aboutsummaryrefslogtreecommitdiffstats
path: root/config/snort
diff options
context:
space:
mode:
Diffstat (limited to 'config/snort')
-rw-r--r--config/snort/snort.inc1870
-rw-r--r--config/snort/snort_alerts.php93
-rw-r--r--config/snort/snort_barnyard.php195
-rw-r--r--config/snort/snort_blocked.php63
-rw-r--r--config/snort/snort_check_cron_misc.inc10
-rw-r--r--config/snort/snort_check_for_rule_updates.php87
-rw-r--r--config/snort/snort_define_servers.php20
-rw-r--r--config/snort/snort_interfaces.php44
-rw-r--r--config/snort/snort_interfaces_edit.php116
-rw-r--r--config/snort/snort_interfaces_global.php117
-rw-r--r--config/snort/snort_interfaces_suppress.php24
-rw-r--r--config/snort/snort_interfaces_suppress_edit.php55
-rw-r--r--config/snort/snort_preprocessors.php16
-rw-r--r--config/snort/snort_rules.php8
-rw-r--r--config/snort/snort_rules_edit.php18
-rw-r--r--config/snort/snort_rulesets.php46
16 files changed, 1135 insertions, 1647 deletions
diff --git a/config/snort/snort.inc b/config/snort/snort.inc
index 271f10a8..76cb563d 100644
--- a/config/snort/snort.inc
+++ b/config/snort/snort.inc
@@ -39,24 +39,31 @@ require_once("filter.inc");
/* package version */
$snort_package_version = 'Snort 2.8.6.1 pkg v. 1.34';
+/* Allow additional execution time 0 = no limit. */
+ini_set('max_execution_time', '9999');
+ini_set('max_input_time', '9999');
+
+/* define oinkid */
+if ($config['installedpackages']['snortglobal'])
+ $oinkid = $config['installedpackages']['snortglobal']['oinkmastercode'];
+else
+ $config['installedpackages']['snortglobal'] = array();
+
/* find out if were in 1.2.3-RELEASE */
-$pfsense_ver_chk = exec('/bin/cat /etc/version');
-if ($pfsense_ver_chk == '1.2.3-RELEASE')
-{
- $pfsense_stable = 'yes';
-}else{
- $pfsense_stable = 'no';
-}
+$pfsense_ver_chk = trim(file_get_contents("/etc/version"), " \n");
+if (strstr($pfsense_ver_chk, "1.2.3"))
+ $snort_pfsense_basever = 'yes';
+else
+ $snort_pfsense_basever = 'no';
/* find out what arch where in x86 , x64 */
-/* TODO: should be more clear in this code */
-$snort_arch_ck = '';
-exec('/usr/bin/uname -m', $snort_arch_ck);
-if($snort_arch_ck[0] == 'i386') {
+$snort_arch_ck = php_uname("m");
+if ($snort_arch_ck == 'i386')
$snort_arch = 'x86';
-}else{
+else if ($snort_arch_ck = "amd64")
$snort_arch = 'x64';
-}
+else
+ $snort_arch = "Unknown";
/* tell me my theme */
$pfsense_theme_is = $config['theme'];
@@ -65,14 +72,12 @@ $pfsense_theme_is = $config['theme'];
function find_whitelist_key($find_wlist_number) {
global $config, $g;
- $whitelist_array = $config['installedpackages']['snortglobal']['whitelist']['item'];
- $w_key = -1;
+ if (!is_array($config['installedpackages']['snortglobal']['whitelist']['item']))
+ return 0; /* XXX */
- foreach ($whitelist_array as $value) {
- $w_key += 1;
- if ($config['installedpackages']['snortglobal']['whitelist']['item'][$w_key]['uuid'] == $find_wlist_number) {
+ foreach ($config['installedpackages']['snortglobal']['whitelist']['item'] as $w_key => $value) {
+ if ($value['uuid'] == $find_wlist_number)
return $w_key;
- }
}
}
@@ -80,44 +85,61 @@ function find_whitelist_key($find_wlist_number) {
function find_suppress_key($find_slist_number) {
global $config, $g;
- $suppresslist_array = $config['installedpackages']['snortglobal']['suppress']['item'];
- $s_key = -1;
+ if (!is_array($config['installedpackages']['snortglobal']['suppress']['item']))
+ return 0; /* XXX */
- foreach ($suppresslist_array as $value2) {
- $s_key += 1;
- if ($config['installedpackages']['snortglobal']['suppress']['item'][$s_key]['uuid'] == $find_slist_number) {
+ foreach ($config['installedpackages']['snortglobal']['supppress']['item'] as $s_key => $value) {
+ if ($value['uuid'] == $find_slist_number)
return $s_key;
- }
}
}
/* func builds custom whitelests */
function build_base_whitelist($build_netlist, $wanip, $wangw, $wandns, $vips, $vpns, $userwips) {
- global $config, $g;
+ global $config, $g, $snort_pfsense_basever;
/* build an interface array list */
- $int_array = array('lan');
- for ($j = 1; isset ($config['interfaces']['opt' . $j]); $j++)
- if(isset($config['interfaces']['opt' . $j]['enable']))
- if(isset($config['interfaces']['opt' . $j]['gateway']))
- $int_array[] = "opt{$j}";
+ if ($snort_pfsense_basever == 'yes') {
+ $int_array = array('lan');
+ for ($j = 1; isset ($config['interfaces']['opt' . $j]); $j++)
+ if(isset($config['interfaces']['opt' . $j]['enable']))
+ if(isset($config['interfaces']['opt' . $j]['gateway']))
+ $int_array[] = "opt{$j}";
+ } else
+ $int_array = get_configured_interface_list();
+
+ $home_net = "";
/* iterate through interface list and write out whitelist items
* and also compile a home_net list for snort.
*/
- foreach($int_array as $int) {
+ foreach ($int_array as $int) {
/* calculate interface subnet information */
$ifcfg = $config['interfaces'][$int];
- $subnet = gen_subnet($ifcfg['ipaddr'], $ifcfg['subnet']);
- $subnetmask = gen_subnet_mask($ifcfg['subnet']);
- if($subnet == "pppoe" or $subnet == "dhcp") {
- $subnet = find_interface_ip("ng0");
- if($subnet)
- $home_net .= "{$subnet} ";
- } else {
- if ($subnet)
- if($ifcfg['subnet'])
- $home_net .= "{$subnet}/{$ifcfg['subnet']} ";
+ switch ($ifcfg['ipaddr']) {
+ case "pppoe":
+ case "pptp":
+ case "l2tp":
+ if (function_exists('get_real_interface'))
+ $subnet = find_interface_ip(get_real_interface($int));
+ else
+ $subnet = find_interface_ip("ng0");
+
+ if (is_ipaddr($subnet))
+ $home_net .= "{$subnet} ";
+ break;
+ case "dhcp":
+ $subnet = find_interface_ip($int);
+ if (is_ipaddr($subnet))
+ $home_net .= "{$subnet} ";
+ break;
+ default:
+ if (is_ipaddr($ifcfg['ipaddr'])) {
+ $subnet = gen_subnet($ifcfg['ipaddr'], $ifcfg['subnet']);
+ if ($ifcfg['subnet'])
+ $home_net .= "{$subnet}/{$ifcfg['subnet']} ";
+ }
+ break;
}
}
@@ -125,86 +147,78 @@ function build_base_whitelist($build_netlist, $wanip, $wangw, $wandns, $vips, $v
/* add all WAN ips to the whitelist */
$wan_if = get_real_wan_interface();
$ip = find_interface_ip($wan_if);
- if($ip)
- $home_net .= "{$ip} ";
+ if (is_ipaddr($ip))
+ $home_net .= "{$ip} ";
}
if($wangw == 'yes') {
/* Add Gateway on WAN interface to whitelist (For RRD graphs) */
$gw = get_interface_gateway('wan');
if($gw)
- $home_net .= "{$gw} ";
+ $home_net .= "{$gw} ";
}
if($wandns == 'yes') {
/* Add DNS server for WAN interface to whitelist */
$dns_servers = get_dns_servers();
- foreach($dns_servers as $dns) {
+ foreach ($dns_servers as $dns) {
if($dns)
- $home_net .= "{$dns} ";
+ $home_net .= "{$dns} ";
}
}
if($vips == 'yes') {
/* iterate all vips and add to whitelist */
- if($config['virtualip'])
- foreach($config['virtualip']['vip'] as $vip)
- if($vip['subnet'])
- $home_net .= $vip['subnet'] . " ";
+ if (is_array($config['virtualip']) && is_array($config['virtualip']['vip'])) {
+ foreach($config['virtualip']['vip'] as $vip)
+ if($vip['subnet'])
+ $home_net .= "{$vip['subnet']} ";
+ }
}
/* Add loopback to whitelist (ftphelper) */
- if($userwips > -1 && $build_netlist == 'netlist') {
- $home_net .= "127.0.0.1 ";
- }elseif ($userwips > -1 && $build_netlist == 'whitelist') {
- $home_net .= "127.0.0.1 ";
- }else{
- $home_net .= "127.0.0.1";
- }
+ $home_net .= "127.0.0.1";
/* grab a list of vpns and whitelist if user desires added by nestorfish 954 */
- if($vpns == 'yes')
- {
- if ($pfsense_stable == 'yes') // chk what pfsense version were on
- {
+ if ($vpns == 'yes') {
+ if ($snort_pfsense_basever == 'yes') // chk what pfsense version were on
$vpns_list = get_vpns_list();
- }
-
- if ($pfsense_stable == 'no') // chk what pfsense version were on
- {
+ else if ($snort_pfsense_basever == 'no') // chk what pfsense version were on
$vpns_list = filter_get_vpns_list();
- }
- if ($vpns_list != '') {
- $home_net .= "$vpns_list ";
- }
+
+ if (!empty($vpns_list))
+ $home_net .= "{$vpns_list} ";
}
/* never ever compair numbers to words */
- if($userwips > -1)
- {
+ if ($userwips > -1) {
if (!is_array($config['installedpackages']['snortglobal']['whitelist']['item']))
- $config['installedpackages']['snortglobal']['whitelist']['item'] = array();
+ $config['installedpackages']['snortglobal']['whitelist']['item'] = array();
$home_net .= $config['installedpackages']['snortglobal']['whitelist']['item'][$userwips]['address'];
}
+ $home_net = trim($home_net);
+
/* this foe whitelistfile, convert spaces to carriage returns */
- $whitelist_home_net = str_replace(" ", "\n", $home_net);
- $whitelist_home_net = str_replace(" ", "\n", $home_net);
+ if ($build_netlist == 'whitelist') {
+ $whitelist_home_net = str_replace(" ", "\n", $home_net);
+ $whitelist_home_net = str_replace(" ", "\n", $home_net);
+ return $whitelist_home_net;
+ }
/* this is for snort.conf */
- $home_net = trim($home_net);
- $home_net = str_replace(" ", ",", $home_net);
- // $home_net = str_replace(",,", ",", $home_net); // by Thrae, helps people with more than one gateway, breaks snort as is
+ $validator = explode(" ", $home_net);
+ $valresult = array();
+ foreach ($validator as $vald) {
+ if (empty($vald))
+ continue;
+ $valresult[] = $vald;
+ }
+ $home_net = implode(",", $valresult);
$home_net = "[{$home_net}]";
- if($build_netlist == 'netlist') {
- return $home_net;
- }
-
- if($build_netlist == 'whitelist') {
- return $whitelist_home_net;
- }
+ return $home_net;
}
@@ -212,7 +226,7 @@ function build_base_whitelist($build_netlist, $wanip, $wangw, $wandns, $vips, $v
function Running_Ck($snort_uuid, $if_real, $id) {
global $config;
- $snort_up_ck = exec("/bin/ps -U snort | grep snort | /usr/bin/awk '{print \$1;}'");
+ $snort_up_ck = exec("/bin/ps -U snort | /usr/bin/grep snort | /usr/bin/awk '{print \$1;}'");
if(snort_up_ck == '') {
$snort_up = 'no';
@@ -223,7 +237,7 @@ function Running_Ck($snort_uuid, $if_real, $id) {
/* use ob_clean to clear output buffer, this code needs to be watched */
ob_clean();
- $snort_up_prell = exec("/bin/ps -U snort | grep \"\-R {$snort_uuid}\" | awk '{print \$1;}'");
+ $snort_up_prell = exec("/bin/ps -U snort | /usr/bin/grep \"\-R {$snort_uuid}\" | /usr/bin/awk '{print \$1;}'");
if ($snort_up_prell != '') {
$snort_uph = 'yes';
@@ -273,8 +287,7 @@ function Running_Stop($snort_uuid, $if_real, $id) {
$start2_upb_s = exec("/bin/ps -U snort | grep \"snort_{$snort_uuid}_{$if_real}.u2\" | awk '{ print \$1; }'");
$start2_upb_r = exec("/bin/ps -U root | grep \"snort_{$snort_uuid}_{$if_real}.u2\" | awk '{ print \$1; }'");
- if ($start_up_s != '' || $start_up_r != '' || $start2_upb_s != '' || $start2_upb_r != '')
- {
+ if ($start_up_s != '' || $start_up_r != '' || $start2_upb_s != '' || $start2_upb_r != '') {
if ($start_up_s != '')
{
exec("/bin/kill {$start_up_s}");
@@ -311,12 +324,11 @@ function Running_Start($snort_uuid, $if_real, $id) {
global $config;
/* if snort.sh crashed this will remove the pid */
- exec('/bin/rm /tmp/snort.sh.pid');
+ @unlink('/tmp/snort.sh.pid');
$snort_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['enable'];
- if ($snort_info_chk == 'on') {
+ if ($snort_info_chk == 'on')
exec("/usr/local/bin/snort -u snort -g snort -R \"{$snort_uuid}\" -D -q -l /var/log/snort --pid-path /var/log/snort/run -G {$snort_uuid} -c /usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/snort.conf -i {$if_real}");
- }
/* define snortbarnyardlog_chk */
/* top will have trouble if the uuid is to far back */
$snortbarnyardlog_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['barnyard_enable'];
@@ -335,13 +347,16 @@ function convert_friendly_interface_to_real_interface_name2($interface)
global $config;
$lc_interface = strtolower($interface);
- if($lc_interface == "lan") return $config['interfaces']['lan']['if'];
- if($lc_interface == "wan") return $config['interfaces']['wan']['if'];
+ if ($lc_interface == "lan") {
+ if ($config['inerfaces']['lan'])
+ return $config['interfaces']['lan']['if'];
+ return $interface;
+ }
+ if ($lc_interface == "wan")
+ return $config['interfaces']['wan']['if'];
$ifdescrs = array();
- for ($j = 1; isset($config['interfaces']['opt' . $j]); $j++)
- $ifdescrs['opt' . $j] = "opt" . $j;
- foreach ($ifdescrs as $ifdescr => $ifname)
- {
+ for ($j = 1; isset($config['interfaces']['opt' . $j]); $j++) {
+ $ifname = "opt{$j}";
if(strtolower($ifname) == $lc_interface)
return $config['interfaces'][$ifname]['if'];
if(isset($config['interfaces'][$ifname]['descr']) && (strtolower($config['interfaces'][$ifname]['descr']) == $lc_interface))
@@ -351,16 +366,6 @@ function convert_friendly_interface_to_real_interface_name2($interface)
return $interface;
}
-
-/* Allow additional execution time 0 = no limit. */
-ini_set('max_execution_time', '9999');
-ini_set('max_input_time', '9999');
-
-/* define oinkid */
-if($config['installedpackages']['snortglobal'])
-$oinkid = $config['installedpackages']['snortglobal']['oinkmastercode'];
-
-
/*
this code block is for deleteing logs while keeping the newest file,
snort is linked to these files while running, do not take the easy way out
@@ -374,9 +379,8 @@ function snort_file_list($snort_log_dir, $snort_log_file)
{
$dir = opendir ("$snort_log_dir");
while (false !== ($file = readdir($dir))) {
- if (strpos($file, "$snort_log_file",1) ) {
+ if (strpos($file, "$snort_log_file",1) )
$file_list[] = $file;
- }
}
return $file_list;
}
@@ -384,31 +388,29 @@ function snort_file_list($snort_log_dir, $snort_log_file)
/* snort dir files */
function snort_file_sort($snort_file1, $snort_file2)
{
- if ($snort_file1 == $snort_file2) {
+ if ($snort_file1 == $snort_file2)
return 0;
- }
+
return ($snort_file1 < $snort_file2); // ? -1 : 1; // this flips the array
}
/* build files newest first array */
function snort_build_order($snort_list)
{
- foreach ($snort_list as $value_list) {
+ foreach ($snort_list as $value_list)
$list_order[] = $value_list;
- }
+
return $list_order;
}
/* keep the newest remove the rest */
function snort_remove_files($snort_list_rm, $snort_file_safe)
{
- foreach ($snort_list_rm as $value_list)
- {
- if ($value_list != $snort_file_safe) {
- exec("/bin/rm /var/log/snort/$value_list");
- }else{
- exec("/bin/echo '' > /var/log/snort/$snort_file_safe");
- }
+ foreach ($snort_list_rm as $value_list) {
+ if ($value_list != $snort_file_safe)
+ @unlink("/var/log/snort/$value_list");
+ else
+ file_put_contents("/var/log/snort/$snort_file_safe", "");
}
}
@@ -416,92 +418,55 @@ function post_delete_logs()
{
global $config, $g;
-
- $snort_log_dir = '/var/log/snort';
-
/* do not start config build if rules is empty */
- if (!empty($config['installedpackages']['snortglobal']['rule']))
- {
-
-
- $rule_array = $config['installedpackages']['snortglobal']['rule'];
- $id = -1;
- foreach ($rule_array as $value)
- {
+ if (!is_array($config['installedpackages']['snortglobal']['rule']))
+ return;
- if ($id == '') {
- $id = 0;
- }
+ $snort_log_dir = '/var/log/snort';
- $id += 1;
-
- $result_lan = $config['installedpackages']['snortglobal']['rule'][$id]['interface'];
- $if_real = convert_friendly_interface_to_real_interface_name2($result_lan);
- $snort_uuid = $config['installedpackages']['snortglobal']['rule'][$id]['uuid'];
-
- if ($if_real != '' && $snort_uuid != '')
- {
- if ($config['installedpackages']['snortglobal']['rule'][$id]['snortunifiedlog'] == 'on')
- {
- $snort_log_file_u2 = "{$snort_uuid}_{$if_real}.u2.";
- $snort_list_u2 = snort_file_list($snort_log_dir, $snort_log_file_u2);
- if (is_array($snort_list_u2)) {
- usort($snort_list_u2, "snort_file_sort");
- $snort_u2_rm_list = snort_build_order($snort_list_u2);
- snort_remove_files($snort_u2_rm_list, $snort_u2_rm_list[0]);
- }
- }else{
- exec("/bin/rm $snort_log_dir/snort_{$snort_uuid}_{$if_real}.u2*");
+ foreach ($config['installedpackages']['snortglobal']['rule'] as $value) {
+ $result_lan = $value['interface'];
+ $if_real = convert_friendly_interface_to_real_interface_name2($result_lan);
+ $snort_uuid = $value['uuid'];
+
+ if ($if_real != '' && $snort_uuid != '') {
+ if ($value['snortunifiedlog'] == 'on') {
+ $snort_log_file_u2 = "{$snort_uuid}_{$if_real}.u2.";
+ $snort_list_u2 = snort_file_list($snort_log_dir, $snort_log_file_u2);
+ if (is_array($snort_list_u2)) {
+ usort($snort_list_u2, "snort_file_sort");
+ $snort_u2_rm_list = snort_build_order($snort_list_u2);
+ snort_remove_files($snort_u2_rm_list, $snort_u2_rm_list[0]);
}
-
- if ($config['installedpackages']['snortglobal']['rule'][$id]['tcpdumplog'] == 'on')
- {
- $snort_log_file_tcpd = "{$snort_uuid}_{$if_real}.tcpdump.";
- $snort_list_tcpd = snort_file_list($snort_log_dir, $snort_log_file_tcpd);
- if (is_array($snort_list_tcpd)) {
- usort($snort_list_tcpd, "snort_file_sort");
- $snort_tcpd_rm_list = snort_build_order($snort_list_tcpd);
- snort_remove_files($snort_tcpd_rm_list, $snort_tcpd_rm_list[0]);
- }
- }else{
- exec("/bin/rm $snort_log_dir/snort_{$snort_uuid}_{$if_real}.tcpdump*");
+ } else
+ exec("/bin/rm $snort_log_dir/snort_{$snort_uuid}_{$if_real}.u2*");
+
+ if ($value['tcpdumplog'] == 'on') {
+ $snort_log_file_tcpd = "{$snort_uuid}_{$if_real}.tcpdump.";
+ $snort_list_tcpd = snort_file_list($snort_log_dir, $snort_log_file_tcpd);
+ if (is_array($snort_list_tcpd)) {
+ usort($snort_list_tcpd, "snort_file_sort");
+ $snort_tcpd_rm_list = snort_build_order($snort_list_tcpd);
+ snort_remove_files($snort_tcpd_rm_list, $snort_tcpd_rm_list[0]);
}
+ } else
+ exec("/bin/rm $snort_log_dir/snort_{$snort_uuid}_{$if_real}.tcpdump*");
- /* create barnyard2 configuration file */
- //if ($config['installedpackages']['snortglobal']['rule'][$id]['barnyard_enable'] == 'on')
- //create_barnyard2_conf($id, $if_real, $snort_uuid);
+ /* create barnyard2 configuration file */
+ //if ($value['barnyard_enable'] == 'on')
+ //create_barnyard2_conf($id, $if_real, $snort_uuid);
- if ($config['installedpackages']['snortglobal']['rule'][$id]['perform_stat'] == on)
- {
- exec("/bin/echo '' > /var/log/snort/snort_{$snort_uuid}_{$if_real}.stats");
- }
- }
+ if ($value['perform_stat'] == on)
+ file_put_contents("/var/log/snort/snort_{$snort_uuid}_{$if_real}.stats", "");
}
}
}
function snort_postinstall()
{
- global $config;
- conf_mount_rw();
+ global $config, $g, $snort_pfsense_basever, $snort_arch;
- /* find out if were in 1.2.3-RELEASE */
- $pfsense_ver_chk = exec('/bin/cat /etc/version');
- if ($pfsense_ver_chk == '1.2.3-RELEASE')
- {
- $pfsense_stable = 'yes';
- }else{
- $pfsense_stable = 'no';
- }
-
- /* find out what arch where in x86 , x64 */
- $snort_arch_ck = '';
- exec('/usr/bin/uname -m', $snort_arch_ck);
- if($snort_arch_ck[0] == 'i386') {
- $snort_arch = 'x86';
- }else{
- $snort_arch = 'x64';
- }
+ conf_mount_rw();
/* snort -> advanced features */
$bpfbufsize = $config['installedpackages']['snortglobal']['bpfbufsize'];
@@ -509,32 +474,24 @@ function snort_postinstall()
$bpfmaxinsns = $config['installedpackages']['snortglobal']['bpfmaxinsns'];
/* cleanup default files */
- if(file_exists('/usr/local/etc/snort/snort.conf-sample'))
- {
- exec('/bin/rm /usr/local/etc/snort/snort.conf-sample');
- exec('/bin/rm /usr/local/etc/snort/threshold.conf-sample');
- exec('/bin/rm /usr/local/etc/snort/sid-msg.map-sample');
- exec('/bin/rm /usr/local/etc/snort/unicode.map-sample');
- exec('/bin/rm /usr/local/etc/snort/classification.config-sample');
- exec('/bin/rm /usr/local/etc/snort/generators-sample');
- exec('/bin/rm /usr/local/etc/snort/reference.config-sample');
- exec('/bin/rm /usr/local/etc/snort/gen-msg.map-sample');
- exec('/bin/rm /usr/local/etc/snort/sid');
- exec('/bin/rm /usr/local/etc/rc.d/snort');
- exec('/bin/rm /usr/local/etc/rc.d/bardyard2');
- }
+ @unlink('/usr/local/etc/snort/snort.conf-sample');
+ @unlink('/usr/local/etc/snort/threshold.conf-sample');
+ @unlink('/usr/local/etc/snort/sid-msg.map-sample');
+ @unlink('/usr/local/etc/snort/unicode.map-sample');
+ @unlink('/usr/local/etc/snort/classification.config-sample');
+ @unlink('/usr/local/etc/snort/generators-sample');
+ @unlink('/usr/local/etc/snort/reference.config-sample');
+ @unlink('/usr/local/etc/snort/gen-msg.map-sample');
+ @unlink('/usr/local/etc/snort/sid');
+ @unlink('/usr/local/etc/rc.d/snort');
+ @unlink('/usr/local/etc/rc.d/bardyard2');
/* remove example files */
- if(file_exists('/usr/local/lib/snort/dynamicrules/lib_sfdynamic_example_rule.so.0'))
- {
+ if (file_exists('/usr/local/lib/snort/dynamicrules/lib_sfdynamic_example_rule.so.0'))
exec('/bin/rm /usr/local/lib/snort/dynamicrules/lib_sfdynamic_example*');
- }
- if(file_exists('/usr/local/lib/snort/dynamicpreprocessor/lib_sfdynamic_preprocessor_example.so'))
- {
+ if (file_exists('/usr/local/lib/snort/dynamicpreprocessor/lib_sfdynamic_preprocessor_example.so'))
exec('/bin/rm /usr/local/lib/snort/dynamicpreprocessor/lib_sfdynamic_preprocessor_example*');
- }
-
/* add snort user and group note: 920 keep the numbers < 2000, above this is reserved in pfSense 2.0 */
exec('/usr/sbin/pw groupadd snort -g 920');
@@ -542,53 +499,35 @@ function snort_postinstall()
/* create a few directories and ensure the sample files are in place */
- if(!file_exists('/usr/local/etc/snort'))
- {
- exec('/bin/mkdir -p /usr/local/etc/snort');
- }
-
- if(!file_exists('/usr/local/etc/snort/custom_rules'))
- {
- exec('/bin/mkdir -p /usr/local/etc/snort/custom_rules/');
- }
+ if (!is_dir('/usr/local/etc/snort'))
+ exec('/bin/mkdir -p /usr/local/etc/snort/custom_rules');
- if(!file_exists('/usr/local/etc/snort/whitelist'))
- {
+ if (!file_exists('/usr/local/etc/snort/whitelist'))
exec('/bin/mkdir -p /usr/local/etc/snort/whitelist/');
- }
- if(!file_exists('/var/log/snort/run'))
- {
+ if (!is_dir('/var/log/snort/run'))
exec('/bin/mkdir -p /var/log/snort/run');
- }
- if(!file_exists('/var/log/snort/barnyard2'))
- {
- exec('/bin/mkdir -p /var/log/snort/barnyard2/');
- }
+ if (!is_dir('/var/log/snort/barnyard2'))
+ exec('/bin/mkdir -p /var/log/snort/barnyard2');
- if(!file_exists('/usr/local/lib/snort/dynamicrules/'))
- {
+ if (!is_dir('/usr/local/lib/snort/dynamicrules/'))
exec('/bin/mkdir -p /usr/local/lib/snort/dynamicrules/');
- }
- if(!file_exists('/var/db/whitelist'))
- {
+ if (!file_exists('/var/db/whitelist'))
touch('/var/db/whitelist');
- }
/* if users have old log files delete them */
- if(!file_exists('/var/log/snort/alert')) {
+ if(!file_exists('/var/log/snort/alert'))
touch('/var/log/snort/alert');
- }else{
+ else {
exec('/bin/rm -rf /var/log/snort/*');
