aboutsummaryrefslogtreecommitdiffstats
path: root/config/snort
diff options
context:
space:
mode:
Diffstat (limited to 'config/snort')
-rwxr-xr-xconfig/snort/snort.inc149
-rwxr-xr-xconfig/snort/snort.xml2
-rwxr-xr-xconfig/snort/snort_alerts.php2
-rw-r--r--config/snort/snort_barnyard.php5
-rw-r--r--config/snort/snort_blocked.php89
-rwxr-xr-xconfig/snort/snort_check_for_rule_updates.php101
-rwxr-xr-xconfig/snort/snort_define_servers.php2
-rwxr-xr-xconfig/snort/snort_download_updates.php21
-rwxr-xr-xconfig/snort/snort_interfaces.php208
-rwxr-xr-xconfig/snort/snort_interfaces_edit.php6
-rw-r--r--config/snort/snort_interfaces_global.php2
-rw-r--r--config/snort/snort_log_view.php11
-rwxr-xr-xconfig/snort/snort_preprocessors.php86
-rwxr-xr-xconfig/snort/snort_rules.php44
-rwxr-xr-xconfig/snort/snort_rules_edit.php18
-rwxr-xr-xconfig/snort/snort_rulesets.php27
16 files changed, 523 insertions, 250 deletions
diff --git a/config/snort/snort.inc b/config/snort/snort.inc
index 9988ad48..8062834f 100755
--- a/config/snort/snort.inc
+++ b/config/snort/snort.inc
@@ -33,6 +33,7 @@
require_once("pfsense-utils.inc");
require_once("config.inc");
require_once("functions.inc");
+require_once("service-utils.inc");
// Needed on 2.0 because of filter_get_vpns_list()
require_once("filter.inc");
@@ -44,13 +45,16 @@ global $snort_community_rules_filename, $snort_community_rules_url, $emergingthr
/* package version */
$snort_version = "2.9.4.1";
-$pfSense_snort_version = "2.5.6";
+$pfSense_snort_version = "2.5.7";
$snort_package_version = "Snort {$snort_version} pkg v. {$pfSense_snort_version}";
// Define SNORTDIR and SNORTLIBDIR constants according to FreeBSD version (PBI support or no PBI)
if (floatval(php_uname("r")) >= 8.3) {
exec("/usr/local/sbin/pbi_info | grep 'snort-{$snort_version}' | xargs /usr/local/sbin/pbi_info | awk '/Prefix/ {print $2}'",$pbidirarray);
$snort_pbidir = "{$pbidirarray[0]}";
+ /* In case this is an initial Snort install and pbi_info() above returned null, set a sane default value */
+ if (empty($snort_pbidir))
+ $snort_pbidir = "/usr/pbi/snort-" . php_uname("m");
define("SNORTDIR", "{$snort_pbidir}/etc/snort");
define("SNORTLIBDIR", "{$snort_pbidir}/lib/snort");
}
@@ -325,7 +329,6 @@ function snort_barnyard_stop($snortcfg, $if_real) {
$snort_uuid = $snortcfg['uuid'];
if (file_exists("{$g['varrun_path']}/barnyard2_{$if_real}{$snort_uuid}.pid") && isvalidpid("{$g['varrun_path']}/barnyard2_{$if_real}{$snort_uuid}.pid")) {
killbypid("{$g['varrun_path']}/barnyard2_{$if_real}{$snort_uuid}.pid");
- @unlink("{$g['varrun_path']}/barnyard2_{$if_real}{$snort_uuid}.pid");
}
}
@@ -335,12 +338,11 @@ function snort_stop($snortcfg, $if_real) {
$snort_uuid = $snortcfg['uuid'];
if (file_exists("{$g['varrun_path']}/snort_{$if_real}{$snort_uuid}.pid") && isvalidpid("{$g['varrun_path']}/snort_{$if_real}{$snort_uuid}.pid")) {
killbypid("{$g['varrun_path']}/snort_{$if_real}{$snort_uuid}.pid");
- exec("/bin/rm {$g['varrun_path']}/snort_{$if_real}{$snort_uuid}.pid");
}
snort_barnyard_stop($snortcfg, $if_real);
- log_error("Interface Rule STOP for {$snortcfg['descr']}({$if_real})...");
+ log_error("Snort STOP for {$snortcfg['descr']}({$if_real})...");
}
function snort_barnyard_start($snortcfg, $if_real) {
@@ -368,7 +370,7 @@ function snort_start($snortcfg, $if_real) {
snort_barnyard_start($snortcfg, $if_real);
- log_error("Interface Rule START for {$snortcfg['descr']}({$if_real})...");
+ log_error("Snort START for {$snortcfg['descr']}({$if_real})...");
}
function snort_get_friendly_interface($interface) {
@@ -461,6 +463,7 @@ function snort_postinstall() {
$snortdir = SNORTDIR;
$snortlibdir = SNORTLIBDIR;
+ $rcdir = RCFILEPREFIX;
/* Set flag for post-install in progress */
$is_postinstall = true;
@@ -484,8 +487,8 @@ function snort_postinstall() {
/* Remove any previously installed scripts since we rebuild them */
@unlink("{$snortdir}/sid");
- @unlink("/usr/local/etc/rc.d/snort");
- @unlink("/usr/local/etc/rc.d/barnyard2");
+ @unlink("{$rcdir}/snort.sh");
+ @unlink("{$rcdir}/barnyard2");
/* remove example library files */
$files = glob("{$snortlibdir}/dynamicrules/*_example*");
@@ -497,18 +500,25 @@ function snort_postinstall() {
/* remake saved settings */
if ($config['installedpackages']['snortglobal']['forcekeepsettings'] == 'on') {
+ log_error(gettext("[Snort] Saved settings detected... rebuilding installation with saved settings..."));
update_status(gettext("Saved settings detected..."));
update_output_window(gettext("Please wait... rebuilding installation with saved settings..."));
+ log_error(gettext("[Snort] Downloading and updating configured rule types..."));
@include_once("/usr/local/pkg/snort/snort_check_for_rule_updates.php");
update_status(gettext("Generating snort.conf configuration file from saved settings..."));
$rebuild_rules = "on";
sync_snort_package_config();
$rebuild_rules = "off";
update_output_window(gettext("Finished rebuilding files..."));
+ log_error(gettext("[Snort] Finished rebuilding installation from saved settings..."));
+ update_status(gettext("Starting Snort using rebuilt configuration..."));
+ log_error(gettext("[Snort] Starting Snort using rebuilt configuration..."));
+ start_service("snort");
}
/* Done with post-install, so clear flag */
$is_postinstall = false;
+ log_error(gettext("[Snort] Package post-installation tasks completed..."));
}
function snort_Getdirsize($node) {
@@ -642,17 +652,20 @@ function snort_rm_blocked_install_cron($should_install) {
}
switch($should_install) {
case true:
- if(!$is_installed) {
- $cron_item = array();
- $cron_item['minute'] = "$snort_rm_blocked_min";
- $cron_item['hour'] = "$snort_rm_blocked_hr";
- $cron_item['mday'] = "$snort_rm_blocked_mday";
- $cron_item['month'] = "$snort_rm_blocked_month";
- $cron_item['wday'] = "$snort_rm_blocked_wday";
- $cron_item['who'] = "root";
- $cron_item['command'] = "/usr/bin/nice -n20 /usr/local/sbin/expiretable -t $snort_rm_blocked_expire snort2c";
+ $cron_item = array();
+ $cron_item['minute'] = "$snort_rm_blocked_min";
+ $cron_item['hour'] = "$snort_rm_blocked_hr";
+ $cron_item['mday'] = "$snort_rm_blocked_mday";
+ $cron_item['month'] = "$snort_rm_blocked_month";
+ $cron_item['wday'] = "$snort_rm_blocked_wday";
+ $cron_item['who'] = "root";
+ $cron_item['command'] = "/usr/bin/nice -n20 /usr/local/sbin/expiretable -t $snort_rm_blocked_expire snort2c";
+
+ /* Add cron job if not already installed, else just update the existing one */
+ if (!$is_installed)
$config['cron']['item'][] = $cron_item;
- }
+ elseif ($is_installed)
+ $config['cron']['item'][$x] = $cron_item;
break;
case false:
if ($is_installed == true)
@@ -722,17 +735,20 @@ function snort_rules_up_install_cron($should_install) {
}
switch($should_install) {
case true:
- if(!$is_installed) {
- $cron_item = array();
- $cron_item['minute'] = "$snort_rules_up_min";
- $cron_item['hour'] = "$snort_rules_up_hr";
- $cron_item['mday'] = "$snort_rules_up_mday";
- $cron_item['month'] = "$snort_rules_up_month";
- $cron_item['wday'] = "$snort_rules_up_wday";
- $cron_item['who'] = "root";
- $cron_item['command'] = "/usr/bin/nice -n20 /usr/local/bin/php -f /usr/local/pkg/snort/snort_check_for_rule_updates.php >> /tmp/snort_update.log";
+ $cron_item = array();
+ $cron_item['minute'] = "$snort_rules_up_min";
+ $cron_item['hour'] = "$snort_rules_up_hr";
+ $cron_item['mday'] = "$snort_rules_up_mday";
+ $cron_item['month'] = "$snort_rules_up_month";
+ $cron_item['wday'] = "$snort_rules_up_wday";
+ $cron_item['who'] = "root";
+ $cron_item['command'] = "/usr/bin/nice -n20 /usr/local/bin/php -f /usr/local/pkg/snort/snort_check_for_rule_updates.php >> /tmp/snort_update.log";
+
+ /* Add cron job if not already installed, else just update the existing one */
+ if (!$is_installed)
$config['cron']['item'][] = $cron_item;
- }
+ elseif ($is_installed)
+ $config['cron']['item'][$x] = $cron_item;
break;
case false:
if($is_installed == true)
@@ -1553,6 +1569,7 @@ function snort_create_rc() {
global $config, $g;
$snortdir = SNORTDIR;
+ $rcdir = RCFILEPREFIX;
if (!is_array($config['installedpackages']['snortglobal']['rule']))
return;
@@ -1621,11 +1638,18 @@ EOE;
###### For Each Iface
# Start snort and barnyard2
- if [ -f {$g['varrun_path']}/snort_{$if_real}{$snort_uuid}.pid ]; then
- /bin/rm {$g['varrun_path']}/snort_{$if_real}{$snort_uuid}.pid
+ if [ ! -f {$g['varrun_path']}/snort_{$if_real}{$snort_uuid}.pid ]; then
+ pid=`/bin/pgrep -xf '/usr/local/bin/snort -R {$snort_uuid} -D -q -l /var/log/snort/snort_{$if_real}{$snort_uuid} --pid-path {$g['varrun_path']} --nolock-pidfile -G {$snort_uuid} -c {$snortdir}/snort_{$snort_uuid}_{$if_real}/snort.conf -i {$if_real}'`
+ else
+ pid=`/bin/pgrep -F {$g['varrun_path']}/snort_{$if_real}{$snort_uuid}.pid`
+ fi
+ if [ $? = 0 ]; then
+ /bin/pkill -HUP \$pid
+ /usr/bin/logger -p daemon.info -i -t SnortStartup "Snort SOFT RESTART for {$value['descr']}({$snort_uuid}_{$if_real})..."
+ else
+ /usr/local/bin/snort -R {$snort_uuid} -D -q -l /var/log/snort/snort_{$if_real}{$snort_uuid} --pid-path {$g['varrun_path']} --nolock-pidfile -G {$snort_uuid} -c {$snortdir}/snort_{$snort_uuid}_{$if_real}/snort.conf -i {$if_real}
+ /usr/bin/logger -p daemon.info -i -t SnortStartup "Snort START for {$value['descr']}({$snort_uuid}_{$if_real})..."
fi
- /usr/local/bin/snort -R {$snort_uuid} -D -q -l /var/log/snort/snort_{$if_real}{$snort_uuid} --pid-path {$g['varrun_path']} --nolock-pidfile -G {$snort_uuid} -c {$snortdir}/snort_{$snort_uuid}_{$if_real}/snort.conf -i {$if_real}
- /usr/bin/logger -p daemon.info -i -t SnortStartup "Snort START For {$value['descr']}({$snort_uuid}_{$if_real})..."
sleep 2
{$start_barnyard2}
@@ -1634,7 +1658,7 @@ EOE;
$start_snort_iface_stop[] = <<<EOE
- /usr/bin/logger -p daemon.info -i -t SnortStartup "Snort STOP For {$value['descr']}({$snort_uuid}_{$if_real})..."
