort/snort_interfaces_edit.php8
-rw-r--r--config/snort/snort_interfaces_global.php6
-rw-r--r--config/snort/snort_preprocessors.php2
-rw-r--r--config/snort/snort_rules.php2
-rw-r--r--config/snort/snort_rules_edit.php2
-rw-r--r--config/snort/snort_rulesets.php2
12 files changed, 51 insertions, 44 deletions
diff --git a/config/snort/snort.inc b/config/snort/snort.inc
index 5a967f3d..d4af6b85 100644
--- a/config/snort/snort.inc
+++ b/config/snort/snort.inc
@@ -67,7 +67,7 @@ $pfsense_theme_is = $config['theme'];
/* use ob_clean to clear output buffer, this code needs to be watched */
ob_clean();
- $snort_up_prell = exec("/usr/bin/top -a -U snort -u | grep -v grep | grep \"R {$snort_uuid}_{$if_real}\" | awk '{print \$1;}'", $retval);
+ $snort_up_prell = exec("/usr/bin/top -a -U snort -u | grep -v grep | grep \"R {$snort_uuid}{$if_real}\" | awk '{print \$1;}'", $retval);
if ($snort_up_prell != "") {
$snort_uph = 'yes';
@@ -113,7 +113,7 @@ $pfsense_theme_is = $config['theme'];
function Running_Stop($snort_uuid, $if_real, $id) {
global $config;
- $start_up_pre = exec("/usr/bin/top -a -U snort -u | grep -v grep | grep \"R {$snort_uuid}_{$if_real}\" | awk '{print \$1;}'");
+ $start_up_pre = exec("/usr/bin/top -a -U snort -u | grep -v grep | grep \"R {$snort_uuid}{$if_real}\" | awk '{print \$1;}'");
$start_up_s = exec("/usr/bin/top -U snort -u | grep snort | grep {$start_up_pre} | awk '{ print $1; }'");
$start_up_r = exec("/usr/bin/top -U root -u | grep snort | grep {$start_up_pre} | awk '{ print $1; }'");
@@ -158,7 +158,7 @@ $pfsense_theme_is = $config['theme'];
$snort_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['enable'];
if ($snort_info_chk == 'on') {
- exec("/usr/local/bin/snort -u snort -g snort -R \"{$snort_uuid}_{$if_real}\" -D -q -l /var/log/snort -G {$snort_uuid} -c /usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/snort.conf -i {$if_real}");
+ exec("/usr/local/bin/snort -u snort -g snort -R \"{$snort_uuid}{$if_real}\" -D -q -l /var/log/snort -G {$snort_uuid} -c /usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/snort.conf -i {$if_real}");
}
/* define snortbarnyardlog_chk */
/* top will have trouble if the uuid is to far back */
@@ -177,7 +177,7 @@ function convert_friendly_interface_to_real_interface_name2($interface)
{
global $config;
- $lc_interface = strtolower($interface);
+ $lc_interface = strtolower($interface);
if($lc_interface == "lan") return $config['interfaces']['lan']['if'];
if($lc_interface == "wan") return $config['interfaces']['wan']['if'];
$ifdescrs = array();
@@ -194,7 +194,7 @@ function convert_friendly_interface_to_real_interface_name2($interface)
return $interface;
}
-$if_real_wan = convert_friendly_interface_to_real_interface_name2($interface_fake);
+//$if_real_wan = convert_friendly_interface_to_real_interface_name2($interface_fake);
/* Allow additional execution time 0 = no limit. */
ini_set('max_execution_time', '9999');
@@ -323,6 +323,16 @@ function snort_postinstall()
/* back to default */
chdir ("/root/");
+ /* make sure snort-pld is deinstalled */
+ /* remove when snort-old is removed */
+ unset($config['installedpackages']['snort']);
+ unset($config['installedpackages']['snortdefservers']);
+ unset($config['installedpackages']['snortwhitelist']);
+ unset($config['installedpackages']['snortthreshold']);
+ unset($config['installedpackages']['snortadvanced']);
+ write_config();
+ conf_mount_rw();
+
conf_mount_ro();
}
@@ -595,7 +605,7 @@ class array_ereg {
$id += 1;
$result_lan = $config['installedpackages']['snortglobal']['rule'][$id]['interface'];
- $if_real = convert_friendly_interface_to_real_interface_name($result_lan);
+ $if_real = convert_friendly_interface_to_real_interface_name2($result_lan);
$snort_rules_list[] = "snort_$id$if_real";
@@ -659,7 +669,7 @@ if ($id != '' && $if_real != '') //new
$snort_uuid = $config['installedpackages']['snortglobal']['rule'][$id]['uuid'];