touch('/var/log/snort/alert');
}
/* rm barnyard2 important */
- if(!file_exists('/usr/local/bin/barnyard2')) {
- exec('/bin/rm /usr/local/bin/barnyard2');
- }
+ if (!file_exists('/usr/local/bin/barnyard2'))
+ @unlink('/usr/local/bin/barnyard2');
/* important */
exec('/usr/sbin/chown -R snort:snort /var/log/snort');
@@ -619,7 +558,7 @@ function snort_postinstall()
exec('/usr/bin/fetch http://www.pfsense.com/packages/config/snort/css/colorbox.css');
exec('/usr/bin/fetch http://www.pfsense.com/packages/config/snort/css/new_tab_menu.css');
exec('/usr/bin/fetch http://www.pfsense.com/packages/config/snort/css/sexybuttons.css');
- chdir ("/usr/local/www/snort/images/");
+ chdir("/usr/local/www/snort/images/");
exec('/usr/bin/fetch http://www.pfsense.com/packages/config/snort/images/alert.jpg');
exec('/usr/bin/fetch http://www.pfsense.com/packages/config/snort/images/down.gif');
exec('/usr/bin/fetch http://www.pfsense.com/packages/config/snort/images/down2.gif');
@@ -646,83 +585,53 @@ function snort_postinstall()
exec('/usr/bin/fetch http://www.pfsense.com/packages/config/snort/javascript/prototype.js');
/* install barnyard2 for 2.0 x86 x64 and 1.2.3 x86 */
- chdir ("/usr/local/bin/");
+ chdir("/usr/local/bin/");
update_status(gettext("Installing Barnyard2 for $snort_arch..."));
update_output_window(gettext("Please wait..."));
- if ($pfsense_stable == 'yes') {
+ if ($snort_pfsense_basever == 'yes')
exec('/usr/bin/fetch http://www.pfsense.com/packages/config/snort/bin/7.3.x86/barnyard2');
- }
-
- if ($pfsense_stable == 'no' && $snort_arch == 'x86') {
- exec('/usr/bin/fetch http://www.pfsense.com/packages/config/snort/bin/8.1x86/barnyard2');
- }
+ else if ($snort_pfsense_basever == 'no')
+ exec('/usr/bin/fetch http://www.pfsense.com/packages/config/snort/bin/8.1{$snort_arch}/barnyard2');
- if ($pfsense_stable == 'no' && $snort_arch == 'x64') {
- exec('/usr/bin/fetch http://www.pfsense.com/packages/config/snort/bin/8.1x64/barnyard2');
- }
update_output_window(gettext("Finnished Installing Barnyard2..."));
exec('/bin/chmod 755 /usr/local/bin/barnyard2');
-
/* install perl-threaded */
/* TODO: invoke this through pkg_util.inc */
- if(!file_exists('/tmp/pkg_s')) {
+ if (!is_dir('/tmp/pkg_s'))
exec('/bin/mkdir -p /tmp/pkg_s');
- }
- chdir ('/tmp/pkg_s');
+ $snort_tmp_pkg_dir = "{$g['tmp_path']}/pkg_s";
+ chdir('$snort_tmp_pkg_dir');
- update_status(gettext("Installing perl-threaded for $snort_arch..."));
+ update_status(gettext("Installing perl-threaded for {$snort_arch}..."));
update_output_window(gettext("Please wait downloading..."));
- if ($pfsense_stable == 'yes') {
- exec('/usr/bin/fetch http://files.pfsense.org/packages/snort/7.3x86/perl-threaded-5.12.1_1.tbz');
- }
-
- if ($pfsense_stable == 'no' && $snort_arch == 'x86') {
- exec('/usr/bin/fetch http://files.pfsense.org/packages/snort//8.1x86/perl-threaded-5.12.1_1.tbz');
- }
-
- if ($pfsense_stable == 'no' && $snort_arch == 'x64') {
- exec('/usr/bin/fetch http://files.pfsense.org/packages/snort/8.1x64/perl-threaded-5.12.1_1.tbz');
- }
-
- conf_mount_rw();
- if(!file_exists('/root/pkg_s')) {
- exec('/bin/mkdir -p /root/pkg_s');
- }
+ if ($snort_pfsense_basever == 'yes')
+ exec("/usr/bin/fetch http://files.pfsense.org/packages/snort/7.3x86/perl-threaded-5.12.1_1.tbz");
+ else if ($snort_pfsense_basever == 'no')
+ exec("/usr/bin/fetch http://files.pfsense.org/packages/snort//8.1{$snort_arch}/perl-threaded-5.12.1_1.tbz");
update_output_window(gettext("Please wait Installing..."));
- if(file_exists('/tmp/pkg_s/perl-threaded-5.12.1_1.tbz')) {
- exec('/bin/cp /tmp/pkg_s/perl-threaded-5.12.1_1.tbz /root/pkg_s/perl-threaded-5.12.1_1.tbz');
- sleep(2);
- exec('/usr/sbin/pkg_add -f /root/pkg_s/perl-threaded-5.12.1_1.tbz');
- }
+ if (file_exists("{$snort_tmp_pkg_dir}/perl-threaded-5.12.1_1.tbz"))
+ exec("/usr/sbin/pkg_add -f {$snort_tmp_pkg_dir}/perl-threaded-5.12.1_1.tbz");
update_output_window(gettext("Please wait Cleaning Up..."));
- if(file_exists('/root/pkg_s/')) {
- exec('/bin/rm -r /tmp/pkg_s/');
- exec('/bin/rm -r /root/pkg_s/');
- }
+ if (is_dir($snort_tmp_pkg_dir))
+ exec("/bin/rm -r {$snort_tmp_pkg_dir}");
update_output_window(gettext("Finnished Installing perl-threaded..."));
/* back to default */
- chdir ('/root/');
+ chdir('/root/');
/* make sure snort-old is deinstalled */
- /* remove when snort-old is removed */
- unset($config['installedpackages']['snort']);
- unset($config['installedpackages']['snortdefservers']);
- unset($config['installedpackages']['snortwhitelist']);
- unset($config['installedpackages']['snortthreshold']);
- unset($config['installedpackages']['snortadvanced']);
- write_config();
- conf_mount_rw();
+ unset($config['installedpackages']['snort'], $config['installedpackages']['snortdefservers'], $config['installedpackages']['snortwhitelist']);
+ unset($config['installedpackages']['snortthreshold'], $config['installedpackages']['snortadvanced']);
/* remake saved settings */
- if($config['installedpackages']['snortglobal']['forcekeepsettings'] == 'on') {
+ if ($config['installedpackages']['snortglobal']['forcekeepsettings'] == 'on') {
update_status(gettext("Saved settings detected..."));
update_output_window(gettext("Please wait... rebuilding files..."));
sync_snort_package_empty();
@@ -736,10 +645,11 @@ function snort_postinstall()
function sync_package_snort_reinstall()
{
global $config;
+
conf_mount_rw();
- if(!$config['installedpackages']['snortglobal'])
- return;
+ if (!$config['installedpackages']['snortglobal'])
+ return;
/* create snort configuration file */
create_snort_conf();
@@ -752,7 +662,7 @@ function sync_package_snort_reinstall()
function snort_Getdirsize($node) {
if(!is_readable($node))
- return false;
+ return false;
$blah = exec( "/usr/bin/du -kd $node" );
return substr( $blah, 0, strpos($blah, 9) );
@@ -763,12 +673,12 @@ function snort_snortloglimit_install_cron($should_install) {
global $config, $g;
if ($g['booting']==true)
- return;
+ return;
$is_installed = false;
- if(!$config['cron']['item'])
- return;
+ if (!is_array($config['cron']['item']))
+ $config['cron']['item'] = array();
$x=0;
foreach($config['cron']['item'] as $item) {
@@ -795,17 +705,17 @@ function snort_snortloglimit_install_cron($should_install) {
$cron_item['who'] = "root";
$cron_item['command'] = "/usr/bin/nice -n20 /usr/local/bin/php -f /usr/local/pkg/snort/snort_check_cron_misc.inc";
$config['cron']['item'][] = $cron_item;
- write_config('Installed snort log limit size');
+ write_config('Installed snort log limit size'); /* XXX */
+ conf_mount_rw();
configure_cron();
exec('/usr/bin/killall -HUP cron'); // TODO: remove when 2.0 is stable
}
break;
case false:
if($is_installed == true) {
- if($x > 0)
- {
+ if($x > 0) {
unset($config['cron']['item'][$x]);
- write_config();
+ write_config(); /* XXX */
conf_mount_rw();
}
configure_cron();
@@ -822,18 +732,16 @@ function snort_rm_blocked_install_cron($should_install)
global $config, $g;
if ($g['booting']==true)
- return;
+ return;
$is_installed = false;
- if(!$config['cron']['item'])
- return;
+ if(!is_array($config['cron']['item']))
+ $config['cron']['item'] = array();
$x=0;
- foreach($config['cron']['item'] as $item)
- {
- if (strstr($item['command'], "snort2c"))
- {
+ foreach($config['cron']['item'] as $item) {
+ if (strstr($item['command'], "snort2c")) {
$is_installed = true;
break;
}
@@ -841,8 +749,7 @@ function snort_rm_blocked_install_cron($should_install)
}
$snort_rm_blocked_info_ck = $config['installedpackages']['snortglobal']['rm_blocked'];
- if ($snort_rm_blocked_info_ck == "1h_b")
- {
+ if ($snort_rm_blocked_info_ck == "1h_b") {
$snort_rm_blocked_min = "*/5";
$snort_rm_blocked_hr = "*";
$snort_rm_blocked_mday = "*";
@@ -850,8 +757,7 @@ function snort_rm_blocked_install_cron($should_install)
$snort_rm_blocked_wday = "*";
$snort_rm_blocked_expire = "3600";
}
- if ($snort_rm_blocked_info_ck == "3h_b")
- {
+ if ($snort_rm_blocked_info_ck == "3h_b") {
$snort_rm_blocked_min = "*/15";
$snort_rm_blocked_hr = "*";
$snort_rm_blocked_mday = "*";
@@ -859,8 +765,7 @@ function snort_rm_blocked_install_cron($should_install)
$snort_rm_blocked_wday = "*";
$snort_rm_blocked_expire = "10800";
}
- if ($snort_rm_blocked_info_ck == "6h_b")
- {
+ if ($snort_rm_blocked_info_ck == "6h_b") {
$snort_rm_blocked_min = "*/30";
$snort_rm_blocked_hr = "*";
$snort_rm_blocked_mday = "*";
@@ -868,8 +773,7 @@ function snort_rm_blocked_install_cron($should_install)
$snort_rm_blocked_wday = "*";
$snort_rm_blocked_expire = "21600";
}
- if ($snort_rm_blocked_info_ck == "12h_b")
- {
+ if ($snort_rm_blocked_info_ck == "12h_b") {
$snort_rm_blocked_min = "2";
$snort_rm_blocked_hr = "*/1";
$snort_rm_blocked_mday = "*";
@@ -877,8 +781,7 @@ function snort_rm_blocked_install_cron($should_install)
$snort_rm_blocked_wday = "*";
$snort_rm_blocked_expire = "43200";
}
- if ($snort_rm_blocked_info_ck == "1d_b")
- {
+ if ($snort_rm_blocked_info_ck == "1d_b") {
$snort_rm_blocked_min = "2";
$snort_rm_blocked_hr = "*/2";
$snort_rm_blocked_mday = "*";
@@ -886,8 +789,7 @@ function snort_rm_blocked_install_cron($should_install)
$snort_rm_blocked_wday = "*";
$snort_rm_blocked_expire = "86400";
}
- if ($snort_rm_blocked_info_ck == "4d_b")
- {
+ if ($snort_rm_blocked_info_ck == "4d_b") {
$snort_rm_blocked_min = "2";
$snort_rm_blocked_hr = "*/8";
$snort_rm_blocked_mday = "*";
@@ -895,8 +797,7 @@ function snort_rm_blocked_install_cron($should_install)
$snort_rm_blocked_wday = "*";
$snort_rm_blocked_expire = "345600";
}
- if ($snort_rm_blocked_info_ck == "7d_b")
- {
+ if ($snort_rm_blocked_info_ck == "7d_b") {
$snort_rm_blocked_min = "2";
$snort_rm_blocked_hr = "*/14";
$snort_rm_blocked_mday = "*";
@@ -904,8 +805,7 @@ function snort_rm_blocked_install_cron($should_install)
$snort_rm_blocked_wday = "*";
$snort_rm_blocked_expire = "604800";
}
- if ($snort_rm_blocked_info_ck == "28d_b")
- {
+ if ($snort_rm_blocked_info_ck == "28d_b") {
$snort_rm_blocked_min = "2";
$snort_rm_blocked_hr = "0";
$snort_rm_blocked_mday = "*/2";
@@ -913,38 +813,35 @@ function snort_rm_blocked_install_cron($should_install)
$snort_rm_blocked_wday = "*";
$snort_rm_blocked_expire = "2419200";
}
- switch($should_install)
- {
- case true:
- if(!$is_installed)
- {
- $cron_item = array();
- $cron_item['minute'] = "$snort_rm_blocked_min";
- $cron_item['hour'] = "$snort_rm_blocked_hr";
- $cron_item['mday'] = "$snort_rm_blocked_mday";
- $cron_item['month'] = "$snort_rm_blocked_month";
- $cron_item['wday'] = "$snort_rm_blocked_wday";
- $cron_item['who'] = "root";
- $cron_item['command'] = "/usr/bin/nice -n20 /usr/local/sbin/expiretable -t $snort_rm_blocked_expire snort2c";
- $config['cron']['item'][] = $cron_item;
- write_config("Installed $snort_rm_blocked_info_ck minute filter reload for Time Based Rules");
- configure_cron();
- exec('/usr/bin/killall -HUP cron'); // TODO: remove when 2.0 is stable
- }
- break;
- case false:
- if($is_installed == true)
- {
- if($x > 0)
- {
- unset($config['cron']['item'][$x]);
- write_config();
- conf_mount_rw();
- }
- configure_cron();
- exec('/usr/bin/killall -HUP cron'); // TODO: remove when 2.0 is stable
+ switch($should_install) {
+ case true:
+ if(!$is_installed) {
+ $cron_item = array();
+ $cron_item['minute'] = "$snort_rm_blocked_min";
+ $cron_item['hour'] = "$snort_rm_blocked_hr";
+ $cron_item['mday'] = "$snort_rm_blocked_mday";
+ $cron_item['month'] = "$snort_rm_blocked_month";
+ $cron_item['wday'] = "$snort_rm_blocked_wday";
+ $cron_item['who'] = "root";
+ $cron_item['command'] = "/usr/bin/nice -n20 /usr/local/sbin/expiretable -t $snort_rm_blocked_expire snort2c";
+ $config['cron']['item'][] = $cron_item;
+ write_config("Installed $snort_rm_blocked_info_ck minute filter reload for Time Based Rules"); /* XXX */
+ conf_mount_rw();
+ configure_cron();
+ exec('/usr/bin/killall -HUP cron'); // TODO: remove when 2.0 is stable
+ }
+ break;
+ case false:
+ if ($is_installed == true) {
+ if ($x > 0) {
+ unset($config['cron']['item'][$x]);
+ write_config(); /* XXX */
+ conf_mount_rw();
}
- break;
+ configure_cron();
+ exec('/usr/bin/killall -HUP cron'); // TODO: remove when 2.0 is stable
+ }
+ break;
}
}
@@ -953,12 +850,12 @@ function snort_rules_up_install_cron($should_install) {
global $config, $g;
if ($g['booting']==true)
- return;
+ return;
$is_installed = false;
if(!$config['cron']['item'])
- return;
+ $config['cron']['item'] = array();
$x=0;
foreach($config['cron']['item'] as $item) {
@@ -1012,39 +909,39 @@ function snort_rules_up_install_cron($should_install) {
$snort_rules_up_wday = "*";
}
switch($should_install) {
- case true:
- if(!$is_installed) {
- $cron_item = array();
- $cron_item['minute'] = "$snort_rules_up_min";
- $cron_item['hour'] = "$snort_rules_up_hr";
- $cron_item['mday'] = "$snort_rules_up_mday";
- $cron_item['month'] = "$snort_rules_up_month";
- $cron_item['wday'] = "$snort_rules_up_wday";
- $cron_item['who'] = "root";
- $cron_item['command'] = "/usr/bin/nice -n20 /usr/local/bin/php -f /usr/local/pkg/snort/snort_check_for_rule_updates.php >> /tmp/snort_update.log";
- $config['cron']['item'][] = $cron_item;
- write_config("Installed 15 minute filter reload for Time Based Rules");
- configure_cron();
- exec('/usr/bin/killall -HUP cron'); // TODO: remove when 2.0 is stable
- }
- break;
- case false:
- if($is_installed == true) {
- if($x > 0) {
- unset($config['cron']['item'][$x]);
- write_config();
- conf_mount_rw();
- }
- configure_cron();
- exec('/usr/bin/killall -HUP cron'); // TODO: remove when 2.0 is stable
+ case true:
+ if(!$is_installed) {
+ $cron_item = array();
+ $cron_item['minute'] = "$snort_rules_up_min";
+ $cron_item['hour'] = "$snort_rules_up_hr";
+ $cron_item['mday'] = "$snort_rules_up_mday";
+ $cron_item['month'] = "$snort_rules_up_month";
+ $cron_item['wday'] = "$snort_rules_up_wday";
+ $cron_item['who'] = "root";
+ $cron_item['command'] = "/usr/bin/nice -n20 /usr/local/bin/php -f /usr/local/pkg/snort/snort_check_for_rule_updates.php >> /tmp/snort_update.log";
+ $config['cron']['item'][] = $cron_item;
+ write_config("Installed 15 minute filter reload for Time Based Rules"); /* XXX */
+ cont_mount_rw();
+ configure_cron();
+ exec('/usr/bin/killall -HUP cron'); // TODO: remove when 2.0 is stable
+ }
+ break;
+ case false:
+ if($is_installed == true) {
+ if($x > 0) {
+ unset($config['cron']['item'][$x]);
+ write_config(); /* XXX */
+ conf_mount_rw();
}
- break;
+ configure_cron();
+ exec('/usr/bin/killall -HUP cron'); // TODO: remove when 2.0 is stable
+ }
+ break;
}
}
function sync_snort_package_remove_old()
{
-
global $config, $g;
$snort_dir_scan = '/usr/local/etc/snort';
@@ -1064,27 +961,18 @@ function sync_snort_package_remove_old()
}
$rule_array2 = $config['installedpackages']['snortglobal']['rule'];
- $id2 = -1;
- foreach ($rule_array2 as $value)
- {
-
- $id += 1;
-
- $result_lan = $config['installedpackages']['snortglobal']['rule'][$id]['interface'];
+ foreach ($rule_array2 as $id => $value) {
+ $result_lan = $value['interface'];
$if_real = convert_friendly_interface_to_real_interface_name2($result_lan);
- $snort_rules_list[] = "snort_$id$if_real";
-
+ $snort_rules_list[] = "snort_{$id}{$if_real}";
}
-
$snort_dir_filter = array_filter($list_dir_files, array(new array_ereg("snort_"), 'ereg'));
$snort_dir_filter_search_result = array_diff($snort_dir_filter, $snort_rules_list);
foreach ($snort_dir_filter_search_result as $value)
- {
- exec("rm -r /usr/local/etc/snort/$value");
- }
+ exec("/bin/rm -r /usr/local/etc/snort/$value");
}
@@ -1092,29 +980,20 @@ function sync_snort_package_remove_old()
function sync_snort_package()
{
global $config, $g;
- conf_mount_rw();
/* all new files are for the user snort nologin */
- if(!file_exists('/var/log/snort'))
- {
+ if (!is_dir('/var/log/snort'))
exec('/bin/mkdir -p /var/log/snort');
- }
- if(!file_exists('/var/log/snort/run'))
- {
+ if (!is_dir('/var/log/snort/run'))
exec('/bin/mkdir -p /var/log/snort/run');
- }
- if(!file_exists('/var/log/snort/barnyard2'))
- {
+ if (!is_dir('/var/log/snort/barnyard2'))
exec('/bin/mkdir -p /var/log/snort/barnyard2');
- }
/* all new files are for the user snort nologin */
- if(!file_exists('/var/log/snort/alert'))
- {
+ if (!file_exists('/var/log/snort/alert'))
exec('/usr/bin/touch /var/log/snort/alert');
- }
/* important */
exec('/usr/sbin/chown -R snort:snort /var/log/snort');
@@ -1134,19 +1013,19 @@ function sync_snort_package()
$snortloglimitsize = $config['installedpackages']['snortglobal']['snortloglimitsize'];
$snortloglimit = $config['installedpackages']['snortglobal']['snortloglimit'];
+ $write_config = false;
+
if ($snortloglimit == '') {
/* code will set limit to 21% of slice that is unused */
$config['installedpackages']['snortglobal']['snortloglimit'] = 'on';
- write_config();
- conf_mount_rw();
+ $write_config = true;
}
if ($snortloglimitsize == '') {
/* code will set limit to 21% of slice that is unused */
$snortloglimitDSKsize = round(exec('df -k /var | grep -v "Filesystem" | awk \'{print $4}\'') * .22 / 1024);
$config['installedpackages']['snortglobal']['snortloglimitsize'] = $snortloglimitDSKsize;
- write_config();
- conf_mount_rw();
+ $write_config = true;
}
$snort_snortloglimit_info_ck = $config['installedpackages']['snortglobal']['snortloglimit'];
@@ -1155,13 +1034,15 @@ function sync_snort_package()
snort_snortloglimit_install_cron('true');
}
- conf_mount_ro();
+ /* XXX: Really need write_config here? */
+ write_config();
+ /* XXX: Restore rw mode since write_config sets ro */
+ conf_mount_rw();
}
/* only run when a single iface needs to sync */
function sync_snort_package_all($id, $if_real, $snort_uuid)
{
- //global $config, $g, $id, $if_real, $snort_uuid, $interface_fake;
global $config, $g;
/* RedDevil suggested code */
@@ -1172,55 +1053,48 @@ function sync_snort_package_all($id, $if_real, $snort_uuid)
//exec("/sbin/sysctl net.bpf.maxinsns=512");
//exec("/sbin/sysctl net.inet.tcp.rfc1323=1");
- # Error checking
- if ($id != '' && $if_real != '') //new
- {
- /* do not start config build if rules is empty */
- if (!empty($config['installedpackages']['snortglobal']['rule']))
- {
+ /* do not start config build if rules is empty */
+ if (!is_array($config['installedpackages']['snortglobal']['rule']))
+ return;
+ if (empty($config['installedpackages']['snortglobal']['rule'][$id]))
+ return;
- conf_mount_rw();
+ conf_mount_rw();
- $snort_uuid = $config['installedpackages']['snortglobal']['rule'][$id]['uuid'];
- $result_lan = $config['installedpackages']['snortglobal']['rule'][$id]['interface'];
- $if_real = convert_friendly_interface_to_real_interface_name2($result_lan);
+ $snort_uuid = $config['installedpackages']['snortglobal']['rule'][$id]['uuid'];
+ $result_lan = $config['installedpackages']['snortglobal']['rule'][$id]['interface'];
+ $if_real = convert_friendly_interface_to_real_interface_name($result_lan);
- /* create snort configuration file */
- create_snort_conf($id, $if_real, $snort_uuid);
+ /* create snort configuration file */
+ create_snort_conf($id, $if_real, $snort_uuid);
- /* if rules exist cp rules to each iface */
- create_rules_iface($id, $if_real, $snort_uuid);
+ /* if rules exist cp rules to each iface */
+ create_rules_iface($id, $if_real, $snort_uuid);
- /* only build whitelist when needed */
- if ($config['installedpackages']['snortglobal']['rule'][$id]['blockoffenders7'] == 'on'){
- create_snort_whitelist($id, $if_real);
- }
+ /* only build whitelist when needed */
+ if ($config['installedpackages']['snortglobal']['rule'][$id]['blockoffenders7'] == 'on')
+ create_snort_whitelist($id, $if_real);
- /* only build threshold when needed */
- if ($config['installedpackages']['snortglobal']['rule'][$id]['suppresslistname'] != 'default'){
- create_snort_suppress($id, $if_real);
- }
+ /* only build threshold when needed */
+ if ($config['installedpackages']['snortglobal']['rule'][$id]['suppresslistname'] != 'default')
+ create_snort_suppress($id, $if_real);
- /* create snort bootup file snort.sh only create once */
- create_snort_sh();
+ /* create snort bootup file snort.sh only create once */
+ create_snort_sh();
- /* create barnyard2 configuration file */
- $snortbarnyardlog_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['barnyard_enable'];
- if ($snortbarnyardlog_info_chk == 'on')
- create_barnyard2_conf($id, $if_real, $snort_uuid);
+ /* create barnyard2 configuration file */
+ if ($config['installedpackages']['snortglobal']['rule'][$id]['barnyard_enable'] == 'on')
+ create_barnyard2_conf($id, $if_real, $snort_uuid);
- sync_snort_package();
+ sync_snort_package();
- conf_mount_ro();
- }
- }
+ conf_mount_ro();
}
-/* only run when all ifaces needed to sync */
+/* Only run when all ifaces needed to sync. Expects filesystem rw */
function sync_snort_package_empty()
{
global $config, $g;
- conf_mount_rw();
/* RedDevil suggested code */
/* TODO: more testing needs to be done */
@@ -1231,67 +1105,50 @@ function sync_snort_package_empty()
//exec("/sbin/sysctl net.inet.tcp.rfc1323=1");
/* do not start config build if rules is empty */
- if (!empty($config['installedpackages']['snortglobal']['rule']))
- {
- if ($id == "")
- {
-
- $rule_array = $config['installedpackages']['snortglobal']['rule'];
- $id = -1;
- foreach ($rule_array as $value)
- {
-
- if ($id == '') {
- $id = 0;
- }
+ if (is_array($config['installedpackages']['snortglobal']['rule']))
+ return;
- $id += 1;
+ conf_mount_rw();
- $result_lan = $config['installedpackages']['snortglobal']['rule'][$id]['interface'];
- $if_real = convert_friendly_interface_to_real_interface_name2($result_lan);
- $snort_uuid = $config['installedpackages']['snortglobal']['rule'][$id]['uuid'];
+ foreach ($config['installedpackages']['snortglobal']['rule'] as $id => $value) {
+ $if_real = convert_friendly_interface_to_real_interface_name($value['interface']);
+ $snort_uuid = $value['uuid'];
- if ($if_real != '' && $snort_uuid != '') {
-
- /* create snort configuration file */
- create_snort_conf($id, $if_real, $snort_uuid);
-
- /* if rules exist cp rules to each iface */
- create_rules_iface($id, $if_real, $snort_uuid);
-
- /* only build whitelist when needed */
- if ($config['installedpackages']['snortglobal']['rule'][$id]['blockoffenders7'] == 'on'){
- create_snort_whitelist($id, $if_real);
- }
