aboutsummaryrefslogtreecommitdiffstats
path: root/config
diff options
context:
space:
mode:
Diffstat (limited to 'config')
-rw-r--r--config/snort/snort_check_for_rule_updates.php705
-rw-r--r--config/snort/snort_download_rules.php680
-rw-r--r--config/snort/snort_download_updates.php176
3 files changed, 255 insertions, 1306 deletions
diff --git a/config/snort/snort_check_for_rule_updates.php b/config/snort/snort_check_for_rule_updates.php
index f9b9ff69..f3e3385c 100644
--- a/config/snort/snort_check_for_rule_updates.php
+++ b/config/snort/snort_check_for_rule_updates.php
@@ -28,79 +28,40 @@
POSSIBILITY OF SUCH DAMAGE.
*/
-/* Setup enviroment */
-
-/* TODO: review if include files are needed */
require_once("functions.inc");
require_once("service-utils.inc");
require_once("/usr/local/pkg/snort/snort.inc");
-$pkg_interface = "console";
+global $snort_gui_include;
+
+if (!isset($snort_gui_include))
+ $pkg_interface = "console";
$tmpfname = "/usr/local/etc/snort/tmp/snort_rules_up";
$snortdir = "/usr/local/etc/snort";
-$snortdir_wan = "/usr/local/etc/snort";
$snort_filename_md5 = "{$snort_rules_file}.md5";
$snort_filename = "{$snort_rules_file}";
$emergingthreats_filename_md5 = "emerging.rules.tar.gz.md5";
$emergingthreats_filename = "emerging.rules.tar.gz";
-$pfsense_rules_filename_md5 = "pfsense_rules.tar.gz.md5";
-$pfsense_rules_filename = "pfsense_rules.tar.gz";
-
-/* Time stamps define */
-$last_md5_download = $config['installedpackages']['snortglobal']['last_md5_download'];
-$last_rules_install = $config['installedpackages']['snortglobal']['last_rules_install'];
-
-$up_date_time = date('l jS \of F Y h:i:s A');
-echo "\n";
-echo "#########################\n";
-echo "$up_date_time\n";
-echo "#########################\n";
-echo "\n\n";
/* define checks */
$oinkid = $config['installedpackages']['snortglobal']['oinkmastercode'];
$snortdownload = $config['installedpackages']['snortglobal']['snortdownload'];
$emergingthreats = $config['installedpackages']['snortglobal']['emergingthreats'];
-if ($snortdownload == 'off' && $emergingthreats != 'on')
- $snort_emrging_info = 'stop';
-
-if ($oinkid == "" && $snortdownload != 'off')
- $snort_oinkid_info = 'stop';
-
-/* check if main rule directory is empty */
-$if_mrule_dir = "/usr/local/etc/snort/rules";
-$mfolder_chk = (count(glob("$if_mrule_dir/*")) === 0) ? 'empty' : 'full';
-
-if (file_exists('/var/run/snort.conf.dirty'))
- $snort_dirty_d = 'stop';
-
/* Start of code */
conf_mount_rw();
if (!is_dir('/usr/local/etc/snort/tmp'))
exec('/bin/mkdir -p /usr/local/etc/snort/tmp');
-$snort_md5_check_ok = 'off';
-$emerg_md5_check_ok = 'off';
-$pfsense_md5_check_ok = 'off';
-
/* Set user agent to Mozilla */
ini_set('user_agent','Mozilla/4.0 (compatible; MSIE 6.0)');
ini_set("memory_limit","150M");
-/* mark the time update started */
-$config['installedpackages']['snortglobal']['last_md5_download'] = date("Y-M-jS-h:i-A");
-
-/* send current buffer */
-ob_flush();
-
/* remove old $tmpfname files */
-if (is_dir("{$tmpfname}")) {
- update_status(gettext("Removing old tmp files..."));
+if (is_dir("{$tmpfname}"))
exec("/bin/rm -r {$tmpfname}");
-}
/* Make shure snortdir exits */
exec("/bin/mkdir -p {$snortdir}/rules");
@@ -110,185 +71,69 @@ exec("/bin/mkdir -p /usr/local/lib/snort/dynamicrules");
/* download md5 sig from snort.org */
if ($snortdownload == 'on') {
- if (file_exists("{$tmpfname}/{$snort_filename_md5}") &&
- filesize("{$tmpfname}/{$snort_filename_md5}") > 0) {
- update_status(gettext("snort.org md5 temp file exists..."));
- } else {
- update_status(gettext("Downloading snort.org md5 file..."));
- ini_set('user_agent','Mozilla/4.0 (compatible; MSIE 6.0)');
-
- //$image = @file_get_contents("http://www.mtest.local/pub-bin/oinkmaster.cgi/{$oinkid}/{$snort_filename_md5}");
- $image = @file_get_contents("http://www.snort.org/pub-bin/oinkmaster.cgi/{$oinkid}/{$snort_filename_md5}");
- @file_put_contents("{$tmpfname}/{$snort_filename_md5}", $image);
- update_status(gettext("Done downloading snort.org md5"));
- }
-}
-
-/* download md5 sig from emergingthreats.net */
-if ($emergingthreats == 'on') {
- update_status(gettext("Downloading emergingthreats md5 file..."));
- ini_set('user_agent','Mozilla/4.0 (compatible; MSIE 6.0)');
- // $image = @file_get_contents("http://www.mtest.local/pub-bin/oinkmaster.cgi/{$oinkid}/version.txt");
- $image = @file_get_contents('http://rules.emergingthreats.net/open/snort-{$emerging_threats_version}/emerging.rules.tar.gz.md5');
- @file_put_contents("{$tmpfname}/{$emergingthreats_filename_md5}", $image);
- update_status(gettext("Done downloading emergingthreats md5"));
-}
-
-/* download md5 sig from pfsense.org */
-if (file_exists("{$tmpfname}/{$pfsense_rules_filename_md5}")) {
- update_status(gettext("pfsense md5 temp file exists..."));
-} else {
- update_status(gettext("Downloading pfsense md5 file..."));
- ini_set('user_agent','Mozilla/4.0 (compatible; MSIE 6.0)');
- //$image = @file_get_contents("http://www.mtest.local/pub-bin/oinkmaster.cgi/{$oinkid}/pfsense_rules.tar.gz.md5");
- $image = @file_get_contents("http://www.pfsense.com/packages/config/snort/pfsense_rules/pfsense_rules.tar.gz.md5");
- @file_put_contents("{$tmpfname}/pfsense_rules.tar.gz.md5", $image);
- update_status(gettext("Done downloading pfsense md5."));
-}
-
-/* If md5 file is empty wait 15min exit */
-if ($snortdownload == 'on')
-{
- if (0 == filesize("{$tmpfname}/{$snort_filename_md5}"))
- {
+ update_status(gettext("Downloading snort.org md5 file..."));
+ $image = @file_get_contents("http://www.snort.org/pub-bin/oinkmaster.cgi/{$oinkid}/{$snort_filename_md5}");
+ @file_put_contents("{$tmpfname}/{$snort_filename_md5}", $image);
+ if (0 == filesize("{$tmpfname}/{$snort_filename_md5}")) {
update_status(gettext("Please wait... You may only check for New Rules every 15 minutes..."));
update_output_window(gettext("Rules are released every month from snort.org. You may download the Rules at any time."));
$snortdownload = 'off';
- }
-}
-
-/* If pfsense md5 file is empty wait 15min exit */
-if (0 == filesize("{$tmpfname}/$pfsense_rules_filename_md5")){
- update_status(gettext("Please wait... You may only check for New Pfsense Rules every 15 minutes..."));
- update_output_window(gettext("Rules are released to support Pfsense packages."));
- $pfsensedownload = 'off';
+ } else
+ update_status(gettext("Done downloading snort.org md5"));
}
/* Check if were up to date snort.org */
-if ($snortdownload == 'on')
-{
- if (file_exists("{$snortdir}/{$snort_filename_md5}"))
- {
- $md5_check_new_parse = file_get_contents("{$tmpfname}/{$snort_filename_md5}");
- $md5_check_new = `/bin/echo "{$md5_check_new_parse}" | /usr/bin/awk '{ print $1 }'`;
- $md5_check_old_parse = file_get_contents("{$snortdir}/{$snort_filename_md5}");
- $md5_check_old = `/bin/echo "{$md5_check_old_parse}" | /usr/bin/awk '{ print $1 }'`;
- if ($md5_check_new == $md5_check_old)
- {
- update_status(gettext("Your rules are up to date..."));
- update_output_window(gettext("You may start Snort now, check update."));
- $snort_md5_check_ok = 'on';
- } else {
- update_status(gettext("Your rules are not up to date..."));
- $snort_md5_check_ok = 'off';
+if ($snortdownload == 'on') {
+ if (file_exists("{$snortdir}/{$snort_filename_md5}")) {
+ $md5_check_new = file_get_contents("{$tmpfname}/{$snort_filename_md5}");
+ $md5_check_old = file_get_contents("{$snortdir}/{$snort_filename_md5}");
+ if ($md5_check_new == $md5_check_old) {
+ update_status(gettext("Snort rules are up to date..."));
+ $snortdownload = 'off';
}
}
}
-/* Check if were up to date emergingthreats.net */
-if ($emergingthreats == 'on')
-{
- if (file_exists("{$snortdir}/{$emergingthreats_filename_md5}"))
- {
- $emerg_md5_check_new_parse = file_get_contents("{$tmpfname}/{$emergingthreats_filename_md5}");
- $emerg_md5_check_new = `/bin/echo "{$emerg_md5_check_new_parse}" | /usr/bin/awk '{ print $1 }'`;
- $emerg_md5_check_old_parse = file_get_contents("{$snortdir}/{$emergingthreats_filename_md5}");
- $emerg_md5_check_old = `/bin/echo "{$emerg_md5_check_old_parse}" | /usr/bin/awk '{ print $1 }'`;
- if ($emerg_md5_check_new == $emerg_md5_check_old)
- {
- $emerg_md5_check_ok = 'on';
- } else
- $emerg_md5_check_ok = 'off';
- }
-}
-
-/* Check if were up to date pfsense.org */
-if ($pfsensedownload == 'on' && file_exists("{$snortdir}/pfsense_rules.tar.gz.md5"))
-{
- $pfsense_check_new_parse = file_get_contents("{$tmpfname}/pfsense_rules.tar.gz.md5");
- $pfsense_md5_check_new = `/bin/echo "{$pfsense_md5_check_new_parse}" | /usr/bin/awk '{ print $1 }'`;
- $pfsense_md5_check_old_parse = file_get_contents("{$snortdir}/pfsense_rules.tar.gz.md5");
- $pfsense_md5_check_old = `/bin/echo "{$pfsense_md5_check_old_parse}" | /usr/bin/awk '{ print $1 }'`;
- if ($pfsense_md5_check_new == $pfsense_md5_check_old)
- {
- $pfsense_md5_check_ok = 'on';
- } else
- $pfsense_md5_check_ok = 'off';
-}
-
+/* download snortrules file */
if ($snortdownload == 'on') {
- if ($snort_md5_check_ok == 'on')
- {
- update_status(gettext("Your snort.org rules are up to date..."));
- update_output_window(gettext("You may start Snort now..."));
+ update_status(gettext("There is a new set of Snort.org rules posted. Downloading..."));
+ download_file_with_progress_bar("http://www.snort.org/pub-bin/oinkmaster.cgi/{$oinkid}/{$snort_filename}", "{$tmpfname}/{$snort_filename}");
+ update_status(gettext("Done downloading rules file."));
+ if (300000 > filesize("{$tmpfname}/$snort_filename")){
+ update_output_window(gettext("Snort rules file downloaded failed..."));
$snortdownload = 'off';
}
}
+
+/* download md5 sig from emergingthreats.net */
if ($emergingthreats == 'on') {
- if ($emerg_md5_check_ok == 'on')
- {
- update_status(gettext("Your Emergingthreats rules are up to date..."));
- update_output_window(gettext("You may start Snort now..."));
- $emergingthreats = 'off';
- }
-}
+ update_status(gettext("Downloading emergingthreats md5 file..."));
+ $image = @file_get_contents("http://rules.emergingthreats.net/open/snort-{$emerging_threats_version}/emerging.rules.tar.gz.md5");
+ /* XXX: error checking */
+ @file_put_contents("{$tmpfname}/{$emergingthreats_filename_md5}", $image);
+ update_status(gettext("Done downloading emergingthreats md5"));
-/* download snortrules file */
-if ($snortdownload == 'on')
-{
- if ($snort_md5_check_ok != 'on') {
- if (file_exists("{$tmpfname}/{$snort_filename}")) {
- update_status(gettext("Snortrule tar file exists..."));
- } else {
