diff options
Diffstat (limited to 'config/snort')
-rw-r--r-- | config/snort/snort.inc | 225 | ||||
-rw-r--r-- | config/snort/snort.xml | 7 | ||||
-rw-r--r-- | config/snort/snort_barnyard.php | 2 | ||||
-rw-r--r-- | config/snort/snort_define_servers.php | 2 | ||||
-rw-r--r-- | config/snort/snort_dynamic_ip_reload.php | 45 | ||||
-rw-r--r-- | config/snort/snort_interfaces.php | 4 | ||||
-rw-r--r-- | config/snort/snort_interfaces_edit.php | 4 | ||||
-rw-r--r-- | config/snort/snort_interfaces_global.php | 2 | ||||
-rw-r--r-- | config/snort/snort_interfaces_whitelist_edit.php | 2 | ||||
-rw-r--r-- | config/snort/snort_preprocessors.php | 2 | ||||
-rw-r--r-- | config/snort/snort_rulesets.php | 2 |
11 files changed, 42 insertions, 255 deletions
diff --git a/config/snort/snort.inc b/config/snort/snort.inc index 5b5e3dae..5fdc7a8b 100644 --- a/config/snort/snort.inc +++ b/config/snort/snort.inc @@ -592,7 +592,7 @@ function snort_postinstall() if ($config['installedpackages']['snortglobal']['forcekeepsettings'] == 'on') { update_status(gettext("Saved settings detected...")); update_output_window(gettext("Please wait... rebuilding files...")); - sync_snort_package_empty(); + sync_snort_package_config(); update_output_window(gettext("Finnished Rebuilding files...")); } } @@ -845,135 +845,8 @@ function snort_rules_up_install_cron($should_install) { } } -function sync_snort_package_remove_old() -{ - global $config, $g; - - $snort_dir_scan = '/usr/local/etc/snort'; - - // scan dirm might have to make this into a funtion - $dh_scan = opendir($snort_dir_scan); - while (false !== ($dir_filename = readdir($dh_scan))) { - $list_dir_files[] = $dir_filename; - } - - // find patern in a array, very cool code - class array_ereg { - function array_ereg($pattern) { $this->pattern = $pattern; } - function ereg($string) { - return ereg($this->pattern, $string); - } - } - - $rule_array2 = $config['installedpackages']['snortglobal']['rule']; - foreach ($rule_array2 as $id => $value) { - $result_lan = $value['interface']; - $if_real = snort_get_real_interface($result_lan); - - $snort_rules_list[] = "snort_{$id}{$if_real}"; - } - - $snort_dir_filter = array_filter($list_dir_files, array(new array_ereg("snort_"), 'ereg')); - $snort_dir_filter_search_result = array_diff($snort_dir_filter, $snort_rules_list); - - foreach ($snort_dir_filter_search_result as $value) - exec("/bin/rm -r /usr/local/etc/snort/$value"); - -} - -/* make sure this func on writes to files and does not start snort */ -function sync_snort_package() { - global $config, $g; - - /* all new files are for the user snort nologin */ - if (!is_dir('/var/log/snort')) - exec('/bin/mkdir -p /var/log/snort'); - - if (!is_dir('/var/log/snort/run')) - exec('/bin/mkdir -p /var/log/snort/run'); - - if (!is_dir('/var/log/snort/barnyard2')) - exec('/bin/mkdir -p /var/log/snort/barnyard2'); - - /* all new files are for the user snort nologin */ - if (!file_exists('/var/log/snort/alert')) - exec('/usr/bin/touch /var/log/snort/alert'); - - /* XXX: These are needed if snort is run as snort user - mwexec('/usr/sbin/chown -R snort:snort /var/log/snort', true); - mwexec('/usr/sbin/chown -R snort:snort /usr/local/etc/snort', true); - mwexec('/usr/sbin/chown -R snort:snort /usr/local/lib/snort', true); - mwexec('/usr/sbin/chown snort:snort /tmp/snort*', true); - mwexec('/usr/sbin/chown snort:snort /var/db/whitelist', true); - */ - - /* important */ - mwexec('/bin/chmod 770 /var/db/whitelist', true); - mwexec('/bin/chmod 770 /var/run/snort*', true); - mwexec('/bin/chmod 770 /tmp/snort*', true); - mwexec('/bin/chmod -R 770 /var/log/snort', true); - mwexec('/bin/chmod -R 770 /usr/local/lib/snort', true); - mwexec('/bin/chmod -R 770 /usr/local/etc/snort/', true); -} - -/* only run when a single iface needs to sync */ -function sync_snort_package_all($id, $if_real, $snort_uuid) -{ - global $config, $g; - - /* RedDevil suggested code */ - /* TODO: more testing needs to be done */ - /* may cause voip to fail */ - //exec("/sbin/sysctl net.bpf.bufsize=8388608"); - //exec("/sbin/sysctl net.bpf.maxbufsize=4194304"); - //exec("/sbin/sysctl net.bpf.maxinsns=512"); - //exec("/sbin/sysctl net.inet.tcp.rfc1323=1"); - - conf_mount_rw(); - - /* do not start config build if rules is empty */ - if (!is_array($config['installedpackages']['snortglobal']['rule'])) { - exec('/bin/rm /usr/local/etc/rc.d/snort.sh'); - conf_mount_ro(); - return; - } - if (!is_array($config['installedpackages']['snortglobal']['rule'][$id])) { - conf_mount_ro(); - return; - } - - $snort_uuid = $config['installedpackages']['snortglobal']['rule'][$id]['uuid']; - $result_lan = $config['installedpackages']['snortglobal']['rule'][$id]['interface']; - $if_real = snort_get_real_interface($result_lan); - - /* only build whitelist when needed */ - if ($config['installedpackages']['snortglobal']['rule'][$id]['blockoffenders7'] == 'on') - create_snort_whitelist($id, $if_real); - - /* only build threshold when needed */ - if ($config['installedpackages']['snortglobal']['rule'][$id]['suppresslistname'] != 'default') - create_snort_suppress($id, $if_real); - - /* create snort configuration file */ - create_snort_conf($id, $if_real, $snort_uuid); - - /* if rules exist cp rules to each iface */ - create_rules_iface($id, $if_real, $snort_uuid); - - /* create snort bootup file snort.sh only create once */ - create_snort_sh(); - - /* create barnyard2 configuration file */ - if ($config['installedpackages']['snortglobal']['rule'][$id]['barnyard_enable'] == 'on') - create_barnyard2_conf($id, $if_real, $snort_uuid); - - sync_snort_package(); - - conf_mount_ro(); -} - /* Only run when all ifaces needed to sync. Expects filesystem rw */ -function sync_snort_package_empty() +function sync_snort_package_config() { global $config, $g; @@ -1015,8 +888,7 @@ function sync_snort_package_empty() create_rules_iface($id, $if_real, $snort_uuid); /* create barnyard2 configuration file */ - $snortbarnyardlog_info_chk = $value['barnyard_enable']; - if ($snortbarnyardlog_info_chk == 'on') + if ($value['barnyard_enable'] == 'on') create_barnyard2_conf($id, $if_real, $snort_uuid); } } @@ -1024,61 +896,39 @@ function sync_snort_package_empty() /* create snort bootup file snort.sh only create once */ create_snort_sh(); - sync_snort_package(); - - conf_mount_ro(); -} - -/* only bootup and ip refresh */ -function sync_snort_package_config() -{ - global $config, $g; - - /* RedDevil suggested code */ - /* TODO: more testing needs to be done */ - /* may cause voip to fail */ - //exec("/sbin/sysctl net.bpf.bufsize=8388608"); - //exec("/sbin/sysctl net.bpf.maxbufsize=4194304"); - //exec("/sbin/sysctl net.bpf.maxinsns=512"); - //exec("/sbin/sysctl net.inet.tcp.rfc1323=1"); - - /* do not start config build if rules is empty */ - if (!is_array($config['installedpackages']['snortglobal']['rule'])) - return; - - conf_mount_rw(); - - foreach ($config['installedpackages']['snortglobal']['rule'] as $id => $value) { - - $result_lan = $value['interface']; - $if_real = snort_get_real_interface($result_lan); - $snort_uuid = $value['uuid']; - - if (!empty($if_real) && !empty($snort_uuid)) { + /* all new files are for the user snort nologin */ + if (!is_dir('/var/log/snort')) + exec('/bin/mkdir -p /var/log/snort'); - /* only build whitelist when needed */ - if ($value['blockoffenders7'] == 'on') - create_snort_whitelist($id, $if_real); + if (!is_dir('/var/log/snort/run')) + exec('/bin/mkdir -p /var/log/snort/run'); - /* only build threshold when needed */ - if ($value['suppresslistname'] != 'default') - create_snort_suppress($id, $if_real); + if (!is_dir('/var/log/snort/barnyard2')) + exec('/bin/mkdir -p /var/log/snort/barnyard2'); - /* create snort configuration file */ - create_snort_conf($id, $if_real, $snort_uuid); + /* all new files are for the user snort nologin */ + if (!file_exists('/var/log/snort/alert')) + exec('/usr/bin/touch /var/log/snort/alert'); - /* create barnyard2 configuration file */ - if ($value['barnyard_enable'] == 'on') - create_barnyard2_conf($id, $if_real, $snort_uuid); - } - } + /* XXX: These are needed if snort is run as snort user + mwexec('/usr/sbin/chown -R snort:snort /var/log/snort', true); + mwexec('/usr/sbin/chown -R snort:snort /usr/local/etc/snort', true); + mwexec('/usr/sbin/chown -R snort:snort /usr/local/lib/snort', true); + mwexec('/usr/sbin/chown snort:snort /tmp/snort*', true); + mwexec('/usr/sbin/chown snort:snort /var/db/whitelist', true); + */ - sync_snort_package(); + /* important */ + mwexec('/bin/chmod 770 /var/db/whitelist', true); + mwexec('/bin/chmod 770 /var/run/snort*', true); + mwexec('/bin/chmod 770 /tmp/snort*', true); + mwexec('/bin/chmod -R 770 /var/log/snort', true); + mwexec('/bin/chmod -R 770 /usr/local/lib/snort', true); + mwexec('/bin/chmod -R 770 /usr/local/etc/snort/', true); conf_mount_ro(); } - /* Start of main config files */ /* create threshold file */ @@ -1214,8 +1064,8 @@ function create_snort_sh() #### Fake start only used on bootup and Pfsense IP changes #### Only try to restart if snort is running on Iface -if [ "`/bin/ps -auwx | /usr/bin/grep "R {$snort_uuid}" | /usr/bin/grep -v grep | /usr/bin/awk '{print $2;}'`" != "" ]; then - snort_pid=`/bin/ps -auwx | /usr/bin/grep -v grep | /usr/bin/grep "R {$snort_uuid}" | /usr/bin/awk '{print $2;}'` +if [ "`/bin/ps -ax | /usr/bin/grep "R {$snort_uuid}" | /usr/bin/grep -v grep | /usr/bin/awk '{print $1;}'`" != "" ]; then + snort_pid=`/bin/ps -ax | /usr/bin/grep "R {$snort_uuid}" | /usr/bin/grep -v grep | /usr/bin/awk '{print $1;}'` /usr/bin/logger -p daemon.info -i -t SnortStartup "Snort already running, soft restart" #### Restart Iface @@ -1236,9 +1086,9 @@ EOE; $snort_sh_text4[] = <<<EOF -pid_s=`/bin/ps -auwx | /usr/bin/grep "R {$snort_uuid}" | /usr/bin/grep -v grep | /usr/bin/awk '{print \$2;}'` +pid_s=`/bin/ps -ax | /usr/bin/grep "R {$snort_uuid}" | /usr/bin/grep -v grep | /usr/bin/awk '{print \$1;}'` sleep 3 -pid_b=`/bin/ps -auwx | /usr/bin/grep "snort_{$snort_uuid}_{$if_real}.u2" | /usr/bin/grep -v grep | /usr/bin/awk '{print \$2;}'` +pid_b=`/bin/ps -ax | /usr/bin/grep "snort_{$snort_uuid}_{$if_real}.u2" | /usr/bin/grep -v grep | /usr/bin/awk '{print \$1;}'` if [ \${pid_s} ] ; then /bin/echo "snort.sh run" > /tmp/snort.sh.pid @@ -1270,26 +1120,13 @@ EOF; rc_start() { /bin/echo "snort.sh run" > /tmp/snort.sh.pid - - #### Remake the configs on boot Important! - /usr/local/bin/php -f /usr/local/pkg/pf/snort_dynamic_ip_reload.php & - /usr/bin/logger -p daemon.info -i -t SnortStartup "Snort Startup files Sync..." - $start_snort_iface_start - /bin/rm /tmp/snort.sh.pid } rc_stop() { - #### Check for double starts, Pfsense has problems with that - if /bin/ls /tmp/snort.sh.pid > /dev/null ; then - /usr/bin/logger -p daemon.info -i -t SnortStartup "Error: snort.sh IS running" - exit 0 - fi - $start_snort_iface_stop - /bin/rm /tmp/snort.sh.pid /bin/rm /var/run/snort* diff --git a/config/snort/snort.xml b/config/snort/snort.xml index c80bf672..2365bbea 100644 --- a/config/snort/snort.xml +++ b/config/snort/snort.xml @@ -95,11 +95,6 @@ <item>http://www.pfsense.com/packages/config/snort/bin/oinkmaster_contrib/snort_rename.pl</item> </additional_files_needed> <additional_files_needed> - <prefix>/usr/local/pkg/pf/</prefix> - <chmod>077</chmod> - <item>http://www.pfsense.com/packages/config/snort/snort_dynamic_ip_reload.php</item> - </additional_files_needed> - <additional_files_needed> <prefix>/usr/local/www/snort/</prefix> <chmod>077</chmod> <item>http://www.pfsense.com/packages/config/snort/snort_alerts.php</item> @@ -199,7 +194,7 @@ <custom_add_php_command> </custom_add_php_command> <custom_php_resync_config_command> - sync_snort_package(); + sync_snort_package_config(); </custom_php_resync_config_command> <custom_php_install_command> snort_postinstall(); diff --git a/config/snort/snort_barnyard.php b/config/snort/snort_barnyard.php index c4ac1292..b647c007 100644 --- a/config/snort/snort_barnyard.php +++ b/config/snort/snort_barnyard.php @@ -115,7 +115,7 @@ if ($_POST) { } write_config(); - sync_snort_package_all($id, $if_real, $snort_uuid); + sync_snort_package_config(); /* after click go to this page */ header( 'Expires: Sat, 26 Jul 1997 05:00:00 GMT' ); diff --git a/config/snort/snort_define_servers.php b/config/snort/snort_define_servers.php index ddb1e378..e3238ef7 100644 --- a/config/snort/snort_define_servers.php +++ b/config/snort/snort_define_servers.php @@ -159,7 +159,7 @@ if ($_POST) { write_config(); - sync_snort_package_all($id, $if_real, $snort_uuid); + sync_snort_package_config(); /* after click go to this page */ header( 'Expires: Sat, 26 Jul 1997 05:00:00 GMT' ); diff --git a/config/snort/snort_dynamic_ip_reload.php b/config/snort/snort_dynamic_ip_reload.php deleted file mode 100644 index 66bc505c..00000000 --- a/config/snort/snort_dynamic_ip_reload.php +++ /dev/null @@ -1,45 +0,0 @@ -<?php - -/* $Id$ */ -/* - snort_dynamic_ip_reload.php - Copyright (C) 2009 Robert Zeleya - All rights reserved. - - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions are met: - - 1. Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. - - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - - THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, - OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. - */ - -/* NOTE: this file gets included from the pfSense filter.inc plugin process */ -/* NOTE: file location /usr/local/pkg/pf, all files in pf dir get exec on filter reloads */ - -require_once("/usr/local/pkg/snort/snort.inc"); - -if (file_exists('/var/run/snort_dynamic_ip_reload.dirty')) { - exit(); -} - -exec('/usr/bin/touch /var/run/snort_dynamic_ip_reload.dirty'); - -sync_snort_package_config(); -@unlink("/var/run/snort_dynamic_ip_reload.dirty"); - -?