-
- /* only build threshold when needed */
- if ($config['installedpackages']['snortglobal']['rule'][$id]['suppresslistname'] != 'default'){
- create_snort_suppress($id, $if_real);
- }
-
- /* create barnyard2 configuration file */
- $snortbarnyardlog_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['barnyard_enable'];
- if ($snortbarnyardlog_info_chk == 'on')
- create_barnyard2_conf($id, $if_real, $snort_uuid);
- }
- }
+ if ($if_real != '' && $snort_uuid != '') {
+
+ /* create snort configuration file */
+ create_snort_conf($id, $if_real, $snort_uuid);
- /* create snort bootup file snort.sh only create once */
- create_snort_sh();
+ /* if rules exist cp rules to each iface */
+ create_rules_iface($id, $if_real, $snort_uuid);
- sync_snort_package();
+ /* only build whitelist when needed */
+ if ($value['blockoffenders7'] == 'on')
+ create_snort_whitelist($id, $if_real);
- conf_mount_ro();
+ /* only build threshold when needed */
+ if ($value['suppresslistname'] != 'default')
+ create_snort_suppress($id, $if_real);
+ /* create barnyard2 configuration file */
+ $snortbarnyardlog_info_chk = $value['barnyard_enable'];
+ if ($snortbarnyardlog_info_chk == 'on')
+ create_barnyard2_conf($id, $if_real, $snort_uuid);
}
}
+
+ /* create snort bootup file snort.sh only create once */
+ create_snort_sh();
+
+ sync_snort_package();
+
+ conf_mount_ro();
}
/* only bootup and ip refresh */
function sync_snort_package_config()
{
global $config, $g;
- conf_mount_rw();
/* RedDevil suggested code */
/* TODO: more testing needs to be done */
@@ -1302,313 +1159,267 @@ function sync_snort_package_config()
//exec("/sbin/sysctl net.inet.tcp.rfc1323=1");
/* do not start config build if rules is empty */
- if (!empty($config['installedpackages']['snortglobal']['rule']))
- {
- if ($id == "")
- {
+ if (!is_array($config['installedpackages']['snortglobal']['rule']))
+ return;
- $rule_array = $config['installedpackages']['snortglobal']['rule'];
- $id = -1;
- foreach ($rule_array as $value)
- {
+ conf_mount_rw();
- if ($id == '') {
- $id = 0;
- }
+ foreach ($config['installedpackages']['snortglobal']['rule'] as $id => $value) {
- $id += 1;
+ $result_lan = $value['interface'];
+ $if_real = convert_friendly_interface_to_real_interface_name2($result_lan);
+ $snort_uuid = $value['uuid'];
- $result_lan = $config['installedpackages']['snortglobal']['rule'][$id]['interface'];
- $if_real = convert_friendly_interface_to_real_interface_name2($result_lan);
- $snort_uuid = $config['installedpackages']['snortglobal']['rule'][$id]['uuid'];
+ if (!empty($if_real) && !empty($snort_uuid)) {
- if ($if_real != '' && $snort_uuid != '') {
-
- /* create snort configuration file */
- create_snort_conf($id, $if_real, $snort_uuid);
-
- /* only build whitelist when needed */
- if ($config['installedpackages']['snortglobal']['rule'][$id]['blockoffenders7'] == 'on'){
- create_snort_whitelist($id, $if_real);
- }
-
- /* only build threshold when needed */
- if ($config['installedpackages']['snortglobal']['rule'][$id]['suppresslistname'] != 'default'){
- create_snort_suppress($id, $if_real);
- }
-
- /* create barnyard2 configuration file */
- $snortbarnyardlog_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['barnyard_enable'];
- if ($snortbarnyardlog_info_chk == 'on')
- create_barnyard2_conf($id, $if_real, $snort_uuid);
- }
- }
+ /* create snort configuration file */
+ create_snort_conf($id, $if_real, $snort_uuid);
- sync_snort_package();
+ /* only build whitelist when needed */
+ if ($value['blockoffenders7'] == 'on')
+ create_snort_whitelist($id, $if_real);
- conf_mount_ro();
+ /* only build threshold when needed */
+ if ($value['suppresslistname'] != 'default')
+ create_snort_suppress($id, $if_real);
+ /* create barnyard2 configuration file */
+ if ($value['barnyard_enable'] == 'on')
+ create_barnyard2_conf($id, $if_real, $snort_uuid);
}
}
+
+ sync_snort_package();
+
+ conf_mount_ro();
}
/* Start of main config files */
-/* Start of main config files */
/* create threshold file */
/* TODO: other func should mirror this code */
function create_snort_suppress($id, $if_real) {
-
global $config, $g;
- conf_mount_rw();
/* make sure dir is there */
- if (!file_exists('/usr/local/etc/snort/suppress/')) {
- exec('/bin/mkdir -p /usr/local/etc/snort/suppress/');
- }
+ if (!is_dir('/usr/local/etc/snort/suppress'))
+ exec('/bin/mkdir -p /usr/local/etc/snort/suppress');
if ($config['installedpackages']['snortglobal']['rule'][$id]['suppresslistname'] != 'default') {
- preg_match('/([0-9]+)$/', $config['installedpackages']['snortglobal']['rule'][$id]['suppresslistname'], $slist_num_wrt);
-
- $whitelist_key_s = find_suppress_key($slist_num_wrt[0]);
+ if (preg_match('/([0-9]+)$/', $config['installedpackages']['snortglobal']['rule'][$id]['suppresslistname'], $slist_num_wrt)) {
+ $whitelist_key_s = find_suppress_key($slist_num_wrt[0]);
- /* file name */
- $suppress_file_name = $config['installedpackages']['snortglobal']['suppress']['item'][$whitelist_key_s]['name'];
-
- /* Message */
- $s_data .= '# This file is auto generated by the snort package. Please do not edit this file by hand.' . "\n\n";
+ /* file name */
+ $suppress_file_name = $config['installedpackages']['snortglobal']['suppress']['item'][$whitelist_key_s]['name'];
+
+ /* Message */
+ $s_data .= '# This file is auto generated by the snort package. Please do not edit this file by hand.' . "\n\n";
- /* user added arguments */
- $s_data .= str_replace("\r", "", base64_decode($config['installedpackages']['snortglobal']['suppress']['item'][$whitelist_key_s]['suppresspassthru']));
+ /* user added arguments */
+ $s_data .= str_replace("\r", "", base64_decode($config['installedpackages']['snortglobal']['suppress']['item'][$whitelist_key_s]['suppresspassthru']));
- /* open snort's whitelist for writing */
- $suppresslist_w = fopen("/usr/local/etc/snort/suppress/$suppress_file_name", "w");
- if(!$suppresslist_w) {
- log_error("Could not open /usr/local/etc/snort/suppress/$suppress_file_name for writing.");
- return;
+ /* open snort's whitelist for writing */
+ $suppresslist_w = fopen("/usr/local/etc/snort/suppress/$suppress_file_name", "w");
+ if(!$suppresslist_w) {
+ log_error("Could not open /usr/local/etc/snort/suppress/$suppress_file_name for writing.");
+ return;
+ }
+ fwrite($suppresslist_w, $s_data);
+ fclose($suppresslist_w);
}
-
- fwrite($suppresslist_w, $s_data);
- fclose($suppresslist_w);
- conf_mount_ro();
-
}
-
}
function create_snort_whitelist($id, $if_real) {
-
global $config, $g;
- conf_mount_rw();
/* make sure dir is there */
- if (!file_exists('/usr/local/etc/snort/whitelist/')) {
- exec('/bin/mkdir -p /usr/local/etc/snort/whitelist/');
- }
+ if (!is_dir('/usr/local/etc/snort/whitelist'))
+ exec('/bin/mkdir -p /usr/local/etc/snort/whitelist');
if ($config['installedpackages']['snortglobal']['rule'][$id]['whitelistname'] == 'default') {
+ $w_data = build_base_whitelist('whitelist', 'yes', 'yes', 'yes', 'yes', 'yes', 'no');
+
/* open snort's whitelist for writing */
$whitelist_w = fopen("/usr/local/etc/snort/whitelist/defaultwlist", "w");
- if(!$whitelist_w) {
+ if (!$whitelist_w) {
log_error("Could not open /usr/local/etc/snort/whitelist/defaultwlist for writing.");
return;
}
-
- $w_data = build_base_whitelist('whitelist', 'yes', 'yes', 'yes', 'yes', 'yes', 'no');
-
- }else{
-
- preg_match('/^([a-zA-z0-9]+)/', $config['installedpackages']['snortglobal']['rule'][$id]['whitelistname'], $wlist_name_wrt);
- preg_match('/([0-9]+)$/', $config['installedpackages']['snortglobal']['rule'][$id]['whitelistname'], $wlist_num_wrt);
-
- $whitelist_key_w = find_whitelist_key($wlist_num_wrt[0]);
-
- $build_netlist = $config['installedpackages']['snortglobal']['whitelist']['item'][$whitelist_key_w]['snortlisttype'];
- $wanip = $config['installedpackages']['snortglobal']['whitelist']['item'][$whitelist_key_w]['wanips'];
- $wangw = $config['installedpackages']['snortglobal']['whitelist']['item'][$whitelist_key_w]['wangateips'];
- $wandns = $config['installedpackages']['snortglobal']['whitelist']['item'][$whitelist_key_w]['wandnsips'];
- $vips = $config['installedpackages']['snortglobal']['whitelist']['item'][$whitelist_key_w]['vips'];
- $vpns = $config['installedpackages']['snortglobal']['whitelist']['item'][$whitelist_key_w]['vpnips'];
-
- /* open snort's whitelist for writing */
- $whitelist_w = fopen("/usr/local/etc/snort/whitelist/$wlist_name_wrt[0]", "w");
- if(!$whitelist_w) {
- log_error("Could not open /usr/local/etc/snort/whitelist/$wlist_name_wrt[0] for writing.");
- return;
+ fwrite($whitelist_w, $w_data);
+ fclose($whitelist_w);
+
+ } else if (preg_match('/^([a-zA-z0-9]+)/', $config['installedpackages']['snortglobal']['rule'][$id]['whitelistname'], $wlist_name_wrt)) {
+ if (preg_match('/([0-9]+)$/', $config['installedpackages']['snortglobal']['rule'][$id]['whitelistname'], $wlist_num_wrt)) {
+ $whitelist_key_w = find_whitelist_key($wlist_num_wrt[0]);
+
+ if (!is_array($config['installedpackages']['snortglobal']['whitelist']['item']))
+ return;
+
+ $build_netlist = $config['installedpackages']['snortglobal']['whitelist']['item'][$whitelist_key_w]['snortlisttype'];
+ $wanip = $config['installedpackages']['snortglobal']['whitelist']['item'][$whitelist_key_w]['wanips'];
+ $wangw = $config['installedpackages']['snortglobal']['whitelist']['item'][$whitelist_key_w]['wangateips'];
+ $wandns = $config['installedpackages']['snortglobal']['whitelist']['item'][$whitelist_key_w]['wandnsips'];
+ $vips = $config['installedpackages']['snortglobal']['whitelist']['item'][$whitelist_key_w]['vips'];
+ $vpns = $config['installedpackages']['snortglobal']['whitelist']['item'][$whitelist_key_w]['vpnips'];
+
+ $w_data = build_base_whitelist($build_netlist, $wanip, $wangw, $wandns, $vips, $vpns, $whitelist_key_w);
+
+ /* open snort's whitelist for writing */
+ $whitelist_w = fopen("/usr/local/etc/snort/whitelist/$wlist_name_wrt[0]", "w");
+ if(!$whitelist_w) {
+ log_error("Could not open /usr/local/etc/snort/whitelist/$wlist_name_wrt[0] for writing.");
+ return;
+ }
+ fwrite($whitelist_w, $w_data);
+ fclose($whitelist_w);
}
-
- $w_data = build_base_whitelist($build_netlist, $wanip, $wangw, $wandns, $vips, $vpns, $whitelist_key_w);
-
}
-
- fwrite($whitelist_w, $w_data);
- fclose($whitelist_w);
- conf_mount_ro();
-
}
function create_snort_homenet($id, $if_real) {
-
global $config, $g;
- conf_mount_rw();
- if ($config['installedpackages']['snortglobal']['rule'][$id]['homelistname'] == 'default' || $config['installedpackages']['snortglobal']['rule'][$id]['homelistname'] == '') {
+ if ($config['installedpackages']['snortglobal']['rule'][$id]['homelistname'] == 'default' || $config['installedpackages']['snortglobal']['rule'][$id]['homelistname'] == '')
return build_base_whitelist('netlist', 'yes', 'yes', 'yes', 'yes', 'yes', 'no');
- }else{
- preg_match('/([0-9]+)$/', $config['installedpackages']['snortglobal']['rule'][$id]['homelistname'], $hlist_num_wrt);
-
+ else if (preg_match('/([0-9]+)$/', $config['installedpackages']['snortglobal']['rule'][$id]['homelistname'], $hlist_num_wrt)) {
$whitelist_key_h = find_whitelist_key($hlist_num_wrt[0]);
+ if (!is_array($config['installedpackages']['snortglobal']['whitelist']['item']))
+ return;
+
$build_netlist_h = $config['installedpackages']['snortglobal']['whitelist']['item'][$whitelist_key_h]['snortlisttype'];
$wanip_h = $config['installedpackages']['snortglobal']['whitelist']['item'][$whitelist_key_h]['wanips'];
$wangw_h = $config['installedpackages']['snortglobal']['whitelist']['item'][$whitelist_key_h]['wangateips'];
$wandns_h = $config['installedpackages']['snortglobal']['whitelist']['item'][$whitelist_key_h]['wandnsips'];
$vips_h = $config['installedpackages']['snortglobal']['whitelist']['item'][$whitelist_key_h]['vips'];
$vpns_h = $config['installedpackages']['snortglobal']['whitelist']['item'][$whitelist_key_h]['vpnips'];
-
- return build_base_whitelist($build_netlist_h, $wanip_h, $wangw_h, $wandns_h, $vips_h, $vpns_h, $whitelist_key_h);
+ return build_base_whitelist($build_netlist_h, $wanip_h, $wangw_h, $wandns_h, $vips_h, $vpns_h, $whitelist_key_h);
}
-
- conf_mount_ro();
-
}
function create_snort_externalnet($id, $if_real) {
-
global $config, $g;
- conf_mount_rw();
- preg_match('/([0-9]+)$/', $config['installedpackages']['snortglobal']['rule'][$id]['externallistname'], $exlist_num_wrt);
-
- $whitelist_key_ex = find_whitelist_key($exlist_num_wrt[0]);
-
- $build_netlist_ex = $config['installedpackages']['snortglobal']['whitelist']['item'][$whitelist_key_ex]['snortlisttype'];
- $wanip_ex = $config['installedpackages']['snortglobal']['whitelist']['item'][$whitelist_key_ex]['wanips'];
- $wangw_ex = $config['installedpackages']['snortglobal']['whitelist']['item'][$whitelist_key_ex]['wangateips'];
- $wandns_ex = $config['installedpackages']['snortglobal']['whitelist']['item'][$whitelist_key_ex]['wandnsips'];
- $vips_ex = $config['installedpackages']['snortglobal']['whitelist']['item'][$whitelist_key_ex]['vips'];
- $vpns_ex = $config['installedpackages']['snortglobal']['whitelist']['item'][$whitelist_key_ex]['vpnips'];
-
- return build_base_whitelist($build_netlist_ex, $wanip_ex, $wangw_ex, $wandns_ex, $vips_ex, $vpns_ex, $whitelist_key_ex);
+ if (preg_match('/([0-9]+)$/', $config['installedpackages']['snortglobal']['rule'][$id]['externallistname'], $exlist_num_wrt)) {
+ $whitelist_key_ex = find_whitelist_key($exlist_num_wrt[0]);
- conf_mount_ro();
+ if (!is_array($config['installedpackages']['snortglobal']['whitelist']['item']))
+ return;
+
+ $build_netlist_ex = $config['installedpackages']['snortglobal']['whitelist']['item'][$whitelist_key_ex]['snortlisttype'];
+ $wanip_ex = $config['installedpackages']['snortglobal']['whitelist']['item'][$whitelist_key_ex]['wanips'];
+ $wangw_ex = $config['installedpackages']['snortglobal']['whitelist']['item'][$whitelist_key_ex]['wangateips'];
+ $wandns_ex = $config['installedpackages']['snortglobal']['whitelist']['item'][$whitelist_key_ex]['wandnsips'];
+ $vips_ex = $config['installedpackages']['snortglobal']['whitelist']['item'][$whitelist_key_ex]['vips'];
+ $vpns_ex = $config['installedpackages']['snortglobal']['whitelist']['item'][$whitelist_key_ex]['vpnips'];
+ return build_base_whitelist($build_netlist_ex, $wanip_ex, $wangw_ex, $wandns_ex, $vips_ex, $vpns_ex, $whitelist_key_ex);
+ }
}
/* open snort.sh for writing" */
function create_snort_sh()
{
- # Don not add $id or this will break
-
global $config, $g;
- conf_mount_rw();
- /* do not start config build if rules is empty */
- if (!empty($config['installedpackages']['snortglobal']['rule']))
- {
- if ($id == "")
- {
+ if (!is_array($config['installedpackages']['snortglobal']['rule']))
+ return;
- $rule_array = $config['installedpackages']['snortglobal']['rule'];
- $id = -1;
- foreach ($rule_array as $value)
- {
+ $snortconf =& $config['installedpackages']['snortglobal']['rule'];
- $id += 1;
+ $snort_sh_text2 = array();
+ $snort_sh_text3 = array();
+ $snort_sh_text4 = array();
- $snort_uuid = $config['installedpackages']['snortglobal']['rule'][$id]['uuid'];
- $result_lan = $config['installedpackages']['snortglobal']['rule'][$id]['interface'];
- $if_real = convert_friendly_interface_to_real_interface_name2($result_lan);
+ /* do not start config build if rules is empty */
+ if (!empty($snortconf)) {
+ foreach ($snortconf as $value) {
+ $snort_uuid = $value['uuid'];
+ $result_lan = $value['interface'];
+ $if_real = convert_friendly_interface_to_real_interface_name($result_lan);
- /* define snortbarnyardlog_chk */
- $snortbarnyardlog_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['barnyard_enable'];
- $snortbarnyardlog_mysql_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['barnyard_mysql'];
+ /* define snortbarnyardlog_chk */
+ $snortbarnyardlog_info_chk = $value['barnyard_enable'];
+ $snortbarnyardlog_mysql_info_chk = $value['barnyard_mysql'];
- if ($snortbarnyardlog_info_chk == 'on' && $snortbarnyardlog_mysql_info_chk != '') {
- $start_barnyard2 = "sleep 4;/usr/local/bin/barnyard2 -f snort_{$snort_uuid}_{$if_real}.u2 -u snort -g snort --pid-path /var/log/snort/run -c /usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/barnyard2.conf -d /var/log/snort -D -q";
- }
-
- /* Get all interface startup commands ready */
+ if ($snortbarnyardlog_info_chk == 'on' && $snortbarnyardlog_mysql_info_chk != '')
+ $start_barnyard2 = "sleep 4;/usr/local/bin/barnyard2 -f snort_{$snort_uuid}_{$if_real}.u2 -u snort -g snort --pid-path /var/log/snort/run -c /usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/barnyard2.conf -d /var/log/snort -D -q";
- $snort_sh_text2[] = <<<EOD
+ /* Get all interface startup commands ready */
+ $snort_sh_text2[] = <<<EOD
###### For Each Iface
- # If Snort proc is NOT running
- if [ "`/bin/ps -auwx | grep -v grep | grep "R {$snort_uuid}{$if_real}" | awk '{print $2;}'`" = "" ]; then
+# If Snort proc is NOT running
+if [ "`/bin/ps -auwx | /usr/bin/grep -v grep | /usr/bin/grep "R {$snort_uuid}{$if_real}" | /usr/bin/awk '{print $2;}'`" = "" ]; then
- /bin/echo "snort.sh run" > /tmp/snort.sh.pid
+ /bin/echo "snort.sh run" > /tmp/snort.sh.pid
- # Start snort and barnyard2
- /bin/rm /var/run/snort_{$snort_uuid}_{$if_real}.pid
- /bin/rm /var/run/snort_{$snort_uuid}_{$if_real}.pid.lck
+ # Start snort and barnyard2
+ /bin/rm /var/run/snort_{$snort_uuid}_{$if_real}.pid
+ /bin/rm /var/run/snort_{$snort_uuid}_{$if_real}.pid.lck
- /usr/local/bin/snort -u snort -g snort -R {$snort_uuid} -D -q -l /var/log/snort --pid-path /var/log/snort/run -G {$snort_uuid} -c /usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/snort.conf -i {$if_real}
- $start_barnyard2
+ /usr/local/bin/snort -u snort -g snort -R {$snort_uuid} -D -q -l /var/log/snort --pid-path /var/log/snort/run -G {$snort_uuid} -c /usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/snort.conf -i {$if_real}
+ $start_barnyard2
- /usr/bin/logger -p daemon.info -i -t SnortStartup "Snort HARD Reload For {$snort_uuid}_{$if_real}..."
+ /usr/bin/logger -p daemon.info -i -t SnortStartup "Snort HARD Reload For {$snort_uuid}_{$if_real}..."
+
+fi
- fi
EOD;
- $snort_sh_text3[] = <<<EOE
+ $snort_sh_text3[] = <<<EOE
###### For Each Iface
- #### Fake start only used on bootup and Pfsense IP changes
- #### Only try to restart if snort is running on Iface
- if [ "`/bin/ps -auwx | /usr/bin/grep -v grep | /usr/bin/grep "R {$snort_uuid}{$if_real}" | /usr/bin/awk '{print $2;}'`" != "" ]; then
+#### Fake start only used on bootup and Pfsense IP changes
+#### Only try to restart if snort is running on Iface
+if [ "`/bin/ps -auwx | /usr/bin/grep -v grep | /usr/bin/grep "R {$snort_uuid}{$if_real}" | /usr/bin/awk '{print $2;}'`" != "" ]; then
- snort_pid="`/bin/ps -auwx | /usr/bin/grep -v grep | /usr/bin/grep "R {$snort_uuid}{$if_real}" | /usr/bin/awk '{print $2;}'`"
- /usr/bin/logger -p daemon.info -i -t SnortStartup "Snort already running, soft restart"
+ snort_pid="`/bin/ps -auwx | /usr/bin/grep -v grep | /usr/bin/grep "R {$snort_uuid}{$if_real}" | /usr/bin/awk '{print $2;}'`"
+ /usr/bin/logger -p daemon.info -i -t SnortStartup "Snort already running, soft restart"
- #### Restart Iface
- /bin/kill -HUP \${snort_pid}
- /usr/bin/logger -p daemon.info -i -t SnortStartup "Snort Soft Reload For {$snort_uuid}_{$if_real}..."
+ #### Restart Iface
+ /bin/kill -HUP \${snort_pid}
+ /usr/bin/logger -p daemon.info -i -t SnortStartup "Snort Soft Reload For {$snort_uuid}_{$if_real}..."
- fi
+fi
EOE;
- $snort_sh_text4[] = <<<EOF
+ $snort_sh_text4[] = <<<EOF
- pid_s=`/bin/ps -auwx | /usr/bin/grep -v grep | /usr/bin/grep "R {$snort_uuid}{$if_real}" | /usr/bin/awk '{print \$2;}'`
- sleep 3
- pid_b=`/bin/ps -auwx | /usr/bin/grep -v grep | /usr/bin/grep "snort_{$snort_uuid}_{$if_real}.u2" | /usr/bin/awk '{print \$2;}'`
+pid_s=`/bin/ps -auwx | /usr/bin/grep -v grep | /usr/bin/grep "R {$snort_uuid}{$if_real}" | /usr/bin/awk '{print \$2;}'`
+sleep 3
+pid_b=`/bin/ps -auwx | /usr/bin/grep -v grep | /usr/bin/grep "snort_{$snort_uuid}_{$if_real}.u2" | /usr/bin/awk '{print \$2;}'`
- if [ \${pid_s} ] ; then
+if [ \${pid_s} ] ; then
- /bin/echo "snort.sh run" > /tmp/snort.sh.pid
- /usr/bin/logger -p daemon.info -i -t SnortStartup "Snort HARD STOP For {$snort_uuid}_{$if_real}..."
+ /bin/echo "snort.sh run" > /tmp/snort.sh.pid
+ /usr/bin/logger -p daemon.info -i -t SnortStartup "Snort HARD STOP For {$snort_uuid}_{$if_real}..."
- /bin/kill \${pid_s}
- sleep 3
- /bin/kill \${pid_b}
+ /bin/kill \${pid_s}
+ sleep 3
+ /bin/kill \${pid_b}
- /bin/rm /var/run/snort_{$snort_uuid}_{$if_real}.pid.lck
- /bin/rm /var/run/snort_{$snort_uuid}_{$if_real}.pid
+ /bin/rm /var/run/snort_{$snort_uuid}_{$if_real}.pid.lck
+ /bin/rm /var/run/snort_{$snort_uuid}_{$if_real}.pid
- fi
+fi
EOF;
-
- }
}
}
$start_snort_iface_start = implode("\n\n", $snort_sh_text2);
-
$start_snort_iface_restart = implode("\n\n", $snort_sh_text3);
-
$start_snort_iface_stop = implode("\n\n", $snort_sh_text4);
- /* open snort.sh for writing" */
- conf_mount_rw();
-
$snort_sh_text = <<<EOD
#!/bin/sh
########
@@ -1619,58 +1430,58 @@ EOF;
rc_start() {
- #### Check for double starts, Pfsense has problems with that
- if /bin/ls /tmp/snort.sh.pid > /dev/null ; then
+ #### Check for double starts, Pfsense has problems with that
+ if /bin/ls /tmp/snort.sh.pid > /dev/null ; then
/usr/bin/logger -p daemon.info -i -t SnortStartup "Error: snort.sh IS running"
exit 0
- fi
+ fi
- /bin/echo "snort.sh run" > /tmp/snort.sh.pid
+ /bin/echo "snort.sh run" > /tmp/snort.sh.pid
- #### Remake the configs on boot Important!
- /usr/local/bin/php -f /usr/local/pkg/pf/snort_dynamic_ip_reload.php &
- /usr/bin/logger -p daemon.info -i -t SnortStartup "Snort Startup files Sync..."
+ #### Remake the configs on boot Important!
+ /usr/local/bin/php -f /usr/local/pkg/pf/snort_dynamic_ip_reload.php &
+ /usr/bin/logger -p daemon.info -i -t SnortStartup "Snort Startup files Sync..."
$start_snort_iface_restart
- /bin/rm /tmp/snort.sh.pid
+ /bin/rm /tmp/snort.sh.pid
- #### If on Fake start snort is NOT running DO a real start.
- if [ "`/bin/ps -auwx | grep -v grep | grep "R {$snort_uuid}{$if_real}" | awk '{print $2;}'`" = "" ]; then
+ #### If on Fake start snort is NOT running DO a real start.
