diff options
Diffstat (limited to 'config/snort')
-rw-r--r-- | config/snort/snort.inc | 222 | ||||
-rw-r--r-- | config/snort/snort_check_for_rule_updates.php | 21 | ||||
-rw-r--r-- | config/snort/snort_download_rules.php | 2 | ||||
-rw-r--r-- | config/snort/snort_download_updates.php | 20 | ||||
-rw-r--r-- | config/snort/snort_interfaces.php | 4 | ||||
-rw-r--r-- | config/snort/snort_interfaces_global.php | 6 | ||||
-rw-r--r-- | config/snort/snort_rules.php | 15 | ||||
-rw-r--r-- | config/snort/snort_rulesets.php | 41 |
8 files changed, 138 insertions, 193 deletions
diff --git a/config/snort/snort.inc b/config/snort/snort.inc index 169796c0..149b6abb 100644 --- a/config/snort/snort.inc +++ b/config/snort/snort.inc @@ -42,6 +42,7 @@ $pfSense_snort_version = "2.2.4"; $snort_package_version = "Snort {$snort_version} pkg v. {$pfSense_snort_version}"; $snort_rules_file = "snortrules-snapshot-2923.tar.gz"; $emerging_threats_version = "2.9.0"; +$snortdir = "/usr/local/etc/snort"; /* Allow additional execution time 0 = no limit. */ ini_set('max_execution_time', '9999'); @@ -57,7 +58,7 @@ else $snort_pfsense_basever = 'yes'; /* find out what arch where in x86 , x64 */ -global $snort_arch; +global $snortdir, $snort_arch; $snort_arch = 'x86'; $snort_arch_ck = php_uname("m"); if ($snort_arch_ck == 'i386') @@ -278,11 +279,11 @@ function Running_Stop($snort_uuid, $if_real, $id) { } function Running_Start($snort_uuid, $if_real, $id) { - global $config, $g; + global $snortdir, $config, $g; $snort_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['enable']; if ($snort_info_chk == 'on') - exec("/usr/local/bin/snort -R {$snort_uuid} -D -q -l /var/log/snort/snort_{$if_real}{$snort_uuid} --pid-path {$g['varrun_path']} --nolock-pidfile -G {$snort_uuid} -c /usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/snort.conf -i {$if_real}"); + exec("/usr/local/bin/snort -R {$snort_uuid} -D -q -l /var/log/snort/snort_{$if_real}{$snort_uuid} --pid-path {$g['varrun_path']} --nolock-pidfile -G {$snort_uuid} -c {$snortdir}/snort_{$snort_uuid}_{$if_real}/snort.conf -i {$if_real}"); else return; @@ -291,7 +292,7 @@ function Running_Start($snort_uuid, $if_real, $id) { $snortbarnyardlog_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['barnyard_enable']; $snortbarnyardlog_mysql_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['barnyard_mysql']; if ($snortbarnyardlog_info_chk == 'on' && $snortbarnyardlog_mysql_info_chk != '') - exec("/usr/local/bin/barnyard2 -r {$snort_uuid} -f \"snort_{$snort_uuid}_{$if_real}.u2\" --pid-path {$g['varrun_path']} --nolock-pidfile -c /usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/barnyard2.conf -d /var/log/snort/snort_{$if_real}{$snort_uuid} -D -q"); + exec("/usr/local/bin/barnyard2 -r {$snort_uuid} -f \"snort_{$snort_uuid}_{$if_real}.u2\" --pid-path {$g['varrun_path']} --nolock-pidfile -c {$snortdir}/snort_{$snort_uuid}_{$if_real}/barnyard2.conf -d /var/log/snort/snort_{$if_real}{$snort_uuid} -D -q"); /* Log Iface stop */ exec("/usr/bin/logger -p daemon.info -i -t SnortStartup 'Interface Rule START for {$id}_{$snort_uuid}_{$if_real}...'"); @@ -385,9 +386,8 @@ function post_delete_logs() } } -function snort_postinstall() -{ - global $config, $g, $snort_pfsense_basever, $snort_arch; +function snort_postinstall() { + global $snortdir, $config, $g, $snort_pfsense_basever, $snort_arch; /* snort -> advanced features */ if (is_array($config['installedpackages']['snortglobal'])) { @@ -397,17 +397,17 @@ function snort_postinstall() } /* cleanup default files */ - @rename('/usr/local/etc/snort/snort.conf-sample', '/usr/local/etc/snort/snort.conf'); - @rename('/usr/local/etc/snort/threshold.conf-sample', '/usr/local/etc/snort/threshold.conf'); - @rename('/usr/local/etc/snort/sid-msg.map-sample', '/usr/local/etc/snort/sid-msg.map'); - @rename('/usr/local/etc/snort/unicode.map-sample', '/usr/local/etc/snort/unicode.map'); - @rename('/usr/local/etc/snort/classification.config-sample', '/usr/local/etc/snort/classification.config'); - @rename('/usr/local/etc/snort/generators-sample', '/usr/local/etc/snort/generators'); - @rename('/usr/local/etc/snort/reference.config-sample', '/usr/local/etc/snort/reference.config'); - @rename('/usr/local/etc/snort/gen-msg.map-sample', '/usr/local/etc/snort/gen-msg.map'); - @unlink('/usr/local/etc/snort/sid'); - @unlink('/usr/local/etc/rc.d/snort'); - @unlink('/usr/local/etc/rc.d/barnyard2'); + @rename("{$snortdir}/snort.conf-sample", "{$snortdir}/snort.conf"); + @rename("{$snortdir}/threshold.conf-sample", "{$snortdir}/threshold.conf"); + @rename("{$snortdir}/sid-msg.map-sample", "{$snortdir}/sid-msg.map"); + @rename("{$snortdir}/unicode.map-sample", "{$snortdir}/unicode.map"); + @rename("{$snortdir}/classification.config-sample", "{$snortdir}/classification.config"); + @rename("{$snortdir}/generators-sample", "{$snortdir}/generators"); + @rename("{$snortdir}/reference.config-sample", "{$snortdir}/reference.config"); + @rename("{$snortdir}/gen-msg.map-sample", "{$snortdir}/gen-msg.map"); + @unlink("{$snortdir}/sid"); + @unlink("/usr/local/etc/rc.d/snort"); + @unlink("/usr/local/etc/rc.d/barnyard2"); /* remove