+ /usr/bin/logger -p daemon.info -i -t SnortStartup "Snort STOP for {$value['descr']}({$snort_uuid}_{$if_real})..."
if [ -f {$g['varrun_path']}/snort_{$if_real}{$snort_uuid}.pid ]; then
pid=`/bin/pgrep -F {$g['varrun_path']}/snort_{$if_real}{$snort_uuid}.pid`
/bin/pkill -F {$g['varrun_path']}/snort_{$if_real}{$snort_uuid}.pid -a
@@ -1703,11 +1727,11 @@ esac
EOD;
/* write out snort.sh */
- if (!@file_put_contents("/usr/local/etc/rc.d/snort.sh", $snort_sh_text)) {
- log_error("Could not open /usr/local/etc/rc.d/snort.sh for writing.");
+ if (!@file_put_contents("{$rcdir}/snort.sh", $snort_sh_text)) {
+ log_error("Could not open {$rcdir}/snort.sh for writing.");
return;
}
- @chmod("/usr/local/etc/rc.d/snort.sh", 0755);
+ @chmod("{$rcdir}/snort.sh", 0755);
}
/* open barnyard2.conf for writing */
@@ -1791,6 +1815,8 @@ function snort_deinstall() {
$snortdir = SNORTDIR;
$snortlibdir = SNORTLIBDIR;
+ $snortlogdir = SNORTLOGDIR;
+ $rcdir = RCFILEPREFIX;
/* Make sure all active Snort processes are terminated */
mwexec('/usr/bin/killall snort', true);
@@ -1845,14 +1871,22 @@ function snort_deinstall() {
/* future versions of pfSense. */
/**********************************************************/
if (file_exists("/tmp/pkg_libs.tgz") || file_exists("/tmp/pkg_bins.tgz")) {
+ log_error(gettext("[Snort] Package deletion requested... removing all files..."));
mwexec("/bin/rm -rf {$snortdir}");
mwexec("/bin/rm -rf {$snortlibdir}/dynamicrules");
+ mwexec("/bin/rm -f {$rcdir}/snort.sh");
+ mwexec("/bin/rm -rf /usr/local/pkg/snort");
+ mwexec("/bin/rm -rf /usr/local/www/snort");
+ mwexec("/bin/rm -rf /usr/local/etc/snort");
}
/* Keep this as a last step */
if ($config['installedpackages']['snortglobal']['forcekeepsettings'] != 'on') {
+ log_error(gettext("Not saving settings... all Snort configuration info and logs deleted..."));
unset($config['installedpackages']['snortglobal']);
@unlink("{$snort_rules_upd_log}");
+ mwexec("/bin/rm -rf {$snortlogdir}");
+ log_error(gettext("[Snort] The package has been removed from this system..."));
}
}
@@ -1861,18 +1895,20 @@ function snort_prepare_rule_files($snortcfg, $snortcfgdir) {
global $snort_enforcing_rules_file, $flowbit_rules_file, $rebuild_rules;
$snortdir = SNORTDIR;
+ $no_rules_defined = true;
/* If there is no reason to rebuild the rules, exit to save time. */
if ($rebuild_rules == "off")
return;
/* Log a message for rules rebuild in progress */
- log_error(gettext("Updating rules configuration for: " . snort_get_friendly_interface($snortcfg['interface']) . " ..."));
+ log_error(gettext("[Snort] Updating rules configuration for: " . snort_get_friendly_interface($snortcfg['interface']) . " ..."));
/* Only rebuild rules if some are selected or an IPS Policy is enabled */
if (!empty($snortcfg['rulesets']) || $snortcfg['ips_policy_enable'] == 'on') {
$enabled_rules = array();
$enabled_files = array();
+ $no_rules_defined = false;
/* Create an array with the full path filenames of the enabled */
/* rule category files if we have any. */
@@ -1911,7 +1947,7 @@ function snort_prepare_rule_files($snortcfg, $snortcfgdir) {
/* Check for and disable any rules dependent upon disabled preprocessors if */
/* this option is enabled for the interface. */
if ($snortcfg['preproc_auto_rule_disable'] == "on") {
- log_error('Auto-disabling rules dependent on disabled preprocessors for ' . snort_get_friendly_interface($snortcfg['interface']) . '...');
+ log_error('[Snort] Checking for rules dependent on disabled preprocessors for: ' . snort_get_friendly_interface($snortcfg['interface']) . '...');
snort_filter_preproc_rules($snortcfg, $enabled_rules);
}
@@ -1921,14 +1957,14 @@ function snort_prepare_rule_files($snortcfg, $snortcfgdir) {
/* If auto-flowbit resolution is enabled, generate the dependent flowbits rules file. */
if ($snortcfg['autoflowbitrules'] == 'on') {
- log_error('Resolving and auto-enabling any flowbit-required rules for ' . snort_get_friendly_interface($snortcfg['interface']) . '...');
+ log_error('[Snort] Enabling any flowbit-required rules for: ' . snort_get_friendly_interface($snortcfg['interface']) . '...');
$enabled_files[] = "{$snortcfgdir}/rules/{$snort_enforcing_rules_file}";
$fbits = snort_resolve_flowbits($enabled_files);
/* Check for and disable any flowbit-required rules dependent upon */
/* disabled preprocessors if this option is enabled for the interface. */
if ($snortcfg['preproc_auto_rule_disable'] == "on") {
- log_error('Auto-disabling flowbit-required rules dependent on disabled preprocessors for ' . snort_get_friendly_interface($snortcfg['interface']) . '...');
+ log_error('[Snort] Checking flowbit rules dependent on disabled preprocessors for: ' . snort_get_friendly_interface($snortcfg['interface']) . '...');
snort_filter_preproc_rules($snortcfg, $fbits, true);
}
snort_filter_preproc_rules($snortcfg, $fbits, true);
@@ -1944,14 +1980,20 @@ function snort_prepare_rule_files($snortcfg, $snortcfgdir) {
snort_write_flowbit_rules_file(array(), "{$snortcfgdir}/rules/{$flowbit_rules_file}");
}
- if (!empty($snortcfg['customrules']))
+ if (!empty($snortcfg['customrules'])) {
@file_put_contents("{$snortcfgdir}/rules/custom.rules", base64_decode($snortcfg['customrules']));
+ $no_rules_defined = false;
+ }
else
@file_put_contents("{$snortcfgdir}/rules/custom.rules", "");
+ /* Log a warning if the interface has no rules defined or enabled */
+ if ($no_rules_defined)
+ log_error(gettext("[Snort] Warning - no text rules selected for: " . snort_get_friendly_interface($snortcfg['interface']) . " ..."));
+
/* Build a new sid-msg.map file from the enabled */
/* rules and copy it to the interface directory. */
- log_error(gettext("Building new sig-msg.map file for " . snort_get_friendly_interface($snortcfg['interface']) . "..."));
+ log_error(gettext("[Snort] Building new sig-msg.map file for " . snort_get_friendly_interface($snortcfg['interface']) . "..."));
snort_build_sid_msg_map("{$snortcfgdir}/rules/", "{$snortcfgdir}/sid-msg.map");
}
@@ -2049,8 +2091,8 @@ function snort_filter_preproc_rules($snortcfg, &$active_rules, $persist_log = fa
$disabled_count++;
/* Accumulate auto-disabled rules for logging */
- $tmp = $active_rules[$k1][$k2]['category'] . " ";
- $tmp .= "{$k1}:{$k2} Preproc: {$preproc} Param: {$opt}";
+ $tmp = $active_rules[$k1][$k2]['category'] . ",";
+ $tmp .= "{$k1}:{$k2},{$preproc},{$opt}";
$log_msg[] = $tmp;
break;
}
@@ -2080,7 +2122,7 @@ function snort_filter_preproc_rules($snortcfg, &$active_rules, $persist_log = fa
/* than optimal with the preprocessors disabled. */
/***************************************************/
if ($disabled_count > 0) {
- log_error(gettext("Warning: auto-disabled {$disabled_count} rules due to disabled preprocessor dependencies."));
+ log_error(gettext("[Snort] Warning: auto-disabled {$disabled_count} rules due to disabled preprocessor dependencies."));
natcasesort($log_msg);
if ($fp) {
/* Only write the header when not persisting the log */
@@ -2093,14 +2135,19 @@ function snort_filter_preproc_rules($snortcfg, &$active_rules, $persist_log = fa
@fwrite($fp, "# automatically disabled. This behavior is controlled by the Auto-Rule Disable\n");
@fwrite($fp, "# feature on the Preprocessors tab.\n#\n");
@fwrite($fp, "# WARNING: Using the auto-disable rule feature is not recommended because it can\n");
- @fwrite($fp, "# significantly reduce the threat detection capabilities of Snort!\n#\n");
- @fwrite($fp, "# Log Format is: RULE CATEGORY GID:SID PREPROC METADATA/CONTENT PARAMETER\n#\n");
+ @fwrite($fp, "# significantly reduce the threat detection capabilities of Snort!\n#");
+ @fwrite($fp, "\n# In the list below, the PREPROCESSOR column is the disabled preprocessor that\n");
+ @fwrite($fp, "# triggered the auto-disable of the rule represented by GID:SID. The RULE OPTION\n");
+ @fwrite($fp, "# column shows the specific rule option or content modifier contained within\n");
+ @fwrite($fp, "# the rule text that requires the preprocessor be enabled in order to execute.\n#");
+ @fwrite($fp, "\n# RULE CATEGORY GID:SID PREPROCESSOR RULE OPTION\n");
}
foreach ($log_msg as $m) {
- @fwrite($fp, $m . "\n");
+ $tmp = explode(",", $m);
+ @fwrite($fp, sprintf("%-30s %-10s %-20s %s", $tmp[0], $tmp[1], $tmp[2], $tmp[3]) . "\n");
}
}
- log_error(gettext("See '{$file}' for list of auto-disabled rules."));
+ log_error(gettext("[Snort] See '{$file}' for list of auto-disabled rules."));
unset($log_msg);
}
if ($fp)
@@ -2603,11 +2650,11 @@ EOD;
}
else {
$snort_misc_include_rules .= "config autogenerate_preprocessor_decoder_rules\n";
- log_error("Seems preprocessor/decoder rules are missing, enabling autogeneration of them");
+ log_error("[Snort] Seems preprocessor/decoder rules are missing, enabling autogeneration of them");
}
} else {
$snort_misc_include_rules .= "config autogenerate_preprocessor_decoder_rules\n";
- log_error("Seems preprocessor/decoder rules are missing, enabling autogeneration of them");
+ log_error("[Snort] Seems preprocessor/decoder rules are missing, enabling autogeneration of them");
}
/* generate rule sections to load */
@@ -2615,6 +2662,8 @@ EOD;
$selected_rules_sections = "include \$RULE_PATH/{$snort_enforcing_rules_file}\n";
$selected_rules_sections .= "include \$RULE_PATH/{$flowbit_rules_file}\n";
$selected_rules_sections .= "include \$RULE_PATH/custom.rules\n";
+
+ /* Create the actual rules file and save in the interface directory */
snort_prepare_rule_files($snortcfg, $snortcfgdir);
$cksumcheck = "all";
diff --git a/config/snort/snort.xml b/config/snort/snort.xml
index 1419e3bd..2f60b7ae 100755
--- a/config/snort/snort.xml
+++ b/config/snort/snort.xml
@@ -47,7 +47,7 @@
<faq>Currently there are no FAQ items provided.</faq>
<name>Snort</name>
<version>2.9.4.1</version>
- <title>Services:2.9.4.1 pkg v. 2.5.6</title>
+ <title>Services:2.9.4.1 pkg v. 2.5.7</title>
<include_file>/usr/local/pkg/snort/snort.inc</include_file>
<menu>
<name>Snort</name>
diff --git a/config/snort/snort_alerts.php b/config/snort/snort_alerts.php
index e6ebefeb..3fcbe6b7 100755
--- a/config/snort/snort_alerts.php
+++ b/config/snort/snort_alerts.php
@@ -219,7 +219,7 @@ if ($pconfig['arefresh'] == 'on')
<td width="78%" class="vtable">
<input name="download" type="submit" class="formbtn" value="Download"> <?php echo gettext('All ' .