+ if [ "`/bin/ps -auwx | grep -v grep | grep "R {$snort_uuid}{$if_real}" | awk '{print $2;}'`" = "" ]; then
rc_start_real
- fi
+ fi
}
rc_start_real() {
- #### Check for double starts, Pfsense has problems with that
- if /bin/ls /tmp/snort.sh.pid > /dev/null ; then
+ #### Check for double starts, Pfsense has problems with that
+ if /bin/ls /tmp/snort.sh.pid > /dev/null ; then
/usr/bin/logger -p daemon.info -i -t SnortStartup "Error: snort.sh IS running"
exit 0
- fi
+ fi
$start_snort_iface_start
- /bin/rm /tmp/snort.sh.pid
+ /bin/rm /tmp/snort.sh.pid
}
rc_stop() {
- #### Check for double starts, Pfsense has problems with that
- if /bin/ls /tmp/snort.sh.pid > /dev/null ; then
+ #### Check for double starts, Pfsense has problems with that
+ if /bin/ls /tmp/snort.sh.pid > /dev/null ; then
/usr/bin/logger -p daemon.info -i -t SnortStartup "Error: snort.sh IS running"
exit 0
- fi
+ fi
$start_snort_iface_stop
- /bin/rm /tmp/snort.sh.pid
- /bin/rm /var/run/snort*
+ /bin/rm /tmp/snort.sh.pid
+ /bin/rm /var/run/snort*
}
@@ -1696,12 +1507,10 @@ EOD;
$bconf = fopen("/usr/local/etc/rc.d/snort.sh", "w");
if(!$bconf) {
log_error("Could not open /usr/local/etc/rc.d/snort.sh for writing.");
- exit;
+ return;
}
- /* write snort.sh */
fwrite($bconf, $snort_sh_text);
fclose($bconf);
-
}
@@ -1710,42 +1519,34 @@ EOD;
/* if rules exist copy to new interfaces */
function create_rules_iface($id, $if_real, $snort_uuid)
{
-
global $config, $g;
- conf_mount_rw();
- $if_rule_dir = "/usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/rules";
- $folder_chk = (count(glob("$if_rule_dir/*")) === 0) ? 'empty' : 'full';
+ $if_rule_dir = "/usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}";
+ $folder_chk = (count(glob("{$if_rule_dir}/rules/*")) === 0) ? 'empty' : 'full';
- if ($folder_chk == "empty")
- {
- exec("/bin/cp -R /usr/local/etc/snort/rules /usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}");
+ if ($folder_chk == "empty") {
+ exec("/bin/cp -R /usr/local/etc/snort/rules {$if_rule_dir}/rules");
if (file_exists("/usr/local/etc/snort/custom_rules/local_{$snort_uuid}_{$if_real}.rules"))
- {
- exec("/bin/cp /usr/local/etc/snort/custom_rules/local_{$snort_uuid}_{$if_real}.rules /usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/rules/local_{$snort_uuid}_{$if_real}.rules");
- }
+ exec("/bin/cp /usr/local/etc/snort/custom_rules/local_{$snort_uuid}_{$if_real}.rules {$if_rule_dir}/local_{$snort_uuid}_{$if_real}.rules");
}
-
}
/* open barnyard2.conf for writing */
function create_barnyard2_conf($id, $if_real, $snort_uuid) {
global $bconfig, $g;
- /* write out barnyard2_conf */
- if(!file_exists("/usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/barnyard2.conf"))
- {
+ if (!file_exists("/usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/barnyard2.conf"))
exec("/usr/bin/touch /usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/barnyard2.conf");
- }
- if(!file_exists("/var/log/snort/barnyard2/{$snort_uuid}_{$if_real}.waldo"))
- {
+ if (!file_exists("/var/log/snort/barnyard2/{$snort_uuid}_{$if_real}.waldo")) {
exec("/usr/bin/touch /var/log/snort/barnyard2/{$snort_uuid}_{$if_real}.waldo");
exec("/usr/sbin/chown snort:snort /var/log/snort/barnyard2/{$snort_uuid}_{$if_real}.waldo");
exec("/bin/chmod 770 /var/log/snort/barnyard2/{$snort_uuid}_{$if_real}.waldo");
}
$barnyard2_conf_text = generate_barnyard2_conf($id, $if_real, $snort_uuid);
+
+ /* write out barnyard2_conf */
$bconf = fopen("/usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/barnyard2.conf", "w");
if(!$bconf) {
log_error("Could not open /usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/barnyard2.conf for writing.");
@@ -1757,9 +1558,7 @@ function create_barnyard2_conf($id, $if_real, $snort_uuid) {
/* open barnyard2.conf for writing" */
function generate_barnyard2_conf($id, $if_real, $snort_uuid) {
-
global $config, $g;
- conf_mount_rw();
/* define snortbarnyardlog */
/* TODO: add support for the other 5 output plugins */
@@ -1828,42 +1627,44 @@ config logdir: /var/log/snort
EOD;
return $barnyard2_conf_text;
-
}
function create_snort_conf($id, $if_real, $snort_uuid)
{
global $config, $g;
- /* write out snort.conf */
if ($if_real != '' && $snort_uuid != '') {
-
- if (!file_exists("/usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/snort.conf")) {
- exec("/bin/mkdir /usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/");
- exec("/usr/bin/touch /usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/snort.conf");
+ if (!is_dir("/usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/snort.conf")) {
+ exec("/bin/mkdir -p /usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}");
+ @touch("/usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/snort.conf");
}
$snort_conf_text = generate_snort_conf($id, $if_real, $snort_uuid);
+ if (empty($snort_conf_text))
+ return;
+
conf_mount_rw();
+
+ /* write out snort.conf */
$conf = fopen("/usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/snort.conf", "w");
if(!$conf) {
log_error("Could not open /usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/snort.conf for writing.");
- exit;
+ return -1;
}
fwrite($conf, $snort_conf_text);
fclose($conf);
+
conf_mount_ro();
}
}
function snort_deinstall()
{
-
global $config, $g;
- conf_mount_rw();
/* remove custom sysctl */
remove_text_from_file("/etc/sysctl.conf", "sysctl net.bpf.bufsize=20480");
+
/* decrease bpf buffers back to 4096, from 20480 */
exec('/sbin/sysctl net.bpf.bufsize=4096');
exec('/usr/usr/bin/killall snort');
@@ -1876,14 +1677,14 @@ function snort_deinstall()
sleep(2);
exec('/usr/sbin/pw userdel snort');
exec('/usr/sbin/pw groupdel snort');
- exec('rm -rf /usr/local/etc/snort*');
- exec('rm -rf /usr/local/pkg/snort*');
- exec('rm -rf /usr/local/pkg/pf/snort*');
+ exec('/bin/rm -rf /usr/local/etc/snort*');
+ exec('/bin/rm -rf /usr/local/pkg/snort*');
+ exec('/bin/rm -rf /usr/local/pkg/pf/snort*');
- exec("cd /var/db/pkg && pkg_delete `ls | grep snort`");
- exec("cd /var/db/pkg && pkg_delete `ls | grep perl-threaded`");
- exec("cd /var/db/pkg && pkg_delete `ls | grep mysql-client-5.1.50_1`");
- exec('rm -r /usr/local/bin/barnyard2');
+ exec("cd /var/db/pkg && pkg_delete -x snort");
+ exec("cd /var/db/pkg && pkg_delete -x perl-threaded");
+ exec("cd /var/db/pkg && pkg_delete -x mysql-client-5.1.50_1");
+ exec('/bin/rm -r /usr/local/bin/barnyard2');
/* TODO: figure out how to detect pfsense packages that use the same freebsd pkckages and not deinstall */
//exec("cd /var/db/pkg && pkg_delete `ls | grep perl`");
@@ -1891,453 +1692,397 @@ function snort_deinstall()
//exec("cd /var/db/pkg && pkg_delete `ls | grep pcre`"); // Never remove pcre or pfsense will break
/* Remove snort cron entries Ugly code needs smoothness*/
-
- function snort_rm_blocked_deinstall_cron($should_install)
- {
- global $config, $g;
- conf_mount_rw();
-
- $is_installed = false;
-
- if(!$config['cron']['item'])
- return;
-
- $x=0;
- foreach($config['cron']['item'] as $item)
- {
- if (strstr($item['command'], "snort2c"))
- {
- $is_installed = true;
- break;
+ if (!function_exists('snort_deinstall_cron')) {
+ function snort_deinstall_cron($crontask) {
+ global $config, $g;
+
+ if(!$config['cron']['item'])
+ return;
+
+ $x=0;
+ $is_installed = false;
+ foreach($config['cron']['item'] as $item) {
+ if (strstr($item['command'], $crontask)) {
+ $is_installed = true;
+ break;
+ }
+ $x++;
}
-
- $x++;
-
- }
- if($is_installed == true)
- {
- if($x > 0)
- {
+ if ($is_installed == true)
unset($config['cron']['item'][$x]);
- write_config();
- conf_mount_rw();
- }
-
- configure_cron();
-
- }
- conf_mount_ro();
-
- }
-
- function snort_rules_up_deinstall_cron($should_install)
- {
- global $config, $g;
- conf_mount_rw();
-
- $is_installed = false;
-
- if(!$config['cron']['item'])
- return;
- $x=0;
- foreach($config['cron']['item'] as $item) {
- if (strstr($item['command'], "snort_check_for_rule_updates.php")) {
- $is_installed = true;
- break;
- }
- $x++;
- }
- if($is_installed == true) {
- if($x > 0) {
- unset($config['cron']['item'][$x]);
- write_config();
- conf_mount_rw();
- }
configure_cron();
}
}
- snort_rm_blocked_deinstall_cron("");
- snort_rules_up_deinstall_cron("");
-
+ snort_deinstall_cron("snort2c");
+ snort_deinstall_cron("snort_check_for_rule_updates.php");
/* Unset snort registers in conf.xml IMPORTANT snort will not start with out this */
/* Keep this as a last step */
- if($config['installedpackages']['snortglobal']['forcekeepsettings'] != 'on') {
+ if ($config['installedpackages']['snortglobal']['forcekeepsettings'] != 'on')
unset($config['installedpackages']['snortglobal']);
- }
- write_config();
+
+ write_config(); /* XXX */
conf_mount_rw();
exec('rm -rf /usr/local/www/snort');
exec('rm -rf /usr/local/lib/snort/');
exec('rm -rf /var/log/snort/');
exec('rm -rf /usr/local/pkg/snort');
-
- conf_mount_ro();
-
}
function generate_snort_conf($id, $if_real, $snort_uuid)
{
global $config, $g;
+ if (!is_array($config['installedpackages']['snortglobal']['rule']))
+ return;
+
+ $snortcfg =& $config['installedpackages']['snortglobal']['rule'][$id];
+
conf_mount_rw();
/* custom home nets */
$home_net = create_snort_homenet($id, $if_real);
- if ($config['installedpackages']['snortglobal']['rule'][$id]['externallistname'] == 'default'){
+ if ($snortcfg['externallistname'] == 'default')
$external_net = '!$HOME_NET';
- }else{
+ else
$external_net = create_snort_externalnet($id, $if_real);
- }
/* obtain external interface */
/* XXX: make multi wan friendly */
- $snort_ext_int = $config['installedpackages']['snortglobal']['rule'][$id]['interface'];
+ $snort_ext_int = $snortcfg['interface'];
/* user added arguments */
- $snort_config_pass_thru = str_replace("\r", "", base64_decode($config['installedpackages']['snortglobal']['rule'][$id]['configpassthru']));
+ $snort_config_pass_thru = str_replace("\r", "", base64_decode($snortcfg['configpassthru']));
/* create basic files */
- if(!file_exists("/usr/local/etc/snort/snort/snort_{$snort_uuid}_{$if_real}"))
- {
- exec("/bin/mkdir -p /usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/");
+ if (!is_dir("/usr/local/etc/snort/snort/snort_{$snort_uuid}_{$if_real}"))
+ exec("/bin/mkdir -p /usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}");
+
+ @copy("/usr/local/etc/snort/gen-msg.map /usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/gen-msg.map");
+ @copy("/usr/local/etc/snort/classification.config /usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/classification.config");
+ @copy("/usr/local/etc/snort/reference.config /usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/reference.config");
+ @copy("/usr/local/etc/snort/sid-msg.map /usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/sid-msg.map");
+ @copy("/usr/local/etc/snort/unicode.map /usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/unicode.map");
+ @copy("/usr/local/etc/snort/threshold.conf /usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/threshold.conf");
+ @copy("/usr/local/etc/snort/snort.conf /usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/snort.conf");
+ @touch("/usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/barnyard2.conf");
+
+ if (!is_dir("/usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/rules"))
exec("/bin/mkdir -p /usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/rules");
- if(!file_exists("/usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/gen-msg.map"))
- {
- exec("/bin/cp /usr/local/etc/snort/classification.config /usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/classification.config");
- exec("/bin/cp /usr/local/etc/snort/gen-msg.map /usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/gen-msg.map");
- exec("/bin/cp /usr/local/etc/snort/reference.config /usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/reference.config");
- exec("/bin/cp /usr/local/etc/snort/sid-msg.map /usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/sid-msg.map");
- exec("/bin/cp /usr/local/etc/snort/unicode.map /usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/unicode.map");
- exec("/bin/cp /usr/local/etc/snort/threshold.conf /usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/threshold.conf");
- exec("/bin/cp /usr/local/etc/snort/snort.conf /usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/snort.conf");
- exec("/bin/cp/usr/bin/touch /usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/barnyard2.conf");
- exec("/bin/mkdir -p /usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/rules");
- }
- }
-
-
/* define basic log filename */
$snortunifiedlogbasic_type = "output unified: filename snort_{$snort_uuid}_{$if_real}.log, limit 128";
/* define snortalertlogtype */
$snortalertlogtype = $config['installedpackages']['snortglobal']['snortalertlogtype'];
- if ($snortalertlogtype == fast)
- $snortalertlogtype_type = "output alert_fast: alert";
+ if ($snortalertlogtype == "fast")
+ $snortalertlogtype_type = "output alert_fast: alert";
else
- $snortalertlogtype_type = "output alert_full: alert";
+ $snortalertlogtype_type = "output alert_full: alert";
/* define alertsystemlog */
- $alertsystemlog_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['alertsystemlog'];
- if ($alertsystemlog_info_chk == on)
- $alertsystemlog_type = "output alert_syslog: log_alert";
+ $alertsystemlog_type = $snortcfg['alertsystemlog'];
+ if ($alertsystemlog_type == "on")
+ $alertsystemlog_type = "output alert_syslog: log_alert";
/* define tcpdumplog */
- $tcpdumplog_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['tcpdumplog'];
- if ($tcpdumplog_info_chk == on)
- $tcpdumplog_type = "output log_tcpdump: snort_{$snort_uuid}_{$if_real}.tcpdump";
+ $tcpdumplog_info_chk = $snortcfg['tcpdumplog'];
+ if ($tcpdumplog_info_chk == "on")
+ $tcpdumplog_type = "output log_tcpdump: snort_{$snort_uuid}_{$if_real}.tcpdump";
/* define snortunifiedlog */
- $snortunifiedlog_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['snortunifiedlog'];
- if ($snortunifiedlog_info_chk == on)
- $snortunifiedlog_type = "output unified2: filename snort_{$snort_uuid}_{$if_real}.u2, limit 128";
+ $snortunifiedlog_info_chk = $snortcfg['snortunifiedlog'];
+ if ($snortunifiedlog_info_chk == "on")
+ $snortunifiedlog_type = "output unified2: filename snort_{$snort_uuid}_{$if_real}.u2, limit 128";
/* define spoink */
- $spoink_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['blockoffenders7'];
- if ($spoink_info_chk == on) {
+ $spoink_info_chk = $snortcfg['blockoffenders7'];
+ if ($spoink_info_chk == "on") {
- preg_match('/^([a-zA-z0-9]+)/', $config['installedpackages']['snortglobal']['rule'][$id]['whitelistname'], $wlist_name_file);
+ if (preg_match('/^([a-zA-z0-9]+)/', $snortcfg['whitelistname'], $wlist_name_file)) {
+ if ($wlist_name_file[0] == 'default')
+ $spoink_whitelist_name = 'defaultwlist';
+ else
+ $spoink_whitelist_name = $wlist_name_file[0];
- if ($wlist_name_file[0] == 'default') {
- $spoink_whitelist_name = 'defaultwlist';
- }else{
- $spoink_whitelist_name = $wlist_name_file[0];
+ $spoink_type = "output alert_pf: /usr/local/etc/snort/whitelist/{$spoink_whitelist_name},snort2c";
}
-
- $spoink_type = "output alert_pf: /usr/local/etc/snort/whitelist/$spoink_whitelist_name,snort2c";
-
}
/* define threshold file */
- $threshold_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['suppresslistname'];
+ $threshold_info_chk = $snortcfg['suppresslistname'];
if ($threshold_info_chk != 'default') {
-
- preg_match('/^([a-zA-z0-9]+)/', $config['installedpackages']['snortglobal']['rule'][$id]['suppresslistname'], $slist_name_file2);
-
- $threshold_name = $slist_name_file2[0];
-
- $threshold_file_name = "include /usr/local/etc/snort/suppress/$threshold_name";
-
+ if (preg_match('/^([a-zA-z0-9]+)/', $snortcfg['suppresslistname'], $slist_name_file2)) {
+ $threshold_name = $slist_name_file2[0];
+ $threshold_file_name = "include /usr/local/etc/snort/suppress/{$threshold_name}";
+ }
}
/* define servers and ports snortdefservers */
/* def DNS_SERVSERS */
- $def_dns_servers_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['def_dns_servers'];
+ $def_dns_servers_info_chk = $snortcfg['def_dns_servers'];
if ($def_dns_servers_info_chk == "")
- $def_dns_servers_type = "\$HOME_NET";
+ $def_dns_servers_type = "\$HOME_NET";
else
- $def_dns_servers_type = "$def_dns_servers_info_chk";
+ $def_dns_servers_type = "$def_dns_servers_info_chk";
/* def DNS_PORTS */
- $def_dns_ports_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['def_dns_ports'];
+ $def_dns_ports_info_chk = $snortcfg['def_dns_ports'];
if ($def_dns_ports_info_chk == "")
- $def_dns_ports_type = "53";
+ $def_dns_ports_type = "53";
else
- $def_dns_ports_type = "$def_dns_ports_info_chk";
+ $def_dns_ports_type = "$def_dns_ports_info_chk";
/* def SMTP_SERVSERS */
- $def_smtp_servers_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['def_smtp_servers'];
+ $def_smtp_servers_info_chk = $snortcfg['def_smtp_servers'];
if ($def_smtp_servers_info_chk == "")
- $def_smtp_servers_type = "\$HOME_NET";
+ $def_smtp_servers_type = "\$HOME_NET";
else
- $def_smtp_servers_type = "$def_smtp_servers_info_chk";
+ $def_smtp_servers_type = "$def_smtp_servers_info_chk";
/* def SMTP_PORTS */
- $def_smtp_ports_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['def_smtp_ports'];
+ $def_smtp_ports_info_chk = $snortcfg['def_smtp_ports'];
if ($def_smtp_ports_info_chk == "")
- $def_smtp_ports_type = "25";
+ $def_smtp_ports_type = "25";
else
- $def_smtp_ports_type = "$def_smtp_ports_info_chk";
+ $def_smtp_ports_type = "$def_smtp_ports_info_chk";
/* def MAIL_PORTS */
- $def_mail_ports_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['def_mail_ports'];
+ $def_mail_ports_info_chk = $snortcfg['def_mail_ports'];
if ($def_mail_ports_info_chk == "")
- $def_mail_ports_type = "25,143,465,691";
+ $def_mail_ports_type = "25,143,465,691";
else
- $def_mail_ports_type = "$def_mail_ports_info_chk";
+ $def_mail_ports_type = "$def_mail_ports_info_chk";
/* def HTTP_SERVSERS */
- $def_http_servers_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['def_http_servers'];
+ $def_http_servers_info_chk = $snortcfg['def_http_servers'];
if ($def_http_servers_info_chk == "")
- $def_http_servers_type = "\$HOME_NET";
+ $def_http_servers_type = "\$HOME_NET";
else
- $def_http_servers_type = "$def_http_servers_info_chk";
+ $def_http_servers_type = "$def_http_servers_info_chk";
/* def WWW_SERVSERS */
- $def_www_servers_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['def_www_servers'];
+ $def_www_servers_info_chk = $snortcfg['def_www_servers'];
if ($def_www_servers_info_chk == "")
- $def_www_servers_type = "\$HOME_NET";
+ $def_www_servers_type = "\$HOME_NET";
else
- $def_www_servers_type = "$def_www_servers_info_chk";
+ $def_www_servers_type = "$def_www_servers_info_chk";
/* def HTTP_PORTS */
- $def_http_ports_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['def_http_ports'];
+ $def_http_ports_info_chk = $snortcfg['def_http_ports'];
if ($def_http_ports_info_chk == "")
- $def_http_ports_type = "80";
+ $def_http_ports_type = "80";
else
- $def_http_ports_type = "$def_http_ports_info_chk";
+ $def_http_ports_type = "$def_http_ports_info_chk";
/* def SQL_SERVSERS */
- $def_sql_servers_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['def_sql_servers'];
+ $def_sql_servers_info_chk = $snortcfg['def_sql_servers'];
if ($def_sql_servers_info_chk == "")
- $def_sql_servers_type = "\$HOME_NET";
+ $def_sql_servers_type = "\$HOME_NET";
else
- $def_sql_servers_type = "$def_sql_servers_info_chk";
+ $def_sql_servers_type = "$def_sql_servers_info_chk";
/* def ORACLE_PORTS */
- $def_oracle_ports_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['def_oracle_ports'];
+ $def_oracle_ports_info_chk = $snortcfg['def_oracle_ports'];
if ($def_oracle_ports_info_chk == "")
- $def_oracle_ports_type = "1521";
+ $def_oracle_ports_type = "1521";
else
- $def_oracle_ports_type = "$def_oracle_ports_info_chk";
+ $def_oracle_ports_type = "$def_oracle_ports_info_chk";
/* def MSSQL_PORTS */
- $def_mssql_ports_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['def_mssql_ports'];
+ $def_mssql_ports_info_chk = $snortcfg['def_mssql_ports'];
if ($def_mssql_ports_info_chk == "")
- $def_mssql_ports_type = "1433";
+ $def_mssql_ports_type = "1433";
else
- $def_mssql_ports_type = "$def_mssql_ports_info_chk";
+ $def_mssql_ports_type = "$def_mssql_ports_info_chk";
/* def TELNET_SERVSERS */
- $def_telnet_servers_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['def_telnet_servers'];
+ $def_telnet_servers_info_chk = $snortcfg['def_telnet_servers'];
if ($def_telnet_servers_info_chk == "")
- $def_telnet_servers_type = "\$HOME_NET";
+ $def_telnet_servers_type = "\$HOME_NET";
else
- $def_telnet_servers_type = "$def_telnet_servers_info_chk";
+ $def_telnet_servers_type = "$def_telnet_servers_info_chk";
/* def TELNET_PORTS */
- $def_telnet_ports_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['def_telnet_ports'];
+ $def_telnet_ports_info_chk = $snortcfg['def_telnet_ports'];
if ($def_telnet_ports_info_chk == "")
- $def_telnet_ports_type = "23";
+ $def_telnet_ports_type = "23";
else
- $def_telnet_ports_type = "$def_telnet_ports_info_chk";
+ $def_telnet_ports_type = "$def_telnet_ports_info_chk";
/* def SNMP_SERVSERS */
- $def_snmp_servers_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['def_snmp_servers'];
+ $def_snmp_servers_info_chk = $snortcfg['def_snmp_servers'];
if ($def_snmp_servers_info_chk == "")
- $def_snmp_servers_type = "\$HOME_NET";
+ $def_snmp_servers_type = "\$HOME_NET";
else
- $def_snmp_servers_type = "$def_snmp_servers_info_chk";
+ $def_snmp_servers_type = "$def_snmp_servers_info_chk";
/* def SNMP_PORTS */
- $def_snmp_ports_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['def_snmp_ports'];
+ $def_snmp_ports_info_chk = $snortcfg['def_snmp_ports'];
if ($def_snmp_ports_info_chk == "")
- $def_snmp_ports_type = "161";
+ $def_snmp_ports_type = "161";
else
- $def_snmp_ports_type = "$def_snmp_ports_info_chk";
+ $def_snmp_ports_type = "$def_snmp_ports_info_chk";
/* def FTP_SERVSERS */
- $def_ftp_servers_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['def_ftp_servers'];
+ $def_ftp_servers_info_chk = $snortcfg['def_ftp_servers'];
if ($def_ftp_servers_info_chk == "")
- $def_ftp_servers_type = "\$HOME_NET";
+ $def_ftp_servers_type = "\$HOME_NET";
else
- $def_ftp_servers_type = "$def_ftp_servers_info_chk";
+ $def_ftp_servers_type = "$def_ftp_servers_info_chk";
/* def FTP_PORTS */
- $def_ftp_ports_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['def_ftp_ports'];
+ $def_ftp_ports_info_chk = $snortcfg['def_ftp_ports'];
if ($def_ftp_ports_info_chk == "")
- $def_ftp_ports_type = "21";
+ $def_ftp_ports_type = "21";
else
- $def_ftp_ports_type = "$def_ftp_ports_info_chk";
+ $def_ftp_ports_type = "$def_ftp_ports_info_chk";
/* def SSH_SERVSERS */
- $def_ssh_servers_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['def_ssh_servers'];
+ $def_ssh_servers_info_chk = $snortcfg['def_ssh_servers'];
if ($def_ssh_servers_info_chk == "")
- $def_ssh_servers_type = "\$HOME_NET";
+ $def_ssh_servers_type = "\$HOME_NET";
else
- $def_ssh_servers_type = "$def_ssh_servers_info_chk";
+ $def_ssh_servers_type = "$def_ssh_servers_info_chk";
/* if user has defined a custom ssh port, use it */
- if($config['system']['ssh']['port'])
- $ssh_port = $config['system']['ssh']['port'];
+ if(isset($config['system']['ssh']['port']))
+ $ssh_port = $config['system']['ssh']['port'];
else
- $ssh_port = "22";
+ $ssh_port = "22";
/* def SSH_PORTS */
- $def_ssh_ports_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['def_ssh_ports'];
+ $def_ssh_ports_info_chk = $snortcfg['def_ssh_ports'];
if ($def_ssh_ports_info_chk == "")
- $def_ssh_ports_type = "{$ssh_port}";
+ $def_ssh_ports_type = "{$ssh_port}";
else
- $def_ssh_ports_type = "$def_ssh_ports_info_chk";
+ $def_ssh_ports_type = "$def_ssh_ports_info_chk";
/* def POP_SERVSERS */
- $def_pop_servers_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['def_pop_servers'];
+ $def_pop_servers_info_chk = $snortcfg['def_pop_servers'];
if ($def_pop_servers_info_chk == "")
- $def_pop_servers_type = "\$HOME_NET";
+ $def_pop_servers_type = "\$HOME_NET";
else
- $def_pop_servers_type = "$def_pop_servers_info_chk";
+ $def_pop_servers_type = "$def_pop_servers_info_chk";
/* def POP2_PORTS */
- $def_pop2_ports_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['def_pop2_ports'];
+ $def_pop2_ports_info_chk = $snortcfg['def_pop2_ports'];
if ($def_pop2_ports_info_chk == "")
- $def_pop2_ports_type = "109";
+ $def_pop2_ports_type = "109";
else
- $def_pop2_ports_type = "$def_pop2_ports_info_chk";
+ $def_pop2_ports_type = "$def_pop2_ports_info_chk";
/* def POP3_PORTS */
- $def_pop3_ports_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['def_pop3_ports'];
+ $def_pop3_ports_info_chk = $snortcfg['def_pop3_ports'];
if ($def_pop3_ports_info_chk == "")
- $def_pop3_ports_type = "110";
+ $def_pop3_ports_type = "110";
else
- $def_pop3_ports_type = "$def_pop3_ports_info_chk";
+ $def_pop3_ports_type = "$def_pop3_ports_info_chk";
/* def IMAP_SERVSERS */
- $def_imap_servers_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['def_imap_servers'];
+ $def_imap_servers_info_chk = $snortcfg['def_imap_servers'];
if ($def_imap_servers_info_chk == "")
- $def_imap_servers_type = "\$HOME_NET";
+ $def_imap_servers_type = "\$HOME_NET";
else
- $def_imap_servers_type = "$def_imap_servers_info_chk";
+ $def_imap_servers_type = "$def_imap_servers_info_chk";
/* def IMAP_PORTS */
- $def_imap_ports_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['def_imap_ports'];
+ $def_imap_ports_info_chk = $snortcfg['def_imap_ports'];
if ($def_imap_ports_info_chk == "")
- $def_imap_ports_type = "143";
+ $def_imap_ports_type = "143";
else
- $def_imap_ports_type = "$def_imap_ports_info_chk";
+ $def_imap_ports_type = "$def_imap_ports_info_chk";
/* def SIP_PROXY_IP */
- $def_sip_proxy_ip_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['def_sip_proxy_ip'];
+ $def_sip_proxy_ip_info_chk = $snortcfg['def_sip_proxy_ip'];
if ($def_sip_proxy_ip_info_chk == "")
- $def_sip_proxy_ip_type = "\$HOME_NET";
+ $def_sip_proxy_ip_type = "\$HOME_NET";
else
- $def_sip_proxy_ip_type = "$def_sip_proxy_ip_info_chk";
+ $def_sip_proxy_ip_type = "$def_sip_proxy_ip_info_chk";
/* def SIP_PROXY_PORTS */
- $def_sip_proxy_ports_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['def_sip_proxy_ports'];