- update_status(gettext("There is a new set of Snort.org rules posted. Downloading..."));
- update_output_window(gettext("May take 4 to 10 min..."));
- download_file_with_progress_bar("http://www.snort.org/pub-bin/oinkmaster.cgi/{$oinkid}/{$snort_filename}", "{$tmpfname}/{$snort_filename}");
- update_all_status($static_output);
- update_status(gettext("Done downloading rules file."));
- if (300000 > filesize("{$tmpfname}/$snort_filename")){
- update_status(gettext("Error with the snort rules download..."));
- update_output_window(gettext("Snort rules file downloaded failed..."));
- $snortdownload = 'off';
- } else
- log_error("Snort rules file update downloaded succsesfully");
+ if (file_exists("{$snortdir}/{$emergingthreats_filename_md5}")) {
+ /* Check if were up to date emergingthreats.net */
+ $emerg_md5_check_new = file_get_contents("{$tmpfname}/{$emergingthreats_filename_md5}");
+ $emerg_md5_check_old = file_get_contents("{$snortdir}/{$emergingthreats_filename_md5}");
+ if ($emerg_md5_check_new == $emerg_md5_check_old) {
+ update_status(gettext("Emerging threat rules are up to date..."));
+ $emergingthreats = 'off';
}
}
}
/* download emergingthreats rules file */
-if ($emergingthreats == "on")
-{
- if ($emerg_md5_check_ok != 'on')
- {
- if (file_exists("{$tmpfname}/{$emergingthreats_filename}"))
- {
- update_status(gettext('Emergingthreats tar file exists...'));
- }else{
- update_status(gettext("There is a new set of Emergingthreats rules posted. Downloading..."));
- update_output_window(gettext("May take 4 to 10 min..."));
- download_file_with_progress_bar('http://rules.emergingthreats.net/open/snort-{$emerging_threats_version}/emerging.rules.tar.gz', "{$tmpfname}/{$emergingthreats_filename}");
- update_status(gettext('Done downloading Emergingthreats rules file.'));
- log_error("Emergingthreats rules file update downloaded succsesfully");
- }
- }
-}
-
-/* download pfsense rules file */
-if ($pfsensedownload == 'on' && $pfsense_md5_check_ok != 'on') {
- if (file_exists("{$tmpfname}/{$pfsense_rules_filename}")) {
- update_status(gettext("Snortrule tar file exists..."));
- } else {
- update_status(gettext("There is a new set of Pfsense rules posted. Downloading..."));
- update_output_window(gettext("May take 4 to 10 min..."));
- download_file_with_progress_bar("http://www.pfsense.com/packages/config/snort/pfsense_rules/pfsense_rules.tar.gz", $tmpfname . "/{$pfsense_rules_filename}");
- update_all_status($static_output);
- update_status(gettext("Done downloading rules file."));
- log_error("pfSense rules file update downloaded succsesfully");
- }
+if ($emergingthreats == "on") {
+ update_status(gettext("There is a new set of Emergingthreats rules posted. Downloading..."));
+ download_file_with_progress_bar("http://rules.emergingthreats.net/open/snort-{$emerging_threats_version}/emerging.rules.tar.gz", "{$tmpfname}/{$emergingthreats_filename}");
+ update_status(gettext('Done downloading Emergingthreats rules file.'));
+ log_error("Emergingthreats rules file update downloaded succsesfully");
}
+/* XXX: need to be verified */
/* Compair md5 sig to file sig */
-
//$premium_url_chk = $config['installedpackages']['snort']['config'][0]['subscriber'];
//if ($premium_url_chk == on) {
//$md5 = file_get_contents("{$tmpfname}/{$snort_filename_md5}");
@@ -302,260 +147,160 @@ if ($pfsensedownload == 'on' && $pfsense_md5_check_ok != 'on') {
// }
//}
-//$premium_url_chk = $config['installedpackages']['snort']['config'][0]['subscriber'];
-//if ($premium_url_chk != on) {
-//$md55 = `/bin/cat {$tmpfname}/{$snort_filename_md5} | /usr/bin/awk '{ print $4 }'`;
-//$file_md5_ondisk2 = `/sbin/md5 {$tmpfname}/{$snort_filename} | /usr/bin/awk '{ print $4 }'`;
-// if ($md55 == $file_md5_ondisk2) {
-// update_status(gettext("Valid md5 checksum pass..."));
-//} else {
-// update_status(gettext("The downloaded file does not match the md5 file...Not P"));
-// update_output_window(gettext("Error md5 Mismatch..."));
-// return;
-// }
-//}
-
/* Untar snort rules file individually to help people with low system specs */
-if ($snortdownload == 'on')
-{
- if ($snort_md5_check_ok != 'on') {
- if (file_exists("{$tmpfname}/{$snort_filename}")) {
-
- if ($pfsense_stable == 'yes')
- $freebsd_version_so = 'FreeBSD-7-2';
- else
- $freebsd_version_so = 'FreeBSD-8-1';
-
- update_status(gettext("Extracting Snort.org rules..."));
- update_output_window(gettext("May take a while..."));
- /* extract snort.org rules and add prefix to all snort.org files*/
- exec("/bin/rm -r {$snortdir}/rules");
- exec("/usr/bin/tar xzf {$tmpfname}/{$snort_filename} -C {$snortdir} rules/");
- chdir ("/usr/local/etc/snort/rules");
- exec('/usr/local/bin/perl /usr/local/bin/snort_rename.pl s/^/snort_/ *.rules');
-
- /* extract so rules */
- exec('/bin/mkdir -p /usr/local/lib/snort/dynamicrules/');
- if($snort_arch == 'x86'){
- exec("/usr/bin/tar xzf {$tmpfname}/{$snort_filename} -C {$snortdir} so_rules/precompiled/$freebsd_version_so/i386/{$snort_version}/");
- exec("/bin/mv -f {$snortdir}/so_rules/precompiled/$freebsd_version_so/i386/{$snort_version}/* /usr/local/lib/snort/dynamicrules/");
- } else if ($snort_arch == 'x64') {
- exec("/usr/bin/tar xzf {$tmpfname}/{$snort_filename} -C {$snortdir} so_rules/precompiled/$freebsd_version_so/x86-64/{$snort_version}/");
- exec("/bin/mv -f {$snortdir}/so_rules/precompiled/$freebsd_version_so/x86-64/{$snort_version}/* /usr/local/lib/snort/dynamicrules/");
- }
- /* extract so rules none bin and rename */
- exec("/usr/bin/tar xzf {$tmpfname}/{$snort_filename} -C {$snortdir} so_rules/bad-traffic.rules/" .
- " so_rules/chat.rules/" .
- " so_rules/dos.rules/" .
- " so_rules/exploit.rules/" .
- " so_rules/icmp.rules/" .
- " so_rules/imap.rules/" .
- " so_rules/misc.rules/" .
- " so_rules/multimedia.rules/" .
- " so_rules/netbios.rules/" .
- " so_rules/nntp.rules/" .
- " so_rules/p2p.rules/" .
- " so_rules/smtp.rules/" .
- " so_rules/sql.rules/" .
- " so_rules/web-activex.rules/" .
- " so_rules/web-client.rules/" .
- " so_rules/web-iis.rules/" .
- " so_rules/web-misc.rules/");
-
- exec("/bin/mv -f {$snortdir}/so_rules/bad-traffic.rules {$snortdir}/rules/snort_bad-traffic.so.rules");
- exec("/bin/mv -f {$snortdir}/so_rules/chat.rules {$snortdir}/rules/snort_chat.so.rules");
- exec("/bin/mv -f {$snortdir}/so_rules/dos.rules {$snortdir}/rules/snort_dos.so.rules");
- exec("/bin/mv -f {$snortdir}/so_rules/exploit.rules {$snortdir}/rules/snort_exploit.so.rules");
- exec("/bin/mv -f {$snortdir}/so_rules/icmp.rules {$snortdir}/rules/snort_icmp.so.rules");
- exec("/bin/mv -f {$snortdir}/so_rules/imap.rules {$snortdir}/rules/snort_imap.so.rules");
- exec("/bin/mv -f {$snortdir}/so_rules/misc.rules {$snortdir}/rules/snort_misc.so.rules");
- exec("/bin/mv -f {$snortdir}/so_rules/multimedia.rules {$snortdir}/rules/snort_multimedia.so.rules");
- exec("/bin/mv -f {$snortdir}/so_rules/netbios.rules {$snortdir}/rules/snort_netbios.so.rules");
- exec("/bin/mv -f {$snortdir}/so_rules/nntp.rules {$snortdir}/rules/snort_nntp.so.rules");
- exec("/bin/mv -f {$snortdir}/so_rules/p2p.rules {$snortdir}/rules/snort_p2p.so.rules");
- exec("/bin/mv -f {$snortdir}/so_rules/smtp.rules {$snortdir}/rules/snort_smtp.so.rules");
- exec("/bin/mv -f {$snortdir}/so_rules/sql.rules {$snortdir}/rules/snort_sql.so.rules");
- exec("/bin/mv -f {$snortdir}/so_rules/web-activex.rules {$snortdir}/rules/snort_web-activex.so.rules");
- exec("/bin/mv -f {$snortdir}/so_rules/web-client.rules {$snortdir}/rules/snort_web-client.so.rules");
- exec("/bin/mv -f {$snortdir}/so_rules/web-iis.rules {$snortdir}/rules/snort_web-iis.so.rules");
- exec("/bin/mv -f {$snortdir}/so_rules/web-misc.rules {$snortdir}/rules/snort_web-misc.so.rules");
- exec("/bin/rm -r {$snortdir}/so_rules");
- }
-
- /* extract base etc files */
- exec("/usr/bin/tar xzf {$tmpfname}/{$snort_filename} -C {$snortdir} etc/");
- exec("/bin/mv -f {$snortdir}/etc/* {$snortdir}");
- exec("/bin/rm -r {$snortdir}/etc");
-
- update_status(gettext("Done extracting Snort.org Rules."));
- }else{
- update_status(gettext("Error extracting Snort.org Rules..."));
- update_output_window(gettext("Error Line 755"));
- $snortdownload = 'off';
- }
-}
-
-/* Untar emergingthreats rules to tmp */
-if ($emergingthreats == 'on')
-{
- if ($emerg_md5_check_ok != 'on')
- {
- if (file_exists("{$tmpfname}/{$emergingthreats_filename}"))
- {
- update_status(gettext("Extracting rules..."));
- update_output_window(gettext("May take a while..."));
- exec("/usr/bin/tar xzf {$tmpfname}/{$emergingthreats_filename} -C {$snortdir} rules/");
- }
- }
-}
-
-/* Untar Pfsense rules to tmp */
-if ($pfsensedownload == 'on' && $pfsense_md5_check_ok != 'on') {
- if (file_exists("{$tmpfname}/{$pfsense_rules_filename}")) {
- update_status(gettext("Extracting Pfsense rules..."));
- update_output_window(gettext("May take a while..."));
- exec("/usr/bin/tar xzf {$tmpfname}/{$pfsense_rules_filename} -C {$snortdir} rules/");
- }
-}
-
-/* Untar snort signatures */
-if ($snortdownload == 'on' && $snort_md5_check_ok != 'on') {
+if ($snortdownload == 'on') {
if (file_exists("{$tmpfname}/{$snort_filename}")) {
+ if ($pfsense_stable == 'yes')
+ $freebsd_version_so = 'FreeBSD-7-2';
+ else
+ $freebsd_version_so = 'FreeBSD-8-1';
+
+ update_status(gettext("Extracting Snort.org rules..."));
+ /* extract snort.org rules and add prefix to all snort.org files*/
+ exec("/bin/rm -r {$snortdir}/rules/*");
+ exec("/usr/bin/tar xzf {$tmpfname}/{$snort_filename} -C {$snortdir} rules/");
+ chdir ("/usr/local/etc/snort/rules");
+ exec('/usr/local/bin/perl /usr/local/bin/snort_rename.pl s/^/snort_/ *.rules');
+
+ /* extract so rules */
+ exec('/bin/mkdir -p /usr/local/lib/snort/dynamicrules/');
+ if($snort_arch == 'x86'){
+ exec("/usr/bin/tar xzf {$tmpfname}/{$snort_filename} -C {$snortdir} so_rules/precompiled/$freebsd_version_so/i386/{$snort_version}/");
+ exec("/bin/mv -f {$snortdir}/so_rules/precompiled/$freebsd_version_so/i386/{$snort_version}/* /usr/local/lib/snort/dynamicrules/");
+ } else if ($snort_arch == 'x64') {
+ exec("/usr/bin/tar xzf {$tmpfname}/{$snort_filename} -C {$snortdir} so_rules/precompiled/$freebsd_version_so/x86-64/{$snort_version}/");
+ exec("/bin/mv -f {$snortdir}/so_rules/precompiled/$freebsd_version_so/x86-64/{$snort_version}/* /usr/local/lib/snort/dynamicrules/");
+ }
+ /* extract so rules none bin and rename */
+ exec("/usr/bin/tar xzf {$tmpfname}/{$snort_filename} -C {$snortdir} so_rules/bad-traffic.rules/" .