'log files will be saved.'); ?> <a href="/snort/snort_alerts.php?action=clear&instance=<?=$instanceid;?>">
- <input name="delete" type="button" class="formbtn" value="Clear"
+ <input name="delete" type="submit" class="formbtn" value="Clear"
onclick="return confirm('Do you really want to remove all instance logs?')"></a>
<span class="red"><strong><?php echo gettext('Warning:'); ?></strong></span> <?php echo ' ' . gettext('all log files will be deleted.'); ?>
</td>
diff --git a/config/snort/snort_barnyard.php b/config/snort/snort_barnyard.php
index 21763745..e1de3efd 100644
--- a/config/snort/snort_barnyard.php
+++ b/config/snort/snort_barnyard.php
@@ -32,7 +32,7 @@
require_once("guiconfig.inc");
require_once("/usr/local/pkg/snort/snort.inc");
-global $g;
+global $g, $rebuild_rules;
$id = $_GET['id'];
if (isset($_POST['id']))
@@ -87,6 +87,9 @@ if ($_POST) {
}
write_config();
+
+ /* No need to rebuild rules if just toggling Barnyard2 on or off */
+ $rebuild_rules = "off";
sync_snort_package_config();
/* after click go to this page */
diff --git a/config/snort/snort_blocked.php b/config/snort/snort_blocked.php
index def5dd22..295218f6 100644
--- a/config/snort/snort_blocked.php
+++ b/config/snort/snort_blocked.php
@@ -135,21 +135,23 @@ if ($pconfig['brefresh'] == 'on')
<?php if ($savemsg) print_info_box($savemsg); ?>
<form action="/snort/snort_blocked.php" method="post">
<table width="99%" border="0" cellpadding="0" cellspacing="0">
-<tr><td>
-<?php
- $tab_array = array();
- $tab_array[0] = array(gettext("Snort Interfaces"), false, "/snort/snort_interfaces.php");
- $tab_array[1] = array(gettext("Global Settings"), false, "/snort/snort_interfaces_global.php");
- $tab_array[2] = array(gettext("Updates"), false, "/snort/snort_download_updates.php");
- $tab_array[3] = array(gettext("Alerts"), false, "/snort/snort_alerts.php");
- $tab_array[4] = array(gettext("Blocked"), true, "/snort/snort_blocked.php");
- $tab_array[5] = array(gettext("Whitelists"), false, "/snort/snort_interfaces_whitelist.php");
- $tab_array[6] = array(gettext("Suppress"), false, "/snort/snort_interfaces_suppress.php");
- display_top_tabs($tab_array);
-?>
-</td></tr>
- <tr>
- <td>
+<tr>
+ <td>
+ <?php
+ $tab_array = array();
+ $tab_array[0] = array(gettext("Snort Interfaces"), false, "/snort/snort_interfaces.php");
+ $tab_array[1] = array(gettext("Global Settings"), false, "/snort/snort_interfaces_global.php");
+ $tab_array[2] = array(gettext("Updates"), false, "/snort/snort_download_updates.php");
+ $tab_array[3] = array(gettext("Alerts"), false, "/snort/snort_alerts.php");
+ $tab_array[4] = array(gettext("Blocked"), true, "/snort/snort_blocked.php");
+ $tab_array[5] = array(gettext("Whitelists"), false, "/snort/snort_interfaces_whitelist.php");
+ $tab_array[6] = array(gettext("Suppress"), false, "/snort/snort_interfaces_suppress.php");
+ display_top_tabs($tab_array);
+ ?>
+ </td>
+</tr>
+<tr>
+ <td>
<table id="maintable" class="tabcont" width="100%" border="0"
cellpadding="0" cellspacing="0">
<tr>
@@ -164,7 +166,7 @@ if ($pconfig['brefresh'] == 'on')
<input name="download" type="submit" class="formbtn" value="Download"> <?php echo gettext("All " .
"blocked hosts will be saved."); ?> <input name="remove" type="submit"
class="formbtn" value="Clear"> <span class="red"><strong><?php echo gettext("Warning:"); ?></strong></span>
- <?php echo gettext("all hosts will be removed."); ?></form>
+ <?php echo gettext("all hosts will be removed."); ?>
</td>
</tr>
<tr>
@@ -179,17 +181,16 @@ if ($pconfig['brefresh'] == 'on')
"number of blocked entries to view. %sDefault%s is %s500%s."), '<strong>', '</strong>', '<strong>', '</strong>'); ?>
</td>
</tr>
- <tr>
- <td colspan="2">
- <table id="sortabletable1" class="sortable" width="100%" border="0"
- cellpadding="0" cellspacing="0">
- <tr id="frheader">
- <td width="5%" class="listhdrr">#</td>
- <td width="15%" class="listhdrr"><?php echo gettext("IP"); ?></td>
- <td width="70%" class="listhdrr"><?php echo gettext("Alert Description"); ?></td>
- <td width="5%" class="listhdrr"><?php echo gettext("Remove"); ?></td>
- </tr>
- <?php
+ <tr>
+ <td colspan="2">
+ <table id="sortabletable1" class="sortable" width="100%" border="0" cellpadding="0" cellspacing="0">
+ <tr id="frheader">
+ <td width="5%" class="listhdrr">#</td>
+ <td width="15%" class="listhdrr"><?php echo gettext("IP"); ?></td>
+ <td width="70%" class="listhdrr"><?php echo gettext("Alert Description"); ?></td>
+ <td width="5%" class="listhdrr"><?php echo gettext("Remove"); ?></td>
+ </tr>
+ <?php
/* set the arrays */
$blocked_ips_array = array();
if (is_array($blocked_ips)) {
@@ -242,27 +243,25 @@ if ($pconfig['brefresh'] == 'on')
$counter++;
/* use one echo to do the magic*/
- echo "<tr>
- <td width='5%' >&nbsp;{$counter}</td>
- <td width='15%' >&nbsp;{$blocked_ip}</td>
- <td width='70%' >&nbsp;{$blocked_desc}</td>
- <td width='5%' align=\"center\" valign=\"top\"'><a href='snort_blocked.php?todelete=" . trim(urlencode($blocked_ip)) . "'>
- <img title=\"" . gettext("Delete") . "\" border=\"0\" name='todelete' id='todelete' alt=\"Delete\" src=\"../themes/{$g['theme']}/images/icons/icon_x.gif\"></a></td>
- </tr>\n";
-
+ echo "<tr>
+ <td width='5%' >&nbsp;{$counter}</td>
+ <td width='15%' >&nbsp;{$blocked_ip}</td>
+ <td width='70%' >&nbsp;{$blocked_desc}</td>
+ <td width='5%' align=\"center\" valign=\"top\"'><a href='snort_blocked.php?todelete=" . trim(urlencode($blocked_ip)) . "'>
+ <img title=\"" . gettext("Delete") . "\" border=\"0\" name='todelete' id='todelete' alt=\"Delete\" src=\"../themes/{$g['theme']}/images/icons/icon_x.gif\"></a></td>
+ </tr>\n";
}
- echo "\n<tr><td colspan='3' align=\"center\" valign=\"top\">{$counter} items listed.</td></tr>";
- } else
- echo "\n<tr><td colspan='3' align=\"center\" valign=\"top\"><br><strong>There are currently no items being blocked by snort.</strong></td></tr>";
-
- ?>
+ echo "\n<tr><td colspan='4' align=\"center\" valign=\"top\">{$counter} items listed.</td></tr>";
+ } else
+ echo "\n<tr><td colspan='4' align=\"center\" valign=\"top\"><br><strong>There are currently no items being blocked by snort.</strong></td></tr>";
+ ?>
+ </table>
+ </td>
+ </tr>
</table>
- </td>
- </tr>
-</table>
- </td>
- </tr>
+ </td>
+</tr>
</table>
</form>
<?php
diff --git a/config/snort/snort_check_for_rule_updates.php b/config/snort/snort_check_for_rule_updates.php
index cd0a09e6..858267d1 100755
--- a/config/snort/snort_check_for_rule_updates.php
+++ b/config/snort/snort_check_for_rule_updates.php
@@ -32,6 +32,7 @@
require_once("functions.inc");
require_once("service-utils.inc");
require_once "/usr/local/pkg/snort/snort.inc";
+require_once("service-utils.inc");
global $snort_gui_include, $vrt_enabled, $et_enabled, $rebuild_rules, $snort_rules_upd_log;
global $protect_preproc_rules, $is_postinstall, $snort_community_rules_filename;
@@ -105,12 +106,12 @@ if ($snortdownload == 'on') {
} else
break;
}
- log_error("Snort MD5 Attempts: " . (4 - $max_tries + 1));
+ log_error("[Snort] Snort MD5 Attempts: " . (4 - $max_tries + 1));
error_log("\tChecking Snort VRT md5 file...\n", 3, $snort_rules_upd_log);
@file_put_contents("{$tmpfname}/{$snort_filename_md5}", $image);
if (0 == filesize("{$tmpfname}/{$snort_filename_md5}")) {
update_status(gettext("Please wait... You may only check for New Rules every 15 minutes..."));
- log_error(gettext("Please wait... You may only check for New Rules every 15 minutes..."));
+ log_error(gettext("[Snort] Please wait... You may only check for New Rules every 15 minutes..."));
update_output_window(gettext("Rules are released every month from snort.org. You may download the Rules at any time."));
$snortdownload = 'off';
error_log(gettext("\tSnort VRT md5 download failed. Site may be offline or Oinkcode is not authorized for this level or version.\n"), 3, $snort_rules_upd_log);
@@ -125,7 +126,7 @@ if ($snortdownload == 'on') {
$md5_check_old = file_get_contents("{$snortdir}/{$snort_filename_md5}");
if ($md5_check_new == $md5_check_old) {
update_status(gettext("Snort VRT rules are up to date..."));
- log_error(gettext("Snort VRT rules are up to date..."));
+ log_error(gettext("[Snort] Snort VRT rules are up to date..."));
error_log(gettext("\tSnort VRT rules are up to date.\n"), 3, $snort_rules_upd_log);
$snortdownload = 'off';
}
@@ -135,29 +136,40 @@ if ($snortdownload == 'on') {
/* download snortrules file */
if ($snortdownload == 'on') {
update_status(gettext("There is a new set of Snort VRT rules posted. Downloading..."));
- log_error(gettext("There is a new set of Snort VRT rules posted. Downloading..."));
+ log_error(gettext("[Snort] There is a new set of Snort VRT rules posted. Downloading..."));
error_log(gettext("\tThere is a new set of Snort VRT rules posted. Downloading...\n"), 3, $snort_rules_upd_log);
$max_tries = 4;
while ($max_tries > 0) {
download_file_with_progress_bar("{$snort_rule_url}{$snort_filename}", "{$tmpfname}/{$snort_filename}");
- if (300000 > filesize("{$tmpfname}/$snort_filename")){
+ if (5000 > filesize("{$tmpfname}/{$snort_filename}")){
$max_tries--;
if ($max_tries > 0)
sleep(30);
continue;
} else
break;
- }
- update_status(gettext("Done downloading Snort VRT rules file."));
- log_error("Snort Rules Attempts: " . (4 - $max_tries + 1));
- error_log(gettext("\tDone downloading rules file.\n"),3, $snort_rules_upd_log);
- if (300000 > filesize("{$tmpfname}/$snort_filename")){
+ }
+ if (filesize("{$tmpfname}/{$snort_filename}") == 0) {
update_output_window(gettext("Snort VRT rules file download failed..."));
- log_error(gettext("Snort VRT rules file download failed..."));
- log_error("Failed Rules Filesize: " . filesize("{$tmpfname}/$snort_filename"));
+ log_error(gettext("[Snort] Snort VRT rules file download failed..."));
error_log(gettext("\tSnort VRT rules file download failed. Snort VRT rules will not be updated.\n"), 3, $snort_rules_upd_log);
$snortdownload = 'off';
}
+ else {