+ $def_sip_proxy_ports_info_chk = $snortcfg['def_sip_proxy_ports'];
if ($def_sip_proxy_ports_info_chk == "")
- $def_sip_proxy_ports_type = "5060:5090,16384:32768";
+ $def_sip_proxy_ports_type = "5060:5090,16384:32768";
else
- $def_sip_proxy_ports_type = "$def_sip_proxy_ports_info_chk";
+ $def_sip_proxy_ports_type = "$def_sip_proxy_ports_info_chk";
/* def AUTH_PORTS */
- $def_auth_ports_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['def_auth_ports'];
+ $def_auth_ports_info_chk = $snortcfg['def_auth_ports'];
if ($def_auth_ports_info_chk == "")
- $def_auth_ports_type = "113";
+ $def_auth_ports_type = "113";
else
- $def_auth_ports_type = "$def_auth_ports_info_chk";
+ $def_auth_ports_type = "$def_auth_ports_info_chk";
/* def FINGER_PORTS */
- $def_finger_ports_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['def_finger_ports'];
+ $def_finger_ports_info_chk = $snortcfg['def_finger_ports'];
if ($def_finger_ports_info_chk == "")
- $def_finger_ports_type = "79";
+ $def_finger_ports_type = "79";
else
- $def_finger_ports_type = "$def_finger_ports_info_chk";
+ $def_finger_ports_type = "$def_finger_ports_info_chk";
/* def IRC_PORTS */
- $def_irc_ports_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['def_irc_ports'];
+ $def_irc_ports_info_chk = $snortcfg['def_irc_ports'];
if ($def_irc_ports_info_chk == "")
- $def_irc_ports_type = "6665,6666,6667,6668,6669,7000";
+ $def_irc_ports_type = "6665,6666,6667,6668,6669,7000";
else
- $def_irc_ports_type = "$def_irc_ports_info_chk";
+ $def_irc_ports_type = "$def_irc_ports_info_chk";
/* def NNTP_PORTS */
- $def_nntp_ports_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['def_nntp_ports'];
+ $def_nntp_ports_info_chk = $snortcfg['def_nntp_ports'];
if ($def_nntp_ports_info_chk == "")
- $def_nntp_ports_type = "119";
+ $def_nntp_ports_type = "119";
else
- $def_nntp_ports_type = "$def_nntp_ports_info_chk";
+ $def_nntp_ports_type = "$def_nntp_ports_info_chk";
/* def RLOGIN_PORTS */
- $def_rlogin_ports_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['def_rlogin_ports'];
+ $def_rlogin_ports_info_chk = $snortcfg['def_rlogin_ports'];
if ($def_rlogin_ports_info_chk == "")
- $def_rlogin_ports_type = "513";
+ $def_rlogin_ports_type = "513";
else
- $def_rlogin_ports_type = "$def_rlogin_ports_info_chk";
+ $def_rlogin_ports_type = "$def_rlogin_ports_info_chk";
/* def RSH_PORTS */
- $def_rsh_ports_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['def_rsh_ports'];
+ $def_rsh_ports_info_chk = $snortcfg['def_rsh_ports'];
if ($def_rsh_ports_info_chk == "")
- $def_rsh_ports_type = "514";
+ $def_rsh_ports_type = "514";
else
- $def_rsh_ports_type = "$def_rsh_ports_info_chk";
+ $def_rsh_ports_type = "$def_rsh_ports_info_chk";
/* def SSL_PORTS */
- $def_ssl_ports_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['def_ssl_ports'];
+ $def_ssl_ports_info_chk = $snortcfg['def_ssl_ports'];
if ($def_ssl_ports_info_chk == "")
- $def_ssl_ports_type = "443,465,563,636,989,990,992,993,994,995";
+ $def_ssl_ports_type = "443,465,563,636,989,990,992,993,994,995";
else
- $def_ssl_ports_type = "$def_ssl_ports_info_chk";
+ $def_ssl_ports_type = "$def_ssl_ports_info_chk";
/* should we install a automatic update crontab entry? */
$automaticrulesupdate = $config['installedpackages']['snortglobal']['automaticrulesupdate7'];
/* if user is on pppoe, we really want to use ng0 interface */
- if(isset($config['interfaces'][$snort_ext_int]['ipaddr']) && ($config['interfaces'][$snort_ext_int]['ipaddr'] == "pppoe"))
- $snort_ext_int = "ng0";
+ if ($snort_pfsense_basever == 'yes' && $snort_ext_int == "wan")
+ $snort_ext_int = get_real_wan_interface();
/* set the snort performance model */
- if($config['installedpackages']['snortglobal']['rule'][$id]['performance'])
- $snort_performance = $config['installedpackages']['snortglobal']['rule'][$id]['performance'];
+ if($snortcfg['performance'])
+ $snort_performance = $snortcfg['performance'];
else
- $snort_performance = "ac-bnfa";
+ $snort_performance = "ac-bnfa";
/* generate rule sections to load */
- $enabled_rulesets = $config['installedpackages']['snortglobal']['rule'][$id]['rulesets'];
- if($enabled_rulesets) {
+ $enabled_rulesets = $snortcfg['rulesets'];
+ if (!empty($enabled_rulesets)) {
$selected_rules_sections = "";
$enabled_rulesets_array = split("\|\|", $enabled_rulesets);
foreach($enabled_rulesets_array as $enabled_item)
- $selected_rules_sections .= "include \$RULE_PATH/{$enabled_item}\n";
+ $selected_rules_sections .= "include \$RULE_PATH/{$enabled_item}\n";
}
- conf_mount_ro();
-
/////////////////////////////
/* preprocessor code */
@@ -2355,19 +2100,17 @@ preprocessor perfmonitor: time 300 file /var/log/snort/snort_{$snort_uuid}_{$if_
EOD;
- $def_perform_stat_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['perform_stat'];
+ $def_perform_stat_info_chk = $snortcfg['perform_stat'];
if ($def_perform_stat_info_chk == "on")
- $def_perform_stat_type = "$snort_perform_stat";
+ $def_perform_stat_type = "$snort_perform_stat";
else
- $def_perform_stat_type = "";
+ $def_perform_stat_type = "";
- $def_flow_depth_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['flow_depth'];
- if ($def_flow_depth_info_chk == '')
- {
+ $def_flow_depth_info_chk = $snortcfg['flow_depth'];
+ if (empty($def_flow_depth_info_chk))
$def_flow_depth_type = '0';
- }else{
- $def_flow_depth_type = $config['installedpackages']['snortglobal']['rule'][$id]['flow_depth'];
- }
+ else
+ $def_flow_depth_type = $snortcfg['flow_depth'];
/* def http_inspect */
$snort_http_inspect = <<<EOD
@@ -2398,11 +2141,11 @@ preprocessor http_inspect_server: server default \
EOD;
- $def_http_inspect_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['http_inspect'];
+ $def_http_inspect_info_chk = $snortcfg['http_inspect'];
if ($def_http_inspect_info_chk == "on")
- $def_http_inspect_type = "$snort_http_inspect";
+ $def_http_inspect_type = "$snort_http_inspect";
else
- $def_http_inspect_type = "";
+ $def_http_inspect_type = "";
/* def other_preprocs */
$snort_other_preprocs = <<<EOD
@@ -2417,11 +2160,11 @@ preprocessor bo
EOD;
- $def_other_preprocs_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['other_preprocs'];
+ $def_other_preprocs_info_chk = $snortcfg['other_preprocs'];
if ($def_other_preprocs_info_chk == "on")
- $def_other_preprocs_type = "$snort_other_preprocs";
+ $def_other_preprocs_type = "$snort_other_preprocs";
else
- $def_other_preprocs_type = "";
+ $def_other_preprocs_type = "";
/* def ftp_preprocessor */
$snort_ftp_preprocessor = <<<EOD
@@ -2476,7 +2219,7 @@ preprocessor ftp_telnet_protocol: ftp client default \
EOD;
- $def_ftp_preprocessor_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['ftp_preprocessor'];
+ $def_ftp_preprocessor_info_chk = $snortcfg['ftp_preprocessor'];
if ($def_ftp_preprocessor_info_chk == "on")
$def_ftp_preprocessor_type = "$snort_ftp_preprocessor";
else
@@ -2511,11 +2254,11 @@ PIPELINING CHUNKING DATA DSN RSET QUIT ONEX QUEU STARTTLS TICK TIME TURNME VERB
EOD;
- $def_smtp_preprocessor_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['smtp_preprocessor'];
+ $def_smtp_preprocessor_info_chk = $snortcfg['smtp_preprocessor'];
if ($def_smtp_preprocessor_info_chk == "on")
- $def_smtp_preprocessor_type = "$snort_smtp_preprocessor";
+ $def_smtp_preprocessor_type = "$snort_smtp_preprocessor";
else
- $def_smtp_preprocessor_type = "";
+ $def_smtp_preprocessor_type = "";
/* def sf_portscan */
$snort_sf_portscan = <<<EOD
@@ -2533,11 +2276,11 @@ preprocessor sfportscan: scan_type { all } \
EOD;
- $def_sf_portscan_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['sf_portscan'];
+ $def_sf_portscan_info_chk = $snortcfg['sf_portscan'];
if ($def_sf_portscan_info_chk == "on")
- $def_sf_portscan_type = "$snort_sf_portscan";
+ $def_sf_portscan_type = "$snort_sf_portscan";
else
- $def_sf_portscan_type = "";
+ $def_sf_portscan_type = "";
/* def dce_rpc_2 */
$snort_dce_rpc_2 = <<<EOD
@@ -2556,11 +2299,11 @@ preprocessor dcerpc2_server: default, policy WinXP, \
EOD;
- $def_dce_rpc_2_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['dce_rpc_2'];
+ $def_dce_rpc_2_info_chk = $snortcfg['dce_rpc_2'];
if ($def_dce_rpc_2_info_chk == "on")
- $def_dce_rpc_2_type = "$snort_dce_rpc_2";
+ $def_dce_rpc_2_type = "$snort_dce_rpc_2";
else
- $def_dce_rpc_2_type = "";
+ $def_dce_rpc_2_type = "";
/* def dns_preprocessor */
$snort_dns_preprocessor = <<<EOD
@@ -2576,37 +2319,33 @@ preprocessor dns: \
EOD;
- $def_dns_preprocessor_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['dns_preprocessor'];
+ $def_dns_preprocessor_info_chk = $snortcfg['dns_preprocessor'];
if ($def_dns_preprocessor_info_chk == "on")
- $def_dns_preprocessor_type = "$snort_dns_preprocessor";
+ $def_dns_preprocessor_type = "$snort_dns_preprocessor";
else
- $def_dns_preprocessor_type = "";
+ $def_dns_preprocessor_type = "";
/* def SSL_PORTS IGNORE */
- $def_ssl_ports_ignore_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['def_ssl_ports_ignore'];
+ $def_ssl_ports_ignore_info_chk = $snortcfg['def_ssl_ports_ignore'];
if ($def_ssl_ports_ignore_info_chk == "")
- $def_ssl_ports_ignore_type = "443 465 563 636 989 990 992 993 994 995";
+ $def_ssl_ports_ignore_type = "443 465 563 636 989 990 992 993 994 995";
else
- $def_ssl_ports_ignore_type = "$def_ssl_ports_ignore_info_chk";
+ $def_ssl_ports_ignore_type = "$def_ssl_ports_ignore_info_chk";
/* stream5 queued settings */
- $def_max_queued_bytes_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['max_queued_bytes'];
+ $def_max_queued_bytes_info_chk = $snortcfg['max_queued_bytes'];
if ($def_max_queued_bytes_info_chk == '')
- {
$def_max_queued_bytes_type = '';
- }else{
- $def_max_queued_bytes_type = ' max_queued_bytes ' . $config['installedpackages']['snortglobal']['rule'][$id]['max_queued_bytes'] . ',';
- }
+ else
+ $def_max_queued_bytes_type = ' max_queued_bytes ' . $snortcfg['max_queued_bytes'] . ',';
- $def_max_queued_segs_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['max_queued_segs'];
+ $def_max_queued_segs_info_chk = $snortcfg['max_queued_segs'];
if ($def_max_queued_segs_info_chk == '')
- {
$def_max_queued_segs_type = '';
- }else{
- $def_max_queued_segs_type = ' max_queued_segs ' . $config['installedpackages']['snortglobal']['rule'][$id]['max_queued_segs'] . ',';
- }
+ else
+ $def_max_queued_segs_type = ' max_queued_segs ' . $snortcfg['max_queued_segs'] . ',';
/* build snort configuration file */
@@ -2752,9 +2491,9 @@ config detection: search-method {$snort_performance} max_queue_events 5
config event_queue: max_queue 8 log 3 order_events content_length
#Configure dynamic loaded libraries
-dynamicpreprocessor directory /usr/local/lib/snort/dynamicpreprocessor/
+dynamicpreprocessor directory /usr/local/lib/snort/dynamicpreprocessor
dynamicengine /usr/local/lib/snort/dynamicengine/libsf_engine.so
-dynamicdetection directory /usr/local/lib/snort/dynamicrules/
+dynamicdetection directory /usr/local/lib/snort/dynamicrules
###################
#
@@ -2850,44 +2589,47 @@ EOD;
* for example, if you are not a premium subscriber you can only download rules
* so often, etc. TO BE: Removed unneeded.
*/
-
function check_for_common_errors($filename) {
global $snort_filename, $snort_filename_md5, $console_mode;
- // ob_flush();
+ // ob_flush();
$contents = file_get_contents($filename);
- if(stristr($contents, "You don't have permission")) {
+ if (!$contents) {
if(!$console_mode) {
update_all_status("An error occured while downloading {$filename}.");
hide_progress_bar_status();
- } else {
+ } else
log_error("An error occured. Scroll down to inspect it's contents.");
- }
- if(!$console_mode) {
+
+ if (!$console_mode)
update_output_window(strip_tags("$contents"));
- } else {
+ else {
$contents = strip_tags($contents);
log_error("Error downloading snort rules: {$contents}");
echo "Error downloading snort rules: {$contents}";
}
+
scroll_down_to_bottom_of_page();
- exit;
+
+ return;
}
}
/* force browser to scroll all the way down */
function scroll_down_to_bottom_of_page() {
global $snort_filename, $console_mode;
+
ob_flush();
if(!$console_mode)
- echo "\n<script type=\"text/javascript\">parent.scrollTo(0,1500);\n</script>";
+ echo "\n<script type=\"text/javascript\">parent.scrollTo(0,1500);\n</script>";
}
/* ensure downloaded file looks sane */
function verify_downloaded_file($filename) {
global $snort_filename, $snort_filename_md5, $console_mode;
+
ob_flush();
- if(filesize($filename)<9500) {
+ if (filesize($filename) < 9500) {
if(!$console_mode) {
update_all_status("Checking {$filename}...");
check_for_common_errors($filename);
@@ -2902,7 +2644,7 @@ function verify_downloaded_file($filename) {
log_error("Could not fetch snort rules ({$filename}). Check oinkid key and dns and try again.");
echo "Could not fetch snort rules ({$filename}). Check oinkid key and dns and try again.";
}
- exit;
+ return;
}
update_all_status("Verified {$filename}.");
}
@@ -2910,13 +2652,15 @@ function verify_downloaded_file($filename) {
/* extract rules */
function extract_snort_rules_md5($tmpfname) {
global $snort_filename, $snort_filename_md5, $console_mode;
+
ob_flush();
if(!$console_mode) {
$static_output = gettext("Extracting snort rules...");
update_all_status($static_output);
}
if(!is_dir("/usr/local/etc/snort/rules/"))
- mkdir("/usr/local/etc/snort/rules/");
+ @mkdir("/usr/local/etc/snort/rules/");
+
$cmd = "/usr/bin/tar xzf {$tmpfname}/{$snort_filename} -C /usr/local/etc/snort/ rules/";
$handle = popen("{$cmd} 2>&1", 'r');
while(!feof($handle)) {
@@ -2937,6 +2681,7 @@ function extract_snort_rules_md5($tmpfname) {
/* verify MD5 against downloaded item */
function verify_snort_rules_md5($tmpfname) {
global $snort_filename, $snort_filename_md5, $console_mode;
+
ob_flush();
if(!$console_mode) {
$static_output = gettext("Verifying md5 signature...");
@@ -2955,29 +2700,32 @@ function verify_snort_rules_md5($tmpfname) {
log_error("snort rules: md5 signature of rules mismatch.");
echo "snort rules: md5 signature of rules mismatch.";
}
- exit;
+ return;
}
}
/* hide progress bar */
function hide_progress_bar_status() {
global $snort_filename, $snort_filename_md5, $console_mode;
+
ob_flush();
if(!$console_mode)
- echo "\n<script type=\"text/javascript\">document.progressbar.style.visibility='hidden';\n</script>";
+ echo "\n<script type=\"text/javascript\">document.progressbar.style.visibility='hidden';\n</script>";
}
/* unhide progress bar */
function unhide_progress_bar_status() {
global $snort_filename, $snort_filename_md5, $console_mode;
+
ob_flush();
if(!$console_mode)
- echo "\n<script type=\"text/javascript\">document.progressbar.style.visibility='visible';\n</script>";
+ echo "\n<script type=\"text/javascript\">document.progressbar.style.visibility='visible';\n</script>";
}
/* update both top and bottom text box during an operation */
function update_all_status($status) {
global $snort_filename, $snort_filename_md5, $console_mode;
+
ob_flush();
if(!$console_mode) {
update_status($status);
@@ -2988,22 +2736,25 @@ function update_all_status($status) {
/* obtain alert description for an ip address */
function get_snort_alert($ip) {
global $snort_alert_file_split, $snort_config;
+
if(!file_exists("/var/log/snort/alert"))
- return;
+ return;
if(!$snort_config)
- $snort_config = read_snort_config_cache();
+ $snort_config = read_snort_config_cache();
if($snort_config[$ip])
- return $snort_config[$ip];
+ return $snort_config[$ip];
if(!$snort_alert_file_split)
- $snort_alert_file_split = split("\n", file_get_contents("/var/log/snort/alert"));
+ $snort_alert_file_split = split("\n", file_get_contents("/var/log/snort/alert"));
+
foreach($snort_alert_file_split as $fileline) {
if (preg_match("/\[\*\*\] (\[.*\]) (.*) (\[\*\*\])/", $fileline, $matches))
- $alert_title = $matches[2];
+ $alert_title = $matches[2];
if (preg_match("/(\b(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\b)/", $fileline, $matches))
- $alert_ip = $matches[$id];
+ $alert_ip = $matches[$id];
if($alert_ip == $ip) {
if(!$snort_config[$ip])
- $snort_config[$ip] = $alert_title;
+ $snort_config[$ip] = $alert_title;
+
return $alert_title;
}
}
@@ -3012,10 +2763,12 @@ function get_snort_alert($ip) {
function make_clickable($buffer) {
global $config, $g;
+
/* if clickable urls is disabled, simply return buffer back to caller */
$clickablalerteurls = $config['installedpackages']['snort']['config'][$id]['oinkmastercode'];
if(!$clickablalerteurls)
- return $buffer;
+ return $buffer;
+
$buffer = eregi_replace("(^|[ \n\r\t])((http(s?)://)(www\.)?([a-z0-9_-]+(\.[a-z0-9_-]+)+)(/[^/ \n\r]*)*)","\\1<a href=\"\\2\" target=\"_blank\">\\2</a>", $buffer);
$buffer = eregi_replace("(^|[ \n\r\t])((ftp://)(www\.)?([a-z0-9_-]+(\.[a-z0-9_-]+)+)(/[^/ \n\r]*)*)","\\1<a href=\"\\2\" target=\"_blank\">\\2</a>", $buffer);
$buffer = eregi_replace("([a-z_-][a-z0-9\._-]*@[a-z0-9_-]+(\.[a-z0-9_-]+)+)","<a href=\"mailto:\\1\">\\1</a>", $buffer);
@@ -3027,18 +2780,19 @@ function make_clickable($buffer) {
function read_snort_config_cache() {
global $g, $config, $snort_config;
+
if($snort_config)
- return $snort_config;
- if(file_exists($g['tmp_path'] . '/snort_config.cache')) {
- $snort_config = unserialize(file_get_contents($g['tmp_path'] . '/snort_config.cache'));
return $snort_config;
- }
- return;
+
+ if(file_exists($g['tmp_path'] . '/snort_config.cache'))
+ $snort_config = unserialize(file_get_contents($g['tmp_path'] . '/snort_config.cache'));
+
+ return $snort_config;
}
function write_snort_config_cache($snort_config) {
global $g, $config;
- conf_mount_rw();
+
$configcache = fopen($g['tmp_path'] . '/snort_config.cache', "w");
if(!$configcache) {
log_error("Could not open {$g['tmp_path']}/snort_config.cache for writing.");
@@ -3046,17 +2800,19 @@ function write_snort_config_cache($snort_config) {
}
fwrite($configcache, serialize($snort_config));
fclose($configcache);
- conf_mount_ro();
+
return true;
}
function snort_advanced() {
global $g, $config;
+
sync_package_snort();
}
function snort_define_servers() {
global $g, $config;
+
sync_package_snort();
}
diff --git a/config/snort/snort_alerts.php b/config/snort/snort_alerts.php
index 7d7d0323..f89d99ef 100644
--- a/config/snort/snort_alerts.php
+++ b/config/snort/snort_alerts.php
@@ -45,19 +45,18 @@ $snort_load_mootools = 'yes';
$snortalertlogt = $config['installedpackages']['snortglobal']['snortalertlogtype'];
$snort_logfile = '/var/log/snort/alert';
-$pconfig['arefresh'] = $config['installedpackages']['snortglobal']['alertsblocks']['arefresh'];
-$pconfig['alertnumber'] = $config['installedpackages']['snortglobal']['alertsblocks']['alertnumber'];
-
-if ($pconfig['alertnumber'] == '' || $pconfig['alertnumber'] == '0')
-{
- $anentries = '250';
-}else{
+if (is_array($config['installedpackages']['snortglobal']['alertsblocks'])) {
+ $pconfig['arefresh'] = $config['installedpackages']['snortglobal']['alertsblocks']['arefresh'];
+ $pconfig['alertnumber'] = $config['installedpackages']['snortglobal']['alertsblocks']['alertnumber'];
$anentries = $pconfig['alertnumber'];
+} else {
+ $anentries = '250';
+ $pconfig['alertnumber'] = '250';
+ $pconfig['arefresh'] = 'off';
}
if ($_POST['save'])
{
-
//unset($input_errors);
//$pconfig = $_POST;
@@ -72,19 +71,15 @@ if ($_POST['save'])
}
/* no errors */
- if (!$input_errors)
- {
-
- $config['installedpackages']['snortglobal']['alertsblocks']['arefresh'] = $_POST['arefresh'] ? on : off;
+ if (!$input_errors) {
+ if (!is_array($config['installedpackages']['snortglobal']['alertsblocks']))
+ $config['installedpackages']['snortglobal']['alertsblocks'] = array();
+ $config['installedpackages']['snortglobal']['alertsblocks']['arefresh'] = $_POST['arefresh'] ? 'on' : 'off';
$config['installedpackages']['snortglobal']['alertsblocks']['alertnumber'] = $_POST['alertnumber'];
- conf_mount_rw();
write_config();
- //conf_mount_ro();
- sleep(2);
-
- header("Location: /snort/snort_alerts.php");
+ header("Location: /snort/snort_alerts.php");
}
}
@@ -112,8 +107,7 @@ if ($_POST['download'])
$file_name = "snort_logs_{$save_date}.tar.gz";
exec("/usr/bin/tar cfz /tmp/snort_logs_{$save_date}.tar.gz /var/log/snort");
- if(file_exists("/tmp/snort_logs_{$save_date}.tar.gz"))
- {
+ if (file_exists("/tmp/snort_logs_{$save_date}.tar.gz")) {
$file = "/tmp/snort_logs_{$save_date}.tar.gz";
header("Expires: Mon, 26 Jul 1997 05:00:00 GMT\n");
header("Pragma: private"); // needed for IE
@@ -125,86 +119,65 @@ if ($_POST['download'])
readfile("$file");
exec("/bin/rm /tmp/snort_logs_{$save_date}.tar.gz");
od_end_clean(); //importanr or other post will fail
- }else{
+ } else
echo 'Error no saved file.';
- }
-
}
/* WARNING: took me forever to figure reg expression, dont lose */
// $fileline = '12/09-18:12:02.086733 [**] [122:6:0] (portscan) TCP Filtered Decoy Portscan [**] [Priority: 3] {PROTO:255} 125.135.214.166 -> 70.61.243.50';
-
function get_snort_alert_date($fileline)
{
/* date full date \d+\/\d+-\d+:\d+:\d+\.\d+\s */
if (preg_match("/\d+\/\d+-\d+:\d+:\d\d/", $fileline, $matches1))
- {
$alert_date = "$matches1[0]";
- }
return $alert_date;
-
}
function get_snort_alert_disc($fileline)
{
/* disc */
if (preg_match("/\[\*\*\] (\[.*\]) (.*) (\[\*\*\])/", $fileline, $matches))
- {
$alert_disc = "$matches[2]";
- }
return $alert_disc;
-
}
function get_snort_alert_class($fileline)
{
/* class */
if (preg_match('/\[Classification:\s.+[^\d]\]/', $fileline, $matches2))
- {
$alert_class = "$matches2[0]";
- }
return $alert_class;
-
}
function get_snort_alert_priority($fileline)
{
/* Priority */
if (preg_match('/Priority:\s\d/', $fileline, $matches3))
- {
$alert_priority = "$matches3[0]";
- }
return $alert_priority;
-
}
function get_snort_alert_proto($fileline)
{
/* Priority */
if (preg_match('/\{.+\}/', $fileline, $matches3))
- {
$alert_proto = "$matches3[0]";
- }
return $alert_proto;
-
}
function get_snort_alert_proto_full($fileline)
{
/* Protocal full */
if (preg_match('/.+\sTTL/', $fileline, $matches2))
- {
$alert_proto_full = "$matches2[0]";
- }
return $alert_proto_full;
-
}
function get_snort_alert_ip_src($fileline)
@@ -214,36 +187,27 @@ function get_snort_alert_ip_src($fileline)
$re2='((?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?))(?![\\d])'; # IPv4 IP Address 1
if ($c=preg_match_all ("/".$re1.$re2."/is", $fileline, $matches4))
- {
$alert_ip_src = $matches4[1][0];
- }
return $alert_ip_src;
-
}
function get_snort_alert_src_p($fileline)
{
/* source port */
if (preg_match('/:\d+\s-/', $fileline, $matches5))
- {
$alert_src_p = "$matches5[0]";
- }
return $alert_src_p;
-
}
function get_snort_alert_flow($fileline)
{
/* source port */
if (preg_match('/(->|<-)/', $fileline, $matches5))
- {
$alert_flow = "$matches5[0]";
- }
return $alert_flow;
-
}
function get_snort_alert_ip_dst($fileline)
@@ -255,52 +219,38 @@ function get_snort_alert_ip_dst($fileline)
$re4dp='((?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?))(?![\\d])'; # IPv4 IP Address 1
if ($c=preg_match_all ("/".$re1dp.$re2dp.$re3dp.$re4dp."/is", $fileline, $matches6))
- {
$alert_ip_dst = $matches6[1][0];
- }
return $alert_ip_dst;
-
}
function get_snort_alert_dst_p($fileline)
{
/* dst port */
if (preg_match('/:\d+$/', $fileline, $matches7))
- {
$alert_dst_p = "$matches7[0]";
- }
return $alert_dst_p;
-
}
function get_snort_alert_dst_p_full($fileline)
{
/* dst port full */
if (preg_match('/:\d+\n[A-Z]+\sTTL/', $fileline, $matches7))
- {
$alert_dst_p = "$matches7[0]";
- }
return $alert_dst_p;
-
}
function get_snort_alert_sid($fileline)
{
/* SID */
if (preg_match('/\[\d+:\d+:\d+\]/', $fileline, $matches8))
- {
$alert_sid = "$matches8[0]";
- }
return $alert_sid;
-
}
-//
-
$pgtitle = "Services: Snort: Snort Alerts";
include("/usr/local/pkg/snort/snort_head.inc");
@@ -324,10 +274,8 @@ include("fbegin.inc");
echo $snort_general_css;
/* refresh every 60 secs */
-if ($pconfig['arefresh'] == 'on' || $pconfig['arefresh'] == '')
-{
+if ($pconfig['arefresh'] == 'on')
echo "<meta http-equiv=\"refresh\" content=\"60;url=/snort/snort_alerts.php\" />\n";
-}
?>
<!-- hack to fix the hardcoed fbegin link in header -->
@@ -439,26 +387,19 @@ if ($pconfig['arefresh'] == 'on' || $pconfig['arefresh'] == '')
/* make sure alert file exists */
if(!file_exists('/var/log/snort/alert'))
- {
- conf_mount_rw();
exec('/usr/bin/touch /var/log/snort/alert');
- conf_mount_ro();
- }
$logent = $anentries;
/* detect the alert file type */
if ($snortalertlogt == 'full')
- {
$alerts_array = array_reverse(array_filter(explode("\n\n", file_get_contents('/var/log/snort/alert'))));
- }else{
+ else
$alerts_array = array_reverse(array_filter(split("\n", file_get_contents('/var/log/snort/alert'))));
- }
- if (is_array($alerts_array))
- {
+ if (is_array($alerts_array)) {
$counter = 0;
foreach($alerts_array as $fileline)
diff --git a/config/snort/snort_barnyard.php b/config/snort/snort_barnyard.php
index 734c124f..17c49689 100644
--- a/config/snort/snort_barnyard.php
+++ b/config/snort/snort_barnyard.php
@@ -44,15 +44,15 @@ require_once("/usr/local/pkg/snort/snort.inc");
global $g;
-if (!is_array($config['installedpackages']['snortglobal']['rule'])) {
+if (!is_array($config['installedpackages']['snortglobal']['rule']))
$config['installedpackages']['snortglobal']['rule'] = array();
-}
+
//nat_rules_sort();
$a_nat = &$config['installedpackages']['snortglobal']['rule'];
$id = $_GET['id'];
if (isset($_POST['id']))
-$id = $_POST['id'];
+ $id = $_POST['id'];
if (isset($_GET['dup'])) {
$id = $_GET['dup'];
@@ -130,136 +130,136 @@ if (isset($id) && $a_nat[$id]) {
if (!$pconfig['interface'])
+ $pconfig['interface'] = "wan";
+} else
$pconfig['interface'] = "wan";
-} else {
- $pconfig['interface'] = "wan";
-}
if (isset($_GET['dup']))
-unset($id);
+ unset($id);
$if_real = convert_friendly_interface_to_real_interface_name2($pconfig['interface']);
-$snort_uuid = $config['installedpackages']['snortglobal']['rule'][$id]['uuid'];
-
+if (!empty($config['installedpackages']['snortglobal']['rule'][$id]))
+ $snort_uuid = $config['installedpackages']['snortglobal']['rule'][$id]['uuid'];
/* alert file */
$d_snortconfdirty_path = "/var/run/snort_conf_{$snort_uuid}_{$if_real}.dirty";
/* this will exec when alert says apply */
if ($_POST['apply']) {
-
if (file_exists($d_snortconfdirty_path)) {
-
write_config();
-
- sync_snort_package_all($id, $if_real, $snort_uuid);
sync_snort_package();
-
unlink($d_snortconfdirty_path);
-
}
-
}
if ($_POST["Submit"]) {
- /* check for overlaps */
+ /* XXX: Mising error reporting?!