$result_lan = $config['installedpackages']['snortglobal']['rule'][$id]['interface'];
- $if_real = convert_friendly_interface_to_real_interface_name($result_lan);
+ $if_real = convert_friendly_interface_to_real_interface_name2($result_lan);
/* create snort configuration file */
create_snort_conf($id, $if_real, $snort_uuid);
@@ -706,7 +716,7 @@ function sync_snort_package_empty()
$id += 1;
$result_lan = $config['installedpackages']['snortglobal']['rule'][$id]['interface'];
- $if_real = convert_friendly_interface_to_real_interface_name($result_lan);
+ $if_real = convert_friendly_interface_to_real_interface_name2($result_lan);
$snort_uuid = $config['installedpackages']['snortglobal']['rule'][$id]['uuid'];
if ($if_real != '' && $snort_uuid != '') {
@@ -758,7 +768,7 @@ function sync_snort_package_config()
$id += 1;
$result_lan = $config['installedpackages']['snortglobal']['rule'][$id]['interface'];
- $if_real = convert_friendly_interface_to_real_interface_name($result_lan);
+ $if_real = convert_friendly_interface_to_real_interface_name2($result_lan);
$snort_uuid = $config['installedpackages']['snortglobal']['rule'][$id]['uuid'];
if ($if_real != '' && $snort_uuid != '') {
@@ -808,7 +818,7 @@ function create_snort_sh()
$snort_uuid = $config['installedpackages']['snortglobal']['rule'][$id]['uuid'];
$result_lan = $config['installedpackages']['snortglobal']['rule'][$id]['interface'];
- $if_real = convert_friendly_interface_to_real_interface_name($result_lan);
+ $if_real = convert_friendly_interface_to_real_interface_name2($result_lan);
/* define snortbarnyardlog_chk */
$snortbarnyardlog_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['barnyard_enable'];
@@ -824,7 +834,7 @@ $snort_sh_text2[] = <<<EOD
###### For Each Iface
# If Snort proc is NOT running
- if [ "`/bin/ps -auwx | grep -v grep | grep "R {$snort_uuid}_{$if_real}" | awk '{print $2;}'`" = "" ]; then
+ if [ "`/bin/ps -auwx | grep -v grep | grep "R {$snort_uuid}{$if_real}" | awk '{print $2;}'`" = "" ]; then
/bin/echo "snort.sh run" > /tmp/snort.sh.pid
@@ -832,7 +842,7 @@ $snort_sh_text2[] = <<<EOD
/bin/rm /var/run/snort_{$snort_uuid}_{$if_real}.pid
/bin/rm /var/run/snort_{$snort_uuid}_{$if_real}.pid.lck
- /usr/local/bin/snort -u snort -g snort -R {$snort_uuid}_{$if_real} -D -q -l /var/log/snort -G {$snort_uuid} -c /usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/snort.conf -i {$if_real}
+ /usr/local/bin/snort -u snort -g snort -R {$snort_uuid}{$if_real} -D -q -l /var/log/snort -G {$snort_uuid} -c /usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/snort.conf -i {$if_real}
$start_barnyard2
/usr/bin/logger -p daemon.info -i -t SnortStartup "Snort HARD Reload For {$snort_uuid}_{$if_real}..."
@@ -846,9 +856,9 @@ $snort_sh_text3[] = <<<EOE
#### Fake start only used on bootup and Pfsense IP changes
#### Only try to restart if snort is running on Iface
- if [ "`/bin/ps -auwx | /usr/bin/grep -v grep | /usr/bin/grep "R {$snort_uuid}_{$if_real}" | /usr/bin/awk '{print $2;}'`" != "" ]; then
+ if [ "`/bin/ps -auwx | /usr/bin/grep -v grep | /usr/bin/grep "R {$snort_uuid}{$if_real}" | /usr/bin/awk '{print $2;}'`" != "" ]; then
- snort_pid="`/bin/ps -auwx | /usr/bin/grep -v grep | /usr/bin/grep "R {$snort_uuid}_{$if_real}" | /usr/bin/awk '{print $2;}'`"
+ snort_pid="`/bin/ps -auwx | /usr/bin/grep -v grep | /usr/bin/grep "R {$snort_uuid}{$if_real}" | /usr/bin/awk '{print $2;}'`"
/usr/bin/logger -p daemon.info -i -t SnortStartup "Snort already running, soft restart"
#### Restart Iface
@@ -861,7 +871,7 @@ EOE;
$snort_sh_text4[] = <<<EOF
- pid_s=`/bin/ps -auwx | /usr/bin/grep -v grep | /usr/bin/grep "R {$snort_uuid}_{$if_real}" | /usr/bin/awk '{print \$2;}'`
+ pid_s=`/bin/ps -auwx | /usr/bin/grep -v grep | /usr/bin/grep "R {$snort_uuid}{$if_real}" | /usr/bin/awk '{print \$2;}'`
sleep 3
pid_b=`/bin/ps -auwx | /usr/bin/grep -v grep | /usr/bin/grep "snort_{$snort_uuid}_{$if_real}.u2" | /usr/bin/awk '{print \$2;}'`