example files */ if (file_exists('/usr/local/lib/snort/dynamicrules/lib_sfdynamic_example_rule.so.0')) @@ -416,8 +416,8 @@ function snort_postinstall() if (file_exists('/usr/local/lib/snort/dynamicpreprocessor/lib_sfdynamic_preprocessor_example.so')) exec('/bin/rm /usr/local/lib/snort/dynamicpreprocessor/lib_sfdynamic_preprocessor_example*'); - mwexec('/usr/sbin/chown -R snort:snort /var/log/snort', true); - mwexec('/usr/sbin/chown -R snort:snort /usr/local/etc/snort', true); + mwexec("/usr/sbin/chown -R snort:snort /var/log/snort", true); + mwexec("/usr/sbin/chown -R snort:snort {$snortdir}", true); mwexec('/usr/sbin/chown -R snort:snort /usr/local/lib/snort', true); mwexec('/usr/sbin/chown snort:snort /tmp/snort*', true); mwexec('/usr/sbin/chown snort:snort /var/db/whitelist', true); @@ -746,11 +746,11 @@ function sync_snort_package_config() /* create threshold file */ function create_snort_suppress($id, $if_real) { - global $config, $g; + global $snortdir, $config, $g; /* make sure dir is there */ - if (!is_dir('/usr/local/etc/snort/suppress')) - exec('/bin/mkdir -p /usr/local/etc/snort/suppress'); + if (!is_dir("{$snortdir}/suppress")) + exec("/bin/mkdir -p {$snortdir}/suppress"); if (!is_array($config['installedpackages']['snortglobal']['rule'])) return; @@ -768,23 +768,23 @@ function create_snort_suppress($id, $if_real) { $s_data .= str_replace("\r", "", base64_decode($config['installedpackages']['snortglobal']['suppress']['item'][$whitelist_key_s]['suppresspassthru'])); /* open snort's whitelist for writing */ - @file_put_contents("/usr/local/etc/snort/suppress/$suppress_file_name", $s_data); + @file_put_contents("{$snortdir}/suppress/$suppress_file_name", $s_data); } } function create_snort_whitelist($id, $if_real) { - global $config, $g; + global $snortdir, $config, $g; /* make sure dir is there */ - if (!is_dir('/usr/local/etc/snort/whitelist')) - exec('/bin/mkdir -p /usr/local/etc/snort/whitelist'); + if (!is_dir("{$snortdir}/whitelist")) + exec("/bin/mkdir -p {$snortdir}/whitelist"); if ($config['installedpackages']['snortglobal']['rule'][$id]['whitelistname'] == 'default') { $w_data = build_base_whitelist('whitelist', 'yes', 'yes', 'yes', 'yes', 'yes', 'no'); /* open snort's whitelist for writing */ - @file_put_contents("/usr/local/etc/snort/whitelist/defaultwlist", $w_data); + @file_put_contents("{$snortdir}/whitelist/defaultwlist", $w_data); } else if (!empty($config['installedpackages']['snortglobal']['rule'][$id]['whitelistname'])) { $whitelist_key_w = find_whitelist_key($config['installedpackages']['snortglobal']['rule'][$id]['whitelistname']); @@ -797,7 +797,7 @@ function create_snort_whitelist($id, $if_real) { $whitelist['wandnsips'], $whitelist['vips'], $whitelist['vpnips'], $whitelist_key_w); /* open snort's whitelist for writing */ - @file_put_contents("/usr/local/etc/snort/whitelist/" . $config['installedpackages']['snortglobal']['rule'][$id]['whitelistname'], $w_data); + @file_put_contents("{$snortdir}/whitelist/" . $config['installedpackages']['snortglobal']['rule'][$id]['whitelistname'], $w_data); } } @@ -845,7 +845,7 @@ function create_snort_externalnet($id, $if_real) { /* open snort.sh for writing" */ function create_snort_sh() { - global $config, $g; + global $snortdir, $config, $g; if (!is_array($config['installedpackages']['snortglobal']['rule'])) return; @@ -864,13 +864,13 @@ function create_snort_sh() { $start_barnyard = <<<EOE if [ ! -f {$g['varrun_path']}/barnyard2_{$if_real}{$snort_uuid}.pid ]; then - /bin/pgrep -xf '/usr/local/bin/barnyard2 -r {$snort_uuid} -f snort_{$snort_uuid}_{$if_real}.u2 --pid-path {$g['varrun_path']} --nolock-pidfile -c /usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/barnyard2.conf -d /var/log/snort/snort_{$if_real}{$snort_uuid} -D -q' > {$g['varrun_path']}/barnyard2_{$if_real}{$snort_uuid}.pid + /bin/pgrep -xf '/usr/local/bin/barnyard2 -r {$snort_uuid} -f snort_{$snort_uuid}_{$if_real}.u2 --pid-path {$g['varrun_path']} --nolock-pidfile -c {$snortdir}/snort_{$snort_uuid}_{$if_real}/barnyard2.conf -d /var/log/snort/snort_{$if_real}{$snort_uuid} -D -q' > {$g['varrun_path']}/barnyard2_{$if_real}{$snort_uuid}.pid fi /bin/pgrep -F {$g['varrun_path']}/barnyard2_{$if_real}{$snort_uuid}.pid if [ $? = 0 ]; then /bin/pkill -HUP -F {$g['varrun_path']}/barnyard2_{$if_real}{$snort_uuid}.pid -a else - /usr/local/bin/barnyard2 -r {$snort_uuid} -f snort_{$snort_uuid}_{$if_real}.u2 --pid-path {$g['varrun_path']} --nolock-pidfile -c /usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/barnyard2.conf -d /var/log/snort/snort_{$if_real}{$snort_uuid} -D -q + /usr/local/bin/barnyard2 -r {$snort_uuid} -f snort_{$snort_uuid}_{$if_real}.u2 --pid-path {$g['varrun_path']} --nolock-pidfile -c {$snortdir}/snort_{$snort_uuid}_{$if_real}/barnyard2.conf -d /var/log/snort/snort_{$if_real}{$snort_uuid} -D -q fi EOE; @@ -880,7 +880,7 @@ EOE; /bin/pkill -F {$g['varrun_path']}/barnyard2_{$if_real}{$snort_uuid}.pid -a /bin/rm /var/run/barnyard2_{$if_real}{$snort_uuid}.pid else - /bin/pkill -xf '/usr/local/bin/barnyard2 -r {$snort_uuid} -f snort_{$snort_uuid}_{$if_real}.u2 --pid-path {$g['varrun_path']} --nolock-pidfile -c /usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/barnyard2.conf -d /var/log/snort/snort_{$if_real}{$snort_uuid} -D -q' + /bin/pkill -xf '/usr/local/bin/barnyard2 -r {$snort_uuid} -f snort_{$snort_uuid}_{$if_real}.u2 --pid-path {$g['varrun_path']} --nolock-pidfile -c {$snortdir}/snort_{$snort_uuid}_{$if_real}/barnyard2.conf -d /var/log/snort/snort_{$if_real}{$snort_uuid} -D -q' fi EOE; @@ -894,7 +894,7 @@ EOE; ###### For Each Iface #### Only try to restart if snort is running on Iface if [ ! -f {$g['varrun_path']}/snort_{$if_real}{$snort_uuid}.pid ]; then - /bin/pgrep -xf '/usr/local/bin/snort -R {$snort_uuid} -D -q -l /var/log/snort/snort_{$if_real}{$snort_uuid} --pid-path {$g['varrun_path']} --nolock-pidfile -G {$snort_uuid} -c /usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/snort.conf -i {$if_real}' > {$g['varrun_path']}/snort_{$if_real}{$snort_uuid}.pid + /bin/pgrep -xf '/usr/local/bin/snort -R {$snort_uuid} -D -q -l /var/log/snort/snort_{$if_real}{$snort_uuid} --pid-path {$g['varrun_path']} --nolock-pidfile -G {$snort_uuid} -c {$snortdir}/snort_{$snort_uuid}_{$if_real}/snort.conf -i {$if_real}' > {$g['varrun_path']}/snort_{$if_real}{$snort_uuid}.pid fi /bin/pgrep -nF {$g['varrun_path']}/snort_{$if_real}{$snort_uuid}.pid if [ $? = 0 ]; then @@ -903,7 +903,7 @@ EOE; else # Start snort and barnyard2 /bin/rm {$g['varrun_path']}/snort_{$if_real}{$snort_uuid}.pid - /usr/local/bin/snort -R {$snort_uuid} -D -q -l /var/log/snort/snort_{$if_real}{$snort_uuid} --pid-path {$g['varrun_path']} --nolock-pidfile -G {$snort_uuid} -c /usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/snort.conf -i {$if_real} + /usr/local/bin/snort -R {$snort_uuid} -D -q -l /var/log/snort/snort_{$if_real}{$snort_uuid} --pid-path {$g['varrun_path']} --nolock-pidfile -G {$snort_uuid} -c {$snortdir}/snort_{$snort_uuid}_{$if_real}/snort.conf -i {$if_real} /usr/bin/logger -p daemon.info -i -t SnortStartup "Snort START For {$value['descr']}({$snort_uuid}_{$if_real})..." fi @@ -919,7 +919,7 @@ EOE; /bin/pkill -F {$g['varrun_path']}/snort_{$if_real}{$snort_uuid}.pid -a /bin/rm /var/run/snort_{$if_real}{$snort_uuid}.pid else - /bin/pkill -xf '/usr/local/bin/snort -R {$snort_uuid} -D -q -l /var/log/snort/snort_{$if_real}{$snort_uuid} --pid-path {$g['varrun_path']} --nolock-pidfile -G {$snort_uuid} -c /usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/snort.conf -i {$if_real}' + /bin/pkill -xf '/usr/local/bin/snort -R {$snort_uuid} -D -q -l /var/log/snort/snort_{$if_real}{$snort_uuid} --pid-path {$g['varrun_path']} --nolock-pidfile -G {$snort_uuid} -c {$snortdir}/snort_{$snort_uuid}_{$if_real}/snort.conf -i {$if_real}' fi sleep 2 @@ -970,28 +970,27 @@ EOD; } /* if rules exist copy to new interfaces */ -function create_rules_iface($id, $if_real, $snort_uuid) -{ - global $config, $g; +function create_rules_iface($id, $if_real, $snort_uuid) { + global $snortdir, $config, $g; - $if_rule_dir = "/usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}"; + $if_rule_dir = "{$snortdir}/snort_{$snort_uuid}_{$if_real}"; $folder_chk = (count(glob("{$if_rule_dir}/rules/*")) === 0) ? 'empty' : 'full'; if ($folder_chk == "empty") { if (!is_dir("{$if_rule_dir}/rules")) exec("/bin/mkdir -p {$if_rule_dir}/rules"); - exec("/bin/cp /usr/local/etc/snort/rules/* {$if_rule_dir}/rules"); - if (file_exists("/usr/local/etc/snort/custom_rules/local_{$snort_uuid}_{$if_real}.rules")) - exec("/bin/cp /usr/local/etc/snort/custom_rules/local_{$snort_uuid}_{$if_real}.rules {$if_rule_dir}/local_{$snort_uuid}_{$if_real}.rules"); + exec("/bin/cp {$snortdir}/rules/* {$if_rule_dir}/rules"); + if (file_exists("{$snortdir}/custom_rules/local_{$snort_uuid}_{$if_real}.rules")) + exec("/bin/cp {$snortdir}/custom_rules/local_{$snort_uuid}_{$if_real}.rules {$if_rule_dir}/local_{$snort_uuid}_{$if_real}.rules"); } } /* open barnyard2.conf for writing */ function create_barnyard2_conf($id, $if_real, $snort_uuid) { - global $config, $g; + global $snortdir, $config, $g; - if (!file_exists("/usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/barnyard2.conf")) - exec("/usr/bin/touch /usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/barnyard2.conf"); + if (!file_exists("{$snortdir}/snort_{$snort_uuid}_{$if_real}/barnyard2.conf")) + exec("/usr/bin/touch {$snortdir}/snort_{$snort_uuid}_{$if_real}/barnyard2.conf"); if (!file_exists("/var/log/snort/snort_{$if_real}{$snort_uuid}/barnyard2/{$snort_uuid}_{$if_real}.waldo")) { @touch("/var/log/snort/snort_{$if_real}{$snort_uuid}/barnyard2/{$snort_uuid}_{$if_real}.waldo"); @@ -1001,12 +1000,12 @@ function create_barnyard2_conf($id, $if_real, $snort_uuid) { $barnyard2_conf_text = generate_barnyard2_conf($id, $if_real, $snort_uuid); /* write out barnyard2_conf */ - @file_put_contents("/usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/barnyard2.conf", $barnyard2_conf_text); + @file_put_contents("{$snortdir}/snort_{$snort_uuid}_{$if_real}/barnyard2.conf", $barnyard2_conf_text); } /* open barnyard2.conf for writing" */ function generate_barnyard2_conf($id, $if_real, $snort_uuid) { - global $config, $g; + global $snortdir, $config, $g; /* define snortbarnyardlog */ /* TODO: add support for the other 5 output plugins */ @@ -1023,10 +1022,10 @@ function generate_barnyard2_conf($id, $if_real, $snort_uuid) { # # set the appropriate paths to the file(s) your Snort process is using -config reference_file: /usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/reference.config -config classification_file: /usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/classification.config -config gen_file: /usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/gen-msg.map -config sid_file: /usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/sid-msg.map +config reference_file: {$snortdir}/snort_{$snort_uuid}_{$if_real}/reference.config +config classification_file: {$snortdir}/snort_{$snort_uuid}_{$if_real}/classification.config +config gen_file: {$snortdir}/snort_{$snort_uuid}_{$if_real}/gen-msg.map +config sid_file: {$snortdir}/snort_{$snort_uuid}_{$if_real}/sid-msg.map config hostname: $snortbarnyardlog_hostname_info_chk config interface: {$snort_uuid}_{$if_real} @@ -1054,14 +1053,13 @@ EOD; return $barnyard2_conf_text; } -function create_snort_conf($id, $if_real, $snort_uuid) -{ - global $config, $g; +function create_snort_conf($id, $if_real, $snort_uuid) { + global $snortdir, $config, $g; if (!empty($if_real) && !empty($snort_uuid)) { - if (!is_dir("/usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}")) { - exec("/bin/mkdir -p /usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}"); - @touch("/usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/snort.conf"); + if (!is_dir("{$snortdir}/snort_{$snort_uuid}_{$if_real}")) { + exec("/bin/mkdir -p {$snortdir}/snort_{$snort_uuid}_{$if_real}"); + @touch("{$snortdir}/snort_{$snort_uuid}_{$if_real}/snort.conf"); } $snort_conf_text = generate_snort_conf($id, $if_real, $snort_uuid); @@ -1069,9 +1067,9 @@ function create_snort_conf($id, $if_real, $snort_uuid) return; /* write out snort.conf */ - $conf = fopen("/usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/snort.conf", "w"); + $conf = fopen("{$snortdir}/snort_{$snort_uuid}_{$if_real}/snort.conf", "w"); if(!$conf) { - log_error("Could not open /usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/snort.conf for writing."); + log_error("Could not open {$snortdir}/snort_{$snort_uuid}_{$if_real}/snort.conf for writing."); return -1; } fwrite($conf, $snort_conf_text); @@ -1080,7 +1078,7 @@ function create_snort_conf($id, $if_real, $snort_uuid) } function snort_deinstall() { - global $config, $g; + global $snortdir, $config, $g; /* remove custom sysctl */ remove_text_from_file("/etc/sysctl.conf", "sysctl net.bpf.bufsize=20480"); @@ -1096,7 +1094,7 @@ function snort_deinstall() { mwexec('/usr/bin/killall -9 barnyard2', true); sleep(2); mwexec('/usr/sbin/pw userdel snort; /usr/sbin/pw groupdel snort', true); - mwexec('/bin/rm -rf /usr/local/etc/snort*; /bin/rm -rf /usr/local/pkg/snort*', true); + mwexec("/bin/rm -rf {$snortdir}*; /bin/rm -rf /usr/local/pkg/snort*", true); mwexec('/bin/rm -rf /usr/local/www/snort; /bin/rm -rf /var/log/snort', true); /* Remove snort cron entries Ugly code needs smoothness*/ @@ -1132,9 +1130,8 @@ function snort_deinstall() { unset($config['installedpackages']['snortglobal']); } -function generate_snort_conf($id, $if_real, $snort_uuid) -{ - global $config, $g, $snort_pfsense_basever; +function generate_snort_conf($id, $if_real, $snort_uuid) { + global $snortdir, $config, $g, $snort_pfsense_basever; if (!is_array($config['installedpackages']['snortglobal']['rule'])) return; @@ -1156,14 +1153,14 @@ function generate_snort_conf($id, $if_real, $snort_uuid) $snort_config_pass_thru = str_replace("\r", "", base64_decode($snortcfg['configpassthru'])); /* create a few directories and ensure the sample files are in place */ - if (!is_dir('/usr/local/etc/snort')) - exec('/bin/mkdir -p /usr/local/etc/snort/custom_rules'); - if (!is_dir("/usr/local/etc/snort/snort/snort_{$snort_uuid}_{$if_real}")) - exec("/bin/mkdir -p /usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}"); - if (!is_dir("/usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/rules")) - exec("/bin/mkdir -p /usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/rules"); - if (!is_dir('/usr/local/etc/snort/whitelist')) - exec('/bin/mkdir -p /usr/local/etc/snort/whitelist/'); + if (!is_dir("{$snortdir}")) + exec("/bin/mkdir -p {$snortdir}/custom_rules"); + if (!is_dir("{$snortdir}/snort/snort_{$snort_uuid}_{$if_real}")) + exec("/bin/mkdir -p {$snortdir}/snort_{$snort_uuid}_{$if_real}"); + if (!is_dir("{$snortdir}/snort_{$snort_uuid}_{$if_real}/rules")) + exec("/bin/mkdir -p {$snortdir}/snort_{$snort_uuid}_{$if_real}/rules"); + if (!is_dir("{$snortdir}/whitelist")) + exec("/bin/mkdir -p {$snortdir}/whitelist/"); if (!is_dir("/var/log/snort/snort_{$if_real}{$snort_uuid}")) exec("/bin/mkdir -p /var/log/snort/snort_{$if_real}{$snort_uuid}"); if (!is_dir("/var/log/snort/snort_{$if_real}{$snort_uuid}/barnyard2")) @@ -1177,13 +1174,13 @@ function generate_snort_conf($id, $if_real, $snort_uuid) if (!file_exists('/var/db/whitelist')) @touch('/var/db/whitelist'); - @copy("/usr/local/etc/snort/gen-msg.map", "/usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/gen-msg.map"); - @copy("/usr/local/etc/snort/classification.config", "/usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/classification.config"); - @copy("/usr/local/etc/snort/reference.config", "/usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/reference.config"); - @copy("/usr/local/etc/snort/sid-msg.map", "/usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/sid-msg.map"); - @copy("/usr/local/etc/snort/unicode.map", "/usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/unicode.map"); - @copy("/usr/local/etc/snort/threshold.conf", "/usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/threshold.conf"); - @touch("/usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/barnyard2.conf"); + @copy("{$snortdir}/gen-msg.map", "{$snortdir}/snort_{$snort_uuid}_{$if_real}/gen-msg.map"); + @copy("{$snortdir}/classification.config", "{$snortdir}/snort_{$snort_uuid}_{$if_real}/classification.config"); + @copy("{$snortdir}/reference.config", "{$snortdir}/snort_{$snort_uuid}_{$if_real}/reference.config"); + @copy("{$snortdir}/sid-msg.map", "{$snortdir}/snort_{$snort_uuid}_{$if_real}/sid-msg.map"); + @copy("{$snortdir}/unicode.map", "{$snortdir}/snort_{$snort_uuid}_{$if_real}/unicode.map"); + @copy("{$snortdir}/threshold.conf", "{$snortdir}/snort_{$snort_uuid}_{$if_real}/threshold.conf"); + @touch("{$snortdir}/snort_{$snort_uuid}_{$if_real}/barnyard2.conf"); /* define basic log filename */ $snortunifiedlogbasic_type = "output unified: filename snort_{$snort_uuid}_{$if_real}.log, limit 128"; @@ -1214,21 +1211,21 @@ function generate_snort_conf($id, $if_real, $snort_uuid) if ($snortcfg['blockoffenders7'] == "on") { if ($snortcfg['whitelistname'] == "default") $spoink_whitelist_name = 'defaultwlist'; - else if (file_exists("/usr/local/etc/snort/whitelist/{$snortcfg['whitelistname']}")) + else if (file_exists("{$snortdir}/whitelist/{$snortcfg['whitelistname']}")) $spoink_whitelist_name = $snortcfg['whitelistname']; $pfkill = ""; if ($snortcfg['blockoffenderskill'] == "on") $pfkill = "kill"; - $spoink_type = "output alert_pf: /usr/local/etc/snort/whitelist/{$spoink_whitelist_name},snort2c,{$snortcfg['blockoffendersip']},{$pfkill}"; + $spoink_type = "output alert_pf: {$snortdir}/whitelist/{$spoink_whitelist_name},snort2c,{$snortcfg['blockoffendersip']},{$pfkill}"; } /* define threshold file */ $threshold_file_name = ""; if ($snortcfg['suppresslistname'] != 'default') { - if (file_exists("/usr/local/etc/snort/suppress/{$snortcfg['suppresslistname']}")) - $threshold_file_name = "include /usr/local/etc/snort/suppress/{$snortcfg['suppresslistname']}"; + if (file_exists("{$snortdir}/suppress/{$snortcfg['suppresslistname']}")) + $threshold_file_name = "include {$snortdir}/suppress/{$snortcfg['suppresslistname']}"; } /* define servers and ports snortdefservers */ @@ -1498,9 +1495,11 @@ function generate_snort_conf($id, $if_real, $snort_uuid) $enabled_rulesets = $snortcfg['rulesets']; $selected_rules_sections = ""; if (!empty($enabled_rulesets)) { - $enabled_rulesets_array = split("\|\|", $enabled_rulesets); - foreach($enabled_rulesets_array as $enabled_item) - $selected_rules_sections .= "include \$RULE_PATH/{$enabled_item}\n"; + $enabled_rulesets_array = explode("||", $enabled_rulesets); + foreach($enabled_rulesets_array as $enabled_item) { + if (file_exists("{$snortdir}/snort_{$snort_uuid}_{$if_real}/rules/{$enabled_item}")) + $selected_rules_sections .= "include \$RULE_PATH/{$enabled_item}\n"; + } } ///////////////////////////// @@ -1540,7 +1539,7 @@ EOD; # ################# -preprocessor http_inspect: global iis_unicode_map unicode.map 1252 compress_depth 65535 decompress_depth 65535 +preprocessor http_inspect: global {$snortdir}, iis_unicode_map unicode.map 1252 compress_depth 65535 decompress_depth 65535 preprocessor http_inspect_server: server default \ ports { 80 8080 } \ @@ -1599,7 +1598,7 @@ EOD; # ##################### -preprocessor ftp_telnet: global \ +preprocessor ftp_telnet: global {$snortdir}, \ inspection_type stateless preprocessor ftp_telnet_protocol: telnet \ @@ -1773,9 +1772,9 @@ EOD; $def_max_queued_segs_type = ' max_queued_segs ' . $snortcfg['max_queued_segs'] . ','; $snort_preprocessor_decoder_rules = ""; - if (file_exists("/usr/local/etc/snort/preproc_rules/preprocessor.rules")) + if (file_exists("{$snortdir}/preproc_rules/preprocessor.rules")) $snort_preprocessor_decoder_rules .= "include \$PREPROC_RULE_PATH/preprocessor.rules\n"; - if (file_exists("/usr/local/etc/snort/preproc_rules/decoder.rules")) + if (file_exists("{$snortdir}/preproc_rules/decoder.rules")) $snort_preprocessor_decoder_rules .