+ * check for overlaps
foreach ($a_nat as $natent) {
if (isset($id) && ($a_nat[$id]) && ($a_nat[$id] === $natent))
- continue;
+ continue;
if ($natent['interface'] != $_POST['interface'])
- continue;
+ continue;
}
+ */
/* if no errors write to conf */
if (!$input_errors) {
$natent = array();
/* repost the options already in conf */
-
- if ($pconfig['interface'] != "") { $natent['interface'] = $pconfig['interface']; }
- if ($pconfig['enable'] != "") { $natent['enable'] = $pconfig['enable']; }
- if ($pconfig['uuid'] != "") { $natent['uuid'] = $pconfig['uuid']; }
- if ($pconfig['descr'] != "") { $natent['descr'] = $pconfig['descr']; }
- if ($pconfig['performance'] != "") { $natent['performance'] = $pconfig['performance']; }
- if ($pconfig['blockoffenders7'] != "") { $natent['blockoffenders7'] = $pconfig['blockoffenders7']; }
- if ($pconfig['alertsystemlog'] != "") { $natent['alertsystemlog'] = $pconfig['alertsystemlog']; }
- if ($pconfig['tcpdumplog'] != "") { $natent['tcpdumplog'] = $pconfig['tcpdumplog']; }
- if ($pconfig['snortunifiedlog'] != "") { $natent['snortunifiedlog'] = $pconfig['snortunifiedlog']; }
- if ($pconfig['def_ssl_ports_ignore'] != "") { $natent['def_ssl_ports_ignore'] = $pconfig['def_ssl_ports_ignore']; }
- if ($pconfig['flow_depth'] != "") { $natent['flow_depth'] = $pconfig['flow_depth']; }
- if ($pconfig['max_queued_bytes'] != "") { $natent['max_queued_bytes'] = $pconfig['max_queued_bytes']; }
- if ($pconfig['max_queued_segs'] != "") { $natent['max_queued_segs'] = $pconfig['max_queued_segs']; }
- if ($pconfig['perform_stat'] != "") { $natent['perform_stat'] = $pconfig['perform_stat']; }
- if ($pconfig['http_inspect'] != "") { $natent['http_inspect'] = $pconfig['http_inspect']; }
- if ($pconfig['other_preprocs'] != "") { $natent['other_preprocs'] = $pconfig['other_preprocs']; }
- if ($pconfig['ftp_preprocessor'] != "") { $natent['ftp_preprocessor'] = $pconfig['ftp_preprocessor']; }
- if ($pconfig['smtp_preprocessor'] != "") { $natent['smtp_preprocessor'] = $pconfig['smtp_preprocessor']; }
- if ($pconfig['sf_portscan'] != "") { $natent['sf_portscan'] = $pconfig['sf_portscan']; }
- if ($pconfig['dce_rpc_2'] != "") { $natent['dce_rpc_2'] = $pconfig['dce_rpc_2']; }
- if ($pconfig['dns_preprocessor'] != "") { $natent['dns_preprocessor'] = $pconfig['dns_preprocessor']; }
- if ($pconfig['def_dns_servers'] != "") { $natent['def_dns_servers'] = $pconfig['def_dns_servers']; }
- if ($pconfig['def_dns_ports'] != "") { $natent['def_dns_ports'] = $pconfig['def_dns_ports']; }
- if ($pconfig['def_smtp_servers'] != "") { $natent['def_smtp_servers'] = $pconfig['def_smtp_servers']; }
- if ($pconfig['def_smtp_ports'] != "") { $natent['def_smtp_ports'] = $pconfig['def_smtp_ports']; }
- if ($pconfig['def_mail_ports'] != "") { $natent['def_mail_ports'] = $pconfig['def_mail_ports']; }
- if ($pconfig['def_http_servers'] != "") { $natent['def_http_servers'] = $pconfig['def_http_servers']; }
- if ($pconfig['def_www_servers'] != "") { $natent['def_www_servers'] = $pconfig['def_www_servers']; }
- if ($pconfig['def_http_ports'] != "") { $natent['def_http_ports'] = $pconfig['def_http_ports']; }
- if ($pconfig['def_sql_servers'] != "") { $natent['def_sql_servers'] = $pconfig['def_sql_servers']; }
- if ($pconfig['def_oracle_ports'] != "") { $natent['def_oracle_ports'] = $pconfig['def_oracle_ports']; }
- if ($pconfig['def_mssql_ports'] != "") { $natent['def_mssql_ports'] = $pconfig['def_mssql_ports']; }
- if ($pconfig['def_telnet_servers'] != "") { $natent['def_telnet_servers'] = $pconfig['def_telnet_servers']; }
- if ($pconfig['def_telnet_ports'] != "") { $natent['def_telnet_ports'] = $pconfig['def_telnet_ports']; }
- if ($pconfig['def_snmp_servers'] != "") { $natent['def_snmp_servers'] = $pconfig['def_snmp_servers']; }
- if ($pconfig['def_snmp_ports'] != "") { $natent['def_snmp_ports'] = $pconfig['def_snmp_ports']; }
- if ($pconfig['def_ftp_servers'] != "") { $natent['def_ftp_servers'] = $pconfig['def_ftp_servers']; }
- if ($pconfig['def_ftp_ports'] != "") { $natent['def_ftp_ports'] = $pconfig['def_ftp_ports']; }
- if ($pconfig['def_ssh_servers'] != "") { $natent['def_ssh_servers'] = $pconfig['def_ssh_servers']; }
- if ($pconfig['def_ssh_ports'] != "") { $natent['def_ssh_ports'] = $pconfig['def_ssh_ports']; }
- if ($pconfig['def_pop_servers'] != "") { $natent['def_pop_servers'] = $pconfig['def_pop_servers']; }
- if ($pconfig['def_pop2_ports'] != "") { $natent['def_pop2_ports'] = $pconfig['def_pop2_ports']; }
- if ($pconfig['def_pop3_ports'] != "") { $natent['def_pop3_ports'] = $pconfig['def_pop3_ports']; }
- if ($pconfig['def_imap_servers'] != "") { $natent['def_imap_servers'] = $pconfig['def_imap_servers']; }
- if ($pconfig['def_imap_ports'] != "") { $natent['def_imap_ports'] = $pconfig['def_imap_ports']; }
- if ($pconfig['def_sip_proxy_ip'] != "") { $natent['def_sip_proxy_ip'] = $pconfig['def_sip_proxy_ip']; }
- if ($pconfig['def_sip_proxy_ports'] != "") { $natent['def_sip_proxy_ports'] = $pconfig['def_sip_proxy_ports']; }
- if ($pconfig['def_auth_ports'] != "") { $natent['def_auth_ports'] = $pconfig['def_auth_ports']; }
- if ($pconfig['def_finger_ports'] != "") { $natent['def_finger_ports'] = $pconfig['def_finger_ports']; }
- if ($pconfig['def_irc_ports'] != "") { $natent['def_irc_ports'] = $pconfig['def_irc_ports']; }
- if ($pconfig['def_nntp_ports'] != "") { $natent['def_nntp_ports'] = $pconfig['def_nntp_ports']; }
- if ($pconfig['def_rlogin_ports'] != "") { $natent['def_rlogin_ports'] = $pconfig['def_rlogin_ports']; }
- if ($pconfig['def_rsh_ports'] != "") { $natent['def_rsh_ports'] = $pconfig['def_rsh_ports']; }
- if ($pconfig['def_ssl_ports'] != "") { $natent['def_ssl_ports'] = $pconfig['def_ssl_ports']; }
- if ($pconfig['snortunifiedlog'] != "") { $natent['snortunifiedlog'] = $pconfig['snortunifiedlog']; }
- if ($pconfig['configpassthru'] != "") { $natent['configpassthru'] = $pconfig['configpassthru']; }
- if ($pconfig['rulesets'] != "") { $natent['rulesets'] = $pconfig['rulesets']; }
- if ($pconfig['rule_sid_off'] != "") { $natent['rule_sid_off'] = $pconfig['rule_sid_off']; }
- if ($pconfig['rule_sid_on'] != "") { $natent['rule_sid_on'] = $pconfig['rule_sid_on']; }
- if ($pconfig['whitelistname'] != "") { $natent['whitelistname'] = $pconfig['whitelistname']; }
- if ($pconfig['homelistname'] != "") { $natent['homelistname'] = $pconfig['homelistname']; }
- if ($pconfig['externallistname'] != "") { $natent['externallistname'] = $pconfig['externallistname']; }
- if ($pconfig['suppresslistname'] != "") { $natent['suppresslistname'] = $pconfig['suppresslistname']; }
+ $natent = $pconfig;
/* post new options */
- $natent['barnyard_enable'] = $_POST['barnyard_enable'] ? on : off;
+ if ($_POST['interface'] != "") { $natent['interface'] = $_POST['interface']; } else unset($natent['interface']);
+ if ($_POST['enable'] != "") { $natent['enable'] = $_POST['enable']; } else unset($natent['enable']);
+ if ($_POST['uuid'] != "") { $natent['uuid'] = $_POST['uuid']; } else unset($natent['uuid']);
+ if ($_POST['descr'] != "") { $natent['descr'] = $_POST['descr']; } else unset($natent['descr']);
+ if ($_POST['performance'] != "") { $natent['performance'] = $_POST['performance']; } else unset($natent['descr']);
+ if ($_POST['blockoffenders7'] != "") { $natent['blockoffenders7'] = $_POST['blockoffenders7']; } else unset($natent['blockoffenders7']);
+ if ($_POST['alertsystemlog'] != "") { $natent['alertsystemlog'] = $_POST['alertsystemlog']; } else unset($natent['alertsystemlog']);
+ if ($_POST['tcpdumplog'] != "") { $natent['tcpdumplog'] = $_POST['tcpdumplog']; } else unset($natent['tcpdumplog']);
+ if ($_POST['snortunifiedlog'] != "") { $natent['snortunifiedlog'] = $_POST['snortunifiedlog']; } else unset($natent['snortunifiedlog']);
+ if ($_POST['def_ssl_ports_ignore'] != "") { $natent['def_ssl_ports_ignore'] = $_POST['def_ssl_ports_ignore']; } else unset($natent['def_ssl_ports_ignore']);
+ if ($_POST['flow_depth'] != "") { $natent['flow_depth'] = $_POST['flow_depth']; } else unset($natent['flow_depth']);
+ if ($_POST['max_queued_bytes'] != "") { $natent['max_queued_bytes'] = $_POST['max_queued_bytes']; } else unset($natent['max_queued_bytes']);
+ if ($_POST['max_queued_segs'] != "") { $natent['max_queued_segs'] = $_POST['max_queued_segs']; } else unset($natent['max_queued_segs']);
+ if ($_POST['perform_stat'] != "") { $natent['perform_stat'] = $_POST['perform_stat']; } else unset($natent['perform_stat']);
+ if ($_POST['http_inspect'] != "") { $natent['http_inspect'] = $_POST['http_inspect']; } else unset($natent['http_inspect']);
+ if ($_POST['other_preprocs'] != "") { $natent['other_preprocs'] = $_POST['other_preprocs']; } else unset($natent['other_preprocs']);
+ if ($_POST['ftp_preprocessor'] != "") { $natent['ftp_preprocessor'] = $_POST['ftp_preprocessor']; } else unset($natent['ftp_preprocessor']);
+ if ($_POST['smtp_preprocessor'] != "") { $natent['smtp_preprocessor'] = $_POST['smtp_preprocessor']; } else unset($natent['smtp_preprocessor']);
+ if ($_POST['sf_portscan'] != "") { $natent['sf_portscan'] = $_POST['sf_portscan']; } else unset($natent['sf_portscan']);
+ if ($_POST['dce_rpc_2'] != "") { $natent['dce_rpc_2'] = $_POST['dce_rpc_2']; } else unset($natent['dce_rpc_2']);
+ if ($_POST['dns_preprocessor'] != "") { $natent['dns_preprocessor'] = $_POST['dns_preprocessor']; } else unset($natent['dns_preprocessor']);
+ if ($_POST['def_dns_servers'] != "") { $natent['def_dns_servers'] = $_POST['def_dns_servers']; } else unset($natent['def_dns_servers']);
+ if ($_POST['def_dns_ports'] != "") { $natent['def_dns_ports'] = $_POST['def_dns_ports']; } else unset($natent['def_dns_ports']);
+ if ($_POST['def_smtp_servers'] != "") { $natent['def_smtp_servers'] = $_POST['def_smtp_servers']; } else unset($natent['def_smtp_servers']);
+ if ($_POST['def_smtp_ports'] != "") { $natent['def_smtp_ports'] = $_POST['def_smtp_ports']; } else unset($natent['def_mail_ports']);
+ if ($_POST['def_mail_ports'] != "") { $natent['def_mail_ports'] = $_POST['def_mail_ports']; } else unset($natent['def_mail_ports']);
+ if ($_POST['def_http_servers'] != "") { $natent['def_http_servers'] = $_POST['def_http_servers']; } else unset($natent['def_http_servers']);
+ if ($_POST['def_www_servers'] != "") { $natent['def_www_servers'] = $_POST['def_www_servers']; } else unset($natent['def_www_servers']);
+ if ($_POST['def_http_ports'] != "") { $natent['def_http_ports'] = $_POST['def_http_ports']; } else unset($natent['def_http_ports']);
+ if ($_POST['def_sql_servers'] != "") { $natent['def_sql_servers'] = $_POST['def_sql_servers']; } else unset($natent['def_sql_servers']);
+ if ($_POST['def_oracle_ports'] != "") { $natent['def_oracle_ports'] = $_POST['def_oracle_ports']; } else unset($natent['def_oracle_ports']);
+ if ($_POST['def_mssql_ports'] != "") { $natent['def_mssql_ports'] = $_POST['def_mssql_ports']; } else unset($natent['def_mssql_ports']);
+ if ($_POST['def_telnet_servers'] != "") { $natent['def_telnet_servers'] = $_POST['def_telnet_servers']; } else unset($natent['def_telnet_ports']);
+ if ($_POST['def_telnet_ports'] != "") { $natent['def_telnet_ports'] = $_POST['def_telnet_ports']; } else unset($natent['def_telnet_ports']);
+ if ($_POST['def_snmp_servers'] != "") { $natent['def_snmp_servers'] = $_POST['def_snmp_servers']; } else unset($natent['def_snmp_servers']);
+ if ($_POST['def_snmp_ports'] != "") { $natent['def_snmp_ports'] = $_POST['def_snmp_ports']; } else unset($natent['def_snmp_ports']);
+ if ($_POST['def_ftp_servers'] != "") { $natent['def_ftp_servers'] = $_POST['def_ftp_servers']; } else unset($natent['def_ftp_servers']);
+ if ($_POST['def_ftp_ports'] != "") { $natent['def_ftp_ports'] = $_POST['def_ftp_ports']; } else unset($natent['def_ftp_ports']);
+ if ($_POST['def_ssh_servers'] != "") { $natent['def_ssh_servers'] = $_POST['def_ssh_servers']; } else unset($natent['def_ssh_servers']);
+ if ($_POST['def_ssh_ports'] != "") { $natent['def_ssh_ports'] = $_POST['def_ssh_ports']; } else unset($natent['def_ssh_ports']);
+ if ($_POST['def_pop_servers'] != "") { $natent['def_pop_servers'] = $_POST['def_pop_servers']; } else unset($natent['def_pop_servers']);
+ if ($_POST['def_pop2_ports'] != "") { $natent['def_pop2_ports'] = $_POST['def_pop2_ports']; } else unset($natent['def_pop2_ports']);
+ if ($_POST['def_pop3_ports'] != "") { $natent['def_pop3_ports'] = $_POST['def_pop3_ports']; } else unset($natent['def_pop3_ports']);
+ if ($_POST['def_imap_servers'] != "") { $natent['def_imap_servers'] = $_POST['def_imap_servers']; } else unset($natent['def_imap_servers']);
+ if ($_POST['def_imap_ports'] != "") { $natent['def_imap_ports'] = $_POST['def_imap_ports']; } else unset($natent['def_imap_ports']);
+ if ($_POST['def_sip_proxy_ip'] != "") { $natent['def_sip_proxy_ip'] = $_POST['def_sip_proxy_ip']; } else unset($natent['def_sip_proxy_ip']);
+ if ($_POST['def_sip_proxy_ports'] != "") { $natent['def_sip_proxy_ports'] = $_POST['def_sip_proxy_ports']; } else unset($natent['def_sip_proxy_ports']);
+ if ($_POST['def_auth_ports'] != "") { $natent['def_auth_ports'] = $_POST['def_auth_ports']; } else unset($natent['def_auth_ports']);
+ if ($_POST['def_finger_ports'] != "") { $natent['def_finger_ports'] = $_POST['def_finger_ports']; } else unset($natent['def_finger_ports']);
+ if ($_POST['def_irc_ports'] != "") { $natent['def_irc_ports'] = $_POST['def_irc_ports']; } else unset($natent['def_irc_ports']);
+ if ($_POST['def_nntp_ports'] != "") { $natent['def_nntp_ports'] = $_POST['def_nntp_ports']; } else unset($natent['def_nntp_ports']);
+ if ($_POST['def_rlogin_ports'] != "") { $natent['def_rlogin_ports'] = $_POST['def_rlogin_ports']; } else unset($natent['def_rlogin_ports']);
+ if ($_POST['def_rsh_ports'] != "") { $natent['def_rsh_ports'] = $_POST['def_rsh_ports']; } else unset($natent['def_rsh_ports']);
+ if ($_POST['def_ssl_ports'] != "") { $natent['def_ssl_ports'] = $_POST['def_ssl_ports']; } else unset($natent['def_ssl_ports']);
+ if ($_POST['snortunifiedlog'] != "") { $natent['snortunifiedlog'] = $_POST['snortunifiedlog']; } else unset($natent['snortunifiedlog']);
+ if ($_POST['configpassthru'] != "") { $natent['configpassthru'] = $_POST['configpassthru']; } else unset($natent['configpassthru']);
+ if ($_POST['rulesets'] != "") { $natent['rulesets'] = $_POST['rulesets']; } else unset($natent['rulesets']);
+ if ($_POST['rule_sid_off'] != "") { $natent['rule_sid_off'] = $_POST['rule_sid_off']; } else unset($natent['rule_sid_off']);
+ if ($_POST['rule_sid_on'] != "") { $natent['rule_sid_on'] = $_POST['rule_sid_on']; } else unset($natent['rule_sid_on']);
+ if ($_POST['whitelistname'] != "") { $natent['whitelistname'] = $_POST['whitelistname']; } else unset($natent['whitelistname']);
+ if ($_POST['homelistname'] != "") { $natent['homelistname'] = $_POST['homelistname']; } else unset($natent['homelistname']);
+ if ($_POST['externallistname'] != "") { $natent['externallistname'] = $_POST['externallistname']; } else unset($natent['externallistname']);
+ if ($_POST['suppresslistname'] != "") { $natent['suppresslistname'] = $_POST['suppresslistname']; } else unset($natent['suppresslistname']);
+ $natent['barnyard_enable'] = $_POST['barnyard_enable'] ? 'on' : 'off';
$natent['barnyard_mysql'] = $_POST['barnyard_mysql'] ? $_POST['barnyard_mysql'] : $pconfig['barnyard_mysql'];
- $natent['barnconfigpassthru'] = base64_encode($_POST['barnconfigpassthru']) ? base64_encode($_POST['barnconfigpassthru']) : $pconfig['barnconfigpassthru'];
- if ($_POST['barnyard_enable'] == "on") { $natent['snortunifiedlog'] = on; }else{ $natent['snortunifiedlog'] = off; } if ($_POST['barnyard_enable'] == "") { $natent['snortunifiedlog'] = off; }
+ $natent['barnconfigpassthru'] = $_POST['barnconfigpassthru'] ? base64_encode($_POST['barnconfigpassthru']) : $pconfig['barnconfigpassthru'];
+ if ($_POST['barnyard_enable'] == "on")
+ $natent['snortunifiedlog'] = 'on';
+ else
+ $natent['snortunifiedlog'] = 'off';
+ if (empty($_POST['barnyard_enable']))
+ $natent['snortunifiedlog'] = 'off';
if (isset($id) && $a_nat[$id])
- $a_nat[$id] = $natent;
+ $a_nat[$id] = $natent;
else {
if (is_numeric($after))
- array_splice($a_nat, $after+1, 0, array($natent));
+ array_splice($a_nat, $after+1, 0, array($natent));
else
- $a_nat[] = $natent;
+ $a_nat[] = $natent;
}
write_config();
+ sync_snort_package_all($id, $if_real, $snort_uuid);
+ touch($d_snortconfdirty_path);
/* after click go to this page */
- touch($d_snortconfdirty_path);
header( 'Expires: Sat, 26 Jul 1997 05:00:00 GMT' );
header( 'Last-Modified: ' . gmdate( 'D, d M Y H:i:s' ) . ' GMT' );
header( 'Cache-Control: no-store, no-cache, must-revalidate' );
@@ -422,12 +422,17 @@ echo "
<td width="22%" valign="top" class="vncell2">Interface</td>
<td width="78%" class="vtable"><select name="interface"
class="formfld">
- <?php
- $interfaces = array('wan' => 'WAN', 'lan' => 'LAN', 'pptp' => 'PPTP', 'pppoe' => 'PPPOE');
- for ($i = 1; isset($config['interfaces']['opt' . $i]); $i++) {
- $interfaces['opt' . $i] = $config['interfaces']['opt' . $i]['descr'];
+ <?php
+ if (function_exists('get_configured_interface_with_descr'))
+ $interfaces = get_configured_interface_with_descr();
+ else {
+ $interfaces = array('wan' => 'WAN', 'lan' => 'LAN', 'pptp' => 'PPTP', 'pppoe' => 'PPPOE');
+ for ($i = 1; isset($config['interfaces']['opt' . $i]); $i++) {
+ $interfaces['opt' . $i] = $config['interfaces']['opt' . $i]['descr'];
+ }
}
- foreach ($interfaces as $iface => $ifacename): ?>
+ foreach ($interfaces as $iface => $ifacename):
+ ?>
<option value="<?=$iface;?>"
<?php if ($iface == $pconfig['interface']) echo "selected"; ?>><?=htmlspecialchars($ifacename);?>
</option>
diff --git a/config/snort/snort_blocked.php b/config/snort/snort_blocked.php
index c4eb359c..233337a1 100644
--- a/config/snort/snort_blocked.php
+++ b/config/snort/snort_blocked.php
@@ -34,6 +34,9 @@ require_once("guiconfig.inc");
require_once("/usr/local/pkg/snort/snort_gui.inc");
require_once("/usr/local/pkg/snort/snort.inc");
+if (!is_array($config['installedpackages']['snortglobal']['alertsblocks']))
+ $config['installedpackages']['snortglobal']['alertsblocks'] = array();
+
$pconfig['brefresh'] = $config['installedpackages']['snortglobal']['alertsblocks']['brefresh'];
$pconfig['blertnumber'] = $config['installedpackages']['snortglobal']['alertsblocks']['blertnumber'];
@@ -46,17 +49,17 @@ if ($pconfig['blertnumber'] == '' || $pconfig['blertnumber'] == '0')
if($_POST['todelete'] or $_GET['todelete']) {
if($_POST['todelete'])
- $ip = $_POST['todelete'];
+ $ip = $_POST['todelete'];
if($_GET['todelete'])
- $ip = $_GET['todelete'];
+ $ip = $_GET['todelete'];
exec("/sbin/pfctl -t snort2c -T delete {$ip}");
}
if ($_POST['remove']) {
-
exec("/sbin/pfctl -t snort2c -T flush");
sleep(1);
header("Location: /snort/snort_blocked.php");
+ exit;
}
@@ -72,25 +75,16 @@ if ($_POST['download'])
$blocked_ips_array_save = str_replace(' ', '', array_filter(explode("\n", file_get_contents('/tmp/snort_block.pf'))));
- if ($blocked_ips_array_save[0] != '')
- {
-
+ if ($blocked_ips_array_save[0] != '') {
/* build the list */
- $counter = 0;
- foreach($blocked_ips_array_save as $fileline3)
- {
-
- $counter++;
-
- exec("/bin/echo $fileline3 >> /tmp/snort_blocked/snort_block.pf");
-
- }
+ file_put_contents("/tmp/snort_blocked/snort_block.pf", "");
+ foreach($blocked_ips_array_save as $counter => $fileline3)
+ file_put_contents("/tmp/snort_blocked/snort_block.pf", "{$fileline3}\n", FILE_APPEND);
}
exec("/usr/bin/tar cfz /tmp/snort_blocked_{$save_date}.tar.gz /tmp/snort_blocked");
- if(file_exists("/tmp/snort_blocked_{$save_date}.tar.gz"))
- {
+ if(file_exists("/tmp/snort_blocked_{$save_date}.tar.gz")) {
$file = "/tmp/snort_blocked_{$save_date}.tar.gz";
header("Expires: Mon, 26 Jul 1997 05:00:00 GMT\n");
header("Pragma: private"); // needed for IE
@@ -104,9 +98,8 @@ if ($_POST['download'])
exec("/bin/rm /tmp/snort_block.pf");
exec("/bin/rm /tmp/snort_blocked/snort_block.pf");
od_end_clean(); //importanr or other post will fail
- }else{
+ } else
echo 'Error no saved file.';
- }
}
@@ -123,15 +116,11 @@ if ($_POST['save'])
/* no errors */
if (!$input_errors)
{
-
$config['installedpackages']['snortglobal']['alertsblocks']['brefresh'] = $_POST['brefresh'] ? on : off;
$config['installedpackages']['snortglobal']['alertsblocks']['blertnumber'] = $_POST['blertnumber'];
- conf_mount_rw();
write_config();
- //conf_mount_ro();
- sleep(2);
-
+
header("Location: /snort/snort_blocked.php");
}
@@ -146,24 +135,18 @@ function get_snort_alert_ip_src($fileline)
$re2='((?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?))(?![\\d])'; # IPv4 IP Address 1
if ($c=preg_match_all ("/".$re1.$re2."/is", $fileline, $matches4))
- {
$alert_ip_src = $matches4[1][0];
- }
return $alert_ip_src;
-
}
function get_snort_alert_disc($fileline)
{
/* disc */
if (preg_match("/\[\*\*\] (\[.*\]) (.*) (\[\*\*\])/", $fileline, $matches))
- {
$alert_disc = "$matches[2]";
- }
return $alert_disc;
-
}
/* build sec filters */
@@ -171,24 +154,18 @@ function get_snort_block_ip($fileline)
{
/* ip */
if (preg_match("/\[\d+\.\d+\.\d+\.\d+\]/", $fileline, $matches))
- {
$alert_block_ip = "$matches[0]";
- }
return $alert_block_ip;
-
}
function get_snort_block_disc($fileline)
{
/* disc */
if (preg_match("/\]\s\[.+\]$/", $fileline, $matches))
- {
$alert_block_disc = "$matches[0]";
- }
return $alert_block_disc;
-
}
/* tell the user what settings they have */
@@ -247,10 +224,8 @@ include("fbegin.inc");
echo $snort_general_css;
/* refresh every 60 secs */
-if ($pconfig['brefresh'] == 'on' || $pconfig['brefresh'] == '')
-{
+if ($pconfig['brefresh'] == 'on')
echo "<meta http-equiv=\"refresh\" content=\"60;url=/snort/snort_blocked.php\" />\n";
-}
?>
<!-- hack to fix the hardcoed fbegin link in header -->
@@ -362,9 +337,7 @@ if ($pconfig['brefresh'] == 'on' || $pconfig['brefresh'] == '')
$alert_ip_src_array[] = get_snort_alert_ip_src($fileline);
if (in_array("$alert_ip_src", $blocked_ips_array))
- {
$input[] = "[$alert_ip_src] " . "[$alert_ip_disc]\n";
- }
}
foreach($blocked_ips_array as $alert_block_ip)
@@ -428,7 +401,7 @@ if ($pconfig['brefresh'] == 'on' || $pconfig['brefresh'] == '')