+ update_status(gettext("Done downloading Snort VRT rules file."));
+ log_error("[Snort] Snort VRT Rules Attempts: " . (4 - $max_tries + 1));
+ error_log(gettext("\tDone downloading rules file.\n"),3, $snort_rules_upd_log);
+ if (trim(file_get_contents("{$tmpfname}/{$snort_filename_md5}")) != trim(md5_file("{$tmpfname}/{$snort_filename}"))){
+ update_output_window(gettext("Snort VRT rules file download failed..."));
+ log_error(gettext("[Snort] Snort VRT rules file download failed..."));
+ log_error(gettext("[Snort] Failed File MD5: " . md5_file("{$tmpfname}/{$snort_filename}")));
+ log_error(gettext("[Snort] Expected File MD5: " . file_get_contents("{$tmpfname}/{$snort_filename_md5}")));
+ error_log(gettext("\tSnort VRT rules file download failed. Snort VRT rules will not be updated.\n"), 3, $snort_rules_upd_log);
+ error_log(gettext("\tDownloaded Snort VRT file MD5: " . md5_file("{$tmpfname}/{$snort_filename}") . "\n"), 3, $snort_rules_upd_log);
+ error_log(gettext("\tExpected Snort VRT file MD5: " . file_get_contents("{$tmpfname}/{$snort_filename_md5}") . "\n"), 3, $snort_rules_upd_log);
+ $snortdownload = 'off';
+ }
+ }
}
/* download md5 sig from Snort GPLv2 Community Rules */
@@ -172,7 +184,7 @@ if ($snortcommunityrules == 'on') {
/* See if the file download was successful, and turn off Snort GPLv2 update if it failed. */
if (0 == filesize("{$tmpfname}/{$snort_community_rules_filename_md5}")){
update_output_window(gettext("Snort GPLv2 Community Rules md5 file download failed. Community Rules will not be updated."));
- log_error(gettext("Snort GPLv2 Community Rules md5 file download failed. Community Rules will not be updated."));
+ log_error(gettext("[Snort] Snort GPLv2 Community Rules md5 file download failed. Community Rules will not be updated."));
error_log(gettext("\tSnort GPLv2 Community Rules md5 file download failed. Community Rules will not be updated.\n"), 3, $snort_rules_upd_log);
$snortcommunityrules = 'off';
}
@@ -183,7 +195,7 @@ if ($snortcommunityrules == 'on') {
$snort_comm_md5_check_old = file_get_contents("{$snortdir}/{$snort_community_rules_filename_md5}");
if ($snort_comm_md5_check_new == $snort_comm_md5_check_old) {
update_status(gettext("Snort GPLv2 Community Rules are up to date..."));
- log_error(gettext("Snort GPLv2 Community Rules are up to date..."));
+ log_error(gettext("[Snort] Snort GPLv2 Community Rules are up to date..."));
error_log(gettext("\tSnort GPLv2 Community Rules are up to date.\n"), 3, $snort_rules_upd_log);
$snortcommunityrules = 'off';
}
@@ -193,21 +205,24 @@ if ($snortcommunityrules == 'on') {
/* download Snort GPLv2 Community rules file */
if ($snortcommunityrules == "on") {
update_status(gettext("There is a new set of Snort GPLv2 Community Rules posted. Downloading..."));
- log_error(gettext("There is a new set of Snort GPLv2 Community Rules posted. Downloading..."));
+ log_error(gettext("[Snort] There is a new set of Snort GPLv2 Community Rules posted. Downloading..."));
error_log(gettext("\tThere is a new set of Snort GPLv2 Community Rules posted. Downloading...\n"), 3, $snort_rules_upd_log);
download_file_with_progress_bar("{$snort_community_rules_url}{$snort_community_rules_filename}", "{$tmpfname}/{$snort_community_rules_filename}");
/* Test for a valid rules file download. Turn off Snort Community update if download failed. */
- if (150000 > filesize("{$tmpfname}/{$snort_community_rules_filename}")){
+ if (trim(file_get_contents("{$tmpfname}/{$snort_community_rules_filename_md5}")) != trim(md5_file("{$tmpfname}/{$snort_community_rules_filename}"))){
update_output_window(gettext("Snort GPLv2 Community Rules file download failed..."));
- log_error(gettext("Snort GPLv2 Community Rules file download failed..."));
- log_error("Failed Rules Filesize: " . filesize("{$tmpfname}/{$snort_community_rules_filename}"));
+ log_error(gettext("[Snort] Snort GPLv2 Community Rules file download failed..."));
+ log_error(gettext("[Snort] Failed File MD5: " . md5_file("{$tmpfname}/{$snort_community_rules_filename}")));
+ log_error(gettext("[Snort] Expected File MD5: " . file_get_contents("{$tmpfname}/{$snort_community_rules_filename_md5}")));
error_log(gettext("\tSnort GPLv2 Community Rules file download failed. Community Rules will not be updated.\n"), 3, $snort_rules_upd_log);
+ error_log(gettext("\tDownloaded Snort GPLv2 file MD5: " . md5_file("{$tmpfname}/{$snort_community_rules_filename}") . "\n"), 3, $snort_rules_upd_log);
+ error_log(gettext("\tExpected Snort GPLv2 file MD5: " . file_get_contents("{$tmpfname}/{$snort_community_rules_filename_md5}") . "\n"), 3, $snort_rules_upd_log);
$snortcommunityrules = 'off';
}
else {
update_status(gettext('Done downloading Snort GPLv2 Community Rules file.'));
- log_error("Snort GPLv2 Community Rules file update downloaded succsesfully");
+ log_error("[Snort] Snort GPLv2 Community Rules file update downloaded successfully");
error_log(gettext("\tDone downloading Snort GPLv2 Community Rules file.\n"), 3, $snort_rules_upd_log);
}
}
@@ -234,7 +249,7 @@ if ($snortcommunityrules == 'on') {
/* Copy snort community md5 sig to snort dir */
if (file_exists("{$tmpfname}/{$snort_community_rules_filename_md5}")) {
update_status(gettext("Copying md5 signature to snort directory..."));
- @copy("{$tmpfname}/$snort_community_rules_filename_md5", "{$snortdir}/{$snort_community_rules_filename_md5}");
+ @copy("{$tmpfname}/{$snort_community_rules_filename_md5}", "{$snortdir}/{$snort_community_rules_filename_md5}");
}
update_status(gettext("Extraction of Snort GPLv2 Community Rules completed..."));
error_log(gettext("\tInstallation of Snort GPLv2 Community Rules completed.\n"), 3, $snort_rules_upd_log);
@@ -249,18 +264,18 @@ if ($emergingthreats == 'on') {
/* If using Sourcefire VRT rules with ET, then we should use the open-nogpl ET rules. */
if ($vrt_enabled == "on")
- $image = @file_get_contents("http://rules.emergingthreats.net/open-nogpl/snort-{$emerging_threats_version}/emerging.rules.tar.gz.md5");
+ $image = @file_get_contents("http://rules.emergingthreats.net/open-nogpl/snort-{$emerging_threats_version}/{$emergingthreats_filename_md5}");
else
- $image = @file_get_contents("http://rules.emergingthreats.net/open/snort-{$emerging_threats_version}/emerging.rules.tar.gz.md5");
+ $image = @file_get_contents("http://rules.emergingthreats.net/open/snort-{$emerging_threats_version}/{$emergingthreats_filename_md5}");
update_status(gettext("Done downloading EmergingThreats md5"));
error_log(gettext("\tChecking EmergingThreats md5.\n"), 3, $snort_rules_upd_log);
@file_put_contents("{$tmpfname}/{$emergingthreats_filename_md5}", $image);
/* See if the file download was successful, and turn off ET update if it failed. */
- if (0 == filesize("{$tmpfname}/$emergingthreats_filename_md5")){
+ if (0 == filesize("{$tmpfname}/{$emergingthreats_filename_md5}")){
update_output_window(gettext("EmergingThreats md5 file download failed. EmergingThreats rules will not be updated."));
- log_error(gettext("EmergingThreats md5 file download failed. EmergingThreats rules will not be updated."));
+ log_error(gettext("[Snort] EmergingThreats md5 file download failed. EmergingThreats rules will not be updated."));
error_log(gettext("\tEmergingThreats md5 file download failed. EmergingThreats rules will not be updated.\n"), 3, $snort_rules_upd_log);
$emergingthreats = 'off';
}
@@ -271,7 +286,7 @@ if ($emergingthreats == 'on') {
$emerg_md5_check_old = file_get_contents("{$snortdir}/{$emergingthreats_filename_md5}");
if ($emerg_md5_check_new == $emerg_md5_check_old) {
update_status(gettext("Emerging Threats rules are up to date..."));
- log_error(gettext("Emerging Threat rules are up to date..."));
+ log_error(gettext("[Snort] Emerging Threat rules are up to date..."));
error_log(gettext("\tEmerging Threats rules are up to date.\n"), 3, $snort_rules_upd_log);
$emergingthreats = 'off';
}
@@ -281,7 +296,7 @@ if ($emergingthreats == 'on') {
/* download emergingthreats rules file */
if ($emergingthreats == "on") {
update_status(gettext("There is a new set of EmergingThreats rules posted. Downloading..."));
- log_error(gettext("There is a new set of EmergingThreats rules posted. Downloading..."));
+ log_error(gettext("[Snort] There is a new set of EmergingThreats rules posted. Downloading..."));
error_log(gettext("\tThere is a new set of EmergingThreats rules posted. Downloading...\n"), 3, $snort_rules_upd_log);
/* If using Sourcefire VRT rules with ET, then we should use the open-nogpl ET rules. */
@@ -291,16 +306,20 @@ if ($emergingthreats == "on") {
download_file_with_progress_bar("http://rules.emergingthreats.net/open/snort-{$emerging_threats_version}/emerging.rules.tar.gz", "{$tmpfname}/{$emergingthreats_filename}");
/* Test for a valid rules file download. Turn off ET update if download failed. */
- if (150000 > filesize("{$tmpfname}/$emergingthreats_filename")){
+
+ if (trim(file_get_contents("{$tmpfname}/{$emergingthreats_filename_md5}")) != trim(md5_file("{$tmpfname}/{$emergingthreats_filename}"))){
update_output_window(gettext("EmergingThreats rules file download failed..."));
- log_error(gettext("EmergingThreats rules file download failed..."));
- log_error("Failed Rules Filesize: " . filesize("{$tmpfname}/$emergingthreats_filename"));
+ log_error(gettext("[Snort] EmergingThreats rules file download failed..."));
+ log_error(gettext("[Snort] Failed File MD5: " . md5_file("{$tmpfname}/{$emergingthreats_filename}")));
+ log_error(gettext("[Snort] Expected File MD5: " . file_get_contents("{$tmpfname}/{$emergingthreats_filename_md5}")));
error_log(gettext("\tEmergingThreats rules file download failed. EmergingThreats rules will not be updated.\n"), 3, $snort_rules_upd_log);
+ error_log(gettext("\tDownloaded ET file MD5: " . md5_file("{$tmpfname}/{$emergingthreats_filename}") . "\n"), 3, $snort_rules_upd_log);
+ error_log(gettext("\tExpected ET file MD5: " . file_get_contents("{$tmpfname}/{$emergingthreats_filename_md5}") . "\n"), 3, $snort_rules_upd_log);