= "include \$PREPROC_RULE_PATH/decoder.rules\n"; /* build snort configuration file */ @@ -1869,8 +1868,8 @@ portvar DCERPC_BRIGHTSTORE [6503,6504] # ##################### -var RULE_PATH /usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/rules -var PREPROC_RULE_PATH /usr/local/etc/snort/preproc_rules +var RULE_PATH {$snortdir}/snort_{$snort_uuid}_{$if_real}/rules +var PREPROC_RULE_PATH {$snortdir}/preproc_rules ################################ # @@ -1908,10 +1907,10 @@ dynamicdetection directory /usr/local/lib/snort/dynamicrules # ################### -preprocessor frag3_global: max_frags 8192 +preprocessor frag3_global {$snortdir}: max_frags 8192 preprocessor frag3_engine: policy bsd detect_anomalies -preprocessor stream5_global: track_tcp yes, track_udp yes, track_icmp yes +preprocessor stream5_global {$snortdir}: track_tcp yes, track_udp yes, track_icmp yes preprocessor stream5_tcp: policy BSD, ports both all, {$def_max_queued_bytes_type}{$def_max_queued_segs_type} preprocessor stream5_udp: @@ -1962,8 +1961,8 @@ preprocessor ssl: ports { {$def_ssl_ports_ignore_type} }, trustservers, noinspec # ################# -include /usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/reference.config -include /usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/classification.config +include {$snortdir}/snort_{$snort_uuid}_{$if_real}/reference.config +include {$snortdir}/snort_{$snort_uuid}_{$if_real}/classification.config {$snort_preprocessor_decoder_rules} $threshold_file_name @@ -1984,33 +1983,4 @@ EOD; return $snort_conf_text; } -/* hide progress bar */ -function hide_progress_bar_status() { - global $snort_filename, $snort_filename_md5, $console_mode; - - ob_flush(); - if(!$console_mode) - echo "\n<script type=\"text/javascript\">document.progressbar.style.visibility='hidden';\n</script>"; -} - -/* unhide progress bar */ -function unhide_progress_bar_status() { - global $snort_filename, $snort_filename_md5, $console_mode; - - ob_flush(); - if(!$console_mode) - echo "\n<script type=\"text/javascript\">document.progressbar.style.visibility='visible';\n</script>"; -} - -/* update both top and bottom text box during an operation */ -function update_all_status($status) { - global $snort_filename, $snort_filename_md5, $console_mode; - - ob_flush(); - if(!$console_mode) { - update_status($status); - update_output_window($status); - } -} - ?> diff --git a/config/snort/snort_check_for_rule_updates.php b/config/snort/snort_check_for_rule_updates.php index b8d86ff8..00a93ad5 100644 --- a/config/snort/snort_check_for_rule_updates.php +++ b/config/snort/snort_check_for_rule_updates.php @@ -32,13 +32,12 @@ require_once("functions.inc"); require_once("service-utils.inc"); require_once("/usr/local/pkg/snort/snort.inc"); -global $snort_gui_include; +global $snort_gui_include, $snortdir; if (!isset($snort_gui_include)) $pkg_interface = "console"; -$tmpfname = "/usr/local/etc/snort/tmp/snort_rules_up"; -$snortdir = "/usr/local/etc/snort"; +$tmpfname = "{$snortdir}/tmp/snort_rules_up"; $snort_filename_md5 = "{$snort_rules_file}.md5"; $snort_filename = "{$snort_rules_file}"; $emergingthreats_filename_md5 = "emerging.rules.tar.gz.md5"; @@ -52,8 +51,8 @@ $emergingthreats = $config['installedpackages']['snortglobal']['emergingthreats' /* Start of code */ conf_mount_rw(); -if (!is_dir('/usr/local/etc/snort/tmp')) - exec('/bin/mkdir -p /usr/local/etc/snort/tmp'); +if (!is_dir($tmpfname)) + exec("/bin/mkdir -p {$tmpfname}"); /* Set user agent to Mozilla */ ini_set('user_agent','Mozilla/4.0 (compatible; MSIE 6.0)'); @@ -159,7 +158,7 @@ if ($snortdownload == 'on') { /* extract snort.org rules and add prefix to all snort.org files*/ exec("/bin/rm -r {$snortdir}/rules/*"); exec("/usr/bin/tar xzf {$tmpfname}/{$snort_filename} -C {$snortdir} rules/"); - chdir ("/usr/local/etc/snort/rules"); + chdir ("{$snortdir}/rules"); exec('/usr/local/bin/perl /usr/local/bin/snort_rename.pl s/^/snort_/ *.rules'); /* extract so rules */ @@ -241,15 +240,15 @@ if ($snortdownload == 'on') { /* XXX: Convert this to sed? */ /* make shure default rules are in the right format */ - exec("/usr/local/bin/perl -pi -e 's/#alert/# alert/g' /usr/local/etc/snort/rules/*.rules"); - exec("/usr/local/bin/perl -pi -e 's/##alert/# alert/g' /usr/local/etc/snort/rules/*.rules"); - exec("/usr/local/bin/perl -pi -e 's/## alert/# alert/g' /usr/local/etc/snort/rules/*.rules"); + exec("/usr/local/bin/perl -pi -e 's/#alert/# alert/g' {$snortdir}/rules/*.rules"); + exec("/usr/local/bin/perl -pi -e 's/##alert/# alert/g' {$snortdir}/rules/*.rules"); + exec("/usr/local/bin/perl -pi -e 's/## alert/# alert/g' {$snortdir}/rules/*.rules"); /* create a msg-map for snort */ update_status(gettext("Updating Alert Messages...")); exec("/usr/local/bin/perl /usr/local/bin/create-sidmap.pl {$snortdir}/rules > {$snortdir}/sid-msg.map"); - if (file_exists("{$tmpfname}/$snort_filename_md5")) { + if (file_exists("{$tmpfname}/{$snort_filename_md5}")) { update_status(gettext("Copying md5 sig to snort directory...")); exec("/bin/cp {$tmpfname}/$snort_filename_md5 {$snortdir}/$snort_filename_md5"); } @@ -314,7 +313,7 @@ path = /bin:/usr/bin:/usr/local/bin update_files = \.rules$|\.config$|\.conf$|\.txt$|\.map$ -url = dir:///usr/local/etc/snort/rules +url = dir://{$snortdir}/rules {$selected_sid_on_sections} diff --git a/config/snort/snort_download_rules.php b/config/snort/snort_download_rules.php index 56bc2ebd..d5a0ae8f 100644 --- a/config/snort/snort_download_rules.php +++ b/config/snort/snort_download_rules.php @@ -82,6 +82,6 @@ $snort_gui_include = true; include("/usr/local/pkg/snort/snort_check_for_rule_updates.php"); /* hide progress bar and lets end this party */ -hide_progress_bar_status(); +echo "\n<script type=\"text/javascript\">document.progressbar.style.visibility='hidden';\n</script>"; ?