diff options
Diffstat (limited to 'config/snort')
-rwxr-xr-x | config/snort/snort.inc | 20 | ||||
-rw-r--r-- | config/snort/snort_check_cron_misc.inc | 21 | ||||
-rwxr-xr-x | config/snort/snort_interfaces.php | 2 |
3 files changed, 28 insertions, 15 deletions
diff --git a/config/snort/snort.inc b/config/snort/snort.inc index 79fef4fa..7a151f7a 100755 --- a/config/snort/snort.inc +++ b/config/snort/snort.inc @@ -440,8 +440,8 @@ function snort_build_list($snortcfg, $listname = "", $whitelist = false) { $gw = get_interface_gateway($snortcfg['interface']); if (is_ipaddr($gw) && !in_array($gw, $home_net)) $home_net[] = $gw; - if (function_exists("get_interface_gatewayv6")) { - $gw = get_interface_gatewayv6($snortcfg['interface']); + if (function_exists("get_interface_gateway_v6")) { + $gw = get_interface_gateway_v6($snortcfg['interface']); if (is_ipaddrv6($gw) && !in_array($gw, $home_net)) $home_net[] = $gw; } @@ -636,14 +636,14 @@ function snort_get_real_interface($interface) { } /* - this code block is for deleteing logs while keeping the newest file, + this code block is for deleting logs while keeping the newest file, snort is linked to these files while running, do not take the easy way out by touch and rm, snort will lose sync and not log. */ function snort_post_delete_logs($snort_uuid = 0) { global $config, $g; - /* do not start config build if rules is empty */ + /* do nothing if no Snort interfaces active */ if (!is_array($config['installedpackages']['snortglobal']['rule'])) return; @@ -651,14 +651,22 @@ function snort_post_delete_logs($snort_uuid = 0) { if ($value['uuid'] != $snort_uuid) continue; $if_real = snort_get_real_interface($value['interface']); - $snort_log_dir = "/var/log/snort/snort_{$if_real}{$snort_uuid}"; + $snort_log_dir = SNORTLOGDIR . "/snort_{$if_real}{$snort_uuid}"; if ($if_real != '') { + /* Clean-up Barnyard2 files if any exist */ $filelist = glob("{$snort_log_dir}/*{$snort_uuid}_{$if_real}.u2.*"); unset($filelist[count($filelist) - 1]); foreach ($filelist as $file) @unlink($file); + /* Clean-up packet capture files if any exist */ + $filelist = glob("{$snort_log_dir}/snort.log.*"); + unset($filelist[count($filelist) - 1]); + foreach ($filelist as $file) + @unlink($file); + + /* Clean-up stats files if they are enabled */ if ($value['perform_stat'] == 'on') { $fd = fopen("{$snort_log_dir}/{$if_real}.stats", "w"); if ($fd) { @@ -674,7 +682,7 @@ function snort_Getdirsize($node) { if(!is_readable($node)) return false; - $blah = exec( "/usr/bin/du -kd $node" ); + $blah = exec( "/usr/bin/du -kdc $node" ); return substr( $blah, 0, strpos($blah, 9) ); } diff --git a/config/snort/snort_check_cron_misc.inc b/config/snort/snort_check_cron_misc.inc index e988b949..c1835dd0 100644 --- a/config/snort/snort_check_cron_misc.inc +++ b/config/snort/snort_check_cron_misc.inc @@ -52,27 +52,32 @@ if ($snortloglimit == 'off') if (!is_array($config['installedpackages']['snortglobal']['rule'])) return; -$snortloglimitDSKsize = exec('/bin/df -k /var | grep -v "Filesystem" | awk \'{print $4}\''); - foreach ($config['installedpackages']['snortglobal']['rule'] as $value) { $if_real = snort_get_real_interface($value['interface']); $snort_uuid = $value['uuid']; - $snort_log_dir = "/var/log/snort/snort_{$if_real}{$snort_uuid}"; + $snort_log_dir = SNORTLOGDIR . "/snort_{$if_real}{$snort_uuid}"; if (file_exists("{$snort_log_dir}/alert")) { $snortlogAlertsizeKB = snort_Getdirsize("{$snort_log_dir}/alert"); - $snortloglimitAlertsizeKB = round($snortlogAlertsizeKB * .70); $snortloglimitsizeKB = round($snortloglimitsize * 1024); - /* do I need HUP kill ? */ if (snort_Getdirsize($snort_log_dir) >= $snortloglimitsizeKB ) { conf_mount_rw(); - if ($snortlogAlertsizeKB >= $snortloglimitAlertsizeKB) - @file_put_contents("{$snort_log_dir}/alert", ""); + log_error(gettext("[Snort] Snort Log directory size exceeds limit set in Global Settings.")); + log_error(gettext("[Snort] Logs for {$value['descr']} ({$if_real}) will be truncated.")); snort_post_delete_logs($snort_uuid); + $fd = @fopen("{$snort_log_dir}/alert", "w+"); + if ($fd) + fclose($fd); + /* XXX: This is needed if snort is run as snort user */ + mwexec('/bin/chmod 660 /var/log/snort/*', true); + /* XXX: Soft-restart Snort process to resync logging */ + if (file_exists("{$g['varrun_path']}/snort_{$if_real}{$snort_uuid}.pid")) { + log_error(gettext("[Snort] Restarting logging on {$value['descr']} ({$if_real})")); + mwexec("/bin/pkill -HUP -F {$g['varrun_path']}/snort_{$if_real}{$snort_uuid}.pid -a"); + } conf_mount_ro(); } - } } diff --git a/config/snort/snort_interfaces.php b/config/snort/snort_interfaces.php index 84273167..15d9addc 100755 --- a/config/snort/snort_interfaces.php +++ b/config/snort/snort_interfaces.php @@ -220,7 +220,7 @@ if ($pfsense_stable == 'yes') <table id="maintable" class="tabcont" width="100%" border="0" cellpadding="0" cellspacing="0"> <tr id="frheader"> <td width="3%" class="list"> </td> - <td width="10%" class="listhdrr"><?php echo gettext("If"); ?></td> + <td width="10%" class="listhdrr"><?php echo gettext("Interface"); ?></td> <td width="13%" class="listhdrr"><?php echo gettext("Snort"); ?></td> <td width="10%" class="listhdrr"><?php echo gettext("Performance"); ?></td> <td width="10%" class="listhdrr"><?php echo gettext("Block"); ?></td> |