$emergingthreats = 'off';
}
else {
update_status(gettext('Done downloading EmergingThreats rules file.'));
- log_error("EmergingThreats rules file update downloaded succsesfully");
+ log_error("[Snort] EmergingThreats rules file update downloaded successfully");
error_log(gettext("\tDone downloading EmergingThreats rules file.\n"), 3, $snort_rules_upd_log);
}
}
@@ -331,9 +350,9 @@ if ($emergingthreats == 'on') {
}
/* Copy emergingthreats md5 sig to snort dir */
- if (file_exists("{$tmpfname}/$emergingthreats_filename_md5")) {
+ if (file_exists("{$tmpfname}/{$emergingthreats_filename_md5}")) {
update_status(gettext("Copying md5 signature to snort directory..."));
- @copy("{$tmpfname}/$emergingthreats_filename_md5", "{$snortdir}/$emergingthreats_filename_md5");
+ @copy("{$tmpfname}/{$emergingthreats_filename_md5}", "{$snortdir}/{$emergingthreats_filename_md5}");
}
update_status(gettext("Extraction of EmergingThreats.org rules completed..."));
error_log(gettext("\tInstallation of EmergingThreats.org rules completed.\n"), 3, $snort_rules_upd_log);
@@ -376,11 +395,11 @@ if ($snortdownload == 'on') {
$snort_arch = php_uname("m");
$nosorules = false;
if ($snort_arch == 'i386'){
- exec("/usr/bin/tar xzf {$tmpfname}/{$snort_filename} -C {$snortdir}/tmp so_rules/precompiled/$freebsd_version_so/i386/{$snort_version}/");
+ exec("/usr/bin/tar xzf {$tmpfname}/{$snort_filename} -C {$snortdir}/tmp so_rules/precompiled/{$freebsd_version_so}/i386/{$snort_version}/");
exec("/bin/cp {$snortdir}/tmp/so_rules/precompiled/$freebsd_version_so/i386/{$snort_version}/* {$snortlibdir}/dynamicrules/");
} elseif ($snort_arch == 'amd64') {
- exec("/usr/bin/tar xzf {$tmpfname}/{$snort_filename} -C {$snortdir}/tmp so_rules/precompiled/$freebsd_version_so/x86-64/{$snort_version}/");
- exec("/bin/cp {$snortdir}/tmp/so_rules/precompiled/$freebsd_version_so/x86-64/{$snort_version}/* {$snortlibdir}/dynamicrules/");
+ exec("/usr/bin/tar xzf {$tmpfname}/{$snort_filename} -C {$snortdir}/tmp so_rules/precompiled/{$freebsd_version_so}/x86-64/{$snort_version}/");
+ exec("/bin/cp {$snortdir}/tmp/so_rules/precompiled/{$freebsd_version_so}/x86-64/{$snort_version}/* {$snortlibdir}/dynamicrules/");
} else
$nosorules = true;
exec("rm -r {$snortdir}/tmp/so_rules");
@@ -425,7 +444,7 @@ if ($snortdownload == 'on') {
if (file_exists("{$tmpfname}/{$snort_filename_md5}")) {
update_status(gettext("Copying md5 signature to snort directory..."));
- @copy("{$tmpfname}/$snort_filename_md5", "{$snortdir}/$snort_filename_md5");
+ @copy("{$tmpfname}/{$snort_filename_md5}", "{$snortdir}/{$snort_filename_md5}");
}
update_status(gettext("Extraction of Snort VRT rules completed..."));
error_log(gettext("\tInstallation of Snort VRT rules completed.\n"), 3, $snort_rules_upd_log);
@@ -485,9 +504,7 @@ if ($snortdownload == 'on' || $emergingthreats == 'on' || $snortcommunityrules =
}
elseif (($vrt_enabled == 'on') && ($et_enabled == 'on')) {
/* Both VRT and ET rules are enabled, so build combined */
- /* reference.config and classification.config files, but */
- /* only if we downloaded both rule sets. Otherwise we */
- /* risk creating an incomplete file. */
+ /* reference.config and classification.config files. */
$cfgs = glob("{$snortdir}/tmp/*reference.config");
$cfgs[] = "{$snortdir}/reference.config";
snort_merge_reference_configs($cfgs, "{$snortdir}/reference.config");
@@ -545,15 +562,15 @@ if ($snortdownload == 'on' || $emergingthreats == 'on' || $snortcommunityrules =
if (is_process_running("snort")) {
update_status(gettext('Restarting Snort to activate the new set of rules...'));
error_log(gettext("\tRestarting Snort to activate the new set of rules...\n"), 3, $snort_rules_upd_log);
- exec("/bin/sh /usr/local/etc/rc.d/snort.sh restart");
+ restart_service("snort");
update_output_window(gettext("Snort has restarted with your new set of rules..."));
- log_error(gettext("Snort has restarted with your new set of rules..."));
+ log_error(gettext("[Snort] Snort has restarted with your new set of rules..."));
error_log(gettext("\tSnort has restarted with your new set of rules.\n"), 3, $snort_rules_upd_log);
}
}
update_status(gettext("The Rules update has finished..."));
-log_error(gettext("The Rules update has finished."));
+log_error(gettext("[Snort] The Rules update has finished."));
error_log(gettext("The Rules update has finished. Time: " . date("Y-m-d H:i:s"). "\n\n"), 3, $snort_rules_upd_log);
conf_mount_ro();
diff --git a/config/snort/snort_define_servers.php b/config/snort/snort_define_servers.php
index 7fb435ed..b1d71631 100755
--- a/config/snort/snort_define_servers.php
+++ b/config/snort/snort_define_servers.php
@@ -33,7 +33,7 @@
require_once("guiconfig.inc");
require_once("/usr/local/pkg/snort/snort.inc");
-global $g;
+global $g, $rebuild_rules;
$id = $_GET['id'];
if (isset($_POST['id']))
diff --git a/config/snort/snort_download_updates.php b/config/snort/snort_download_updates.php
index 369e3094..36319977 100755
--- a/config/snort/snort_download_updates.php
+++ b/config/snort/snort_download_updates.php
@@ -99,6 +99,22 @@ function popup(url)
if (window.focus) {newwin.focus()}
return false;
}
+
+function wopen(url, name, w, h)
+{
+// Fudge factors for window decoration space.
+// In my tests these work well on all platforms & browsers.
+w += 32;
+h += 96;
+ var win = window.open(url,
+ name,
+ 'width=' + w + ', height=' + h + ', ' +
+ 'location=no, menubar=no, ' +
+ 'status=no, toolbar=no, scrollbars=yes, resizable=yes');
+ win.resizeTo(w, h);
+ win.focus();
+}
+
</script>
<form action="snort_download_updates.php" method="post" name="iform" id="iform">
@@ -161,7 +177,8 @@ function popup(url)
echo '
<button disabled="disabled"><span class="download">' . gettext("Update Rules") . '</span></button><br/>
<p style="text-align:left; margin-left:150px;">
- <font color="#fc3608" size="2px"><b>' . gettext("WARNING:") . '</b></font><font size="1px" color="#000000">&nbsp;&nbsp;' . gettext('No rule types have been selected for download. "Global Settings Tab"') . '</font><br>';
+ <font color="#fc3608" size="2px"><b>' . gettext("WARNING:") . '</b></font><font size="1px" color="#000000">&nbsp;&nbsp;' . gettext('No rule types have been selected for download. ') .
+ gettext('Visit the ') . '<a href="snort_interfaces_global.php">Global Settings Tab</a>' . gettext(' to select rule types.') . '</font><br>';
echo '</p>' . "\n";
} else {
@@ -191,7 +208,7 @@ function popup(url)
if ($snort_rules_upd_logfile_chk == 'yes') {
echo "
- <button class=\"formbtn\" onclick=\"popup('snort_log_view.php?logfile={$log}')\"><span class='pwhitetxt'>" . gettext("View Log") . "</span></button>";
+ <button class=\"formbtn\" onclick=\"wopen('snort_log_view.php?logfile={$log}', 'LogViewer', 800, 600)\"><span class='pwhitetxt'>" . gettext("View Log") . "</span></button>";
echo "&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<input type=\"submit\" value=\"Clear Log\" name=\"clear\" id=\"Submit\" class=\"formbtn\" />\n";
}else{
echo "
diff --git a/config/snort/snort_interfaces.php b/config/snort/snort_interfaces.php
index 4f85c1f4..5419e7c0 100755
--- a/config/snort/snort_interfaces.php
+++ b/config/snort/snort_interfaces.php
@@ -28,11 +28,17 @@
* POSSIBILITY OF SUCH DAMAGE.
*/
+// Turn on buffering to speed up rendering
+ini_set('output_buffering','true');
+
+// Start buffering with a cache size of 100000
+ob_start(null, "1000");
+
$nocsrf = true;
require_once("guiconfig.inc");
require_once("/usr/local/pkg/snort/snort.inc");
-global $g;
+global $g, $rebuild_rules;
$snortdir = SNORTDIR;
@@ -97,11 +103,11 @@ if ($_GET['act'] == 'bartoggle' && is_numeric($id)) {
$if_friendly = snort_get_friendly_interface($snortcfg['interface']);
if (snort_is_running($snortcfg['uuid'], $if_real, 'barnyard2') == 'no') {
- log_error("Toggle(barnyard starting) for {$if_friendly}({$snortcfg['descr']}}...");
+ log_error("Toggle (barnyard starting) for {$if_friendly}({$if_real})...");
sync_snort_package_config();
snort_barnyard_start($snortcfg, $if_real);
} else {
- log_error("Toggle(barnyard stopping) for {$if_friendly}({$snortcfg['descr']}}...");
+ log_error("Toggle (barnyard stopping) for {$if_friendly}({$if_real})...");
snort_barnyard_stop($snortcfg, $if_real);
}
@@ -117,7 +123,7 @@ if ($_GET['act'] == 'toggle' && is_numeric($id)) {
$if_friendly = snort_get_friendly_interface($snortcfg['interface']);
if (snort_is_running($snortcfg['uuid'], $if_real) == 'yes') {
- log_error("Toggle(snort stopping) for {$if_friendly}({$snortcfg['descr']})...");
+ log_error("Toggle (snort stopping) for {$if_friendly}({$if_real})...");
snort_stop($snortcfg, $if_real);
header( 'Expires: Sat, 26 Jul 1997 05:00:00 GMT' );
@@ -126,8 +132,12 @@ if ($_GET['act'] == 'toggle' && is_numeric($id)) {
header( 'Cache-Control: post-check=0, pre-check=0', false );
header( 'Pragma: no-cache' );
} else {
- log_error("Toggle(snort starting) for {$if_friendly}({$snortcfg['descr']})...");
+ log_error("Toggle (snort starting) for {$if_friendly}({$if_real})...");
+
+ /* set flag to rebuild interface rules before starting Snort */
+ $rebuild_rules = "on";
sync_snort_package_config();
+ $rebuild_rules = "off";
snort_start($snortcfg, $if_real);
header( 'Expires: Sat, 26 Jul 1997 05:00:00 GMT' );
@@ -194,10 +204,9 @@ if ($pfsense_stable == 'yes')
<tr>
<td>
<div id="mainarea2">
- <table class="tabcont" width="100%" border="0" cellpadding="0"
- cellspacing="0">
+ <table class="tabcont" width="100%" border="0" cellpadding="0" cellspacing="0">
<tr id="frheader">
- <td width="5%" class="list">&nbsp;</td>
+ <td width="3%" class="list">&nbsp;</td>
<td width="10%" class="listhdrr"><?php echo gettext("If"); ?></td>
<td width="13%" class="listhdrr"><?php echo gettext("Snort"); ?></td>
<td width="10%" class="listhdrr"><?php echo gettext("Performance"); ?></td>
@@ -205,18 +214,26 @@ if ($pfsense_stable == 'yes')