+ " so_rules/chat.rules/" .
+ " so_rules/dos.rules/" .
+ " so_rules/exploit.rules/" .
+ " so_rules/icmp.rules/" .
+ " so_rules/imap.rules/" .
+ " so_rules/misc.rules/" .
+ " so_rules/multimedia.rules/" .
+ " so_rules/netbios.rules/" .
+ " so_rules/nntp.rules/" .
+ " so_rules/p2p.rules/" .
+ " so_rules/smtp.rules/" .
+ " so_rules/sql.rules/" .
+ " so_rules/web-activex.rules/" .
+ " so_rules/web-client.rules/" .
+ " so_rules/web-iis.rules/" .
+ " so_rules/web-misc.rules/");
+
+ exec("/bin/mv -f {$snortdir}/so_rules/bad-traffic.rules {$snortdir}/rules/snort_bad-traffic.so.rules");
+ exec("/bin/mv -f {$snortdir}/so_rules/chat.rules {$snortdir}/rules/snort_chat.so.rules");
+ exec("/bin/mv -f {$snortdir}/so_rules/dos.rules {$snortdir}/rules/snort_dos.so.rules");
+ exec("/bin/mv -f {$snortdir}/so_rules/exploit.rules {$snortdir}/rules/snort_exploit.so.rules");
+ exec("/bin/mv -f {$snortdir}/so_rules/icmp.rules {$snortdir}/rules/snort_icmp.so.rules");
+ exec("/bin/mv -f {$snortdir}/so_rules/imap.rules {$snortdir}/rules/snort_imap.so.rules");
+ exec("/bin/mv -f {$snortdir}/so_rules/misc.rules {$snortdir}/rules/snort_misc.so.rules");
+ exec("/bin/mv -f {$snortdir}/so_rules/multimedia.rules {$snortdir}/rules/snort_multimedia.so.rules");
+ exec("/bin/mv -f {$snortdir}/so_rules/netbios.rules {$snortdir}/rules/snort_netbios.so.rules");
+ exec("/bin/mv -f {$snortdir}/so_rules/nntp.rules {$snortdir}/rules/snort_nntp.so.rules");
+ exec("/bin/mv -f {$snortdir}/so_rules/p2p.rules {$snortdir}/rules/snort_p2p.so.rules");
+ exec("/bin/mv -f {$snortdir}/so_rules/smtp.rules {$snortdir}/rules/snort_smtp.so.rules");
+ exec("/bin/mv -f {$snortdir}/so_rules/sql.rules {$snortdir}/rules/snort_sql.so.rules");
+ exec("/bin/mv -f {$snortdir}/so_rules/web-activex.rules {$snortdir}/rules/snort_web-activex.so.rules");
+ exec("/bin/mv -f {$snortdir}/so_rules/web-client.rules {$snortdir}/rules/snort_web-client.so.rules");
+ exec("/bin/mv -f {$snortdir}/so_rules/web-iis.rules {$snortdir}/rules/snort_web-iis.so.rules");
+ exec("/bin/mv -f {$snortdir}/so_rules/web-misc.rules {$snortdir}/rules/snort_web-misc.so.rules");
+ exec("/bin/rm -r {$snortdir}/so_rules");
+
+ /* extract base etc files */
+ exec("/usr/bin/tar xzf {$tmpfname}/{$snort_filename} -C {$snortdir} etc/");
+ exec("/bin/mv -f {$snortdir}/etc/* {$snortdir}");
+ exec("/bin/rm -r {$snortdir}/etc");
+
+ /* Untar snort signatures */
$signature_info_chk = $config['installedpackages']['snortglobal']['signatureinfo'];
if ($premium_url_chk == 'on') {
update_status(gettext("Extracting Signatures..."));
- update_output_window(gettext("May take a while..."));
exec("/usr/bin/tar xzf {$tmpfname}/{$snort_filename} -C {$snortdir} doc/signatures/");
update_status(gettext("Done extracting Signatures."));
- }
- }
-}
-
-/* Copy md5 sig to snort dir */
-if ($snortdownload == 'on')
-{
- if ($snort_md5_check_ok != 'on') {
- if (file_exists("{$tmpfname}/$snort_filename_md5")) {
- update_status(gettext("Copying md5 sig to snort directory..."));
- exec("/bin/cp {$tmpfname}/$snort_filename_md5 {$snortdir}/$snort_filename_md5");
- }else{
- update_status(gettext("The md5 file does not exist..."));
- update_output_window(gettext("Error copying config..."));
- $snortdownload = 'off';
- }
- }
-}
-
-/* Copy emergingthreats md5 sig to snort dir */
-if ($emergingthreats == "on")
-{
- if ($emerg_md5_check_ok != 'on')
- {
- if (file_exists("{$tmpfname}/$emergingthreats_filename_md5"))
- {
- update_status(gettext("Copying md5 sig to snort directory..."));
- exec("/bin/cp {$tmpfname}/$emergingthreats_filename_md5 {$snortdir}/$emergingthreats_filename_md5");
- }else{
- update_status(gettext("The emergingthreats md5 file does not exist..."));
- update_output_window(gettext("Error copying config..."));
- $emergingthreats = 'off';
- }
- }
-}
-
-/* Copy Pfsense md5 sig to snort dir */
-if ($pfsensedownload == 'on' && $pfsense_md5_check_ok != 'on') {
- if (file_exists("{$tmpfname}/$pfsense_rules_filename_md5")) {
- update_status(gettext("Copying Pfsense md5 sig to snort directory..."));
- exec("/bin/cp {$tmpfname}/$pfsense_rules_filename_md5 {$snortdir}/$pfsense_rules_filename_md5");
- } else {
- update_status(gettext("The Pfsense md5 file does not exist..."));
- update_output_window(gettext("Error copying config..."));
- $pfsensedownload = 'off';
- }
-}
-/* Copy signatures dir to snort dir */
-if ($snortdownload == 'on')
-{
- if ($snort_md5_check_ok != 'on')
- {
- $signature_info_chk = $config['installedpackages']['snortglobal']['signatureinfo'];
- if ($premium_url_chk == 'on')
- {
if (file_exists("{$snortdir}/doc/signatures")) {
update_status(gettext("Copying signatures..."));
- update_output_window(gettext("May take a while..."));
exec("/bin/mv -f {$snortdir}/doc/signatures {$snortdir}/signatures");
- exec("/bin/rm -r {$snortdir}/doc/signatures");
update_status(gettext("Done copying signatures."));
- }else{
+ } else {
update_status(gettext("Directory signatures exist..."));
update_output_window(gettext("Error copying signature..."));
$snortdownload = 'off';
}
}
- }
-}
-/* double make shure cleanup emerg rules that dont belong */
-if (file_exists("/usr/local/etc/snort/rules/emerging-botcc-BLOCK.rules")) {
- @unlink("/usr/local/etc/snort/rules/emerging-botcc-BLOCK.rules");
- @unlink("/usr/local/etc/snort/rules/emerging-botcc.rules");
- @unlink("/usr/local/etc/snort/rules/emerging-compromised-BLOCK.rules");
- @unlink("/usr/local/etc/snort/rules/emerging-drop-BLOCK.rules");
- @unlink("/usr/local/etc/snort/rules/emerging-dshield-BLOCK.rules");
- @unlink("/usr/local/etc/snort/rules/emerging-rbn-BLOCK.rules");
- @unlink("/usr/local/etc/snort/rules/emerging-tor-BLOCK.rules");
-}
+ if (file_exists("/usr/local/lib/snort/dynamicrules/lib_sfdynamic_example_rule.so")) {
+ exec("/bin/rm /usr/local/lib/snort/dynamicrules/lib_sfdynamic_example_rule.so");
+ exec("/bin/rm /usr/local/lib/snort/dynamicrules/lib_sfdynamic_example\*");
+ }
+
+ /* XXX: Convert this to sed? */
+ /* make shure default rules are in the right format */
+ exec("/usr/local/bin/perl -pi -e 's/#alert/# alert/g' /usr/local/etc/snort/rules/*.rules");
+ exec("/usr/local/bin/perl -pi -e 's/##alert/# alert/g' /usr/local/etc/snort/rules/*.rules");
+ exec("/usr/local/bin/perl -pi -e 's/## alert/# alert/g' /usr/local/etc/snort/rules/*.rules");
-if (file_exists("/usr/local/lib/snort/dynamicrules/lib_sfdynamic_example_rule.so")) {
- exec("/bin/rm /usr/local/lib/snort/dynamicrules/lib_sfdynamic_example_rule.so");
- exec("/bin/rm /usr/local/lib/snort/dynamicrules/lib_sfdynamic_example\*");
+ /* create a msg-map for snort */
+ update_status(gettext("Updating Alert Messages..."));
+ exec("/usr/local/bin/perl /usr/local/bin/create-sidmap.pl {$snortdir}/rules > {$snortdir}/sid-msg.map");
+
+ if (file_exists("{$tmpfname}/$snort_filename_md5")) {
+ update_status(gettext("Copying md5 sig to snort directory..."));
+ exec("/bin/cp {$tmpfname}/$snort_filename_md5 {$snortdir}/$snort_filename_md5");
+ }
+ }
}
-/* make shure default rules are in the right format */
-exec("/usr/local/bin/perl -pi -e 's/#alert/# alert/g' /usr/local/etc/snort/rules/*.rules");
-exec("/usr/local/bin/perl -pi -e 's/##alert/# alert/g' /usr/local/etc/snort/rules/*.rules");
-exec("/usr/local/bin/perl -pi -e 's/## alert/# alert/g' /usr/local/etc/snort/rules/*.rules");
+/* Untar emergingthreats rules to tmp */
+if ($emergingthreats == 'on') {
+ if (file_exists("{$tmpfname}/{$emergingthreats_filename}")) {
+ update_status(gettext("Extracting rules..."));
+ exec("/usr/bin/tar xzf {$tmpfname}/{$emergingthreats_filename} -C {$snortdir} rules/");
+ }
-/* create a msg-map for snort */
-update_status(gettext("Updating Alert Messages..."));
-update_output_window(gettext("Please Wait..."));
-exec("/usr/local/bin/perl /usr/local/bin/create-sidmap.pl /usr/local/etc/snort/rules > /usr/local/etc/snort/sid-msg.map");
+ /* Copy emergingthreats md5 sig to snort dir */
+ if (file_exists("{$tmpfname}/$emergingthreats_filename_md5")) {
+ update_status(gettext("Copying md5 sig to snort directory..."));
+ exec("/bin/cp {$tmpfname}/$emergingthreats_filename_md5 {$snortdir}/$emergingthreats_filename_md5");
+ }
+}
+/* remove old $tmpfname files */
+if (is_dir($tmpfname)) {
+ update_status(gettext("Cleaning up..."));
+ exec("/bin/rm -r {$tmpfname}");
+}
//////////////////
/* open oinkmaster_conf for writing" function */
-function oinkmaster_conf($id, $if_real, $iface_uuid)
+function oinkmaster_conf($if_real, $iface_uuid)
{
- global $config, $g, $snort_md5_check_ok, $emerg_md5_check_ok, $pfsense_md5_check_ok;
+ global $config, $g, $snortdir;
- @unlink("/usr/local/etc/snort/snort_{$iface_uuid}_{$if_real}/oinkmaster_{$iface_uuid}_{$if_real}.conf");
+ @unlink("{$snortdir}/snort_{$iface_uuid}_{$if_real}/oinkmaster_{$iface_uuid}_{$if_real}.conf");
- /* enable disable setting will carry over with updates */
- /* TODO carry signature changes with the updates */
- if ($snort_md5_check_ok != 'on' || $emerg_md5_check_ok != 'on' || $pfsense_md5_check_ok != 'on') {
+ $selected_sid_on_section = "";
+ $selected_sid_off_sections = "";
- $selected_sid_on_section = "";
- $selected_sid_off_sections = "";
-
- if (!empty($config['installedpackages']['snortglobal']['rule'][$id]['rule_sid_on'])) {
- $enabled_sid_on = trim($config['installedpackages']['snortglobal']['rule'][$id]['rule_sid_on']);
- $enabled_sid_on_array = split('\|\|', $enabled_sid_on);
- foreach($enabled_sid_on_array as $enabled_item_on)
- $selected_sid_on_sections .= "$enabled_item_on\n";
- }
+ if (!empty($config['installedpackages']['snortglobal']['rule'][$id]['rule_sid_on'])) {