@@ -924,7 +934,7 @@ $start_snort_iface_restart
/bin/rm /tmp/snort.sh.pid
#### If on Fake start snort is NOT running DO a real start.
- if [ "`/bin/ps -auwx | grep -v grep | grep "R {$snort_uuid}_{$if_real}" | awk '{print $2;}'`" = "" ]; then
+ if [ "`/bin/ps -auwx | grep -v grep | grep "R {$snort_uuid}{$if_real}" | awk '{print $2;}'`" = "" ]; then
rc_start_real
@@ -1228,10 +1238,11 @@ snort_rules_up_deinstall_cron("");
write_config();
conf_mount_rw();
- exec("rm -r /usr/local/www/snort");
- exec("rm -r /usr/local/pkg/snort");
- exec("rm -r /usr/local/lib/snort/");
- exec("rm -r /var/log/snort/");
+ exec('rm -rf /usr/local/www/snort');
+ exec('rm -rf /usr/local/pkg/snort');
+ exec('rm -rf /usr/local/lib/snort/');
+ exec('rm -rf /var/log/snort/');
+ exec('rm -rf /usr/local/pkg/snort*');
conf_mount_ro();
@@ -1587,7 +1598,7 @@ else
$home_net .= "{$ip} ";
/* Add Gateway on WAN interface to whitelist (For RRD graphs) */
- $int = convert_friendly_interface_to_real_interface_name("WAN");
+ $int = convert_friendly_interface_to_real_interface_name2("WAN");
$gw = get_interface_gateway($int);
if($gw)
$home_net .= "{$gw} ";
diff --git a/config/snort/snort_barnyard.php b/config/snort/snort_barnyard.php
index db03a2d1..7a587330 100644
--- a/config/snort/snort_barnyard.php
+++ b/config/snort/snort_barnyard.php
@@ -128,7 +128,7 @@ if (isset($id) && $a_nat[$id]) {
if (isset($_GET['dup']))
unset($id);
-$if_real = convert_friendly_interface_to_real_interface_name($pconfig['interface']);
+$if_real = convert_friendly_interface_to_real_interface_name2($pconfig['interface']);
$snort_uuid = $config['installedpackages']['snortglobal']['rule'][$id]['uuid'];
diff --git a/config/snort/snort_check_for_rule_updates.php b/config/snort/snort_check_for_rule_updates.php
index 6f95b101..3c4e98eb 100644
--- a/config/snort/snort_check_for_rule_updates.php
+++ b/config/snort/snort_check_for_rule_updates.php
@@ -619,7 +619,7 @@ foreach ($rule_array as $value) {
$id += 1;
$result_lan = $config['installedpackages']['snortglobal']['rule'][$id]['interface'];
-$if_real = convert_friendly_interface_to_real_interface_name($result_lan);
+$if_real = convert_friendly_interface_to_real_interface_name2($result_lan);
/* make oinkmaster.conf for each interface rule */
oinkmaster_conf();
diff --git a/config/snort/snort_define_servers.php b/config/snort/snort_define_servers.php
index b22e206b..5e9b0f31 100644
--- a/config/snort/snort_define_servers.php
+++ b/config/snort/snort_define_servers.php
@@ -126,7 +126,7 @@ if (isset($_GET['dup']))
}
/* convert fake interfaces to real */
-$if_real = convert_friendly_interface_to_real_interface_name($pconfig['interface']);
+$if_real = convert_friendly_interface_to_real_interface_name2($pconfig['interface']);
$snort_uuid = $config['installedpackages']['snortglobal']['rule'][$id]['uuid'];
diff --git a/config/snort/snort_download_rules.php b/config/snort/snort_download_rules.php
index b2bcb748..b3b20582 100644
--- a/config/snort/snort_download_rules.php
+++ b/config/snort/snort_download_rules.php
@@ -1113,7 +1113,7 @@ if (!empty($config['installedpackages']['snortglobal']['rule']))
$id += 1;
$result_lan = $config['installedpackages']['snortglobal']['rule'][$id]['interface'];
- $if_real = convert_friendly_interface_to_real_interface_name($result_lan);
+ $if_real = convert_friendly_interface_to_real_interface_name2($result_lan);
$iface_uuid = $config['installedpackages']['snortglobal']['rule'][$id]['uuid'];