<td width="12%" class="listhdrr"><?php echo gettext("Barnyard2"); ?></td>
<td width="30%" class="listhdr"><?php echo gettext("Description"); ?></td>
<td width="3%" class="list">
- <table border="0" cellspacing="0" cellpadding="1">
+ <table border="0" cellspacing="0" cellpadding="0">
<tr>
- <td width="17"></td>
- <td><a href="snort_interfaces_edit.php?id=<?php echo $id_gen;?>"><img
+ <td></td>
+ <td align="center" valign="middle"><a href="snort_interfaces_edit.php?id=<?php echo $id_gen;?>"><img
src="../themes/<?= $g['theme']; ?>/images/icons/icon_plus.gif"
width="17" height="17" border="0" title="<?php echo gettext('add interface');?>"></a></td>
</tr>
</table>
</td>
</tr>
-<?php $nnats = $i = 0; foreach ($a_nat as $natent): ?>
-<tr valign="top" id="fr<?=$nnats;?>">
+<?php $nnats = $i = 0;
+/* If no interfaces are defined, then turn off the "no rules" warning */
+$no_rules_footnote = false;
+if ($id_gen == 0)
+ $no_rules = false;
+else
+ $no_rules = true;
+
+foreach ($a_nat as $natent): ?>
+ <tr valign="top" id="fr<?=$nnats;?>">
<?php
/* convert fake interfaces to real and check if iface is up */
@@ -232,9 +249,23 @@ if ($pfsense_stable == 'yes')
else
$biconfn = 'block';
+ /* See if interface has any rules defined and set boolean flag */
+ $no_rules = true;
+ if (isset($natent['customrules']) && !empty($natent['customrules']))
+ $no_rules = false;
+ if (isset($natent['rulesets']) && !empty($natent['rulesets']))
+ $no_rules = false;
+ if (isset($natent['ips_policy']) && !empty($natent['ips_policy']))
+ $no_rules = false;
+ /* Do not display the "no rules" warning if interface disabled */
+ if ($natent['enable'] == "off")
+ $no_rules = false;
+ if ($no_rules)
+ $no_rules_footnote = true;
?>
<td class="listt">
- <input type="checkbox" id="frc<?=$nnats;?>" name="rule[]" value="<?=$i;?>" onClick="fr_bgcolor('<?=$nnats;?>')" style="margin: 0; padding: 0;"></td>
+ <input type="checkbox" id="frc<?=$nnats;?>" name="rule[]" value="<?=$i;?>" onClick="fr_bgcolor('<?=$nnats;?>')" style="margin: 0; padding: 0;">
+ </td>
<td class="listr"
id="frd<?=$nnats;?>"
ondblclick="document.location='snort_interfaces_edit.php?id=<?=$nnats;?>';">
@@ -253,6 +284,7 @@ if ($pfsense_stable == 'yes')
<img src='../themes/{$g['theme']}/images/icons/icon_{$iconfn}.gif'
width='13' height='13' border='0'
title='" . gettext('click to toggle start/stop snort') . "'></a>";
+ echo ($no_rules) ? "&nbsp;<img src=\"../themes/{$g['theme']}/images/icons/icon_frmfld_imp.png\" width=\"15\" height=\"15\" border=\"0\">" : "";
} else
echo strtoupper("disabled");
?>
@@ -267,7 +299,8 @@ if ($pfsense_stable == 'yes')
}else{
$check_performance = "lowmem";
}
- ?> <?=strtoupper($check_performance);?></td>
+ ?> <?=strtoupper($check_performance);?>
+ </td>
<td class="listr"
id="frd<?=$nnats;?>"
ondblclick="document.location='snort_interfaces_edit.php?id=<?=$nnats;?>';">
@@ -279,7 +312,8 @@ if ($pfsense_stable == 'yes')
} else {
$check_blockoffenders = disabled;
}
- ?> <?=strtoupper($check_blockoffenders);?></td>
+ ?> <?=strtoupper($check_blockoffenders);?>
+ </td>
<td class="listr"
id="frd<?=$nnats;?>"
ondblclick="document.location='snort_interfaces_edit.php?id=<?=$nnats;?>';">
@@ -297,33 +331,40 @@ if ($pfsense_stable == 'yes')
</td>
<td class="listbg"
ondblclick="document.location='snort_interfaces_edit.php?id=<?=$nnats;?>';">
- <font color="#ffffff"> <?=htmlspecialchars($natent['descr']);?>&nbsp;
+ <font color="#ffffff"> <?=htmlspecialchars($natent['descr']);?>&nbsp;
</td>
<td valign="middle" class="list" nowrap>
- <table border="0" cellspacing="0" cellpadding="1">
- <tr>
- <td><a href="snort_interfaces_edit.php?id=<?=$i;?>"><img
- src="/themes/<?= $g['theme']; ?>/images/icons/icon_e.gif"
- width="17" height="17" border="0" title="<?php echo gettext('edit interface'); ?>"></a></td>
- </tr>
- </table>
-
- </tr>
+ <table border="0" cellspacing="0" cellpadding="0">
+ <tr>
+ <td><a href="snort_interfaces_edit.php?id=<?=$i;?>"><img
+ src="/themes/<?= $g['theme']; ?>/images/icons/icon_e.gif"
+ width="17" height="17" border="0" title="<?php echo gettext('edit interface'); ?>"></a>
+ </td>
+ </tr>
+ </table>
+ </td>
+ </tr>
<?php $i++; $nnats++; endforeach; ?>
<tr>
- <td class="list" colspan="8"></td>
+ <td class="list"></td>
+ <td class="list" colspan="6">
+ <?php if ($no_rules_footnote): ?><br><img src="../themes/<?= $g['theme']; ?>/images/icons/icon_frmfld_imp.png" width="15" height="15" border="0">
+ <span class="red">&nbsp;&nbsp <?php echo gettext("WARNING: Marked interface currently has no rules defined for Snort"); ?></span>
+ <?php else: ?>&nbsp;
+ <?php endif; ?>
+ </td>
<td class="list" valign="middle" nowrap>
- <table border="0" cellspacing="0" cellpadding="1">
- <tr>
- <td><?php if ($nnats == 0): ?><img
- src="../themes/<?= $g['theme']; ?>/images/icons/icon_x_d.gif"
- width="17" height="17" title="<?php echo gettext("delete selected interface"); ?>" border="0"><?php else: ?><input
- name="del" type="image"
- src="../themes/<?= $g['theme']; ?>/images/icons/icon_x.gif"
- width="17" height="17" title="<?php echo gettext("delete selected interface"); ?>"
- onclick="return confirm('Do you really want to delete the selected Snort mapping?')"><?php endif; ?></td>
- </tr>
- </table>
+ <table border="0" cellspacing="0" cellpadding="0">
+ <tr>
+ <td><?php if ($nnats == 0): ?><img
+ src="../themes/<?= $g['theme']; ?>/images/icons/icon_x_d.gif"
+ width="17" height="17" title="<?php echo gettext("delete selected interface"); ?>" border="0"><?php else: ?>
+ <input name="del" type="image"
+ src="../themes/<?= $g['theme']; ?>/images/icons/icon_x.gif"
+ width="17" height="17" title="<?php echo gettext("delete selected interface"); ?>"
+ onclick="return confirm('Do you really want to delete the selected Snort mapping?')"><?php endif; ?></td>
+ </tr>
+ </table>
</td>
</tr>
</table>
@@ -336,46 +377,59 @@ if ($pfsense_stable == 'yes')
<table width="100%" border="0" cellpadding="0" cellspacing="0">
<tr>
<td>
- <div id="mainarea4">
- <table class="tabcont" width="100%" border="0" cellpadding="0"
- cellspacing="0">
- <tr id="frheader">
- <td width="100%"><span class="red"><strong><?php echo gettext("Note:"); ?></strong></span> <br>
- <?php echo gettext('This is the <strong>Snort Menu</strong> where you can see an over ' .
- 'view of all your interface settings. <br> ' .
- 'Please edit the <strong>Global Settings</strong> tab before adding ' .
- 'an interface.'); ?> <br>
- <br>
- <span class="red"><strong><?php echo gettext("Warning:"); ?></strong></span> <br>
- <strong><?php echo gettext("New settings will not take effect until interface restart."); ?></strong>
- <br>
- <br>
- <strong>Click</strong> on the <img
- src="../themes/<?= $g['theme']; ?>/images/icons/icon_plus.gif"
- width="17" height="17" border="0" title="<?php echo gettext("Add Icon"); ?>"> icon to add a
- interface.<strong>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Click</strong>
- on the <img
- src="../themes/<?= $g['theme']; ?>/images/icons/icon_pass.gif"
- width="13" height="13" border="0" title="<?php echo gettext("Start Icon"); ?>"> icon to <strong>start</strong>
- snort and barnyard2. <br>
- <strong>Click</strong> on the <img
- src="../themes/<?= $g['theme']; ?>/images/icons/icon_e.gif"
- width="17" height="17" border="0" title="<?php echo gettext("Edit Icon"); ?>"> icon to edit a
- interface and settings.<strong>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Click</strong>
- on the <img
- src="../themes/<?= $g['theme']; ?>/images/icons/icon_block.gif"
- width="13" height="13" border="0" title="<?php echo gettext("Stop Icon"); ?>"> icon to <strong>stop</strong>
- snort and barnyard2. <br>
- <strong> Click</strong> on the <img
- src="../themes/<?= $g['theme']; ?>/images/icons/icon_x.gif"
- width="17" height="17" border="0" title="<?php echo gettext("Delete Icon"); ?>"> icon to
- delete a interface and settings.</td>
- </tr>
- </table>
- </div>
-
+ <table class="tabcont" width="100%" border="0" cellpadding="1" cellspacing="1">
+ <tr>
+ <td colspan="3"><span class="red"><strong><?php echo gettext("Note:"); ?></strong></span> <br>
+ <?php echo gettext('This is the <strong>Snort Menu</strong> where you can see an over ' .
+ 'view of all your interface settings. ' .
+ 'Please visit the <strong>Global Settings</strong> tab before adding ' . 'an interface.'); ?>
+ </td>
+ </tr>
+ <tr>
+ <td colspan="3"><br>
+ </td>
+ </tr>
+ <tr>
+ <td colspan="3"><span class="red"><strong><?php echo gettext("Warning:"); ?></strong></span><br>
+ <strong><?php echo gettext("New settings will not take effect until interface restart."); ?></strong>
+ </td>
+ </tr>
+ <tr>
+ <td colspan="3"><br>
+ </td>
+ </tr>
+ <tr>
+ <td><strong>Click</strong> on the <img src="../themes/<?= $g['theme']; ?>/images/icons/icon_plus.gif"
+ width="17" height="17" border="0" title="<?php echo gettext("Add Icon"); ?>"> icon to add
+ an interface.
+ </td>
+ <td width="3%">&nbsp;
+ </td>
+ <td><strong>Click</strong> on the <img src="../themes/<?= $g['theme']; ?>/images/icons/icon_pass.gif"
+ width="13" height="13" border="0" title="<?php echo gettext("Start Icon"); ?>"> icon to <strong>start</strong>
+ snort and barnyard2.
+ </td>
+ </tr>
+ <tr>
+ <td><strong>Click</strong> on the <img src="../themes/<?= $g['theme']; ?>/images/icons/icon_e.gif"
+ width="17" height="17" border="0" title="<?php echo gettext("Edit Icon"); ?>"> icon to edit
+ an interface and settings.
+ <td width="3%">&nbsp;
+ </td>
+ <td><strong>Click</strong> on the <img src="../themes/<?= $g['theme']; ?>/images/icons/icon_block.gif"
+ width="13" height="13" border="0" title="<?php echo gettext("Stop Icon"); ?>"> icon to <strong>stop</strong>
+ snort and barnyard2.
+ </td>
+ </tr>
+ <tr>
+ <td colspan="3"><strong> Click</strong> on the <img src="../themes/<?= $g['theme']; ?>/images/icons/icon_x.gif"
+ width="17" height="17" border="0" title="<?php echo gettext("Delete Icon"); ?>"> icon to
+ delete an interface and settings.