> diff --git a/config/snort/snort_download_updates.php b/config/snort/snort_download_updates.php index b96b2cae..f2e521c0 100644 --- a/config/snort/snort_download_updates.php +++ b/config/snort/snort_download_updates.php @@ -36,7 +36,7 @@ require_once("guiconfig.inc"); require_once("/usr/local/pkg/snort/snort_gui.inc"); require_once("/usr/local/pkg/snort/snort.inc"); -global $g; +global $g, $snortdir; /* load only javascript that is needed */ $snort_load_jquery = 'yes'; @@ -46,16 +46,16 @@ $emergingthreats = $config['installedpackages']['snortglobal']['emergingthreats' /* quick md5s chk */ $snort_org_sig_chk_local = 'N/A'; -if (file_exists("/usr/local/etc/snort/{$snort_rules_file}.md5")) - $snort_org_sig_chk_local = file_get_contents("/usr/local/etc/snort/{$snort_rules_file}.md5"); +if (file_exists("{$snortdir}/{$snort_rules_file}.md5")) + $snort_org_sig_chk_local = file_get_contents("{$snortdir}/{$snort_rules_file}.md5"); $emergingt_net_sig_chk_local = 'N/A'; -if (file_exists('/usr/local/etc/snort/emerging.rules.tar.gz.md5')) - $emergingt_net_sig_chk_local = file_get_contents("/usr/local/etc/snort/emerging.rules.tar.gz.md5"); +if (file_exists("{$snortdir}/emerging.rules.tar.gz.md5")) + $emergingt_net_sig_chk_local = file_get_contents("{$snortdir}/emerging.rules.tar.gz.md5"); /* check for logfile */ $update_logfile_chk = 'no'; -if (file_exists('/usr/local/etc/snort/snort_update.log')) +if (file_exists("{$snortdir}/snort_update.log")) $update_logfile_chk = 'yes'; $pgtitle = "Services: Snort: Updates"; @@ -154,11 +154,11 @@ include_once("head.inc"); <?php if ($update_logfile_chk == 'yes') { - echo ' - <button class="sexybutton sexysimple example9" href="/snort/snort_rules_edit.php?openruleset=/usr/local/etc/snort/snort_update.log"><span class="pwhitetxt">Update Log </span></button>' . "\n"; + echo " + <button class='sexybutton sexysimple example9' href='/snort/snort_rules_edit.php?openruleset={$snortdir}/snort_update.log'><span class='pwhitetxt'>Update Log </span></button>\n"; }else{ - echo ' - <button class="sexybutton disabled" disabled="disabled" href="/snort/snort_rules_edit.php?openruleset=/usr/local/etc/snort/snort_update.log"><span class="pwhitetxt">Update Log </span></button>' . "\n"; + echo " + <button class='sexybutton disabled' disabled='disabled' href='/snort/snort_rules_edit.php?openruleset={$snortdir}/snort_update.log'><span class='pwhitetxt'>Update Log </span></button>\n"; } ?> diff --git a/config/snort/snort_interfaces.php b/config/snort/snort_interfaces.php index 93b0050d..0d3ee8c1 100644 --- a/config/snort/snort_interfaces.php +++ b/config/snort/snort_interfaces.php @@ -35,7 +35,7 @@ require_once("guiconfig.inc"); require_once("/usr/local/pkg/snort/snort_gui.inc"); require_once("/usr/local/pkg/snort/snort.inc"); -global $g; +global $g, $snortdir; $id = $_GET['id']; if (isset($_POST['id'])) @@ -58,7 +58,7 @@ if (isset($_POST['del_x'])) { Running_Stop($snort_uuid,$if_real, $rulei); exec("/bin/rm -r /var/log/snort/snort_{$if_real}{$snort_uuid}"); - exec("/bin/rm -r /usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}"); + exec("/bin/rm -r {$snortdir}/snort_{$snort_uuid}_{$if_real}"); unset($a_nat[$rulei]); } diff --git a/config/snort/snort_interfaces_global.php b/config/snort/snort_interfaces_global.php index a650646c..c49390a1 100644 --- a/config/snort/snort_interfaces_global.php +++ b/config/snort/snort_interfaces_global.php @@ -38,7 +38,7 @@ require_once("guiconfig.inc"); require_once("/usr/local/pkg/snort/snort_gui.inc"); require_once("/usr/local/pkg/snort/snort.inc"); -global $g; +global $g, $snortdir; $d_snort_global_dirty_path = '/var/run/snort_global.dirty'; @@ -120,7 +120,7 @@ if (!$input_errors) { if ($_POST["Reset"]) { function snort_deinstall_settings() { - global $config, $g, $id, $if_real; + global $config, $g, $id, $if_real, $snortdir; exec("/usr/usr/bin/killall snort"); sleep(2); @@ -165,7 +165,7 @@ if ($_POST["Reset"]) { unset($config['installedpackages']['snortglobal']); /* remove all snort iface dir */ - exec('rm -r /usr/local/etc/snort/snort_*'); + exec("rm -r {$snortdir}/snort_*"); exec('rm /var/log/snort/*'); } diff --git a/config/snort/snort_rules.php b/config/snort/snort_rules.php index 871eb39e..d04e1b41 100644 --- a/config/snort/snort_rules.php +++ b/config/snort/snort_rules.php @@ -33,7 +33,7 @@ require_once("guiconfig.inc"); require_once("/usr/local/pkg/snort/snort_gui.inc"); require_once("/usr/local/pkg/snort/snort.inc"); -global $g; +global $g, $snortdir; if (!is_array($config['installedpackages']['snortglobal']['rule'])) $config['installedpackages']['snortglobal']['rule'] = array(); @@ -59,12 +59,12 @@ $iface_uuid = $a_nat[$id]['uuid']; /* Check if the rules dir is empy if so warn the user */ /* TODO give the user the option to delete the installed rules rules */ -if (!is_dir("/usr/local/etc/snort/snort_{$iface_uuid}_{$if_real}/rules")) - exec("/bin/mkdir -p /usr/local/etc/snort/snort_{$iface_uuid}_{$if_real}/rules"); +if (!is_dir("{$snortdir}/snort_{$iface_uuid}_{$if_real}/rules")) + exec("/bin/mkdir -p {$snortdir}/snort_{$iface_uuid}_{$if_real}/rules"); -$isrulesfolderempty = exec("ls -A /usr/local/etc/snort/snort_{$iface_uuid}_{$if_real}/rules/*.rules"); +$isrulesfolderempty = exec("ls -A {$snortdir}/snort_{$iface_uuid}_{$if_real}/rules/*.rules"); if ($isrulesfolderempty == "") { - $isrulesfolderempty = exec("ls -A /usr/local/etc/snort/rules/*.rules"); + $isrulesfolderempty = exec("ls -A {$snortdir}/rules/*.rules"); if ($isrulesfolderempty == "") { include_once("head.inc"); include_once("fbegin.inc"); @@ -123,7 +123,7 @@ if ($isrulesfolderempty == "") { exit(0); } else { /* Make sure that we have the rules */ - mwexec("/bin/cp /usr/local/etc/snort/rules/*.rules /usr/local/etc/snort/snort_{$iface_uuid}_{$if_real}/rules", true); + mwexec("/bin/cp {$snortdir}/rules/*.rules {$snortdir}/snort_{$iface_uuid}_{$if_real}/rules", true); } } @@ -149,8 +149,7 @@ function load_rule_file($incoming_file) return explode("\n", $contents); } -$ruledir = "/usr/local/etc/snort/snort_{$iface_uuid}_{$if_real}/rules/"; -//$ruledir = "/usr/local/etc/snort/rules/"; +$ruledir = "{$snortdir}/snort_{$iface_uuid}_{$if_real}/rules/"; $dh = opendir($ruledir); while (false !== ($filename = readdir($dh))) { diff --git a/config/snort/snort_rulesets.php b/config/snort/snort_rulesets.php index 313daea2..ee700a88 100644 --- a/config/snort/snort_rulesets.php +++ b/config/snort/snort_rulesets.php @@ -33,7 +33,7 @@ require_once("guiconfig.inc"); require_once("/usr/local/pkg/snort/snort_gui.inc"); require_once("/usr/local/pkg/snort/snort.inc"); -global $g; +global $g, $snortdir; if (!is_array($config['installedpackages']['snortglobal']['rule'])) { $config['installedpackages']['snortglobal']['rule'] = array(); @@ -64,9 +64,9 @@ $pgtitle = "Snort: Interface $id $iface_uuid $if_real Categories"; /* Check if the rules dir is empy if so warn the user */ /* TODO give the user the option to delete the installed rules rules */ -$isrulesfolderempty = exec("ls -A /usr/local/etc/snort/snort_{$iface_uuid}_{$if_real}/rules/*.rules"); +$isrulesfolderempty = exec("ls -A {$snortdir}/snort_{$iface_uuid}_{$if_real}/rules/*.rules"); if ($isrulesfolderempty == "") { - $isrulesfolderempty = exec("ls -A /usr/local/etc/snort/rules/*.rules"); + $isrulesfolderempty = exec("ls -A {$snortdir}/rules/*.rules"); if ($isrulesfolderempty == "") { include_once("head.inc"); include("fbegin.inc"); @@ -105,7 +105,7 @@ if ($isrulesfolderempty == "") { <table id=\"maintable\" class=\"tabcont\" width=\"100%\" border=\"0\" cellpadding=\"0\" cellspacing=\"0\">\n <tr>\n <td>\n - # The rules directory is empty. /usr/local/etc/snort/snort_{$iface_uuid}_{$if_real}/rules \n + # The rules directory is empty. {$snortdir}/snort_{$iface_uuid}_{$if_real}/rules \n </td>\n </tr>\n </table>\n @@ -127,7 +127,7 @@ if ($isrulesfolderempty == "") { exit(0); } else { /* Make sure that we have the rules */ - mwexec("/bin/cp /usr/local/etc/snort/rules/*.rules /usr/local/etc/snort/snort_{$iface_uuid}_{$if_real}/rules", true); + mwexec("/bin/cp {$snortdir}/rules/*.rules {$snortdir}/snort_{$iface_uuid}_{$if_real}/rules", true); } } @@ -167,19 +167,7 @@ include_once("head.inc"); <?php include("fbegin.inc"); ?> <?if($pfsense_stable == 'yes'){echo '<p class="pgtitle">' . $pgtitle . '</p>';}?> -<?php -echo "{$snort_general_css}\n"; -?> - <div class="body2"> - -<noscript> -<div class="alert" ALIGN=CENTER><img - src="../themes/<?php echo $g['theme']; ?>/images/icons/icon_alert.gif" /><strong>Please -enable JavaScript to view this content -</CENTER></div> -</noscript> - <?php echo "<form action=\"snort_rulesets.php?id={$id}\" method=\"post\" name=\"iform\" id=\"iform\">"; @@ -246,9 +234,8 @@ if (file_exists($d_snortconfdirty_path)) { <td class="listhdrr"><?php if($snort_arch == 'x86'){echo 'Ruleset: Rules that end with "so.rules" are shared object rules.';}else{echo 'Shared object rules are "so.rules" and not available on 64 bit architectures.';}?></td> <!-- <td class="listhdrr">Description</td> --> </tr> - <?php - $dir = "/usr/local/etc/snort/snort_{$iface_uuid}_{$if_real}/rules/"; - $dh = opendir($dir); + <?php + $dh = opendir("{$snortdir}/snort_{$iface_uuid}_{$if_real}/rules/"); while (false !== ($filename = readdir($dh))) { $files[] = basename($filename); } @@ -269,14 +256,10 @@ if (file_exists($d_snortconfdirty_path)) { echo " \n<input type='checkbox' name='toenable[]' value='$file' {$CHECKED} />\n"; echo "</td>\n"; echo "<td>\n"; - echo "<a href='snort_rules.php?id={$id}&openruleset=/usr/local/etc/snort/snort_{$iface_uuid}_{$if_real}/rules/" . urlencode($file) . "'>{$file}</a>\n"; + echo "<a href='snort_rules.php?id={$id}&openruleset={$snortdir}/snort_{$iface_uuid}_{$if_real}/rules/" . urlencode($file) . "'>{$file}</a>\n"; echo "</td>\n</tr>\n\n"; - //echo "<td>"; - //echo "description"; - //echo "</td>"; } - - ?> + ?> </table> </td> </tr> @@ -297,17 +280,11 @@ if (file_exists($d_snortconfdirty_path)) { </td> </tr> </table> - </form> - <p><b>NOTE:</b> You can click on a ruleset name to edit the ruleset.</p> - </div> - <?php include("fend.inc"); -echo $snort_custom_rnd_box; ?> - </body> </html> |