/* make oinkmaster.conf for each interface rule */
diff --git a/config/snort/snort_interfaces.php b/config/snort/snort_interfaces.php
index d11422cc..30fed8e5 100644
--- a/config/snort/snort_interfaces.php
+++ b/config/snort/snort_interfaces.php
@@ -88,7 +88,7 @@ if (isset($_POST['del_x'])) {
foreach ($_POST['rule'] as $rulei) {
/* convert fake interfaces to real */
- $if_real = convert_friendly_interface_to_real_interface_name($a_nat[$rulei]['interface']);
+ $if_real = convert_friendly_interface_to_real_interface_name2($a_nat[$rulei]['interface']);
$snort_uuid = $a_nat[$rulei]['uuid'];
/* cool code to check if any snort is up */
@@ -97,7 +97,7 @@ if (isset($_POST['del_x'])) {
if ($snort_up_ck != "")
{
- $start_up_pre = exec("/usr/bin/top -a -U snort -u | grep -v grep | grep \"R {$snort_uuid}_{$if_real}\" | awk '{print \$1;}'");
+ $start_up_pre = exec("/usr/bin/top -a -U snort -u | grep -v grep | grep \"R {$snort_uuid}{$if_real}\" | awk '{print \$1;}'");
$start_up_s = exec("/usr/bin/top -U snort -u | grep snort | grep {$start_up_pre} | awk '{ print $1; }'");
$start_up_r = exec("/usr/bin/top -U root -u | grep snort | grep {$start_up_pre} | awk '{ print $1; }'");
@@ -141,7 +141,7 @@ if (isset($_POST['del_x'])) {
/* stop syslog flood code */
//$if_real_wan_rulei = $a_nat[$rulei]['interface'];
- //$if_real_wan_rulei2 = convert_friendly_interface_to_real_interface_name($if_real_wan_rulei);
+ //$if_real_wan_rulei2 = convert_friendly_interface_to_real_interface_name2($if_real_wan_rulei);
//exec("/sbin/ifconfig $if_real_wan_rulei2 -promisc");
//exec("/bin/cp /var/log/system.log /var/log/snort/snort_sys_$rulei$if_real.log");
//exec("/usr/bin/killall syslogd");
@@ -199,7 +199,7 @@ if (isset($_POST['del_x'])) {
if ($_GET['act'] == 'toggle' && $_GET['id'] != '')
{
- $if_real = convert_friendly_interface_to_real_interface_name($config['installedpackages']['snortglobal']['rule'][$id]['interface']);
+ $if_real = convert_friendly_interface_to_real_interface_name2($config['installedpackages']['snortglobal']['rule'][$id]['interface']);
$snort_uuid = $config['installedpackages']['snortglobal']['rule'][$id]['uuid'];
/* Log Iface stop */
@@ -241,7 +241,7 @@ if ($_GET['act'] == 'toggle' && $_GET['id'] != '')
-$pgtitle = "Services: Snort 2.8.5.3 pkg v. 1.19";
+$pgtitle = "Services: Snort 2.8.5.3 pkg v. 1.20";
include("head.inc");
?>
@@ -361,7 +361,7 @@ padding: 15px 10px 50% 50px;
/* convert fake interfaces to real and check if iface is up */
/* There has to be a smarter way to do this */
- $if_real = convert_friendly_interface_to_real_interface_name($natent['interface']);
+ $if_real = convert_friendly_interface_to_real_interface_name2($natent['interface']);
$snort_uuid = $natent['uuid'];
$tester2 = Running_Ck($snort_uuid, $if_real, $id);
diff --git a/config/snort/snort_interfaces_edit.php b/config/snort/snort_interfaces_edit.php
index dddca3af..cba0cc8a 100644
--- a/config/snort/snort_interfaces_edit.php
+++ b/config/snort/snort_interfaces_edit.php
@@ -74,7 +74,7 @@ while ($snort_uuid > 65535 || $snort_uuid == 0) {
}
/* convert fake interfaces to real */
-$if_real = convert_friendly_interface_to_real_interface_name($a_nat[$id]['interface']);
+$if_real = convert_friendly_interface_to_real_interface_name2($a_nat[$id]['interface']);
if ($config['installedpackages']['snortglobal']['rule'][$id]['uuid'] != '') {
$snort_uuid = $config['installedpackages']['snortglobal']['rule'][$id]['uuid'];