+ </td>
+ </tr>
+ </table>
+ </td>
</tr>
- </td>
</table>
</form>
<?php
diff --git a/config/snort/snort_interfaces_edit.php b/config/snort/snort_interfaces_edit.php
index 76763553..8d7b9c06 100755
--- a/config/snort/snort_interfaces_edit.php
+++ b/config/snort/snort_interfaces_edit.php
@@ -122,9 +122,11 @@ if ($_POST["Submit"]) {
/* Save configuration changes */
write_config();
- /* Update snort.conf file for this interface */
+ /* Most changes don't require a rules rebuild, so default to "off" */
$rebuild_rules = "off";
- snort_generate_conf($a_rule[$id]);
+
+ /* Update snort.conf and snort.sh files for this interface */
+ sync_snort_package_config();
header( 'Expires: Sat, 26 Jul 1997 05:00:00 GMT' );
header( 'Last-Modified: ' . gmdate( 'D, d M Y H:i:s' ) . ' GMT' );
diff --git a/config/snort/snort_interfaces_global.php b/config/snort/snort_interfaces_global.php
index 46ee57ab..3c544436 100644
--- a/config/snort/snort_interfaces_global.php
+++ b/config/snort/snort_interfaces_global.php
@@ -52,6 +52,8 @@ $pconfig['autorulesupdate7'] = $config['installedpackages']['snortglobal']['auto
$pconfig['forcekeepsettings'] = $config['installedpackages']['snortglobal']['forcekeepsettings'];
$pconfig['snortcommunityrules'] = $config['installedpackages']['snortglobal']['snortcommunityrules'];
+if (empty($pconfig['snortloglimit']))
+ $pconfig['snortloglimit'] = 'on';
/* if no errors move foward */
if (!$input_errors) {
diff --git a/config/snort/snort_log_view.php b/config/snort/snort_log_view.php
index 6d38a8cb..4fc8d990 100644
--- a/config/snort/snort_log_view.php
+++ b/config/snort/snort_log_view.php
@@ -54,7 +54,7 @@ $pgtitle = array(gettext("Snort"), gettext("Log File Viewer"));
<body link="#000000" vlink="#000000" alink="#000000">
<?php if ($savemsg) print_info_box($savemsg); ?>
-<?php include("fbegin.inc");?>
+<?php // include("fbegin.inc");?>
<form action="snort_log_view.php" method="post">
<table width="100%" border="0" cellpadding="0" cellspacing="0">
@@ -62,6 +62,9 @@ $pgtitle = array(gettext("Snort"), gettext("Log File Viewer"));
<td class="tabcont">
<table width="100%" cellpadding="0" cellspacing="6" bgcolor="#eeeeee">
<tr>
+ <td class="pgtitle" colspan="2">Snort: Log File Viewer</td>
+ </tr>
+ <tr>
<td align="left" width="20%">
<input type="button" class="formbtn" value="Return" onclick="window.close()">
</td>
@@ -71,8 +74,8 @@ $pgtitle = array(gettext("Snort"), gettext("Log File Viewer"));
</tr>
<tr>
<td colspan="2" valign="top" class="label">
- <div style="background: #eeeeee;" id="textareaitem"><!-- NOTE: The opening *and* the closing textarea tag must be on the same line. -->
- <textarea readonly wrap="off" rows="33" cols="90" name="code2"><?=$contents;?></textarea>
+ <div style="background: #eeeeee; width:100%; height:100%;" id="textareaitem"><!-- NOTE: The opening *and* the closing textarea tag must be on the same line. -->
+ <textarea style="width:100%; height:100%;" readonly wrap="off" rows="33" cols="80" name="code2"><?=$contents;?></textarea>
</div>
</td>
</tr>
@@ -81,6 +84,6 @@ $pgtitle = array(gettext("Snort"), gettext("Log File Viewer"));
</tr>
</table>
</form>
-<?php include("fend.inc");?>
+<?php // include("fend.inc");?>
</body>
</html>
diff --git a/config/snort/snort_preprocessors.php b/config/snort/snort_preprocessors.php
index 5cd5a408..cf6146cf 100755
--- a/config/snort/snort_preprocessors.php
+++ b/config/snort/snort_preprocessors.php
@@ -35,6 +35,7 @@ require_once("guiconfig.inc");
require_once("/usr/local/pkg/snort/snort.inc");
global $g, $rebuild_rules;
+$snortlogdir = SNORTLOGDIR;
if (!is_array($config['installedpackages']['snortglobal'])) {
$config['installedpackages']['snortglobal'] = array();
@@ -89,8 +90,36 @@ if (isset($id) && $a_nat[$id]) {
/* the Sensitive Data (sdf) preprocessor. */
if ($vrt_enabled == "off")
$pconfig['sensitive_data'] = "off";
+
+ /**********************************************************/
+ /* To keep new users from shooting themselves in the foot */
+ /* enable the most common and necessary preprocessors by */
+ /* default. */
+ /**********************************************************/
+ if (empty($pconfig['ftp_preprocessor']))
+ $pconfig['ftp_preprocessor'] = 'on';
+ if (empty($pconfig['smtp_preprocessor']))
+ $pconfig['smtp_preprocessor'] = 'on';
+ if (empty($pconfig['dce_rpc_2']))
+ $pconfig['dce_rpc_2'] = 'on';
+ if (empty($pconfig['dns_preprocessor']))
+ $pconfig['dns_preprocessor'] = 'on';
+ if (empty($pconfig['ssl_preproc']))
+ $pconfig['ssl_preproc'] = 'on';
+ if (empty($pconfig['pop_preproc']))
+ $pconfig['pop_preproc'] = 'on';
+ if (empty($pconfig['imap_preproc']))
+ $pconfig['imap_preproc'] = 'on';
+ if (empty($pconfig['sip_preproc']))
+ $pconfig['sip_preproc'] = 'on';
+ if (empty($pconfig['other_preprocs']))
+ $pconfig['other_preprocs'] = 'on';
}
+/* Define the "disabled_preproc_rules.log" file for this interface */
+$iface = snort_get_friendly_interface($pconfig['interface']);
+$disabled_rules_log = "{$snortlogdir}/{$iface}_disabled_preproc_rules.log";
+
if ($_POST) {
$natent = array();
$natent = $pconfig;
@@ -135,6 +164,10 @@ if ($_POST) {
$natent['preproc_auto_rule_disable'] = $_POST['preproc_auto_rule_disable'] ? 'on' : 'off';
$natent['protect_preproc_rules'] = $_POST['protect_preproc_rules'] ? 'on' : 'off';
+ /* If 'preproc_auto_rule_disable' is off, then clear log file */
+ if ($natent['preproc_auto_rule_disable'] == 'off')
+ @unlink("{$disabled_rules_log}");
+
if (isset($id) && $a_nat[$id])
$a_nat[$id] = $natent;
else {
@@ -193,6 +226,25 @@ include_once("head.inc");
</script>
<script type="text/javascript" src="/javascript/suggestions.js">
</script>
+
+<script language="javascript" type="text/javascript">
+
+function wopen(url, name, w, h)
+{
+// Fudge factors for window decoration space.
+// In my tests these work well on all platforms & browsers.
+w += 32;
+h += 96;
+ var win = window.open(url,
+ name,
+ 'width=' + w + ', height=' + h + ', ' +
+ 'location=no, menubar=no, ' +
+ 'status=no, toolbar=no, scrollbars=yes, resizable=yes');
+ win.resizeTo(w, h);
+ win.focus();
+}
+</script>
+
<form action="snort_preprocessors.php" method="post"
enctype="multipart/form-data" name="iform" id="iform">
<table width="100%" border="0" cellpadding="0" cellspacing="0">
@@ -261,6 +313,13 @@ include_once("head.inc");
"disabled preprocessors, but can substantially compromise the level of protection by " .
"automatically disabling detection rules."); ?></td>
</tr>
+ <?php if (file_exists($disabled_rules_log) && filesize($disabled_rules_log) > 0): ?>
+ <tr>
+ <td width="3%">&nbsp;</td>
+ <td class="vexpl"><input type="button" class="formbtn" value="View" onclick="wopen('snort_rules_edit.php?id=<?=$id;?>&openruleset=<?=$disabled_rules_log;?>','FileViewer',800,600)"/>
+ &nbsp;&nbsp;&nbsp;<?php echo gettext("Click to view the list of currently auto-disabled rules"); ?></td>
+ </tr>
+ <?php endif; ?>
</table>
</td>
</tr>
@@ -441,7 +500,8 @@ include_once("head.inc");
type="checkbox" value="on"
<?php if ($pconfig['other_preprocs']=="on") echo "checked"; ?>
onClick="enable_change(false)"><br>
- <?php echo gettext("Normalize/Decode RPC traffic and detects Back Orifice traffic on the network."); ?></td>
+ <?php echo gettext("Normalize/Decode RPC traffic and detects Back Orifice traffic on the network. Default is ") .
+ "<strong>" . gettext("Checked") . "</strong>"; ?></td>
</tr>
<tr>
<td width="22%" valign="top" class="vncell"><?php echo gettext("Enable"); ?> <br>
@@ -450,7 +510,8 @@ include_once("head.inc");
type="checkbox" value="on"
<?php if ($pconfig['ftp_preprocessor']=="on") echo "checked"; ?>
onClick="enable_change(false)"><br>
- <?php echo gettext("Normalize/Decode FTP and Telnet traffic and protocol anomalies."); ?></td>
+ <?php echo gettext("Normalize/Decode FTP and Telnet traffic and protocol anomalies. Default is ") .
+ "<strong>" . gettext("Checked") . "</strong>"; ?></td>
</tr>
<tr>
<td width="22%" valign="top" class="vncell"><?php echo gettext("Enable"); ?> <br>
@@ -459,7 +520,8 @@ include_once("head.inc");
type="checkbox" value="on"
<?php if ($pconfig['pop_preproc']=="on") echo "checked"; ?>
onClick="enable_change(false)"><br>
- <?php echo gettext("Normalize/Decode POP protocol for enforcement and buffer overflows."); ?></td>
+ <?php echo gettext("Normalize/Decode POP protocol for enforcement and buffer overflows. Default is ") .
+ "<strong>" . gettext("Checked") . "</strong>"; ?></td>
</tr>
<tr>
<td width="22%" valign="top" class="vncell"><?php echo gettext("Enable"); ?> <br>
@@ -468,7 +530,8 @@ include_once("head.inc");
type="checkbox" value="on"
<?php if ($pconfig['imap_preproc']=="on") echo "checked"; ?>
onClick="enable_change(false)"><br>
- <?php echo gettext("Normalize/Decode IMAP protocol for enforcement and buffer overflows."); ?></td>
+ <?php echo gettext("Normalize/Decode IMAP protocol for enforcement and buffer overflows. Default is ") .
+ "<strong>" . gettext("Checked") . "</strong>"; ?></td>
</tr>
<tr>
<td width="22%" valign="top" class="vncell"><?php echo gettext("Enable"); ?> <br>
@@ -477,7 +540,8 @@ include_once("head.inc");
type="checkbox" value="on"
<?php if ($pconfig['smtp_preprocessor']=="on") echo "checked"; ?>
onClick="enable_change(false)"><br>
- <?php echo gettext("Normalize/Decode SMTP protocol for enforcement and buffer overflows."); ?></td>
+ <?php echo gettext("Normalize/Decode SMTP protocol for enforcement and buffer overflows. Default is ") .
+ "<strong>" . gettext("Checked") . "</strong>"; ?></td>
</tr>
<tr>
<td width="22%" valign="top" class="vncell"><?php echo gettext("Enable"); ?> <br>
@@ -486,7 +550,8 @@ include_once("head.inc");
type="checkbox" value="on"
<?php if ($pconfig['dce_rpc_2']=="on") echo "checked"; ?>
onClick="enable_change(false)"><br>
- <?php echo gettext("The DCE/RPC preprocessor detects and decodes SMB and DCE/RPC traffic."); ?></td>
+ <?php echo gettext("The DCE/RPC preprocessor detects and decodes SMB and DCE/RPC traffic. Default is ") .