foreach($blocked_ips_array as $alert_block_ip)
{
if($logent <= $counter2)
- continue;
+ continue;
$counter2++;
@@ -447,12 +420,10 @@ if ($pconfig['brefresh'] == 'on' || $pconfig['brefresh'] == '')
echo '</table>' . "\n";
- if ($blocked_ips_array[0] == '')
- {
+ if (empty($blocked_ips_array[0]))
echo "\n<tr><td colspan='3' align=\"center\" valign=\"top\"><br><strong>There are currently no items being blocked by snort.</strong></td></tr>";
- }else{
+ else
echo "\n<tr><td colspan='3' align=\"center\" valign=\"top\">{$counter2} items listed.</td></tr>";
- }
?>
</td>
diff --git a/config/snort/snort_check_cron_misc.inc b/config/snort/snort_check_cron_misc.inc
index a20b42b4..be16c519 100644
--- a/config/snort/snort_check_cron_misc.inc
+++ b/config/snort/snort_check_cron_misc.inc
@@ -44,13 +44,11 @@ require_once("/usr/local/pkg/snort/snort.inc");
$snortloglimit = $config['installedpackages']['snortglobal']['snortloglimit'];
$snortloglimitsize = $config['installedpackages']['snortglobal']['snortloglimitsize'];
-if ($g['booting']==true) {
- exit(0);
-}
+if ($g['booting']==true)
+ return;
-if ($snortloglimit == 'off') {
- exit(0);
-}
+if ($snortloglimit == 'off')
+ return;
$snortloglimitDSKsize = exec('/bin/df -k /var | grep -v "Filesystem" | awk \'{print $4}\'');
diff --git a/config/snort/snort_check_for_rule_updates.php b/config/snort/snort_check_for_rule_updates.php
index f9975ce8..4f87f1f9 100644
--- a/config/snort/snort_check_for_rule_updates.php
+++ b/config/snort/snort_check_for_rule_updates.php
@@ -40,18 +40,20 @@ require_once("/usr/local/pkg/snort/snort.inc");
function read_header2($ch, $string) {
global $file_size, $fout;
+
$length = strlen($string);
$regs = "";
ereg("(Content-Length:) (.*)", $string, $regs);
- if($regs[2] <> "") {
+ if($regs[2] <> "")
$file_size = intval($regs[2]);
- }
+
ob_flush();
return $length;
}
function read_body2($ch, $string) {
global $fout, $file_size, $downloaded, $sendto, $static_status, $static_output, $lastseen, $pkg_interface;
+
$length = strlen($string);
$downloaded += intval($length);
$downloadProgress = round(100 * (1 - $downloaded / $file_size), 0);
@@ -77,6 +79,7 @@ function read_body2($ch, $string) {
function read_body_firmware($ch, $string) {
global $fout, $file_size, $downloaded, $counter, $version, $latest_version, $current_installed_pfsense_version;
+
$length = strlen($string);
$downloaded += intval($length);
$downloadProgress = round(100 * (1 - $downloaded / $file_size), 0);
@@ -101,6 +104,7 @@ function read_body_firmware($ch, $string) {
function download_file_with_progress_bar2($url_file, $destination_file, $readbody = 'read_body') {
global $ch, $fout, $file_size, $downloaded;
+
$file_size = 1;
$downloaded = 1;
/* open destination file */
@@ -173,13 +177,6 @@ echo "\n\n";
exec("/usr/bin/logger -p daemon.info -i -t SnortStartup 'Checking for needed updates...'");
-/* Begin main code */
-conf_mount_rw();
-
-if (!file_exists('/usr/local/etc/snort/tmp')) {
- exec('/bin/mkdir -p /usr/local/etc/snort/tmp');
-}
-
/* Set user agent to Mozilla */
ini_set('user_agent','Mozilla/4.0 (compatible; MSIE 6.0)');
ini_set("memory_limit","150M");
@@ -191,12 +188,8 @@ $config['installedpackages']['snortglobal']['last_md5_download'] = date("Y-M-jS-
ob_flush();
conf_mount_rw();
-/* send current buffer */
-ob_flush();
-conf_mount_rw();
-
/* remove old $tmpfname files */
-if (file_exists("{$tmpfname}")) {
+if (is_dir("{$tmpfname}")) {
echo 'Removing old tmp files...' . "\n";
exec("/bin/rm -r {$tmpfname}");
apc_clear_cache();
@@ -208,22 +201,17 @@ exec("/bin/mkdir -p {$snortdir}/rules");
exec("/bin/mkdir -p {$snortdir}/signatures");
exec("/bin/mkdir -p /usr/local/lib/snort/dynamicrules/");
-/* send current buffer */
-ob_flush();
-conf_mount_rw();
-
/* If tmp dir does not exist create it */
-if (file_exists($tmpfname)) {
+if (is_dir($tmpfname))
echo 'The directory tmp exists...' . "\n";
-} else {
- mkdir("{$tmpfname}", 700);
-}
+else
+ @mkdir("{$tmpfname}", 700);
/* download md5 sig from snort.org */
if ($snortdownload == 'on')
{
if (file_exists("{$tmpfname}/{$snort_filename_md5}") &&
- filesize("{$tmpfname}/{$snort_filename_md5}") > 0) {
+ filesize("{$tmpfname}/{$snort_filename_md5}") > 0) {
echo 'snort.org md5 temp file exists...' . "\n";
} else {
echo 'Downloading snort.org md5 file...' . "\n";
@@ -271,7 +259,7 @@ if ($snortdownload == 'on')
echo 'Please wait... You may only check for New Rules every 15 minutes...' . "\n";
echo 'Rules are released every month from snort.org. You may download the Rules at any time.' . "\n";
conf_mount_ro();
- exit(0);
+ return;
}
}
@@ -282,7 +270,7 @@ if (0 == filesize("{$tmpfname}/$pfsense_rules_filename_md5")){
echo 'Please wait... You may only check for New Pfsense Rules every 15 minutes...' . "\n";
echo 'Rules are released to support Pfsense packages.' . "\n";
conf_mount_ro();
- exit(0);
+ return;
}
/* Check if were up to date snort.org */
@@ -294,9 +282,6 @@ if ($snortdownload == 'on')
$md5_check_new = `/bin/echo "{$md5_check_new_parse}" | /usr/bin/awk '{ print $1 }'`;
$md5_check_old_parse = file_get_contents("{$snortdir}/{$snort_filename_md5}");
$md5_check_old = `/bin/echo "{$md5_check_old_parse}" | /usr/bin/awk '{ print $1 }'`;
- /* Write out time of last sucsessful md5 to cache */
- write_config(); // Will cause switch back to read-only on nanobsd
- conf_mount_rw();
if ($md5_check_new == $md5_check_old)
{
echo 'Your rules are up to date...' . "\n";
@@ -315,14 +300,8 @@ if ($emergingthreats == "on")
$emerg_md5_check_new = `/bin/echo "{$emerg_md5_check_new_parse}" | /usr/bin/awk '{ print $1 }'`;
$emerg_md5_check_old_parse = file_get_contents("{$snortdir}/{$emergingthreats_filename_md5}");
$emerg_md5_check_old = `/bin/echo "{$emerg_md5_check_old_parse}" | /usr/bin/awk '{ print $1 }'`;
- /* Write out time of last sucsessful md5 to cache */
- // Will cause switch back to read-only on nanobsd
- write_config();
- conf_mount_rw();
if ($emerg_md5_check_new == $emerg_md5_check_old)
- {
$emerg_md5_check_ok = on;
- }
}
}
@@ -334,13 +313,8 @@ if (file_exists("{$snortdir}/pfsense_rules.tar.gz.md5"))
$pfsense_md5_check_old_parse = file_get_contents("{$snortdir}/pfsense_rules.tar.gz.md5");
$pfsense_md5_check_old = `/bin/echo "{$pfsense_md5_check_old_parse}" | /usr/bin/awk '{ print $1 }'`;
/* Write out time of last sucsessful md5 to cache */
- // Will cause switch back to read-only on nanobsd
- write_config();
- conf_mount_rw();
if ($pfsense_md5_check_new == $pfsense_md5_check_old)
- {
$pfsense_md5_check_ok = on;
- }
}
/* Check if were up to date is so, exit */
@@ -352,7 +326,7 @@ if ($snortdownload == 'on' && $emergingthreats == 'on')
echo 'All your rules are up to date...' . "\n";
echo 'You may start Snort now...' . "\n";
conf_mount_ro();
- exit(0);
+ return;
}
}
@@ -363,7 +337,7 @@ if ($snortdownload == 'on' && $emergingthreats == 'off')
echo 'Your snort.org rules are up to date...' . "\n";
echo 'You may start Snort now...' . "\n";
conf_mount_ro();
- exit(0);
+ return;
}
}
@@ -374,7 +348,7 @@ if ($snortdownload == 'off' && $emergingthreats == 'on')
echo 'Your Emergingthreats rules are up to date...' . "\n";
echo 'You may start Snort now...' . "\n";
conf_mount_ro();
- exit(0);
+ return;
}
}
@@ -397,14 +371,13 @@ if ($snortdownload == 'on')
} else {
echo 'There is a new set of Snort.org rules posted. Downloading...' . "\n";
echo 'May take 4 to 10 min...' . "\n";
- conf_mount_rw();
download_file_with_progress_bar2("http://www.snort.org/pub-bin/oinkmaster.cgi/{$oinkid}/{$snort_filename}", $tmpfname . "/{$snort_filename}", "read_body_firmware");
echo 'Done downloading rules file.' . "\n";
if (150000 > filesize("{$tmpfname}/$snort_filename")){
echo 'Error with the snort rules download...' . "\n";
echo 'Snort rules file downloaded failed...' . "\n";
conf_mount_ro();
- exit(0);
+ return;
}
}
}
@@ -477,7 +450,7 @@ if ($snortdownload == 'on')
{
$freebsd_version_so = 'FreeBSD-7-2';
}else{
- $freebsd_version_so = 'FreeBSD-8-0';
+ $freebsd_version_so = 'FreeBSD-8-1';
}
echo 'Extracting Snort.org rules...' . "\n";
@@ -686,13 +659,11 @@ exec("/usr/local/bin/perl /usr/local/bin/create-sidmap.pl /usr/local/etc/snort/r
/* open oinkmaster_conf for writing" function */
function oinkmaster_conf($id, $if_real, $iface_uuid)
{
-
global $config, $g, $id, $if_real, $snortdir_wan, $snortdir, $snort_md5_check_ok, $emerg_md5_check_ok, $pfsense_md5_check_ok;
- conf_mount_rw();
/* enable disable setting will carry over with updates */
/* TODO carry signature changes with the updates */
- if ($snort_md5_check_ok != on || $emerg_md5_check_ok != on || $pfsense_md5_check_ok != on) {
+ if ($snort_md5_check_ok != 'on' || $emerg_md5_check_ok != 'on' || $pfsense_md5_check_ok != 'on') {
if (!empty($config['installedpackages']['snortglobal']['rule'][$id]['rule_sid_on'])) {
$enabled_sid_on = $config['installedpackages']['snortglobal']['rule'][$id]['rule_sid_on'];
@@ -744,11 +715,9 @@ EOD;
/* TODO add per interface settings here */
function oinkmaster_run($id, $if_real, $iface_uuid)
{
-
global $config, $g, $id, $if_real, $snortdir_wan, $snortdir, $snort_md5_check_ok, $emerg_md5_check_ok, $pfsense_md5_check_ok;
- conf_mount_rw();
- if ($snort_md5_check_ok != on || $emerg_md5_check_ok != on || $pfsense_md5_check_ok != on)
+ if ($snort_md5_check_ok != 'on' || $emerg_md5_check_ok != 'on' || $pfsense_md5_check_ok != 'on')
{
if ($config['installedpackages']['snortglobal']['rule'][$id]['rule_sid_on'] == '' && $config['installedpackages']['snortglobal']['rule'][$id]['rule_sid_off'] == '')
@@ -783,19 +752,15 @@ function oinkmaster_run($id, $if_real, $iface_uuid)
/* Start the proccess for every interface rule */
/* TODO: try to make the code smother */
-
-if (!empty($config['installedpackages']['snortglobal']['rule']))
+if (is_array($config['installedpackages']['snortglobal']['rule']))
{
$rule_array = $config['installedpackages']['snortglobal']['rule'];
- $id = -1;
- foreach ($rule_array as $value) {
+ foreach ($config['installedpackages']['snortglobal']['rule'] as $value) {
- $id += 1;
-
- $result_lan = $config['installedpackages']['snortglobal']['rule'][$id]['interface'];
+ $result_lan = $value['interface'];
$if_real = convert_friendly_interface_to_real_interface_name2($result_lan);
- $iface_uuid = $config['installedpackages']['snortglobal']['rule'][$id]['uuid'];
+ $iface_uuid = $value['uuid'];
/* make oinkmaster.conf for each interface rule */
oinkmaster_conf($id, $if_real, $iface_uuid);
@@ -810,9 +775,11 @@ if (!empty($config['installedpackages']['snortglobal']['rule']))
/* mark the time update finnished */
$config['installedpackages']['snortglobal']['last_rules_install'] = date("Y-M-jS-h:i-A");
+write_config(); /* XXX */
+conf_mount_rw();
/* remove old $tmpfname files */
-if (file_exists('/usr/local/etc/snort/tmp'))
+if (is_dir('/usr/local/etc/snort/tmp'))
{
echo 'Cleaning up...' . "\n";
exec("/bin/rm -r /usr/local/etc/snort/tmp/snort_rules_up");
diff --git a/config/snort/snort_define_servers.php b/config/snort/snort_define_servers.php
index 7a9ed2da..735ea78f 100644
--- a/config/snort/snort_define_servers.php
+++ b/config/snort/snort_define_servers.php
@@ -54,7 +54,7 @@ $a_nat = &$config['installedpackages']['snortglobal']['rule'];
$id = $_GET['id'];
if (isset($_POST['id']))
-$id = $_POST['id'];
+ $id = $_POST['id'];
if (isset($_GET['dup'])) {
$id = $_GET['dup'];
@@ -223,26 +223,25 @@ if ($_POST["Submit"]) {
if (isset($id) && $a_nat[$id])
- $a_nat[$id] = $natent;
+ $a_nat[$id] = $natent;
else {
if (is_numeric($after))
- array_splice($a_nat, $after+1, 0, array($natent));
+ array_splice($a_nat, $after+1, 0, array($natent));
else
- $a_nat[] = $natent;
+ $a_nat[] = $natent;
}
write_config();
- /* after click go to this page */
-
+ sync_snort_package_all($id, $if_real, $snort_uuid);
touch($d_snortconfdirty_path);
+ /* after click go to this page */
header( 'Expires: Sat, 26 Jul 1997 05:00:00 GMT' );
header( 'Last-Modified: ' . gmdate( 'D, d M Y H:i:s' ) . ' GMT' );
header( 'Cache-Control: no-store, no-cache, must-revalidate' );
header( 'Cache-Control: post-check=0, pre-check=0', false );
header( 'Pragma: no-cache' );
- sleep(2);
header("Location: snort_define_servers.php?id=$id");
@@ -254,16 +253,9 @@ if ($_POST["Submit"]) {
if ($_POST['apply']) {
if (file_exists($d_snortconfdirty_path)) {
-
- write_config();
-
- sync_snort_package_all($id, $if_real, $snort_uuid);
sync_snort_package();
-
unlink($d_snortconfdirty_path);
-
}
-
}
$pgtitle = "Snort: Interface $id$if_real Define Servers";
diff --git a/config/snort/snort_interfaces.php b/config/snort/snort_interfaces.php
index 531312cc..b5db0857 100644
--- a/config/snort/snort_interfaces.php
+++ b/config/snort/snort_interfaces.php
@@ -39,18 +39,12 @@ global $g;
$id = $_GET['id'];
if (isset($_POST['id']))
-$id = $_POST['id'];
+ $id = $_POST['id'];
if (!is_array($config['installedpackages']['snortglobal']['rule']))
-$config['installedpackages']['snortglobal']['rule'] = array();
-
+ $config['installedpackages']['snortglobal']['rule'] = array();
$a_nat = &$config['installedpackages']['snortglobal']['rule'];
-
-if (isset($config['installedpackages']['snortglobal']['rule'])) {
- $id_gen = count($config['installedpackages']['snortglobal']['rule']);
-}else{
- $id_gen = '0';
-}
+$id_gen = count($config['installedpackages']['snortglobal']['rule']);
/* alert file */
$d_snortconfdirty_path_ls = exec('/bin/ls /var/run/snort_conf_*.dirty');
@@ -59,20 +53,17 @@ $d_snortconfdirty_path_ls = exec('/bin/ls /var/run/snort_conf_*.dirty');
if ($_POST['apply']) {
if ($d_snortconfdirty_path_ls != '') {
-
- write_config();
-
+
sync_snort_package_empty();
sync_snort_package();
-
+
exec('/bin/rm /var/run/snort_conf_*.dirty');
-
+
header( 'Expires: Sat, 26 Jul 1997 05:00:00 GMT' );
header( 'Last-Modified: ' . gmdate( 'D, d M Y H:i:s' ) . ' GMT' );
header( 'Cache-Control: no-store, no-cache, must-revalidate' );
header( 'Cache-Control: post-check=0, pre-check=0', false );
header( 'Pragma: no-cache' );
- sleep(2);
header("Location: /snort/snort_interfaces.php");
exit;
@@ -81,11 +72,11 @@ if ($_POST['apply']) {
}
-
-
if (isset($_POST['del_x'])) {
/* delete selected rules */
- if (is_array($_POST['rule']) && count($_POST['rule'])) {
+ if (is_array($_POST['rule'])) {
+ conf_mount_rw();
+
foreach ($_POST['rule'] as $rulei) {
/* convert fake interfaces to real */
@@ -157,17 +148,15 @@ if (isset($_POST['del_x'])) {
}
}
-
+
/* for every iface do these steps */
- conf_mount_rw();
exec("/bin/rm /var/log/snort/snort.u2_{$snort_uuid}_{$if_real}*");
exec("/bin/rm -r /usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}");
-
- conf_mount_ro();
-
+
unset($a_nat[$rulei]);
}
+ conf_mount_ro();
write_config();
sleep(2);
@@ -188,17 +177,15 @@ if (isset($_POST['del_x'])) {
header( 'Cache-Control: no-store, no-cache, must-revalidate' );
header( 'Cache-Control: post-check=0, pre-check=0', false );
header( 'Pragma: no-cache' );
- sleep(2);
header("Location: /snort/snort_interfaces.php");
- //exit;
+ exit;
}
}
/* start/stop snort */
-if ($_GET['act'] == 'toggle' && $_GET['id'] != '')
-{
+if ($_GET['act'] == 'toggle' && is_numeric($id)) {
$if_real = convert_friendly_interface_to_real_interface_name2($config['installedpackages']['snortglobal']['rule'][$id]['interface']);
$snort_uuid = $config['installedpackages']['snortglobal']['rule'][$id]['uuid'];
@@ -220,7 +207,6 @@ if ($_GET['act'] == 'toggle' && $_GET['id'] != '')
header( 'Cache-Control: no-store, no-cache, must-revalidate' );
header( 'Cache-Control: post-check=0, pre-check=0', false );
header( 'Pragma: no-cache' );
- sleep(2);
header("Location: /snort/snort_interfaces.php");
}else{
@@ -235,9 +221,9 @@ if ($_GET['act'] == 'toggle' && $_GET['id'] != '')
header( 'Cache-Control: no-store, no-cache, must-revalidate' );
header( 'Cache-Control: post-check=0, pre-check=0', false );
header( 'Pragma: no-cache' );
- sleep(2);
header("Location: /snort/snort_interfaces.php");
}
+ exit;
}
diff --git a/config/snort/snort_interfaces_edit.php b/config/snort/snort_interfaces_edit.php
index 5ac9c186..26aeb60f 100644
--- a/config/snort/snort_interfaces_edit.php
+++ b/config/snort/snort_interfaces_edit.php
@@ -36,15 +36,15 @@ require_once("/usr/local/pkg/snort/snort.inc");
global $g;
-if (!is_array($config['installedpackages']['snortglobal']['rule'])) {
+if (!is_array($config['installedpackages']['snortglobal']['rule']))
$config['installedpackages']['snortglobal']['rule'] = array();
-}
-//nat_rules_sort();
$a_nat = &$config['installedpackages']['snortglobal']['rule'];
$id = $_GET['id'];
if (isset($_POST['id']))
-$id = $_POST['id'];
+ $id = $_POST['id'];
+if (!is_numeric($id))
+ $id = 0; /* XXX: Safety belt */
if (isset($_GET['dup'])) {
$id = $_GET['dup'];
@@ -65,7 +65,7 @@ if (isset($_GET['dup'])) {
//}
/* gen uuid for each iface !inportant */
- if ($config['installedpackages']['snortglobal']['rule'][$id]['uuid'] == '') {
+ if (!empty($config['installedpackages']['snortglobal']['rule'][$id]) && !empty($config['installedpackages']['snortglobal']['rule'][$id]['uuid'])) {
//$snort_uuid = gen_snort_uuid(strrev(uniqid(true)));
$snort_uuid = 0;
while ($snort_uuid > 65535 || $snort_uuid == 0) {
@@ -77,9 +77,8 @@ if (isset($_GET['dup'])) {
/* convert fake interfaces to real */
$if_real = convert_friendly_interface_to_real_interface_name2($a_nat[$id]['interface']);
- if ($config['installedpackages']['snortglobal']['rule'][$id]['uuid'] != '') {
+ if ($config['installedpackages']['snortglobal']['rule'][$id]['uuid'] != '')
$snort_uuid = $config['installedpackages']['snortglobal']['rule'][$id]['uuid'];
- }
if (isset($id) && $a_nat[$id]) {
@@ -169,34 +168,25 @@ if (isset($_GET['dup'])) {
if (file_exists("/var/run/snort_conf_{$snort_uuid}_.dirty")) {
- write_config();
-
$if_real = convert_friendly_interface_to_real_interface_name2($a_nat[$id]['interface']);
sync_snort_package_all($id, $if_real, $snort_uuid);
sync_snort_package();
-
+
unlink("/var/run/snort_conf_{$snort_uuid}_.dirty");
-
}
if (file_exists($d_snortconfdirty_path)) {
-
- write_config();
-
+
sync_snort_package_all($id, $if_real, $snort_uuid);
sync_snort_package();
unlink($d_snortconfdirty_path);
-
}
-
}
if ($_POST["Submit"]) {
-
-
// if ($config['installedpackages']['snortglobal']['rule']) {
if ($_POST['descr'] == '' && $pconfig['descr'] == '') {
$input_errors[] = "Please enter a description for your reference.";
@@ -205,27 +195,25 @@ if (isset($_GET['dup'])) {
if ($id == "" && $config['installedpackages']['snortglobal']['rule'][0]['interface'] != "") {
$rule_array = $config['installedpackages']['snortglobal']['rule'];
- $id_c = -1;
- foreach ($rule_array as $value) {
-
- $id_c += 1;
+ foreach ($config['installedpackages']['snortglobal']['rule'] as $value) {
- $result_lan = $config['installedpackages']['snortglobal']['rule'][$id_c]['interface'];
+ $result_lan = $value['interface'];
$if_real = convert_friendly_interface_to_real_interface_name2($result_lan);
- if ($_POST['interface'] == $result_lan) {
+ if ($_POST['interface'] == $result_lan)
$input_errors[] = "Interface $result_lan is in use. Please select another interface.";
- }
}
}
- /* check for overlaps */
+ /* XXX: Void code
+ * check for overlaps
foreach ($a_nat as $natent) {
if (isset($id) && ($a_nat[$id]) && ($a_nat[$id] === $natent))
- continue;
+ continue;
if ($natent['interface'] != $_POST['interface'])
- continue;
+ continue;
}
+ */
/* if no errors write to conf */
if (!$input_errors) {
@@ -233,22 +221,29 @@ if (isset($_GET['dup'])) {
/* write to conf for 1st time or rewrite the answer */
$natent['interface'] = $_POST['interface'] ? $_POST['interface'] : $pconfig['interface'];
+
/* if post write to conf or rewite the answer */
- $natent['enable'] = $_POST['enable'] ? on : off;
+ $natent['enable'] = $_POST['enable'] ? 'on' : 'off';
$natent['uuid'] = $pconfig['uuid'];
$natent['descr'] = $_POST['descr'] ? $_POST['descr'] : $pconfig['descr'];
$natent['performance'] = $_POST['performance'] ? $_POST['performance'] : $pconfig['performance'];
/* if post = on use on off or rewrite the conf */
- if ($_POST['blockoffenders7'] == "on") { $natent['blockoffenders7'] = on; }else{ $natent['blockoffenders7'] = off; } if ($_POST['enable'] == "") { $natent['blockoffenders7'] = $pconfig['blockoffenders7']; }
+ if ($_POST['blockoffenders7'] == "on")
+ $natent['blockoffenders7'] = 'on';
+ else
+ $natent['blockoffenders7'] = 'off';
+ if ($_POST['enable'] == "")
+ $natent['blockoffenders7'] = $pconfig['blockoffenders7'];
$natent['whitelistname'] = $_POST['whitelistname'] ? $_POST['whitelistname'] : $pconfig['whitelistname'];
$natent['homelistname'] = $_POST['homelistname'] ? $_POST['homelistname'] : $pconfig['homelistname'];
$natent['externallistname'] = $_POST['externallistname'] ? $_POST['externallistname'] : $pconfig['externallistname'];
$natent['suppresslistname'] = $_POST['suppresslistname'] ? $_POST['suppresslistname'] : $pconfig['suppresslistname'];
$natent['snortalertlogtype'] = $_POST['snortalertlogtype'] ? $_POST['snortalertlogtype'] : $pconfig['snortalertlogtype'];
- if ($_POST['alertsystemlog'] == "on") { $natent['alertsystemlog'] = on; }else{ $natent['alertsystemlog'] = off; } if ($_POST['enable'] == "") { $natent['alertsystemlog'] = $pconfig['alertsystemlog']; }
- if ($_POST['tcpdumplog'] == "on") { $natent['tcpdumplog'] = on; }else{ $natent['tcpdumplog'] = off; } if ($_POST['enable'] == "") { $natent['tcpdumplog'] = $pconfig['tcpdumplog']; }
- if ($_POST['snortunifiedlog'] == "on") { $natent['snortunifiedlog'] = on; }else{ $natent['snortunifiedlog'] = off; } if ($_POST['enable'] == "") { $natent['snortunifiedlog'] = $pconfig['snortunifiedlog']; }
- $natent['configpassthru'] = base64_encode($_POST['configpassthru']) ? base64_encode($_POST['configpassthru']) : $pconfig['configpassthru'];
+ if ($_POST['alertsystemlog'] == "on") { $natent['alertsystemlog'] = 'on'; }else{ $natent['alertsystemlog'] = 'off'; }
+ if ($_POST['enable']) { $natent['alertsystemlog'] = 'on'; } else unset($natent['alertsystemlog']);
+ if ($_POST['tcpdumplog'] == "on") { $natent['tcpdumplog'] = 'on'; }else{ $natent['tcpdumplog'] = 'off'; }
+ if ($_POST['snortunifiedlog'] == "on") { $natent['snortunifiedlog'] = 'on'; }else{ $natent['snortunifiedlog'] = 'off'; }