@@ -162,7 +162,7 @@ $d_snortconfdirty_path = "/var/run/snort_conf_{$snort_uuid}_{$if_real}.dirty";
write_config();
- $if_real = convert_friendly_interface_to_real_interface_name($a_nat[$id]['interface']);
+ $if_real = convert_friendly_interface_to_real_interface_name2($a_nat[$id]['interface']);
sync_snort_package_all($id, $if_real, $snort_uuid);
sync_snort_package();
@@ -202,7 +202,7 @@ if ($_POST["Submit"]) {
$id_c += 1;
$result_lan = $config['installedpackages']['snortglobal']['rule'][$id_c]['interface'];
- $if_real = convert_friendly_interface_to_real_interface_name($result_lan);
+ $if_real = convert_friendly_interface_to_real_interface_name2($result_lan);
if ($_POST['interface'] == $result_lan) {
$input_errors[] = "Interface $result_lan is in use. Please select another interface.";
@@ -457,7 +457,7 @@ if ($a_nat[$id]['interface'] != '') {
//print_r($if_array);
if($if_array) {
foreach($if_array as $iface2) {
- $if2 = convert_friendly_interface_to_real_interface_name($iface2);
+ $if2 = convert_friendly_interface_to_real_interface_name2($iface2);
if($config['interfaces'][$iface2]['ipaddr'] == "pppoe") {
$if2 = "ng0";
diff --git a/config/snort/snort_interfaces_global.php b/config/snort/snort_interfaces_global.php
index 648b5bda..3c487ce0 100644
--- a/config/snort/snort_interfaces_global.php
+++ b/config/snort/snort_interfaces_global.php
@@ -369,11 +369,7 @@ include("head.inc");
</tr>
</table>
</form>
-<script language="JavaScript">
-<!--
-enable_change(false);
-//-->
-</script>
+
<?php include("fend.inc"); ?>
</body>
</html>
diff --git a/config/snort/snort_preprocessors.php b/config/snort/snort_preprocessors.php
index cb00099e..0d7fdde3 100644
--- a/config/snort/snort_preprocessors.php
+++ b/config/snort/snort_preprocessors.php
@@ -119,7 +119,7 @@ if (isset($_GET['dup']))
}
/* convert fake interfaces to real */
-$if_real = convert_friendly_interface_to_real_interface_name($pconfig['interface']);
+$if_real = convert_friendly_interface_to_real_interface_name2($pconfig['interface']);
$snort_uuid = $pconfig['uuid'];
diff --git a/config/snort/snort_rules.php b/config/snort/snort_rules.php
index c95d76ca..b5fa2fb2 100644
--- a/config/snort/snort_rules.php
+++ b/config/snort/snort_rules.php
@@ -52,7 +52,7 @@ if (isset($id) && $a_nat[$id]) {
}
/* convert fake interfaces to real */
-$if_real = convert_friendly_interface_to_real_interface_name($pconfig['interface']);
+$if_real = convert_friendly_interface_to_real_interface_name2($pconfig['interface']);
$iface_uuid = $a_nat[$id]['uuid'];
diff --git a/config/snort/snort_rules_edit.php b/config/snort/snort_rules_edit.php
index b770867f..759193c8 100644
--- a/config/snort/snort_rules_edit.php
+++ b/config/snort/snort_rules_edit.php
@@ -65,7 +65,7 @@ if (isset($id) && $a_nat[$id]) {
}
/* convert fake interfaces to real */
-$if_real = convert_friendly_interface_to_real_interface_name($pconfig['interface']);
+$if_real = convert_friendly_interface_to_real_interface_name2($pconfig['interface']);
$file = $_GET['openruleset'];
diff --git a/config/snort/snort_rulesets.php b/config/snort/snort_rulesets.php
index 0a726a76..d232c097 100644
--- a/config/snort/snort_rulesets.php
+++ b/config/snort/snort_rulesets.php
@@ -55,7 +55,7 @@ if (isset($id) && $a_nat[$id]) {
}
/* convert fake interfaces to real */
-$if_real = convert_friendly_interface_to_real_interface_name($pconfig['interface']);
+$if_real = convert_friendly_interface_to_real_interface_name2($pconfig['interface']);
$iface_uuid = $a_nat[$id]['uuid'];