+ $enabled_sid_on = trim($config['installedpackages']['snortglobal']['rule'][$id]['rule_sid_on']);
+ $enabled_sid_on_array = explode("||", $enabled_sid_on);
+ foreach($enabled_sid_on_array as $enabled_item_on)
+ $selected_sid_on_sections .= "$enabled_item_on\n";
+ }
- if (!empty($config['installedpackages']['snortglobal']['rule'][$id]['rule_sid_off'])) {
- $enabled_sid_off = trim($config['installedpackages']['snortglobal']['rule'][$id]['rule_sid_off']);
- $enabled_sid_off_array = split('\|\|', $enabled_sid_off);
- foreach($enabled_sid_off_array as $enabled_item_off)
- $selected_sid_off_sections .= "$enabled_item_off\n";
- }
+ if (!empty($config['installedpackages']['snortglobal']['rule'][$id]['rule_sid_off'])) {
+ $enabled_sid_off = trim($config['installedpackages']['snortglobal']['rule'][$id]['rule_sid_off']);
+ $enabled_sid_off_array = explode("||", $enabled_sid_off);
+ foreach($enabled_sid_off_array as $enabled_item_off)
+ $selected_sid_off_sections .= "$enabled_item_off\n";
+ }
- if (!empty($selected_sid_off_sections) || !empty($selected_sid_on_section)) {
- $snort_sid_text = <<<EOD
+ if (!empty($selected_sid_off_sections) || !empty($selected_sid_on_section)) {
+ $snort_sid_text = <<<EOD
###########################################
# #
@@ -569,99 +314,69 @@ update_files = \.rules$|\.config$|\.conf$|\.txt$|\.map$
url = dir:///usr/local/etc/snort/rules
-$selected_sid_on_sections
+{$selected_sid_on_sections}
-$selected_sid_off_sections
+{$selected_sid_off_sections}
EOD;
- /* open snort's oinkmaster.conf for writing */
- @file_put_contents("/usr/local/etc/snort/snort_{$iface_uuid}_{$if_real}/oinkmaster_{$iface_uuid}_{$if_real}.conf", $snort_sid_text);
- }
+ /* open snort's oinkmaster.conf for writing */
+ @file_put_contents("{$snortdir}/snort_{$iface_uuid}_{$if_real}/oinkmaster_{$iface_uuid}_{$if_real}.conf", $snort_sid_text);
}
}
/* Run oinkmaster to snort_wan and cp configs */
/* If oinkmaster is not needed cp rules normally */
/* TODO add per interface settings here */
-function oinkmaster_run($id, $if_real, $iface_uuid)
-{
- global $config, $g, $snortdir_wan, $snortdir, $snort_md5_check_ok, $emerg_md5_check_ok, $pfsense_md5_check_ok;
-
- if ($snort_md5_check_ok != 'on' || $emerg_md5_check_ok != 'on' || $pfsense_md5_check_ok != 'on') {
- if (empty($config['installedpackages']['snortglobal']['rule'][$id]['rule_sid_on']) && empty($config['installedpackages']['snortglobal']['rule'][$id]['rule_sid_off'])) {
- update_status(gettext("Your first set of rules are being copied..."));
- update_output_window(gettext("May take a while..."));
- exec("/bin/cp {$snortdir}/rules/* {$snortdir_wan}/snort_{$iface_uuid}_{$if_real}/rules/");
- exec("/bin/cp {$snortdir}/classification.config {$snortdir_wan}/snort_{$iface_uuid}_{$if_real}");
- exec("/bin/cp {$snortdir}/gen-msg.map {$snortdir_wan}/snort_{$iface_uuid}_{$if_real}");
- exec("/bin/cp {$snortdir}/generators {$snortdir_wan}/snort_{$iface_uuid}_{$if_real}");
- exec("/bin/cp {$snortdir}/reference.config {$snortdir_wan}/snort_{$iface_uuid}_{$if_real}");
- exec("/bin/cp {$snortdir}/sid {$snortdir_wan}/snort_{$iface_uuid}_{$if_real}");
- exec("/bin/cp {$snortdir}/sid-msg.map {$snortdir_wan}/snort_{$iface_uuid}_{$if_real}");
- exec("/bin/cp {$snortdir}/unicode.map {$snortdir_wan}/snort_{$iface_uuid}_{$if_real}");
- } else {
- update_status(gettext("Your enable and disable changes are being applied to your fresh set of rules..."));
- update_output_window(gettext("May take a while..."));
- exec("/bin/cp {$snortdir}/rules/* {$snortdir_wan}/snort_{$iface_uuid}_{$if_real}/rules/");
- exec("/bin/cp {$snortdir}/classification.config {$snortdir_wan}/snort_{$iface_uuid}_{$if_real}");
- exec("/bin/cp {$snortdir}/gen-msg.map {$snortdir_wan}/snort_{$iface_uuid}_{$if_real}");
- exec("/bin/cp {$snortdir}/generators {$snortdir_wan}/snort_{$iface_uuid}_{$if_real}");
- exec("/bin/cp {$snortdir}/reference.config {$snortdir_wan}/snort_{$iface_uuid}_{$if_real}");
- exec("/bin/cp {$snortdir}/sid {$snortdir_wan}/snort_{$iface_uuid}_{$if_real}");
- exec("/bin/cp {$snortdir}/sid-msg.map {$snortdir_wan}/snort_{$iface_uuid}_{$if_real}");
- exec("/bin/cp {$snortdir}/unicode.map {$snortdir_wan}/snort_{$iface_uuid}_{$if_real}");
-
- /* might have to add a sleep for 3sec for flash drives or old drives */
- exec("/usr/local/bin/perl /usr/local/bin/oinkmaster.pl -C /usr/local/etc/snort/snort_{$iface_uuid}_{$if_real}/oinkmaster_{$iface_uuid}_{$if_real}.conf -o /usr/local/etc/snort/snort_{$iface_uuid}_{$if_real}/rules > /usr/local/etc/snort/oinkmaster_{$iface_uuid}_{$if_real}.log");
-
- }
- }
-}
-
-/* Start the proccess for every interface rule */
-/* TODO: try to make the code smother */
-if (is_array($config['installedpackages']['snortglobal']['rule']))
+function oinkmaster_run($if_real, $iface_uuid)
{
- foreach ($config['installedpackages']['snortglobal']['rule'] as $id => $value) {
- $result_lan = $value['interface'];
- $if_real = snort_get_real_interface($result_lan);
- $iface_uuid = $value['uuid'];
-
- /* make oinkmaster.conf for each interface rule */
- oinkmaster_conf($id, $if_real, $iface_uuid);
-
- /* run oinkmaster for each interface rule */
- oinkmaster_run($id, $if_real, $iface_uuid);
+ global $config, $g, $snortdir;
+
+ if (empty($config['installedpackages']['snortglobal']['rule'][$id]['rule_sid_on']) && empty($config['installedpackages']['snortglobal']['rule'][$id]['rule_sid_off'])) {
+ update_status(gettext("Your first set of rules are being copied..."));
+ exec("/bin/cp {$snortdir}/rules/* {$snortdir}/snort_{$iface_uuid}_{$if_real}/rules/");
+ exec("/bin/cp {$snortdir}/classification.config {$snortdir}/snort_{$iface_uuid}_{$if_real}");
+ exec("/bin/cp {$snortdir}/gen-msg.map {$snortdir}/snort_{$iface_uuid}_{$if_real}");
+ exec("/bin/cp -r {$snortdir}/generators {$snortdir}/snort_{$iface_uuid}_{$if_real}");
+ exec("/bin/cp {$snortdir}/reference.config {$snortdir}/snort_{$iface_uuid}_{$if_real}");
+ exec("/bin/cp {$snortdir}/sid {$snortdir}/snort_{$iface_uuid}_{$if_real}");
+ exec("/bin/cp {$snortdir}/sid-msg.map {$snortdir}/snort_{$iface_uuid}_{$if_real}");
+ exec("/bin/cp {$snortdir}/unicode.map {$snortdir}/snort_{$iface_uuid}_{$if_real}");
+ } else {
+ @unlink("{$snortdir}/oinkmaster_{$iface_uuid}_{$if_real}.log");
+ update_status(gettext("Your enable and disable changes are being applied to your fresh set of rules..."));
+ exec("/bin/cp {$snortdir}/rules/* {$snortdir}/snort_{$iface_uuid}_{$if_real}/rules/");
+ exec("/bin/cp {$snortdir}/classification.config {$snortdir}/snort_{$iface_uuid}_{$if_real}");
+ exec("/bin/cp {$snortdir}/gen-msg.map {$snortdir}/snort_{$iface_uuid}_{$if_real}");
+ exec("/bin/cp -r {$snortdir}/generators {$snortdir}/snort_{$iface_uuid}_{$if_real}");
+ exec("/bin/cp {$snortdir}/reference.config {$snortdir}/snort_{$iface_uuid}_{$if_real}");
+ exec("/bin/cp {$snortdir}/sid {$snortdir}/snort_{$iface_uuid}_{$if_real}");
+ exec("/bin/cp {$snortdir}/sid-msg.map {$snortdir}/snort_{$iface_uuid}_{$if_real}");
+ exec("/bin/cp {$snortdir}/unicode.map {$snortdir}/snort_{$iface_uuid}_{$if_real}");
+
+ /* might have to add a sleep for 3sec for flash drives or old drives */
+ exec("/usr/local/bin/perl /usr/local/bin/oinkmaster.pl -C {$snortdir}/snort_{$iface_uuid}_{$if_real}/oinkmaster_{$iface_uuid}_{$if_real}.conf -o {$snortdir}/snort_{$iface_uuid}_{$if_real}/rules > {$snortdir}/oinkmaster_{$iface_uuid}_{$if_real}.log");
}
}
-
//////////////
-/* mark the time update finnished */
-$config['installedpackages']['snortglobal']['last_rules_install'] = date("Y-M-jS-h:i-A");
+if ($snortdownload == 'on' || $emergingthreats == 'on') {
+ /* You are Not Up to date, always stop snort when updating rules for low end machines */;
-/* remove old $tmpfname files */
-if (is_dir('/usr/local/etc/snort/tmp')) {
- update_status(gettext("Cleaning up..."));
- exec("/bin/rm -r /usr/local/etc/snort/tmp/snort_rules_up");
- exec("/bin/rm -r /usr/local/etc/snort/tmp/rules_bk");
-}
+ /* Start the proccess for every interface rule */
+ if (is_array($config['installedpackages']['snortglobal']['rule'])) {
+ foreach ($config['installedpackages']['snortglobal']['rule'] as $id => $value) {
+ $if_real = snort_get_real_interface($value['interface']);
-/* make all dirs snorts */
-mwexec("/bin/chmod -R 755 /var/log/snort", true);
-mwexec("/bin/chmod -R 755 /usr/local/etc/snort", true);
-mwexec("/bin/chmod -R 755 /usr/local/lib/snort", true);
+ /* make oinkmaster.conf for each interface rule */
+ oinkmaster_conf($if_real, $value['uuid']);
+
+ /* run oinkmaster for each interface rule */
+ oinkmaster_run($if_real, $value['uuid']);
+ }
+ }
-if ($snortdownload == 'off' && $emergingthreats == 'off' && $pfsensedownload == 'off')
- update_output_window(gettext("Finished..."));
-else if ($snort_md5_check_ok == 'on' && $emerg_md5_check_ok == 'on' && $pfsense_md5_check_ok == 'on')
- update_output_window(gettext("Finished..."));
-else {
- /* You are Not Up to date, always stop snort when updating rules for low end machines */;
- update_status(gettext("You are NOT up to date..."));
exec("/bin/sh /usr/local/etc/rc.d/snort.sh restart");
- update_status(gettext("The Rules update finished..."));
update_output_window(gettext("Snort has restarted with your new set of rules..."));
log_error(gettext("Snort has restarted with your new set of rules..."));
}
diff --git a/config/snort/snort_download_rules.php b/config/snort/snort_download_rules.php
index a8923479..56bc2ebd 100644
--- a/config/snort/snort_download_rules.php
+++ b/config/snort/snort_download_rules.php
@@ -28,51 +28,12 @@
POSSIBILITY OF SUCH DAMAGE.
