aboutsummaryrefslogtreecommitdiffstats
path: root/config/snort
diff options
context:
space:
mode:
Diffstat (limited to 'config/snort')
-rw-r--r--config/snort/snort.inc139
-rw-r--r--config/snort/snort_interfaces_edit.php3
2 files changed, 52 insertions, 90 deletions
diff --git a/config/snort/snort.inc b/config/snort/snort.inc
index d4a79d1b..f667481f 100644
--- a/config/snort/snort.inc
+++ b/config/snort/snort.inc
@@ -44,10 +44,7 @@ $snort_rules_file = "snortrules-snapshot-2922.tar.gz";
ini_set('max_execution_time', '9999');
ini_set('max_input_time', '9999');
-/* define oinkid */
-if ($config['installedpackages']['snortglobal'])
- $oinkid = $config['installedpackages']['snortglobal']['oinkmastercode'];
-else
+if (!is_array($config['installedpackages']['snortglobal']))
$config['installedpackages']['snortglobal'] = array();
/* find out if were in 1.2.3-RELEASE */
@@ -239,11 +236,10 @@ function build_base_whitelist($build_netlist, $wanip, $wangw, $wandns, $vips, $v
/* checks to see if snort is running yes/no and stop/start */
function Running_Ck($snort_uuid, $if_real, $id) {
- global $config;
+ global $config, $g;
$snort_uph = 'no';
- $snort_up_prell = exec("/bin/ps -ax | /usr/bin/grep \"R {$snort_uuid}\" | /usr/bin/grep -v grep | /usr/bin/awk '{print \$1;}'");
- if ($snort_up_prell != '')
+ if (file_exists("{$g['varrun_path']}/snort_{$if_real}{$snort_uuid}.pid") && isvalidpid("{$g['varrun_path']}/snort_{$if_real}{$snort_uuid}.pid"))
$snort_uph = 'yes';
return $snort_uph;
@@ -251,11 +247,10 @@ function Running_Ck($snort_uuid, $if_real, $id) {
/* checks to see if barnyard2 is running yes/no */
function Running_Ck_b($snort_uuid, $if_real, $id) {
- global $config;
+ global $config, $g;
$snort_up_b = 'no';
- $snort_up_pre_b = exec("/bin/ps -ax | /usr/bin/grep barnyard2 | /usr/bin/grep \"f snort_{$snort_uuid}_{$if_real}.u2\" | /usr/bin/grep -v grep | /usr/bin/awk '{print \$1;}'");
- if ($snort_up_pre_b != '')
+ if (file_exists("{$g['varrun_path']}/barnyard2_{$if_real}{$snort_uuid}.pid") && isvalidpid("{$g['varrun_path']}/barnyard2_{$if_real}{$snort_uuid}.pid"))
$snort_up_b = 'yes';
return $snort_up_b;
@@ -264,23 +259,17 @@ function Running_Ck_b($snort_uuid, $if_real, $id) {
function Running_Stop($snort_uuid, $if_real, $id) {
global $config, $g;
- /* if snort.sh crashed this will remove the pid */
- @unlink("{$g['tmp_path']}/snort.sh.pid");
-
- $start_up = exec("/bin/ps -ax | /usr/bin/grep \"R {$snort_uuid}\" | /usr/bin/grep -v grep | /usr/bin/awk '{ print \$1; }'");
- $start_upb = exec("/bin/ps -ax | /usr/bin/grep \"snort_{$snort_uuid}_{$if_real}.u2\" | /usr/bin/grep -v grep | /usr/bin/awk '{ print \$1; }'");
-
- if ($start_up != '') {
- exec("/bin/kill {$start_up}");
- exec("/bin/rm /var/log/snort/run/snort_{$if_real}{$snort_uuid}*");
+ if (isvalidpid("{$g['varrun_path']}/snort_{$if_real}{$snort_uuid}.pid")) {
+ killbypid("{$g['varrun_path']}/snort_{$if_real}{$snort_uuid}");
+ exec("/bin/rm {$g['varrun_path']}/snort_{$if_real}{$snort_uuid}.pid");
exec("/bin/rm /var/log/snort/snort_{$snort_uuid}_{$if_real}*");
@unlink("/var/log/snort/alert_{$snort_uuid}");
exec("/bin/rm -r /usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}");
}
- if ($start_upb != '') {
- exec("/bin/kill {$start_upb}");
- exec("/bin/rm /var/run/barnyard2_{$snort_uuid}_{$if_real}*");
+ if (isvalidpid("{$g['varrun_path']}/barnyard2_{$if_real}{$snort_uuid}.pid")) {
+ killbypid("{$g['varrun_path']}/barnyard2_{$if_real}{$snort_uuid}.pid");
+ exec("/bin/rm {$g['varrun_path']}/barnyard2_{$snort_uuid}_{$if_real}*");