+ $natent['configpassthru'] = $_POST['configpassthru'] ? base64_encode($_POST['configpassthru']) : $pconfig['configpassthru'];
/* if optiion = 0 then the old descr way will not work */
/* rewrite the options that are not in post */
@@ -327,7 +322,6 @@ if (isset($_GET['dup'])) {
header( 'Cache-Control: no-store, no-cache, must-revalidate' );
header( 'Cache-Control: post-check=0, pre-check=0', false );
header( 'Pragma: no-cache' );
- sleep(2);
header("Location: /snort/snort_interfaces_edit.php?id=$id");
exit;
@@ -347,8 +341,8 @@ if (isset($_GET['dup'])) {
header( 'Cache-Control: no-store, no-cache, must-revalidate' );
header( 'Cache-Control: post-check=0, pre-check=0', false );
header( 'Pragma: no-cache' );
- sleep(2);
header("Location: /snort/snort_interfaces_edit.php?id=$id");
+ exit;
}
if ($_POST["Submit3"])
@@ -361,8 +355,8 @@ if (isset($_GET['dup'])) {
header( 'Cache-Control: no-store, no-cache, must-revalidate' );
header( 'Cache-Control: post-check=0, pre-check=0', false );
header( 'Pragma: no-cache' );
- sleep(2);
header("Location: /snort/snort_interfaces_edit.php?id=$id");
+ exit;
}
@@ -372,21 +366,17 @@ if (isset($_GET['dup'])) {
$snort_up_ck2_info = Running_Ck($snort_uuid, $if_real, $id);
- if ($snort_up_ck2_info == 'no') {
+ if ($snort_up_ck2_info == 'no')
$snort_up_ck = '<input name="Submit2" type="submit" class="formbtn" value="Start" onClick="enable_change(true)">';
- }else{
+ else
$snort_up_ck = '<input name="Submit3" type="submit" class="formbtn" value="Stop" onClick="enable_change(true)">';
- }
-
- }else{
+ } else
$snort_up_ck = '';
- }
-
$pgtitle = "Snort: Interface Edit: $id $snort_uuid $if_real";
include("/usr/local/pkg/snort/snort_head.inc");
- ?>
+?>
<body link="#0000CC" vlink="#0000CC" alink="#0000CC">
<?php
include("fbegin.inc");
@@ -473,31 +463,20 @@ echo "
<td class="tabnavtbl"><?php
if ($a_nat[$id]['interface'] != '') {
/* get the interface name */
- $first = 0;
$snortInterfaces = array(); /* -gtm */
$if_list = $config['installedpackages']['snortglobal']['rule'][$id]['interface'];
$if_array = split(',', $if_list);
- //print_r($if_array);
if($if_array) {
foreach($if_array as $iface2) {
- $if2 = convert_friendly_interface_to_real_interface_name2($iface2);
-
- if(isset($config['interfaces'][$iface2]['ipaddr']) && ($config['interfaces'][$iface2]['ipaddr'] == "pppoe")) {
- $if2 = "ng0";
- }
-
/* build a list of user specified interfaces -gtm */
- if($if2){
+ $if2 = convert_friendly_interface_to_real_interface_name2($iface2);
+ if ($if2)
array_push($snortInterfaces, $if2);
- $first = 1;
- }
}
- if (count($snortInterfaces) < 1) {
+ if (count($snortInterfaces) < 1)
log_error("Snort will not start. You must select an interface for it to listen on.");
- return;
- }
}
}
@@ -599,7 +578,7 @@ echo "
<td width="22%" valign="top" class="vncell2">Home net</td>
<td width="78%" class="vtable"><select name="homelistname"
class="formfld" id="homelistname">
- <?php
+ <?php
/* find whitelist names and filter by type */
$hlist_select = $config['installedpackages']['snortglobal']['whitelist']['item'];
$hid = -1;
@@ -617,11 +596,10 @@ echo "
}else{
echo "<option value=\"$ilistname $whitelist_uuid\">";
}
- echo htmlspecialchars($ilistname) . '</option>
- ';
+ echo htmlspecialchars($ilistname) . '</option>';
}
endforeach;
- ?>
+ ?>
</select><br>
<span class="vexpl">Choose the home net you will like this rule to
use. </span>&nbsp;<span class="red">Note:</span>&nbsp;Default home
@@ -633,7 +611,7 @@ echo "
<td width="22%" valign="top" class="vncell2">External net</td>
<td width="78%" class="vtable"><select name="externallistname"
class="formfld" id="externallistname">
- <?php
+ <?php
/* find whitelist names and filter by type */
$exlist_select = $config['installedpackages']['snortglobal']['whitelist']['item'];
$exid = -1;
@@ -655,7 +633,7 @@ echo "
';
}
endforeach;
- ?>
+ ?>
</select><br>
<span class="vexpl">Choose the external net you will like this rule
to use. </span>&nbsp;<span class="red">Note:</span>&nbsp;Default
@@ -676,7 +654,7 @@ echo "
<td width="22%" valign="top" class="vncell2">Whitelist</td>
<td width="78%" class="vtable"><select name="whitelistname"
class="formfld" id="whitelistname">
- <?php
+ <?php
/* find whitelist names and filter by type, make sure to track by uuid */
$wlist_select = $config['installedpackages']['snortglobal']['whitelist']['item'];
$wid = -1;
@@ -698,7 +676,7 @@ echo "
';
}
endforeach;
- ?>
+ ?>
</select><br>
<span class="vexpl">Choose the whitelist you will like this rule to
use. </span>&nbsp;<span class="red">Note:</span>&nbsp;Default
@@ -710,7 +688,7 @@ echo "
filtering</td>
<td width="78%" class="vtable"><select name="suppresslistname"
class="formfld" id="suppresslistname">
- <?php
+ <?php
/* find whitelist names and filter by type, make sure to track by uuid */
$slist_select = $config['installedpackages']['snortglobal']['suppress']['item'];
$sid = -1;
@@ -730,7 +708,7 @@ echo "
echo htmlspecialchars($ilistname) . '</option>
';
endforeach;
- ?>
+ ?>
</select><br>
<span class="vexpl">Choose the suppression or filtering file you
will like this rule to use. </span>&nbsp;<span class="red">Note:</span>&nbsp;Default
diff --git a/config/snort/snort_interfaces_global.php b/config/snort/snort_interfaces_global.php
index f06dd2a7..0fbc29ae 100644
--- a/config/snort/snort_interfaces_global.php
+++ b/config/snort/snort_interfaces_global.php
@@ -56,21 +56,15 @@ $pconfig['forcekeepsettings'] = $config['installedpackages']['snortglobal']['for
if ($_POST['apply']) {
if (file_exists("$d_snort_global_dirty_path")) {
- conf_mount_rw();
-
+
/* create whitelist and homenet file then sync files */
sync_snort_package_empty();
sync_snort_package();
unlink("$d_snort_global_dirty_path");
-
- write_config();
- conf_mount_ro();
}
}
-
-
/* if no errors move foward */
if (!$input_errors) {
@@ -78,20 +72,16 @@ if (!$input_errors) {
$config['installedpackages']['snortglobal']['snortdownload'] = $_POST['snortdownload'];
$config['installedpackages']['snortglobal']['oinkmastercode'] = $_POST['oinkmastercode'];
- $config['installedpackages']['snortglobal']['emergingthreats'] = $_POST['emergingthreats'] ? on : off;
+ $config['installedpackages']['snortglobal']['emergingthreats'] = $_POST['emergingthreats'] ? 'on' : 'off';
$config['installedpackages']['snortglobal']['rm_blocked'] = $_POST['rm_blocked'];
$config['installedpackages']['snortglobal']['snortloglimit'] = $_POST['snortloglimit'];
$config['installedpackages']['snortglobal']['snortloglimitsize'] = $_POST['snortloglimitsize'];
$config['installedpackages']['snortglobal']['autorulesupdate7'] = $_POST['autorulesupdate7'];
$config['installedpackages']['snortglobal']['snortalertlogtype'] = $_POST['snortalertlogtype'];
- $config['installedpackages']['snortglobal']['forcekeepsettings'] = $_POST['forcekeepsettings'] ? on : off;
-
- write_config();
- sleep(2);
+ $config['installedpackages']['snortglobal']['forcekeepsettings'] = $_POST['forcekeepsettings'] ? 'on' : 'off';
$retval = 0;
-
$snort_snortloglimit_info_ck = $config['installedpackages']['snortglobal']['snortloglimit'];
if ($snort_snortloglimit_info_ck == 'on') {
snort_snortloglimit_install_cron('');
@@ -106,9 +96,9 @@ if (!$input_errors) {
/* set the snort block hosts time IMPORTANT */
$snort_rm_blocked_info_ck = $config['installedpackages']['snortglobal']['rm_blocked'];
if ($snort_rm_blocked_info_ck == "never_b")
- $snort_rm_blocked_false = "";
+ $snort_rm_blocked_false = "";
else
- $snort_rm_blocked_false = "true";
+ $snort_rm_blocked_false = "true";
if ($snort_rm_blocked_info_ck != "")
{
@@ -119,9 +109,9 @@ if (!$input_errors) {
/* set the snort rules update time */
$snort_rules_up_info_ck = $config['installedpackages']['snortglobal']['autorulesupdate7'];
if ($snort_rules_up_info_ck == "never_up")
- $snort_rules_up_false = "";
+ $snort_rules_up_false = "";
else
- $snort_rules_up_false = "true";
+ $snort_rules_up_false = "true";
if ($snort_rules_up_info_ck != "")
{
@@ -143,7 +133,7 @@ if (!$input_errors) {
header( 'Cache-Control: post-check=0, pre-check=0', false );
header( 'Pragma: no-cache' );
header("Location: /snort/snort_interfaces_global.php");
-
+ exit;
}
}
@@ -151,10 +141,7 @@ if (!$input_errors) {
if ($_POST["Reset"]) {
function snort_deinstall_settings() {
-
global $config, $g, $id, $if_real;
- conf_mount_rw();
-
exec("/usr/usr/bin/killall snort");
sleep(2);
@@ -166,100 +153,54 @@ if ($_POST["Reset"]) {
sleep(2);
/* Remove snort cron entries Ugly code needs smoothness*/
- function snort_rm_blocked_deinstall_cron($should_install)
- {
- global $config, $g;
- conf_mount_rw();
-
- $is_installed = false;
-
- if(!$config['cron']['item'])
- return;
-
- $x=0;
- foreach($config['cron']['item'] as $item)
- {
- if (strstr($item['command'], "snort2c"))
- {
- $is_installed = true;
- break;
+ if (!function_exists('snort_deinstall_cron')) {
+ function snort_deinstall_cron($cronmatch) {
+ global $config, $g;
+
+
+ if(!$config['cron']['item'])
+ return;
+
+ $x=0;
+ $is_installed = false;
+ foreach($config['cron']['item'] as $item) {
+ if (strstr($item['command'], "snort2c")) {
+ $is_installed = true;
+ break;
+ }
+ $x++;
}
-
- $x++;
-
- }
- if($is_installed == true)
- {
- if($x > 0)
- {
+ if($is_installed == true)
unset($config['cron']['item'][$x]);
- write_config();
- conf_mount_rw();
- }
configure_cron();
-
}
- conf_mount_ro();
-
}
- function snort_rules_up_deinstall_cron($should_install)
- {
- global $config, $g;
- conf_mount_rw();
-
- $is_installed = false;
-
- if(!$config['cron']['item'])
- return;
-
- $x=0;
- foreach($config['cron']['item'] as $item) {
- if (strstr($item['command'], "snort_check_for_rule_updates.php")) {
- $is_installed = true;
- break;
- }
- $x++;
- }
- if($is_installed == true) {
- if($x > 0) {
- unset($config['cron']['item'][$x]);
- write_config();
- conf_mount_rw();
- }
- configure_cron();
- }
- }
-
- snort_rm_blocked_deinstall_cron("");
- snort_rules_up_deinstall_cron("");
+ snort_deinstall_cron("snort2c");
+ snort_deinstall_cron("snort_check_for_rule_updates.php");
/* Unset snort registers in conf.xml IMPORTANT snort will not start with out this */
/* Keep this as a last step */
unset($config['installedpackages']['snortglobal']);
- write_config();
- conf_mount_rw();
/* remove all snort iface dir */
exec('rm -r /usr/local/etc/snort/snort_*');
exec('rm /var/log/snort/*');
- conf_mount_ro();
-
+ write_config();
}
snort_deinstall_settings();
+ write_config(); /* XXX */
header( 'Expires: Sat, 26 Jul 1997 05:00:00 GMT' );
header( 'Last-Modified: ' . gmdate( 'D, d M Y H:i:s' ) . ' GMT' );
header( 'Cache-Control: no-store, no-cache, must-revalidate' );
header( 'Cache-Control: post-check=0, pre-check=0', false );
header( 'Pragma: no-cache' );
- sleep(2);
header("Location: /snort/snort_interfaces_global.php");
-
exit;
}
diff --git a/config/snort/snort_interfaces_suppress.php b/config/snort/snort_interfaces_suppress.php
index 0ee1f0c2..dfa890b6 100644
--- a/config/snort/snort_interfaces_suppress.php
+++ b/config/snort/snort_interfaces_suppress.php
@@ -40,17 +40,12 @@ require_once("/usr/local/pkg/snort/snort_gui.inc");
require_once("/usr/local/pkg/snort/snort.inc");
+if (!is_array($config['installedpackages']['snortglobal']['suppress']))
+ $config['installedpackages']['snortglobal']['suppress'] = array();
if (!is_array($config['installedpackages']['snortglobal']['suppress']['item']))
-$config['installedpackages']['snortglobal']['suppress']['item'] = array();
-
-//aliases_sort(); << what ?
+ $config['installedpackages']['snortglobal']['suppress']['item'] = array();
$a_suppress = &$config['installedpackages']['snortglobal']['suppress']['item'];
-
-if (isset($config['installedpackages']['snortglobal']['suppress']['item'])) {
- $id_gen = count($config['installedpackages']['snortglobal']['suppress']['item']);
-}else{
- $id_gen = '0';
-}
+$id_gen = count($config['installedpackages']['snortglobal']['suppress']['item']);
$d_suppresslistdirty_path = '/var/run/snort_suppress.dirty';
@@ -62,13 +57,13 @@ if ($_POST) {
$retval = 0;
if(stristr($retval, "error") <> true)
- $savemsg = get_std_save_message($retval);
+ $savemsg = get_std_save_message($retval);
else
- $savemsg = $retval;
- if ($retval == 0) {
- if (file_exists($d_suppresslistdirty_path))
+ $savemsg = $retval;
+ if (file_exists($d_suppresslistdirty_path))
unlink($d_suppresslistdirty_path);
- }
+
+ filter_configure();
}
}
@@ -78,7 +73,6 @@ if ($_GET['act'] == "del") {
unset($a_suppress[$_GET['id']]);
write_config();
- filter_configure();
touch($d_suppresslistdirty_path);
header("Location: /snort/snort_interfaces_suppress.php");
exit;
diff --git a/config/snort/snort_interfaces_suppress_edit.php b/config/snort/snort_interfaces_suppress_edit.php
index 41277787..eb406ac5 100644
--- a/config/snort/snort_interfaces_suppress_edit.php
+++ b/config/snort/snort_interfaces_suppress_edit.php
@@ -39,28 +39,33 @@ require_once("guiconfig.inc");
require_once("/usr/local/pkg/snort/snort_gui.inc");
require_once("/usr/local/pkg/snort/snort.inc");
+if (!is_array($config['installedpackages']['snortglobal']['suppress']))
+ $config['installedpackages']['snortglobal']['suppress'] = array();
if (!is_array($config['installedpackages']['snortglobal']['suppress']['item']))
-$config['installedpackages']['snortglobal']['suppress']['item'] = array();
-
+ $config['installedpackages']['snortglobal']['suppress']['item'] = array();
$a_suppress = &$config['installedpackages']['snortglobal']['suppress']['item'];
$id = $_GET['id'];
if (isset($_POST['id']))
-$id = $_POST['id'];
+ $id = $_POST['id'];
+if (!is_numeric($id))
+ $id = 0; // XXX: safety belt
/* gen uuid for each iface !inportant */
-if ($config['installedpackages']['snortglobal']['suppress']['item'][$id]['uuid'] == '') {
- //$snort_uuid = gen_snort_uuid(strrev(uniqid(true)));
- $suppress_uuid = 0;
- while ($suppress_uuid > 65535 || $suppress_uuid == 0) {
- $suppress_uuid = mt_rand(1, 65535);
- $pconfig['uuid'] = $suppress_uuid;
+if (!is_array($config['installedpackages']['snortglobal']['suppress']['item'][$id])) {
+ if ($config['installedpackages']['snortglobal']['suppress']['item'][$id]['uuid'] == '') {
+ //$snort_uuid = gen_snort_uuid(strrev(uniqid(true)));
+ $suppress_uuid = 0;
+ while ($suppress_uuid > 65535 || $suppress_uuid == 0) {
+ $suppress_uuid = mt_rand(1, 65535);
+ $pconfig['uuid'] = $suppress_uuid;
+ }
}
-}
-if ($config['installedpackages']['snortglobal']['suppress']['item'][$id]['uuid'] != '') {
- $suppress_uuid = $config['installedpackages']['snortglobal']['suppress']['item'][$id]['uuid'];
+ if ($config['installedpackages']['snortglobal']['suppress']['item'][$id]['uuid'] != '') {
+ $suppress_uuid = $config['installedpackages']['snortglobal']['suppress']['item'][$id]['uuid'];
+ }
}
$d_snort_suppress_dirty_path = '/var/run/snort_suppress.dirty';
@@ -68,15 +73,14 @@ $d_snort_suppress_dirty_path = '/var/run/snort_suppress.dirty';
/* returns true if $name is a valid name for a whitelist file name or ip */
function is_validwhitelistname($name) {
if (!is_string($name))
- return false;
+ return false;
if (!preg_match("/[^a-zA-Z0-9\.\/]/", $name))
- return true;
+ return true;
return false;
}
-
if (isset($id) && $a_suppress[$id]) {
/* old settings */
@@ -84,25 +88,16 @@ if (isset($id) && $a_suppress[$id]) {
$pconfig['uuid'] = $a_suppress[$id]['uuid'];
$pconfig['descr'] = $a_suppress[$id]['descr'];
$pconfig['suppresspassthru'] = base64_decode($a_suppress[$id]['suppresspassthru']);
-
-
-
}
/* this will exec when alert says apply */
if ($_POST['apply']) {
if (file_exists("$d_snort_suppress_dirty_path")) {
-
- write_config();
-
sync_snort_package_config();
sync_snort_package();
-
unlink("$d_snort_suppress_dirty_path");
-
}
-
}
if ($_POST['submit']) {
@@ -127,7 +122,7 @@ if ($_POST['submit']) {
/* check for name conflicts */
foreach ($a_suppress as $s_list) {
if (isset($id) && ($a_suppress[$id]) && ($a_suppress[$id] === $s_list))
- continue;
+ continue;
if ($s_list['name'] == $_POST['name']) {
$input_errors[] = "A whitelist file name with this name already exists.";
@@ -136,21 +131,17 @@ if ($_POST['submit']) {
}
- $s_list = array();
- /* post user input */
-
if (!$input_errors) {
-
+ $s_list = array();
$s_list['name'] = $_POST['name'];
$s_list['uuid'] = $suppress_uuid;
$s_list['descr'] = mb_convert_encoding($_POST['descr'],"HTML-ENTITIES","auto");
$s_list['suppresspassthru'] = base64_encode($_POST['suppresspassthru']);
-
if (isset($id) && $a_suppress[$id])
- $a_suppress[$id] = $s_list;
+ $a_suppress[$id] = $s_list;
else
- $a_suppress[] = $s_list;
+ $a_suppress[] = $s_list;
touch($d_snort_suppress_dirty_path);
diff --git a/config/snort/snort_preprocessors.php b/config/snort/snort_preprocessors.php
index 16fbd16c..be7a8892 100644
--- a/config/snort/snort_preprocessors.php
+++ b/config/snort/snort_preprocessors.php
@@ -140,19 +140,11 @@ $d_snortconfdirty_path = "/var/run/snort_conf_{$snort_uuid}_{$if_real}.dirty";
if ($_POST['apply']) {
if (file_exists($d_snortconfdirty_path)) {
-
- write_config();
-
- sync_snort_package_all($id, $if_real, $snort_uuid);
sync_snort_package();
-
unlink($d_snortconfdirty_path);
-
}
-
}
-
if ($_POST["Submit"]) {
/* check for overlaps */
@@ -233,16 +225,18 @@ if ($_POST["Submit"]) {
$natent['dns_preprocessor'] = $_POST['dns_preprocessor'] ? on : off;
if (isset($id) && $a_nat[$id])
- $a_nat[$id] = $natent;
+ $a_nat[$id] = $natent;
else {
if (is_numeric($after))
- array_splice($a_nat, $after+1, 0, array($natent));
+ array_splice($a_nat, $after+1, 0, array($natent));
else
- $a_nat[] = $natent;
+ $a_nat[] = $natent;
}
write_config();
+ sync_snort_package_all($id, $if_real, $snort_uuid);
+
/* after click go to this page */
touch($d_snortconfdirty_path);
header( 'Expires: Sat, 26 Jul 1997 05:00:00 GMT' );
diff --git a/config/snort/snort_rules.php b/config/snort/snort_rules.php
index a7b9ef73..0feef550 100644
--- a/config/snort/snort_rules.php
+++ b/config/snort/snort_rules.php
@@ -35,19 +35,15 @@ require_once("/usr/local/pkg/snort/snort.inc");
global $g;
-if (!is_array($config['installedpackages']['snortglobal']['rule'])) {
+if (!is_array($config['installedpackages']['snortglobal']['rule']))
$config['installedpackages']['snortglobal']['rule'] = array();
-}
-
-//nat_rules_sort();
$a_nat = &$config['installedpackages']['snortglobal']['rule'];
$id = $_GET['id'];
if (isset($_POST['id']))
-$id = $_POST['id'];
+ $id = $_POST['id'];
if (isset($id) && $a_nat[$id]) {
-
$pconfig['enable'] = $a_nat[$id]['enable'];
$pconfig['interface'] = $a_nat[$id]['interface'];
$pconfig['rulesets'] = $a_nat[$id]['rulesets'];
diff --git a/config/snort/snort_rules_edit.php b/config/snort/snort_rules_edit.php
index 09e39e7a..05712e49 100644
--- a/config/snort/snort_rules_edit.php
+++ b/config/snort/snort_rules_edit.php
@@ -49,15 +49,13 @@ $a_nat = &$config['installedpackages']['snortglobal']['rule'];
$id = $_GET['id'];
if (isset($_POST['id']))
-$id = $_POST['id'];
+ $id = $_POST['id'];
$ids = $_GET['ids'];
if (isset($_POST['ids']))
-$ids = $_POST['ids'];
-
+ $ids = $_POST['ids'];
if (isset($id) && $a_nat[$id]) {
-
$pconfig['enable'] = $a_nat[$id]['enable'];
$pconfig['interface'] = $a_nat[$id]['interface'];
$pconfig['rulesets'] = $a_nat[$id]['rulesets'];
@@ -94,6 +92,7 @@ $splitcontents = explode($delimiter, $contents2);
//copy rule contents from array into string
$tempstring = $splitcontents[$lineid];
+if (!function_exists('write_rule_file')) {
function write_rule_file($content_changed, $received_file)
{
//read snort file with writing enabled
@@ -112,6 +111,7 @@ function write_rule_file($content_changed, $received_file)
fclose($filehandle);
}
+}
@@ -127,14 +127,14 @@ if($_POST['highlight'] <> "") {
}
if($_POST['rows'] <> "")
-$rows = $_POST['rows'];
+ $rows = $_POST['rows'];
else
-$rows = 1;
+ $rows = 1;
if($_POST['cols'] <> "")
-$cols = $_POST['cols'];
+ $cols = $_POST['cols'];
else
-$cols = 66;
+ $cols = 66;
if ($_POST)
{
@@ -150,7 +150,7 @@ if ($_POST)
write_rule_file($splitcontents, $file);
header("Location: /snort/snort_view_edit.php?id=$id&openruleset=$file&ids=$ids");
-
+ exit;
}
}
diff --git a/config/snort/snort_rulesets.php b/config/snort/snort_rulesets.php
index 059bd5cc..c19c8dd3 100644
--- a/config/snort/snort_rulesets.php
+++ b/config/snort/snort_rulesets.php
@@ -43,21 +43,18 @@ $a_nat = &$config['installedpackages']['snortglobal']['rule'];
$id = $_GET['id'];
if (isset($_POST['id']))
-$id = $_POST['id'];
-
+ $id = $_POST['id'];
if (isset($id) && $a_nat[$id]) {
-
$pconfig['enable'] = $a_nat[$id]['enable'];
$pconfig['interface'] = $a_nat[$id]['interface'];
$pconfig['rulesets'] = $a_nat[$id]['rulesets'];
-}
-/* convert fake interfaces to real */
-$if_real = convert_friendly_interface_to_real_interface_name2($pconfig['interface']);
+ /* convert fake interfaces to real */
+ $if_real = convert_friendly_interface_to_real_interface_name2($pconfig['interface']);
-
-$iface_uuid = $a_nat[$id]['uuid'];
+ $iface_uuid = $a_nat[$id]['uuid'];
+}
$pgtitle = "Snort: Interface $id $iface_uuid $if_real Categories";
@@ -132,16 +129,9 @@ $d_snortconfdirty_path = "/var/run/snort_conf_{$iface_uuid}_{$if_real}.dirty";
if ($_POST['apply']) {
if (file_exists($d_snortconfdirty_path)) {
-
- write_config();
-
- sync_snort_package_all($id, $if_real, $iface_uuid);
sync_snort_package();
-
unlink($d_snortconfdirty_path);
-
}
-
}
if ($_POST["Submit"]) {
@@ -161,6 +151,8 @@ if ($_POST["Submit"]) {
write_config();
+ sync_snort_package_all($id, $if_real, $iface_uuid);
+
touch($d_snortconfdirty_path);
header( 'Expires: Sat, 26 Jul 1997 05:00:00 GMT' );
@@ -168,10 +160,8 @@ if ($_POST["Submit"]) {
header( 'Cache-Control: no-store, no-cache, must-revalidate' );
header( 'Cache-Control: post-check=0, pre-check=0', false );
header( 'Pragma: no-cache' );
- sleep(2);
- sync_snort_package_all($id, $if_real, $iface_uuid);
header("Location: /snort/snort_rulesets.php?id=$id");
-
+ exit;
}
$enabled_rulesets = $a_nat[$id]['rulesets'];
@@ -325,22 +315,10 @@ if (file_exists($d_snortconfdirty_path)) {
</div>
- <?php
-
- include("fend.inc");
-
- echo $snort_custom_rnd_box;
-
- ?>
+<?php
+include("fend.inc");
+echo $snort_custom_rnd_box;
+?>
</body>
</html>
-
- <?php
-
- function get_snort_rule_file_description($filename) {
- $filetext = file_get_contents($filename);
-
- }
-
-?>