*/
-/* Setup enviroment */
require_once("guiconfig.inc");
require_once("functions.inc");
require_once("service-utils.inc");
require_once("/usr/local/pkg/snort/snort.inc");
-if ($_GET['return']) {
- header("Location: /snort/snort_download_updates.php");
- exit;
-}
-
-$tmpfname = "/usr/local/etc/snort/tmp/snort_rules_up";
-$snortdir = "/usr/local/etc/snort";
-$snortdir_wan = "/usr/local/etc/snort";
-$snort_filename_md5 = "{$snort_rules_file}.md5";
-$snort_filename = "{$snort_rules_file}";
-$emergingthreats_filename_md5 = "emerging.rules.tar.gz.md5";
-$emergingthreats_filename = "emerging.rules.tar.gz";
-$pfsense_rules_filename_md5 = "pfsense_rules.tar.gz.md5";
-$pfsense_rules_filename = "pfsense_rules.tar.gz";
-
-/* Time stamps define */
-$last_md5_download = $config['installedpackages']['snortglobal']['last_md5_download'];
-$last_rules_install = $config['installedpackages']['snortglobal']['last_rules_install'];
-
-/* define checks */
-$oinkid = $config['installedpackages']['snortglobal']['oinkmastercode'];
-$snortdownload = $config['installedpackages']['snortglobal']['snortdownload'];
-$emergingthreats = $config['installedpackages']['snortglobal']['emergingthreats'];
-
-if ($snortdownload == 'off' && $emergingthreats != 'on')
- $snort_emrging_info = 'stop';
-
-if ($oinkid == "" && $snortdownload != 'off')
- $snort_oinkid_info = 'stop';
-
-/* check if main rule directory is empty */
-$if_mrule_dir = "/usr/local/etc/snort/rules";
-$mfolder_chk = (count(glob("$if_mrule_dir/*")) === 0) ? 'empty' : 'full';
-
-if (file_exists('/var/run/snort.conf.dirty'))
- $snort_dirty_d = 'stop';
-
$pgtitle = "Services: Snort: Update Rules";
-
include("head.inc");
?>
@@ -89,649 +50,38 @@ include("head.inc");
<table class="tabcont" width="100%" border="0" cellpadding="6" cellspacing="0">
<tr>
<td ><!-- progress bar -->
- <table id="progholder" width='320'
- style='border-collapse: collapse; border: 1px solid #000000;'
- cellpadding='2' cellspacing='2'>
- <tr>
- <td><img border='0'
- src='../themes/<?= $g['theme']; ?>/images/misc/progress_bar.gif'
- width='280' height='23' name='progressbar' id='progressbar'
- alt='' />
- </td>
- </tr>
+ <table id="progholder" width='320' style='border-collapse: collapse; border: 1px solid #000000;' cellpadding='2' cellspacing='2'>
+ <tr>
+ <td>
+ <img border='0' src='../themes/<?= $g['theme']; ?>/images/misc/progress_bar.gif'
+ width='280' height='23' name='progressbar' id='progressbar' alt='' />
+ </td>
+ </tr>
</table>
<br />
- <!-- status box --> <textarea cols="60" rows="2" name="status" id="status" wrap="hard">
- <?=gettext("Initializing...");?>
- </textarea>
- <!-- command output box --> <textarea cols="60" rows="2" name="output" id="output" wrap="hard">
- </textarea>
+ <textarea cols="60" rows="2" name="status" id="status" wrap="hard">
+ <?=gettext("Initializing...");?>
+ </textarea>
+ <textarea cols="60" rows="2" name="output" id="output" wrap="hard">
+ </textarea>
</td>
</tr>
</table>
</div>
</td>
</tr>
-<tr><td><input type="submit" Value="Return"></td></tr>
+ <tr><td><input type="submit" name="return" id="return" Value="Return"></td></tr>
</table>
</form>
<?php include("fend.inc");?>
</body>
</html>
-
<?php
-/* Start of code */
-conf_mount_rw();
-
-if (!is_dir('/usr/local/etc/snort/tmp'))
- exec('/bin/mkdir -p /usr/local/etc/snort/tmp');
-
-$snort_md5_check_ok = 'off';
-$emerg_md5_check_ok = 'off';
-$pfsense_md5_check_ok = 'off';
-
-/* Set user agent to Mozilla */
-ini_set('user_agent','Mozilla/4.0 (compatible; MSIE 6.0)');
-ini_set("memory_limit","150M");
-
-/* mark the time update started */
-$config['installedpackages']['snortglobal']['last_md5_download'] = date("Y-M-jS-h:i-A");
-
-/* hide progress bar */
-hide_progress_bar_status();
-
-/* send current buffer */
-ob_flush();
-
-/* remove old $tmpfname files */
-if (is_dir("{$tmpfname}")) {
- update_status(gettext("Removing old tmp files..."));
- exec("/bin/rm -r {$tmpfname}");
-}
-
-/* Make shure snortdir exits */
-exec("/bin/mkdir -p {$snortdir}/rules");
-exec("/bin/mkdir -p {$snortdir}/signatures");
-exec("/bin/mkdir -p {$tmpfname}");
-exec("/bin/mkdir -p /usr/local/lib/snort/dynamicrules/");
-
-/* unhide progress bar and lets end this party */
-unhide_progress_bar_status();
-
-/* download md5 sig from snort.org */
-if ($snortdownload == 'on')
-{
- if (file_exists("{$tmpfname}/{$snort_filename_md5}") &&
- filesize("{$tmpfname}/{$snort_filename_md5}") > 0) {
- update_status(gettext("snort.org md5 temp file exists..."));
- } else {
- update_status(gettext("Downloading snort.org md5 file..."));
- ini_set('user_agent','Mozilla/4.0 (compatible; MSIE 6.0)');
-
- //$image = @file_get_contents("http://www.mtest.local/pub-bin/oinkmaster.cgi/{$oinkid}/{$snort_filename_md5}");
- $image = @file_get_contents("http://www.snort.org/pub-bin/oinkmaster.cgi/{$oinkid}/{$snort_filename_md5}");
- @file_put_contents("{$tmpfname}/{$snort_filename_md5}", $image);
- update_status(gettext("Done downloading snort.org md5"));
- }
-}
-
-/* download md5 sig from emergingthreats.net */
-if ($emergingthreats == 'on')
-{
- update_status(gettext("Downloading emergingthreats md5 file..."));
- ini_set('user_agent','Mozilla/4.0 (compatible; MSIE 6.0)');
- // $image = @file_get_contents("http://www.mtest.local/pub-bin/oinkmaster.cgi/{$oinkid}/version.txt");
- $image = @file_get_contents('http://rules.emergingthreats.net/open/snort-{$emerging_threats_version}/emerging.rules.tar.gz.md5');
- @file_put_contents("{$tmpfname}/{$emergingthreats_filename_md5}", $image);
- update_status(gettext("Done downloading emergingthreats md5"));
-}
-
-/* download md5 sig from pfsense.org */
-if (file_exists("{$tmpfname}/{$pfsense_rules_filename_md5}")) {
- update_status(gettext("pfsense md5 temp file exists..."));
-} else {
- update_status(gettext("Downloading pfsense md5 file..."));
- ini_set('user_agent','Mozilla/4.0 (compatible; MSIE 6.0)');
- //$image = @file_get_contents("http://www.mtest.local/pub-bin/oinkmaster.cgi/{$oinkid}/pfsense_rules.tar.gz.md5");
- $image = @file_get_contents("http://www.pfsense.com/packages/config/snort/pfsense_rules/pfsense_rules.tar.gz.md5");
- @file_put_contents("{$tmpfname}/pfsense_rules.tar.gz.md5", $image);
- update_status(gettext("Done downloading pfsense md5."));
-}
-
-/* If md5 file is empty wait 15min exit */
-if ($snortdownload == 'on')
-{
- if (0 == filesize("{$tmpfname}/{$snort_filename_md5}"))
- {
- update_status(gettext("Please wait... You may only check for New Rules every 15 minutes..."));
- update_output_window(gettext("Rules are released every month from snort.org. You may download the Rules at any time."));
- hide_progress_bar_status();
- $snortdownload = 'off';
- }
-}
-
-/* If pfsense md5 file is empty wait 15min exit */
-if (0 == filesize("{$tmpfname}/$pfsense_rules_filename_md5")){
- update_status(gettext("Please wait... You may only check for New Pfsense Rules every 15 minutes..."));
- update_output_window(gettext("Rules are released to support Pfsense packages."));
- hide_progress_bar_status();
- $pfsensedownload = 'off';
-}
-
-/* Check if were up to date snort.org */
-if ($snortdownload == 'on')
-{
- if (file_exists("{$snortdir}/{$snort_filename_md5}"))
- {
- $md5_check_new_parse = file_get_contents("{$tmpfname}/{$snort_filename_md5}");
- $md5_check_new = `/bin/echo "{$md5_check_new_parse}" | /usr/bin/awk '{ print $1 }'`;
- $md5_check_old_parse = file_get_contents("{$snortdir}/{$snort_filename_md5}");
- $md5_check_old = `/bin/echo "{$md5_check_old_parse}" | /usr/bin/awk '{ print $1 }'`;
- if ($md5_check_new == $md5_check_old)
- {
- update_status(gettext("Your rules are up to date..."));
- update_output_window(gettext("You may start Snort now, check update."));
- hide_progress_bar_status();