exec("/bin/rm /var/log/snort/snort.u2_{$snort_uuid}_{$if_real}*");
}
@@ -290,14 +279,11 @@ function Running_Stop($snort_uuid, $if_real, $id) {
}
function Running_Start($snort_uuid, $if_real, $id) {
- global $config;
-
- /* if snort.sh crashed this will remove the pid */
- @unlink("{$g['tmp_path']}/snort.sh.pid");
+ global $config, $g;
$snort_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['enable'];
if ($snort_info_chk == 'on')
- exec("/usr/local/bin/snort -R \"{$snort_uuid}\" -D -q -l /var/log/snort --pid-path /var/log/snort/run -G {$snort_uuid} -c /usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/snort.conf -i {$if_real}");
+ exec("/usr/local/bin/snort -R {$snort_uuid} -D -q -l /var/log/snort --pid-path {$g['varrun_path']} --nolock-pidfile -G {$snort_uuid} -c /usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/snort.conf -i {$if_real}");
else
return;
@@ -306,7 +292,7 @@ function Running_Start($snort_uuid, $if_real, $id) {
$snortbarnyardlog_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['barnyard_enable'];
$snortbarnyardlog_mysql_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['barnyard_mysql'];
if ($snortbarnyardlog_info_chk == 'on' && $snortbarnyardlog_mysql_info_chk != '') {
- exec("/usr/local/bin/barnyard2 -f \"snort_{$snort_uuid}_{$if_real}.u2\" --pid-path /var/log/snort/run -c /usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/barnyard2.conf -d /var/log/snort -D -q");
+ exec("/usr/local/bin/barnyard2 -r {$snort_uuid} -f \"snort_{$snort_uuid}_{$if_real}.u2\" --pid-path {$g['varrun_path']} --nolock-pidfile -c /usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/barnyard2.conf -d /var/log/snort -D -q");
}
/* Log Iface stop */
@@ -421,8 +407,7 @@ function post_delete_logs()
$snort_log_dir = '/var/log/snort';
foreach ($config['installedpackages']['snortglobal']['rule'] as $value) {
- $result_lan = $value['interface'];
- $if_real = snort_get_real_interface($result_lan);
+ $if_real = snort_get_real_interface($value['interface']);
$snort_uuid = $value['uuid'];
if ($if_real != '' && $snort_uuid != '') {
@@ -494,11 +479,10 @@ function snort_postinstall()
exec('/bin/mkdir -p /usr/local/etc/snort/custom_rules');
if (!is_dir('/usr/local/etc/snort/whitelist'))
exec('/bin/mkdir -p /usr/local/etc/snort/whitelist/');
- /* NOTE: the diff between the if check and the exec() extra run is by design */
if (!is_dir('/var/log/snort'))
- exec('/bin/mkdir -p /var/log/snort/run');
+ exec('/bin/mkdir -p /var/log/snort');
else
- exec('/bin/rm -r /var/log/snort/*; /bin/mkdir -p /var/log/snort/run');
+ exec('/bin/rm -r /var/log/snort/*');
if (!is_dir('/var/log/snort/barnyard2'))
exec('/bin/mkdir -p /var/log/snort/barnyard2');
@@ -519,12 +503,10 @@ function snort_postinstall()
mwexec('/bin/chmod -R 660 /usr/local/etc/snort/*', true);
mwexec('/bin/chmod -R 660 /tmp/snort*', true);
mwexec('/bin/chmod -R 660 /var/run/snort*', true);
- mwexec('/bin/chmod -R 660 /var/snort/run/*', true);
mwexec('/bin/chmod 770 /usr/local/lib/snort', true);
mwexec('/bin/chmod 770 /usr/local/etc/snort', true);
mwexec('/bin/chmod 770 /usr/local/etc/whitelist', true);
mwexec('/bin/chmod 770 /var/log/snort', true);
- mwexec('/bin/chmod 770 /var/log/snort/run', true);
mwexec('/bin/chmod 770 /var/log/snort/barnyard2', true);
/* move files around, make it look clean */
@@ -844,8 +826,8 @@ function sync_snort_package_config()
if (!is_dir('/var/log/snort'))
exec('/bin/mkdir -p /var/log/snort');
- if (!is_dir('/var/log/snort/run'))
- exec('/bin/mkdir -p /var/log/snort/run');
+ if (!is_dir('/var/log/snort'))