> diff --git a/config/snort/snort_interfaces.php b/config/snort/snort_interfaces.php index b00b107e..9174c24f 100644 --- a/config/snort/snort_interfaces.php +++ b/config/snort/snort_interfaces.php @@ -75,7 +75,7 @@ if (isset($_POST['del_x'])) { conf_mount_ro(); } - sync_snort_package_empty(); + sync_snort_package_config(); header( 'Expires: Sat, 26 Jul 1997 05:00:00 GMT' ); header( 'Last-Modified: ' . gmdate( 'D, d M Y H:i:s' ) . ' GMT' ); @@ -98,7 +98,7 @@ if ($_GET['act'] == 'toggle' && is_numeric($id)) { /* Log Iface stop */ exec("/usr/bin/logger -p daemon.info -i -t SnortStartup 'Toggle for {$snort_uuid}_{$if_real}...'"); - sync_snort_package_all($id, $if_real, $snort_uuid); + sync_snort_package_config(); $tester2 = Running_Ck($snort_uuid, $if_real, $id); diff --git a/config/snort/snort_interfaces_edit.php b/config/snort/snort_interfaces_edit.php index 77f6cea7..b1a091e7 100644 --- a/config/snort/snort_interfaces_edit.php +++ b/config/snort/snort_interfaces_edit.php @@ -284,7 +284,7 @@ if (isset($_GET['dup'])) write_config(); - sync_snort_package_all($id, $if_real, $snort_uuid); + sync_snort_package_config(); sleep(1); /* if snort.sh crashed this will remove the pid */ @@ -303,7 +303,7 @@ if (isset($_GET['dup'])) if ($_POST["Submit2"]) { - sync_snort_package_all($id, $if_real, $snort_uuid); + sync_snort_package_config(); sleep(1); Running_Start($snort_uuid, $if_real, $id); diff --git a/config/snort/snort_interfaces_global.php b/config/snort/snort_interfaces_global.php index 9a47bb24..57fec1f1 100644 --- a/config/snort/snort_interfaces_global.php +++ b/config/snort/snort_interfaces_global.php @@ -103,7 +103,7 @@ if (!$input_errors) { write_config(); /* create whitelist and homenet file then sync files */ - sync_snort_package_empty(); + sync_snort_package_config(); /* forces page to reload new settings */ header( 'Expires: Sat, 26 Jul 1997 05:00:00 GMT' ); diff --git a/config/snort/snort_interfaces_whitelist_edit.php b/config/snort/snort_interfaces_whitelist_edit.php index 03ba1df8..fe3c54a5 100644 --- a/config/snort/snort_interfaces_whitelist_edit.php +++ b/config/snort/snort_interfaces_whitelist_edit.php @@ -184,7 +184,7 @@ if ($_POST['submit']) { write_config(); /* create whitelist and homenet file then sync files */ - sync_snort_package_empty(); + sync_snort_package_config(); header("Location: /snort/snort_interfaces_whitelist.php"); exit; diff --git a/config/snort/snort_preprocessors.php b/config/snort/snort_preprocessors.php index c5c7a4a8..7f89d433 100644 --- a/config/snort/snort_preprocessors.php +++ b/config/snort/snort_preprocessors.php @@ -113,7 +113,7 @@ if ($_POST) { write_config(); $if_real = snort_get_real_interface($pconfig['interface']); - sync_snort_package_all($id, $if_real, $snort_uuid); + sync_snort_package_config(); /* after click go to this page */ header( 'Expires: Sat, 26 Jul 1997 05:00:00 GMT' ); diff --git a/config/snort/snort_rulesets.php b/config/snort/snort_rulesets.php index e0bdd882..9e3853f5 100644 --- a/config/snort/snort_rulesets.php +++ b/config/snort/snort_rulesets.php @@ -149,7 +149,7 @@ if ($_POST["Submit"]) { $a_nat[$id]['rulesets'] = $enabled_items; write_config(); - sync_snort_package_all($id, $if_real, $iface_uuid); + sync_snort_package_config(); header( 'Expires: Sat, 26 Jul 1997 05:00:00 GMT' ); header( 'Last-Modified: ' . gmdate( 'D, d M Y H:i:s' ) . ' GMT' ); |