- $snort_md5_check_ok = 'on';
- } else {
- update_status(gettext("Your rules are not up to date..."));
- $snort_md5_check_ok = 'off';
- }
- }
-}
-
-/* Check if were up to date emergingthreats.net */
-if ($emergingthreats == 'on')
-{
- if (file_exists("{$snortdir}/{$emergingthreats_filename_md5}"))
- {
- $emerg_md5_check_new_parse = file_get_contents("{$tmpfname}/{$emergingthreats_filename_md5}");
- $emerg_md5_check_new = `/bin/echo "{$emerg_md5_check_new_parse}" | /usr/bin/awk '{ print $1 }'`;
- $emerg_md5_check_old_parse = file_get_contents("{$snortdir}/{$emergingthreats_filename_md5}");
- $emerg_md5_check_old = `/bin/echo "{$emerg_md5_check_old_parse}" | /usr/bin/awk '{ print $1 }'`;
- if ($emerg_md5_check_new == $emerg_md5_check_old)
- {
- hide_progress_bar_status();
- $emerg_md5_check_ok = 'on';
- } else
- $emerg_md5_check_ok = 'off';
- }
-}
-
-/* Check if were up to date pfsense.org */
-if ($pfsensedownload == 'on' && file_exists("{$snortdir}/pfsense_rules.tar.gz.md5"))
-{
- $pfsense_check_new_parse = file_get_contents("{$tmpfname}/pfsense_rules.tar.gz.md5");
- $pfsense_md5_check_new = `/bin/echo "{$pfsense_md5_check_new_parse}" | /usr/bin/awk '{ print $1 }'`;
- $pfsense_md5_check_old_parse = file_get_contents("{$snortdir}/pfsense_rules.tar.gz.md5");
- $pfsense_md5_check_old = `/bin/echo "{$pfsense_md5_check_old_parse}" | /usr/bin/awk '{ print $1 }'`;
- if ($pfsense_md5_check_new == $pfsense_md5_check_old)
- {
- hide_progress_bar_status();
- $pfsense_md5_check_ok = 'on';
- } else
- $pfsense_md5_check_ok = 'off';
-}
-
-if ($snortdownload == 'on') {
- if ($snort_md5_check_ok == 'on')
- {
- update_status(gettext("Your snort.org rules are up to date..."));
- update_output_window(gettext("You may start Snort now..."));
- $snortdownload = 'off';
- }
-}
-if ($emergingthreats == 'on') {
- if ($emerg_md5_check_ok == 'on')
- {
- update_status(gettext("Your Emergingthreats rules are up to date..."));
- update_output_window(gettext("You may start Snort now..."));
- $emergingthreats = 'off';
- }
-}
-
-/* download snortrules file */
-if ($snortdownload == 'on')
-{
- if ($snort_md5_check_ok != 'on') {
- if (file_exists("{$tmpfname}/{$snort_filename}")) {
- update_status(gettext("Snortrule tar file exists..."));
- } else {
- unhide_progress_bar_status();
- update_status(gettext("There is a new set of Snort.org rules posted. Downloading..."));
- update_output_window(gettext("May take 4 to 10 min..."));
- download_file_with_progress_bar("http://www.snort.org/pub-bin/oinkmaster.cgi/{$oinkid}/{$snort_filename}", "{$tmpfname}/{$snort_filename}");
- update_all_status($static_output);
- update_status(gettext("Done downloading rules file."));
- if (150000 > filesize("{$tmpfname}/$snort_filename")){
- update_status(gettext("Error with the snort rules download..."));
-
- update_output_window(gettext("Snort rules file downloaded failed..."));
- $snortdownload = 'off';
- } else
- log_error("Snort rules file update downloaded succsesfully");
- }
- }
-}
-
-/* download emergingthreats rules file */
-if ($emergingthreats == "on")
-{
- if ($emerg_md5_check_ok != 'on')
- {
- if (file_exists("{$tmpfname}/{$emergingthreats_filename}"))
- {
- update_status(gettext('Emergingthreats tar file exists...'));
- }else{
- update_status(gettext("There is a new set of Emergingthreats rules posted. Downloading..."));
- update_output_window(gettext("May take 4 to 10 min..."));
- download_file_with_progress_bar('http://rules.emergingthreats.net/open/snort-{$emerging_threats_version}/emerging.rules.tar.gz', "{$tmpfname}/{$emergingthreats_filename}");
- update_status(gettext('Done downloading Emergingthreats rules file.'));
- log_error("Emergingthreats rules file update downloaded succsesfully");
- }
- }
-}
-
-/* download pfsense rules file */
-if ($pfsensedownload == 'on' && $pfsense_md5_check_ok != 'on') {
- if (file_exists("{$tmpfname}/{$pfsense_rules_filename}")) {
- update_status(gettext("Snortrule tar file exists..."));
- } else {
- unhide_progress_bar_status();
- update_status(gettext("There is a new set of Pfsense rules posted. Downloading..."));
- update_output_window(gettext("May take 4 to 10 min..."));
- download_file_with_progress_bar("http://www.pfsense.com/packages/config/snort/pfsense_rules/pfsense_rules.tar.gz", $tmpfname . "/{$pfsense_rules_filename}");
- update_all_status($static_output);
- update_status(gettext("Done downloading rules file."));
- log_error("pfSense rules file update downloaded succsesfully");
- }
-}
-
-/* Compair md5 sig to file sig */
-
-//$premium_url_chk = $config['installedpackages']['snort']['config'][0]['subscriber'];
-//if ($premium_url_chk == on) {
-//$md5 = file_get_contents("{$tmpfname}/{$snort_filename_md5}");
-//$file_md5_ondisk = `/sbin/md5 {$tmpfname}/{$snort_filename} | /usr/bin/awk '{ print $4 }'`;
-// if ($md5 == $file_md5_ondisk) {
-// update_status(gettext("Valid md5 checksum pass..."));
-//} else {
-// update_status(gettext("The downloaded file does not match the md5 file...P is ON"));
-// update_output_window(gettext("Error md5 Mismatch..."));
-// return;
-// }
-//}
-
-//$premium_url_chk = $config['installedpackages']['snort']['config'][0]['subscriber'];
-//if ($premium_url_chk != on) {
-//$md55 = `/bin/cat {$tmpfname}/{$snort_filename_md5} | /usr/bin/awk '{ print $4 }'`;
-//$file_md5_ondisk2 = `/sbin/md5 {$tmpfname}/{$snort_filename} | /usr/bin/awk '{ print $4 }'`;
-// if ($md55 == $file_md5_ondisk2) {
-// update_status(gettext("Valid md5 checksum pass..."));
-//} else {
-// update_status(gettext("The downloaded file does not match the md5 file...Not P"));
-// update_output_window(gettext("Error md5 Mismatch..."));
-// return;
-// }
-//}
-
-/* Untar snort rules file individually to help people with low system specs */
-if ($snortdownload == 'on')
-{
- if ($snort_md5_check_ok != 'on') {
- if (file_exists("{$tmpfname}/{$snort_filename}")) {
-
- if ($pfsense_stable == 'yes')
- {
- $freebsd_version_so = 'FreeBSD-7-2';
- }else{
- $freebsd_version_so = 'FreeBSD-8-1';
- }
-
- update_status(gettext("Extracting Snort.org rules..."));
- update_output_window(gettext("May take a while..."));
- /* extract snort.org rules and add prefix to all snort.org files*/
- exec("/bin/rm -r {$snortdir}/rules");
- exec("/usr/bin/tar xzf {$tmpfname}/{$snort_filename} -C {$snortdir} rules/");
- chdir ("/usr/local/etc/snort/rules");
- exec('/usr/local/bin/perl /usr/local/bin/snort_rename.pl s/^/snort_/ *.rules');
-
- /* extract so rules */
- exec('/bin/mkdir -p /usr/local/lib/snort/dynamicrules/');
- if($snort_arch == 'x86') {
- exec("/usr/bin/tar xzf {$tmpfname}/{$snort_filename} -C {$snortdir} so_rules/precompiled/{$freebsd_version_so}/i386/{$snort_version}/");
- exec("/bin/mv -f {$snortdir}/so_rules/precompiled/$freebsd_version_so/i386/{$snort_version}/* /usr/local/lib/snort/dynamicrules/");
- } else if ($snort_arch == 'x64') {
- exec("/usr/bin/tar xzf {$tmpfname}/{$snort_filename} -C {$snortdir} so_rules/precompiled/{$freebsd_version_so}/x86-64/{$snort_version}/");
- exec("/bin/mv -f {$snortdir}/so_rules/precompiled/$freebsd_version_so/x86-64/{$snort_version}/* /usr/local/lib/snort/dynamicrules/");
- }
- /* extract so rules none bin and rename */
- exec("/usr/bin/tar xzf {$tmpfname}/{$snort_filename} -C {$snortdir} so_rules/bad-traffic.rules/" .
- " so_rules/chat.rules/" .
- " so_rules/dos.rules/" .
- " so_rules/exploit.rules/" .
- " so_rules/icmp.rules/" .
- " so_rules/imap.rules/" .
- " so_rules/misc.rules/" .
- " so_rules/multimedia.rules/" .
- " so_rules/netbios.rules/" .
- " so_rules/nntp.rules/" .
- " so_rules/p2p.rules/" .
- " so_rules/smtp.rules/" .
- " so_rules/sql.rules/" .
- " so_rules/web-activex.rules/" .
- " so_rules/web-client.rules/" .
- " so_rules/web-iis.rules/" .