+ exec('/bin/mkdir -p /var/log/snort');
if (!is_dir('/var/log/snort/barnyard2'))
exec('/bin/mkdir -p /var/log/snort/barnyard2');
@@ -971,51 +953,49 @@ function create_snort_externalnet($id, $if_real) {
}
/* open snort.sh for writing" */
-function create_snort_sh()
-{
+function create_snort_sh() {
global $config, $g;
if (!is_array($config['installedpackages']['snortglobal']['rule']))
return;
$snortconf =& $config['installedpackages']['snortglobal']['rule'];
-
- $snort_sh_text3 = array();
- $snort_sh_text4 = array();
-
/* do not start config build if rules is empty */
- if (!empty($snortconf)) {
- foreach ($snortconf as $value) {
- $snort_uuid = $value['uuid'];
- $result_lan = $value['interface'];
- $if_real = snort_get_real_interface($result_lan);
+ if (empty($snortconf))
+ return;
+
+ $start_snort_iface_start = array();
+ $start_snort_iface_stop = array();
+ foreach ($snortconf as $value) {
+ $snort_uuid = $value['uuid'];
+ $if_real = snort_get_real_interface($value['interface']);
- /* define snortbarnyardlog_chk */
- $snortbarnyardlog_info_chk = $value['barnyard_enable'];
- $snortbarnyardlog_mysql_info_chk = $value['barnyard_mysql'];
+ /* define snortbarnyardlog_chk */
+ $snortbarnyardlog_info_chk = $value['barnyard_enable'];
+ $snortbarnyardlog_mysql_info_chk = $value['barnyard_mysql'];
- if ($snortbarnyardlog_info_chk == 'on' && $snortbarnyardlog_mysql_info_chk != '')
- $start_barnyard2 = "sleep 4;/usr/local/bin/barnyard2 -f snort_{$snort_uuid}_{$if_real}.u2 --pid-path /var/log/snort/run -c /usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/barnyard2.conf -d /var/log/snort -D -q";
+ if ($snortbarnyardlog_info_chk == 'on' && $snortbarnyardlog_mysql_info_chk != '')
+ $start_barnyard2 = "sleep 4;/usr/local/bin/barnyard2 -r {$snort_uuid} -f snort_{$snort_uuid}_{$if_real}.u2 --pid-path {$g['varrun_path']} --nolock-pidfile -c /usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/barnyard2.conf -d /var/log/snort -D -q";
+ else
+ $start_barnyard2 = "";
- $snort_sh_text3[] = <<<EOE
+ $start_snort_iface_start[] = <<<EOE
###### For Each Iface
#### Fake start only used on bootup and Pfsense IP changes
#### Only try to restart if snort is running on Iface
-if [ "`/bin/ps -ax | /usr/bin/grep "R {$snort_uuid}" | /usr/bin/grep -v grep | /usr/bin/awk '{print $1;}'`" != "" ]; then
- snort_pid=`/bin/ps -ax | /usr/bin/grep "R {$snort_uuid}" | /usr/bin/grep -v grep | /usr/bin/awk '{print $1;}'`
+if [ "`/bin/pgrep -nF {$g['varrun_path']}/snort_{$if_real}{$snort_uuid}.pid`" = "0" ]; then
/usr/bin/logger -p daemon.info -i -t SnortStartup "Snort already running, soft restart"
#### Restart Iface
- /bin/kill -HUP \${snort_pid}
+ /bin/pkill -HUP -F {$g['varrun_path']}/snort_{$if_real}{$snort_uuid}.pid -a
/usr/bin/logger -p daemon.info -i -t SnortStartup "Snort Soft Reload For {$snort_uuid}_{$if_real}..."
else
# Start snort and barnyard2
- /bin/echo "snort.sh run" > /tmp/snort.sh.pid
- /bin/rm /var/run/snort_{$snort_uuid}_{$if_real}.pid
+ /bin/rm {$g['varrun_path']}/snort_{$if_real}{$snort_uuid}.pid
- /usr/local/bin/snort -R {$snort_uuid} -D -q -l /var/log/snort --pid-path /var/log/snort/run -G {$snort_uuid} -c /usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/snort.conf -i {$if_real}
+ /usr/local/bin/snort -R {$snort_uuid} -D -q -l /var/log/snort --pid-path {$g['varrun_path']} --nolock-pidfile -G {$snort_uuid} -c /usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/snort.conf -i {$if_real}
$start_barnyard2
/usr/bin/logger -p daemon.info -i -t SnortStartup "Snort HARD START For {$snort_uuid}_{$if_real}..."