+ "<strong>" . gettext("Checked") . "</strong>"; ?></td>
</tr>
<tr>
<td width="22%" valign="top" class="vncell"><?php echo gettext("Enable"); ?> <br>
@@ -495,7 +560,8 @@ include_once("head.inc");
type="checkbox" value="on"
<?php if ($pconfig['sip_preproc']=="on") echo "checked"; ?>
onClick="enable_change(false)"><br>
- <?php echo gettext("The SIP preprocessor decodes SIP traffic and detects some vulnerabilities."); ?></td>
+ <?php echo gettext("The SIP preprocessor decodes SIP traffic and detects some vulnerabilities. Default is ") .
+ "<strong>" . gettext("Checked") . "</strong>"; ?></td>
</tr>
<tr>
<td width="22%" valign="top" class="vncell"><?php echo gettext("Enable"); ?> <br>
@@ -513,7 +579,8 @@ include_once("head.inc");
type="checkbox" value="on"
<?php if ($pconfig['dns_preprocessor']=="on") echo "checked"; ?>
onClick="enable_change(false)"><br>
- <?php echo gettext("The DNS preprocessor decodes DNS Response traffic and detects some vulnerabilities."); ?></td>
+ <?php echo gettext("The DNS preprocessor decodes DNS Response traffic and detects some vulnerabilities. Default is ") .
+ "<strong>" . gettext("Checked") . "</strong>"; ?></td>
</tr>
<tr>
<td width="22%" valign="top" class="vncell"><?php echo gettext("Enable"); ?> <br> <?php echo gettext("SSL Data"); ?></td>
@@ -521,7 +588,8 @@ include_once("head.inc");
<input name="ssl_preproc" type="checkbox" value="on"
<?php if ($pconfig['ssl_preproc']=="on") echo "checked"; ?>
onClick="enable_change(false)"><br>
- <?php echo gettext("SSL data searches for irregularities during SSL protocol exchange"); ?>
+ <?php echo gettext("SSL data searches for irregularities during SSL protocol exchange. Default is ") .
+ "<strong>" . gettext("Checked") . "</strong>"; ?>
</td>
</tr>
<tr>
diff --git a/config/snort/snort_rules.php b/config/snort/snort_rules.php
index 5e8e145d..59bf1339 100755
--- a/config/snort/snort_rules.php
+++ b/config/snort/snort_rules.php
@@ -212,10 +212,22 @@ if ($_GET['act'] == "resetall" && !empty($rules_map)) {
exit;
}
+if ($_POST['clear']) {
+ unset($a_rule[$id]['customrules']);
+ write_config();
+ $rebuild_rules = "on";
+ snort_generate_conf($a_rule[$id]);
+ $rebuild_rules = "off";
+ header("Location: /snort/snort_rules.php?id={$id}&openruleset={$currentruleset}");
+ exit;
+}
+
if ($_POST['customrules']) {
$a_rule[$id]['customrules'] = base64_encode($_POST['customrules']);
write_config();
- sync_snort_package_config();
+ $rebuild_rules = "on";
+ snort_generate_conf($a_rule[$id]);
+ $rebuild_rules = "off";
$output = "";
$retcode = "";
exec("snort -c {$snortdir}/snort_{$snort_uuid}_{$if_real}/snort.conf -T 2>&1", $output, $retcode);
@@ -299,6 +311,22 @@ function popup(url)
if (window.focus) {newwin.focus()}
return false;
}
+
+function wopen(url, name, w, h)
+{
+// Fudge factors for window decoration space.
+// In my tests these work well on all platforms & browsers.
+w += 32;
+h += 96;
+ var win = window.open(url,
+ name,
+ 'width=' + w + ', height=' + h + ', ' +
+ 'location=no, menubar=no, ' +
+ 'status=no, toolbar=no, scrollbars=yes, resizable=yes');
+ win.resizeTo(w, h);
+ win.focus();
+}
+
</script>
<form action="/snort/snort_rules.php" method="post" name="iform" id="iform">
@@ -376,10 +404,14 @@ function popup(url)
<td width="3%" class="list">&nbsp;</td>
</tr>
<tr>
+ <td colspan="9">&nbsp;</td>
+ </tr>
+ <tr>
<td width="3%" class="list">&nbsp;</td>
- <td colspan="7" class="vtable">
- <input name="Submit" type="submit" class="formbtn" value="Save">
- <input type="button" class="formbtn" value="Cancel" onclick="history.back()">
+ <td colspan="7">
+ <input name="Submit" type="submit" class="formbtn" value=" Save ">&nbsp;&nbsp;
+ <input type="button" class="formbtn" value="Cancel" onclick="history.back()">&nbsp;&nbsp;
+ <input name="clear" type="submit" class="formbtn" id="clear" value="Clear" onclick="return confirm('Do you really want to erase all custom rules?')">
</td>
<td width="3%" class="list">&nbsp;</td>
</tr>
@@ -390,7 +422,7 @@ function popup(url)
&nbsp;&nbsp;&nbsp;<?php echo gettext("Click to rebuild the rules with your changes. Snort must be restarted to use the new rules."); ?>
<input type='hidden' name='id' value='<?=$id;?>'></td>
<td width="3%" align="center" valign="middle" class="listt"><a href="javascript: void(0)"
- onclick="popup('snort_rules_edit.php?id=<?=$id;?>&openruleset=<?=$currentruleset;?>')">
+ onclick="wopen('snort_rules_edit.php?id=<?=$id;?>&openruleset=<?=$currentruleset;?>','FileViewer',800,600)">
<img src="../themes/<?= $g['theme']; ?>/images/icons/icon_service_restart.gif" <?php
echo "onmouseover='this.src=\"../themes/{$g['theme']}/images/icons/icon_services_restart_mo.gif\"'
onmouseout='this.src=\"../themes/{$g['theme']}/images/icons/icon_service_restart.gif\"' ";?>
@@ -475,7 +507,7 @@ function popup(url)
?>
<td width="3%" align="center" valign="middle" nowrap class="listt">
<a href="javascript: void(0)"
- onclick="popup('snort_rules_edit.php?id=<?=$id;?>&openruleset=<?=$currentruleset;?>&ids=<?=$sid;?>&gid=<?=$gid;?>')"><img
+ onclick="wopen('snort_rules_edit.php?id=<?=$id;?>&openruleset=<?=$currentruleset;?>&ids=<?=$sid;?>&gid=<?=$gid;?>','FileViewer',800,600)"><img
src="../themes/<?= $g['theme']; ?>/images/icons/icon_right.gif"
title="<?php echo gettext("Click to view rule"); ?>" width="17" height="17" border="0"></a>
<!-- Codes by Quackit.com -->
diff --git a/config/snort/snort_rules_edit.php b/config/snort/snort_rules_edit.php
index 8ee6a645..7005d1f8 100755
--- a/config/snort/snort_rules_edit.php
+++ b/config/snort/snort_rules_edit.php
@@ -113,7 +113,7 @@ $pgtitle = array(gettext("Snort"), gettext("File Viewer"));
<body link="#000000" vlink="#000000" alink="#000000">
<?php if ($savemsg) print_info_box($savemsg); ?>
-<?php include("fbegin.inc");?>
+<?php // include("fbegin.inc");?>
<form action="snort_rules_edit.php" method="post">
<table width="100%" border="0" cellpadding="0" cellspacing="0">
@@ -121,14 +121,20 @@ $pgtitle = array(gettext("Snort"), gettext("File Viewer"));
<td class="tabcont">
<table width="100%" cellpadding="0" cellspacing="6" bgcolor="#eeeeee">
<tr>
- <td>
+ <td class="pgtitle" colspan="2">Snort: Rules Viewer</td>
+ </tr>
+ <tr>
+ <td width="20%">
<input type="button" class="formbtn" value="Return" onclick="window.close()">
</td>
+ <td align="right">
+ <b><?php echo gettext("Rules File: ") . '</b>&nbsp;' . $file; ?>&nbsp;&nbsp;&nbsp;&nbsp;
+ </td>
</tr>
<tr>
- <td valign="top" class="label">
- <div style="background: #eeeeee;" id="textareaitem"><!-- NOTE: The opening *and* the closing textarea tag must be on the same line. -->
- <textarea wrap="<?=$wrap_flag?>" rows="33" cols="90" name="code2"><?=$contents;?></textarea>
+ <td valign="top" class="label" colspan="2">
+ <div style="background: #eeeeee; width:100%; height:100%;" id="textareaitem"><!-- NOTE: The opening *and* the closing textarea tag must be on the same line. -->
+ <textarea style="width:100%; height:100%;" wrap="<?=$wrap_flag?>" rows="33" cols="80" name="code2"><?=$contents;?></textarea>
</div>
</td>
</tr>
@@ -137,6 +143,6 @@ $pgtitle = array(gettext("Snort"), gettext("File Viewer"));
</tr>
</table>
</form>
-<?php include("fend.inc");?>
+<?php // include("fend.inc");?>
</body>
</html>
diff --git a/config/snort/snort_rulesets.php b/config/snort/snort_rulesets.php
index 1bf815fb..64998810 100755
--- a/config/snort/snort_rulesets.php
+++ b/config/snort/snort_rulesets.php
@@ -82,8 +82,10 @@ if (($snortdownload == 'off') || ($a_nat[$id]['ips_policy_enable'] != 'on'))
$policy_select_disable = "disabled";
if ($a_nat[$id]['autoflowbitrules'] == 'on') {
- if (file_exists("{$snortdir}/snort_{$snort_uuid}_{$if_real}/rules/{$flowbit_rules_file}"))
+ if (file_exists("{$snortdir}/snort_{$snort_uuid}_{$if_real}/rules/{$flowbit_rules_file}") &&
+ filesize("{$snortdir}/snort_{$snort_uuid}_{$if_real}/rules/{$flowbit_rules_file}") > 0) {
$btn_view_flowb_rules = "";
+ }
else
$btn_view_flowb_rules = " disabled";
}
@@ -220,6 +222,22 @@ function popup(url)
if (window.focus) {newwin.focus()}
return false;
}
+
+function wopen(url, name, w, h)
+{
+// Fudge factors for window decoration space.
+// In my tests these work well on all platforms & browsers.
+w += 32;
+h += 96;
+ var win = window.open(url,
+ name,
+ 'width=' + w + ', height=' + h + ', ' +
+ 'location=no, menubar=no, ' +
+ 'status=no, toolbar=no, scrollbars=yes, resizable=yes');
+ win.resizeTo(w, h);
+ win.focus();
+}
+
function enable_change()
{
var endis = !(document.iform.ips_policy_enable.checked);
@@ -265,7 +283,10 @@ function enable_change()
<tr>
<td class="vexpl"><br/>
<?php printf(gettext("# The rules directory is empty: %s%s/rules%s"), '<strong>',$snortdir,'</strong>'); ?> <br/><br/>
- <?php printf(gettext("Please go to the %sUpdates%s tab to download the rules configured on the %sGlobal%s tab."),'<strong>' ,'</strong>', '<strong>' ,'</strong>'); ?>
+ <?php echo gettext("Please go to the ") . '<a href="snort_download_updates.php"><strong>' . gettext("Updates") .
+ '</strong></a>' . gettext(" tab to download the rules configured on the ") .
+ '<a href="snort_interfaces_global.php"><strong>' . gettext("Global") .
+ '</strong></a>' . gettext(" tab."); ?>
</td>
</tr>
<?php else:
@@ -302,7 +323,7 @@ function enable_change()
</tr>
<tr>
<td width="15%" class="listn"><?php echo gettext("Auto Flowbit Rules"); ?></td>
- <td width="85%"><input type="button" class="formbtn" value="View" onclick="popup('snort_rules_edit.php?id=<?=$id;?>&openruleset=<?=$flowbit_rules_file;?>')" <?php echo $btn_view_flowb_rules; ?>/>
+ <td width="85%"><input type="button" class="formbtn" value="View" onclick="wopen('snort_rules_edit.php?id=<?=$id;?>&openruleset=<?=$flowbit_rules_file;?>','FileViewer',800,600)" <?php echo $btn_view_flowb_rules; ?>/>
&nbsp;&nbsp;<span class="vexpl"><?php echo gettext("Click to view auto-enabled rules required to satisfy flowbit dependencies"); ?></span></td>
</tr>
<tr>