- " so_rules/web-misc.rules/");
-
- exec("/bin/mv -f {$snortdir}/so_rules/bad-traffic.rules {$snortdir}/rules/snort_bad-traffic.so.rules");
- exec("/bin/mv -f {$snortdir}/so_rules/chat.rules {$snortdir}/rules/snort_chat.so.rules");
- exec("/bin/mv -f {$snortdir}/so_rules/dos.rules {$snortdir}/rules/snort_dos.so.rules");
- exec("/bin/mv -f {$snortdir}/so_rules/exploit.rules {$snortdir}/rules/snort_exploit.so.rules");
- exec("/bin/mv -f {$snortdir}/so_rules/icmp.rules {$snortdir}/rules/snort_icmp.so.rules");
- exec("/bin/mv -f {$snortdir}/so_rules/imap.rules {$snortdir}/rules/snort_imap.so.rules");
- exec("/bin/mv -f {$snortdir}/so_rules/misc.rules {$snortdir}/rules/snort_misc.so.rules");
- exec("/bin/mv -f {$snortdir}/so_rules/multimedia.rules {$snortdir}/rules/snort_multimedia.so.rules");
- exec("/bin/mv -f {$snortdir}/so_rules/netbios.rules {$snortdir}/rules/snort_netbios.so.rules");
- exec("/bin/mv -f {$snortdir}/so_rules/nntp.rules {$snortdir}/rules/snort_nntp.so.rules");
- exec("/bin/mv -f {$snortdir}/so_rules/p2p.rules {$snortdir}/rules/snort_p2p.so.rules");
- exec("/bin/mv -f {$snortdir}/so_rules/smtp.rules {$snortdir}/rules/snort_smtp.so.rules");
- exec("/bin/mv -f {$snortdir}/so_rules/sql.rules {$snortdir}/rules/snort_sql.so.rules");
- exec("/bin/mv -f {$snortdir}/so_rules/web-activex.rules {$snortdir}/rules/snort_web-activex.so.rules");
- exec("/bin/mv -f {$snortdir}/so_rules/web-client.rules {$snortdir}/rules/snort_web-client.so.rules");
- exec("/bin/mv -f {$snortdir}/so_rules/web-iis.rules {$snortdir}/rules/snort_web-iis.so.rules");
- exec("/bin/mv -f {$snortdir}/so_rules/web-misc.rules {$snortdir}/rules/snort_web-misc.so.rules");
- exec("/bin/rm -r {$snortdir}/so_rules");
- }
- /* extract base etc files */
- exec("/usr/bin/tar xzf {$tmpfname}/{$snort_filename} -C {$snortdir} etc/");
- exec("/bin/mv -f {$snortdir}/etc/* {$snortdir}");
- exec("/bin/rm -r {$snortdir}/etc");
-
- update_status(gettext("Done extracting Snort.org Rules."));
- }else{
- update_status(gettext("Error extracting Snort.org Rules..."));
- update_output_window(gettext("Error Line 755"));
- $snortdownload = 'off';
- }
-}
-
-/* Untar emergingthreats rules to tmp */
-if ($emergingthreats == 'on')
-{
- if ($emerg_md5_check_ok != 'on')
- {
- if (file_exists("{$tmpfname}/{$emergingthreats_filename}"))
- {
- update_status(gettext("Extracting rules..."));
- update_output_window(gettext("May take a while..."));
- exec("/usr/bin/tar xzf {$tmpfname}/{$emergingthreats_filename} -C {$snortdir} rules/");
- }
- }
-}
-
-/* Untar Pfsense rules to tmp */
-if ($pfsensedownload == 'on' && $pfsense_md5_check_ok != 'on') {
- if (file_exists("{$tmpfname}/{$pfsense_rules_filename}")) {
- update_status(gettext("Extracting Pfsense rules..."));
- update_output_window(gettext("May take a while..."));
- exec("/usr/bin/tar xzf {$tmpfname}/{$pfsense_rules_filename} -C {$snortdir} rules/");
- }
-}
-
-/* Untar snort signatures */
-if ($snortdownload == 'on' && $snort_md5_check_ok != 'on') {
- if (file_exists("{$tmpfname}/{$snort_filename}")) {
- $signature_info_chk = $config['installedpackages']['snortglobal']['signatureinfo'];
- if ($premium_url_chk == 'on') {
- update_status(gettext("Extracting Signatures..."));
- update_output_window(gettext("May take a while..."));
- exec("/usr/bin/tar xzf {$tmpfname}/{$snort_filename} -C {$snortdir} doc/signatures/");
- update_status(gettext("Done extracting Signatures."));
- }
- }
-}
-
-/* Copy md5 sig to snort dir */
-if ($snortdownload == 'on')
-{
- if ($snort_md5_check_ok != 'on') {
- if (file_exists("{$tmpfname}/$snort_filename_md5")) {
- update_status(gettext("Copying md5 sig to snort directory..."));
- exec("/bin/cp {$tmpfname}/$snort_filename_md5 {$snortdir}/$snort_filename_md5");
- }else{
- update_status(gettext("The md5 file does not exist..."));
- update_output_window(gettext("Error copying config..."));
- $snortdownload = 'off';
- }
- }
-}
-
-/* Copy emergingthreats md5 sig to snort dir */
-if ($emergingthreats == "on")
-{
- if ($emerg_md5_check_ok != 'on')
- {
- if (file_exists("{$tmpfname}/$emergingthreats_filename_md5"))
- {
- update_status(gettext("Copying md5 sig to snort directory..."));
- exec("/bin/cp {$tmpfname}/$emergingthreats_filename_md5 {$snortdir}/$emergingthreats_filename_md5");
- }else{
- update_status(gettext("The emergingthreats md5 file does not exist..."));
- update_output_window(gettext("Error copying config..."));
- $emergingthreats = 'off';
- }
- }
-}
-
-/* Copy Pfsense md5 sig to snort dir */
-if ($pfsensedownload == 'on' && $pfsense_md5_check_ok != 'on') {
- if (file_exists("{$tmpfname}/$pfsense_rules_filename_md5")) {
- update_status(gettext("Copying Pfsense md5 sig to snort directory..."));
- exec("/bin/cp {$tmpfname}/$pfsense_rules_filename_md5 {$snortdir}/$pfsense_rules_filename_md5");
- } else {
- update_status(gettext("The Pfsense md5 file does not exist..."));
- update_output_window(gettext("Error copying config..."));
- $pfsensedownload = 'off';
- }
-}
-
-/* Copy signatures dir to snort dir */
-if ($snortdownload == 'on')
-{
- if ($snort_md5_check_ok != 'on')
- {
- $signature_info_chk = $config['installedpackages']['snortglobal']['signatureinfo'];
- if ($premium_url_chk == 'on')
- {
- if (file_exists("{$snortdir}/doc/signatures")) {
- update_status(gettext("Copying signatures..."));
- update_output_window(gettext("May take a while..."));
- exec("/bin/mv -f {$snortdir}/doc/signatures {$snortdir}/signatures");
- exec("/bin/rm -r {$snortdir}/doc/signatures");
- update_status(gettext("Done copying signatures."));
- }else{
- update_status(gettext("Directory signatures exist..."));
- update_output_window(gettext("Error copying signature..."));
- $snortdownload = 'off';
- }
- }
- }
-}
-
-/* double make shure cleanup emerg rules that dont belong */
-if (file_exists("/usr/local/etc/snort/rules/emerging-botcc-BLOCK.rules")) {
- @unlink("/usr/local/etc/snort/rules/emerging-botcc-BLOCK.rules");
- @unlink("/usr/local/etc/snort/rules/emerging-botcc.rules");
- @unlink("/usr/local/etc/snort/rules/emerging-compromised-BLOCK.rules");
- @unlink("/usr/local/etc/snort/rules/emerging-drop-BLOCK.rules");
- @unlink("/usr/local/etc/snort/rules/emerging-dshield-BLOCK.rules");
- @unlink("/usr/local/etc/snort/rules/emerging-rbn-BLOCK.rules");
- @unlink("/usr/local/etc/snort/rules/emerging-tor-BLOCK.rules");
-}
-
-if (file_exists("/usr/local/lib/snort/dynamicrules/lib_sfdynamic_example_rule.so")) {
- exec("/bin/rm /usr/local/lib/snort/dynamicrules/lib_sfdynamic_example_rule.so");
- exec("/bin/rm /usr/local/lib/snort/dynamicrules/lib_sfdynamic_example\*");
-}
-
-/* make shure default rules are in the right format */
-exec("/usr/local/bin/perl -pi -e 's/#alert/# alert/g' /usr/local/etc/snort/rules/*.rules");
-exec("/usr/local/bin/perl -pi -e 's/##alert/# alert/g' /usr/local/etc/snort/rules/*.rules");
-exec("/usr/local/bin/perl -pi -e 's/## alert/# alert/g' /usr/local/etc/snort/rules/*.rules");
-
-/* create a msg-map for snort */
-update_status(gettext("Updating Alert Messages..."));
-update_output_window(gettext("Please Wait..."));
-exec("/usr/local/bin/perl /usr/local/bin/create-sidmap.pl /usr/local/etc/snort/rules > /usr/local/etc/snort/sid-msg.map");
-
-
-//////////////////
-
-/* open oinkmaster_conf for writing" function */
-function oinkmaster_conf($id, $if_real, $iface_uuid)
-{
- global $config, $snort_md5_check_ok, $emerg_md5_check_ok, $pfsense_md5_check_ok;
-
- @unlink("/usr/local/etc/snort/snort_{$iface_uuid}_{$if_real}/oinkmaster_{$iface_uuid}_{$if_real}.conf");
-
- /* enable disable setting will carry over with updates */
- /* TODO carry signature changes with the updates */
- if ($snort_md5_check_ok != 'on' || $emerg_md5_check_ok != 'on' || $pfsense_md5_check_ok != 'on') {
-
- $selected_sid_on_sections = "";
- $selected_sid_off_sections = "";
-
- if (!empty($config['installedpackages']['snortglobal']['rule'][$id]['rule_sid_on'])) {
- $enabled_sid_on = trim($config['installedpackages']['snortglobal']['rule'][$id]['rule_sid_on']);
- $enabled_sid_on_array = split('\|\|', $enabled_sid_on);
- foreach($enabled_sid_on_array as $enabled_item_on)
- $selected_sid_on_sections .= "$enabled_item_on\n";
- }
-
- if (!empty($config['installedpackages']['snortglobal']['rule'][$id]['rule_sid_off'])) {
- $enabled_sid_off = trim($config['installedpackages']['snortglobal']['rule'][$id]['rule_sid_off']);
- $enabled_sid_off_array = split('\|\|', $enabled_sid_off);
- foreach($enabled_sid_off_array as $enabled_item_off)
- $selected_sid_off_sections .= "$enabled_item_off\n";
- }
-
- if (!empty($selected_sid_on_sections) || !empty($selected_sid_off_sections)) {
- $snort_sid_text = <<<EOD
-
-###########################################
-# #
-# this is auto generated on snort updates #
-# #
-###########################################
-
-path = /bin:/usr/bin:/usr/local/bin
-
-update_files = \.rules$|\.config$|\.conf$|\.txt$|\.map$
-
-url = dir:///usr/local/etc/snort/rules
-
-$selected_sid_on_sections
-
-$selected_sid_off_sections
-
-EOD;
-
- /* open snort's oinkmaster.conf for writing */
- @file_put_contents("/usr/local/etc/snort/snort_{$iface_uuid}_{$if_real}/oinkmaster_{$iface_uuid}_{$if_real}.conf", $snort_sid_text);
- }
- }
-}
-
-/* Run oinkmaster to snort_wan and cp configs */
-/* If oinkmaster is not needed cp rules normally */
-/* TODO add per interface settings here */
-function oinkmaster_run($id, $if_real, $iface_uuid)
-{
- global $config, $g, $snortdir_wan, $snortdir, $snort_md5_check_ok, $emerg_md5_check_ok, $pfsense_md5_check_ok;
-
- if ($snort_md5_check_ok != 'on' || $emerg_md5_check_ok != 'on' || $pfsense_md5_check_ok != 'on') {
- if (empty($config['installedpackages']['snortglobal']['rule'][$id]['rule_sid_on']) && empty($config['installedpackages']['snortglobal']['rule'][$id]['rule_sid_off'])) {
- update_status(gettext("Your first set of rules are being copied..."));
- update_output_window(gettext("May take a while..."));
- exec("/bin/cp {$snortdir}/rules/* {$snortdir_wan}/snort_{$iface_uuid}_{$if_real}/rules/");
- exec("/bin/cp {$snortdir}/classification.config {$snortdir_wan}/snort_{$iface_uuid}_{$if_real}");
- exec("/bin/cp {$snortdir}/gen-msg.map {$snortdir_wan}/snort_{$iface_uuid}_{$if_real}");
- exec("/bin/cp {$snortdir}/generators {$snortdir_wan}/snort_{$iface_uuid}_{$if_real}");
- exec("/bin/cp {$snortdir}/reference.config {$snortdir_wan}/snort_{$iface_uuid}_{$if_real}");
- exec("/bin/cp {$snortdir}/sid {$snortdir_wan}/snort_{$iface_uuid}_{$if_real}");
- exec("/bin/cp {$snortdir}/sid-msg.map {$snortdir_wan}/snort_{$iface_uuid}_{$if_real}");
- exec("/bin/cp {$snortdir}/unicode.map {$snortdir_wan}/snort_{$iface_uuid}_{$if_real}");
- } else {
- update_status(gettext("Your enable and disable changes are being applied to your fresh set of rules..."));
- update_output_window(gettext("May take a while..."));
- exec("/bin/cp {$snortdir}/rules/* {$snortdir_wan}/snort_{$iface_uuid}_{$if_real}/rules/");
- exec("/bin/cp {$snortdir}/classification.config {$snortdir_wan}/snort_{$iface_uuid}_{$if_real}");
- exec("/bin/cp {$snortdir}/gen-msg.map {$snortdir_wan}/snort_{$iface_uuid}_{$if_real}");