@@ -1023,30 +1003,25 @@ fi
EOE;
- $snort_sh_text4[] = <<<EOF
+ $start_snort_iface_stop[] = <<<EOF
-pid_s=`/bin/ps -ax | /usr/bin/grep "R {$snort_uuid}" | /usr/bin/grep -v grep | /usr/bin/awk '{print \$1;}'`
-sleep 3
-pid_b=`/bin/ps -ax | /usr/bin/grep "snort_{$snort_uuid}_{$if_real}.u2" | /usr/bin/grep -v grep | /usr/bin/awk '{print \$1;}'`
-if [ \${pid_s} ] ; then
-
- /bin/echo "snort.sh run" > /tmp/snort.sh.pid
+if [ "`/bin/pgrep -nF {$g['varrun_path']}/snort_{$if_real}{$snort_uuid}.pid`" = "0" ]; then
/usr/bin/logger -p daemon.info -i -t SnortStartup "Snort HARD STOP For {$snort_uuid}_{$if_real}..."
- /bin/kill \${pid_s}
- sleep 3
- /bin/kill \${pid_b}
+ /bin/pkill -F {$g['varrun_path']}/snort_{$if_real}{$snort_uuid}.pid -a
+ sleep 1
+ if [ -f {$g['varrun_path']}/barnyard2_{$if_real}{$snort_uuid}.pid ]; then
+ /bin/pkill -F {$g['varrun_path']}/barnyard2_{$if_real}{$snort_uuid}.pid -a
+ fi
/bin/rm /var/run/snort_{$snort_uuid}_{$if_real}.pid
fi
EOF;
- }
}
-
- $start_snort_iface_start = implode("\n\n", $snort_sh_text3);
- $start_snort_iface_stop = implode("\n\n", $snort_sh_text4);
+ $rc_start = implode("\n", $start_snort_iface_start);
+ $rc_stop = implode("\n", $start_snort_iface_stop);
$snort_sh_text = <<<EOD
#!/bin/sh
@@ -1057,18 +1032,11 @@ EOF;
######## Begining of Main snort.sh
rc_start() {
-
- /bin/echo "snort.sh run" > /tmp/snort.sh.pid
- $start_snort_iface_start
- /bin/rm /tmp/snort.sh.pid
+ {$rc_start}
}
rc_stop() {
-
- $start_snort_iface_stop
- /bin/rm /tmp/snort.sh.pid
- /bin/rm /var/run/snort*
-
+ {$rc_stop}
}
case $1 in
@@ -1086,13 +1054,10 @@ esac
EOD;
/* write out snort.sh */
- $bconf = fopen("/usr/local/etc/rc.d/snort.sh", "w");
- if(!$bconf) {
+ if (!@file_put_contents("/usr/local/etc/rc.d/snort.sh", $snort_sh_text)) {
log_error("Could not open /usr/local/etc/rc.d/snort.sh for writing.");
return;
}
- fwrite($bconf, $snort_sh_text);
- fclose($bconf);
@chmod("/usr/local/etc/rc.d/snort.sh", 0755);
}
diff --git a/config/snort/snort_interfaces_edit.php b/config/snort/snort_interfaces_edit.php
index f3d96848..182d0e76 100644
--- a/config/snort/snort_interfaces_edit.php
+++ b/config/snort/snort_interfaces_edit.php
@@ -298,9 +298,6 @@ if (isset($_GET['dup']))
sync_snort_package_config();
sleep(1);
- /* if snort.sh crashed this will remove the pid */
- exec('/bin/rm /tmp/snort.sh.pid');
-
header( 'Expires: Sat, 26 Jul 1997 05:00:00 GMT' );
header( 'Last-Modified: ' . gmdate( 'D, d M Y H:i:s' ) . ' GMT' );
header( 'Cache-Control: no-store, no-cache, must-revalidate' );