- exec("/bin/cp {$snortdir}/generators {$snortdir_wan}/snort_{$iface_uuid}_{$if_real}");
- exec("/bin/cp {$snortdir}/reference.config {$snortdir_wan}/snort_{$iface_uuid}_{$if_real}");
- exec("/bin/cp {$snortdir}/sid {$snortdir_wan}/snort_{$iface_uuid}_{$if_real}");
- exec("/bin/cp {$snortdir}/sid-msg.map {$snortdir_wan}/snort_{$iface_uuid}_{$if_real}");
- exec("/bin/cp {$snortdir}/unicode.map {$snortdir_wan}/snort_{$iface_uuid}_{$if_real}");
-
- /* might have to add a sleep for 3sec for flash drives or old drives */
- exec("/usr/local/bin/perl /usr/local/bin/oinkmaster.pl -C /usr/local/etc/snort/snort_{$iface_uuid}_{$if_real}/oinkmaster_{$iface_uuid}_{$if_real}.conf -o /usr/local/etc/snort/snort_{$iface_uuid}_{$if_real}/rules > /usr/local/etc/snort/oinkmaster_{$iface_uuid}_{$if_real}.log");
- }
- }
-}
-
-/* Start the proccess for every interface rule */
-/* TODO: try to make the code smother */
-if (is_array($config['installedpackages']['snortglobal']['rule']))
-{
- foreach ($config['installedpackages']['snortglobal']['rule'] as $id => $value) {
- $result_lan = $value['interface'];
- $if_real = snort_get_real_interface($result_lan);
- $iface_uuid = $value['uuid'];
-
- /* make oinkmaster.conf for each interface rule */
- oinkmaster_conf($id, $if_real, $iface_uuid);
-
- /* run oinkmaster for each interface rule */
- oinkmaster_run($id, $if_real, $iface_uuid);
- }
-}
-
-//////////////
-
-/* mark the time update finnished */
-$config['installedpackages']['snortglobal']['last_rules_install'] = date("Y-M-jS-h:i-A");
-
-/* remove old $tmpfname files */
-if (is_dir('/usr/local/etc/snort/tmp')) {
- update_status(gettext("Cleaning up..."));
- exec("/bin/rm -r /usr/local/etc/snort/tmp/snort_rules_up");
- exec("/bin/rm -r /usr/local/etc/snort/tmp/rules_bk");
-}
-
-/* make all dirs snorts */
-mwexec("/bin/chmod -R 755 /var/log/snort", true);
-mwexec("/bin/chmod -R 755 /usr/local/etc/snort", true);
-mwexec("/bin/chmod -R 755 /usr/local/lib/snort", true);
+$snort_gui_include = true;
+include("/usr/local/pkg/snort/snort_check_for_rule_updates.php");
/* hide progress bar and lets end this party */
hide_progress_bar_status();
-if ($snortdownload == 'off' && $emergingthreats == 'off' && $pfsensedownload == 'off')
- update_output_window(gettext("Finished..."));
-else if ($snort_md5_check_ok == 'on' && $emerg_md5_check_ok == 'on' && $pfsense_md5_check_ok == 'on')
- update_output_window(gettext("Finished..."));
-else {
- /* You are Not Up to date, always stop snort when updating rules for low end machines */;
- update_status(gettext("You are NOT up to date..."));
- exec("/bin/sh /usr/local/etc/rc.d/snort.sh restart");
- update_status(gettext("The Rules update finished..."));
- update_output_window(gettext("Snort has restarted with your new set of rules..."));
- log_error(gettext("Snort has restarted with your new set of rules..."));
-}
-
-update_status(gettext("The Rules update finished..."));
-conf_mount_ro();
-
?>
diff --git a/config/snort/snort_download_updates.php b/config/snort/snort_download_updates.php
index 4e200e13..b96b2cae 100644
--- a/config/snort/snort_download_updates.php
+++ b/config/snort/snort_download_updates.php
@@ -41,74 +41,31 @@ global $g;
/* load only javascript that is needed */
$snort_load_jquery = 'yes';
$snort_load_jquery_colorbox = 'yes';
-
+$snortdownload = $config['installedpackages']['snortglobal']['snortdownload'];
+$emergingthreats = $config['installedpackages']['snortglobal']['emergingthreats'];
/* quick md5s chk */
$snort_org_sig_chk_local = 'N/A';
if (file_exists("/usr/local/etc/snort/{$snort_rules_file}.md5"))
- $snort_org_sig_chk_local = exec("/bin/cat /usr/local/etc/snort/{$snort_rules_file}.md5");
+ $snort_org_sig_chk_local = file_get_contents("/usr/local/etc/snort/{$snort_rules_file}.md5");
$emergingt_net_sig_chk_local = 'N/A';
-if(file_exists('/usr/local/etc/snort/emerging.rules.tar.gz.md5'))
- $emergingt_net_sig_chk_local = exec('/bin/cat /usr/local/etc/snort/emerging.rules.tar.gz.md5');
-
-$pfsense_org_sig_chk_local = 'N/A';
-if(file_exists('/usr/local/etc/snort/pfsense_rules.tar.gz.md5'))
- $pfsense_org_sig_chk_local = exec('/bin/cat /usr/local/etc/snort/pfsense_rules.tar.gz.md5');
-
-/* define checks */
-$oinkid = $config['installedpackages']['snortglobal']['oinkmastercode'];
-$snortdownload = $config['installedpackages']['snortglobal']['snortdownload'];
-$emergingthreats = $config['installedpackages']['snortglobal']['emergingthreats'];
-
-if ($snortdownload != 'on' && $emergingthreats != 'on')
- $snort_emrging_info = 'stop';
-
-if ($oinkid == '' && $snortdownload != 'off')
- $snort_oinkid_info = 'stop';
-
-if ($snort_emrging_info == 'stop' || $snort_oinkid_info == 'stop')
- $error_stop = 'true';
-
-/* check if main rule directory is empty */
-$if_mrule_dir = "/usr/local/etc/snort/rules";
-$mfolder_chk = (count(glob("$if_mrule_dir/*")) === 0) ? 'empty' : 'full';
+if (file_exists('/usr/local/etc/snort/emerging.rules.tar.gz.md5'))
+ $emergingt_net_sig_chk_local = file_get_contents("/usr/local/etc/snort/emerging.rules.tar.gz.md5");
/* check for logfile */
$update_logfile_chk = 'no';
if (file_exists('/usr/local/etc/snort/snort_update.log'))
$update_logfile_chk = 'yes';
-header("snort_help_info.php");
-header( "Expires: Mon, 20 Dec 1998 01:00:00 GMT" );
-header( "Last-Modified: " . gmdate("D, d M Y H:i:s") . " GMT" );
-header( "Cache-Control: no-cache, must-revalidate" );
-header( "Pragma: no-cache" );
-
-
$pgtitle = "Services: Snort: Updates";
include_once("head.inc");
-
?>
<body link="#000000" vlink="#000000" alink="#000000">
-<?php
-echo "{$snort_general_css}\n";
-echo "$snort_interfaces_css\n";
-?>
-
<?php include("fbegin.inc"); ?>
-
<?if($pfsense_stable == 'yes'){echo '<p class="pgtitle">' . $pgtitle . '</p>';}?>
-
-<noscript>
-<div class="alert" ALIGN=CENTER><img
- src="../themes/<?php echo $g['theme']; ?>/images/icons/icon_alert.gif" /><strong>Please
-enable JavaScript to view this content
-</CENTER></div>
-</noscript>
-
<table width="100%" border="0" cellpadding="0" cellspacing="0">
<tr><td>
<?php
@@ -128,118 +85,73 @@ enable JavaScript to view this content
<div id="mainarea3">
<table id="maintable4" class="tabcont" width="100%" border="0"
cellpadding="0" cellspacing="0">
- <tr>
- <td><!-- grey line -->
- <table height="12px" width="725px" border="0" cellpadding="5px"
- cellspacing="0">
- <tr>
- <td style='background-color: #eeeeee'>
- <div height="12px" width="725px" style='background-color: #dddddd'>
- </div>
- </td>
- </tr>
- </table>
-
- <br>
-
+ <tr align="center">
+ <td>
+ <br/>
<table id="download_rules" height="32px" width="725px" border="0"
cellpadding="5px" cellspacing="0">
<tr>
<td id="download_rules_td" style="background-color: #eeeeee">
<div height="32" width="725px" style="background-color: #eeeeee">
- <font color="#777777" size="1.5px"><b>INSTALLED SIGNATURE RULESET</b></font><br>
- <br>
- <p style="text-align: left; margin-left: 225px;"><font
- color="#FF850A" size="1px"><b>SNORT.ORG >>></b></font><font
- size="1px" color="#000000">&nbsp;&nbsp;<? echo $snort_org_sig_chk_local; ?></font><br>
- <font color="#FF850A" size="1px"><b>EMERGINGTHREATS.NET >>></b></font><font
- size="1px" color="#000000">&nbsp;&nbsp;<? echo $emergingt_net_sig_chk_local; ?></font><br>
- <font color="#FF850A" size="1px"><b>PFSENSE.ORG >>></b></font><font
- size="1px" color="#000000">&nbsp;&nbsp;<? echo $pfsense_org_sig_chk_local; ?></font><br>
+ <font color="#777777" size="1.5px">
+ <p style="text-align: left; margin-left: 225px;">
+ <b>INSTALLED SIGNATURE RULESET</b></font><br>
+ <br>
+ <font color="#FF850A" size="1px"><b>SNORT.ORG >>></b></font>
+ <font size="1px" color="#000000">&nbsp;&nbsp;<? echo $snort_org_sig_chk_local; ?></font><br>
+ <font color="#FF850A" size="1px"><b>EMERGINGTHREATS.NET >>></b></font>
+ <font size="1px" color="#000000">&nbsp;&nbsp;<? echo $emergingt_net_sig_chk_local; ?></font><br>
</p>
-
- </div>
- </td>
- </tr>
- </table>
-
- <br>
-
- <!-- grey line -->
- <table height="12px" width="725px" border="0" cellpadding="5px"
- cellspacing="0">
- <tr>
- <td style='background-color: #eeeeee'>
- <div height="12px" width="725px" style='background-color: #eeeeee'>
</div>
</td>
</tr>
</table>
-
- <br>
-
+ <br/>
<table id="download_rules" height="32px" width="725px" border="0"
cellpadding="5px" cellspacing="0">
<tr>
<td id="download_rules_td" style='background-color: #eeeeee'>
<div height="32" width="725px" style='background-color: #eeeeee'>
+ <p style="text-align: left; margin-left: 225px;">
<font color='#777777' size='1.5px'><b>UPDATE YOUR RULES</b></font><br>
- <br>
+ <br/>
<?php
- if ($error_stop == 'true') {
+ if ($snortdownload != 'on' && $emergingthreats != 'on') {
echo '
-
<button class="sexybutton disabled" disabled="disabled"><span class="download">Update Rules&nbsp;&nbsp;&nbsp;&nbsp;</span></button><br/>
<p style="text-align:left; margin-left:150px;">
<font color="#fc3608" size="2px"><b>WARNING:</b></font><font size="1px" color="#000000">&nbsp;&nbsp;No rule types have been selected for download. "Global Settings Tab"</font><br>';
- if ($mfolder_chk == 'empty') {
-
- echo '
- <font color="#fc3608" size="2px"><b>WARNING:</b></font><font size="1px" color="#000000">&nbsp;&nbsp;The main rules directory is empty. /usr/local/etc/snort/rules</font>' ."\n";
- }
-
echo '</p>' . "\n";
-
- }else{
+ } else {
echo '
-
<a href="/snort/snort_download_rules.php"><button class="sexybutton disabled"><span class="download">Update Rules&nbsp;&nbsp;&nbsp;&nbsp;</span></button></a><br/>' . "\n";
- if ($mfolder_chk == 'empty') {
-
- echo '
- <p style="text-align:left; margin-left:150px;">
- <font color="#fc3608" size="2px"><b>WARNING:</b></font><font size="1px" color="#000000">&nbsp;&nbsp;The main rules directory is empty. /usr/local/etc/snort/rules</font>
- </p>';
- }
-
}
- ?> <br>
-
+ ?> <br/>
+ </p>
</div>
</td>
</tr>
</table>
-
- <br>
-
+ <br/>
<table id="download_rules" height="32px" width="725px" border="0"
cellpadding="5px" cellspacing="0">
<tr>
<td id="download_rules_td" style='background-color: #eeeeee'>
<div height="32" width="725px" style='background-color: #eeeeee'>
+ <p style="text-align: left; margin-left: 225px;">
<font color='#777777' size='1.5px'><b>VIEW UPDATE LOG</b></font><br>
<br>
- <?php
+ <?php
if ($update_logfile_chk == 'yes') {
echo '
@@ -249,27 +161,15 @@ enable JavaScript to view this content
<button class="sexybutton disabled" disabled="disabled" href="/snort/snort_rules_edit.php?openruleset=/usr/local/etc/snort/snort_update.log"><span class="pwhitetxt">Update Log&nbsp;&nbsp;&nbsp;&nbsp;</span></button>' . "\n";
}
- ?> <br>
- <br>
-
- </div>
- </td>
- </tr>
- </table>
-
- <br>
-
- <table height="12px" width="725px" border="0" cellpadding="5px"
- cellspacing="0">
- <tr>
- <td style='background-color: #eeeeee'>
- <div height="12px" width="725px" style='background-color: #eeeeee'>
+ ?>
+ <br/>
+ </p>
</div>
</td>
</tr>
</table>
- <br>
+ <br/>
<table id="download_rules" height="32px" width="725px" border="0"
cellpadding="5px" cellspacing="0">
@@ -286,18 +186,6 @@ enable JavaScript to view this content
</tr>
</table>
- <br>
-
- <table height="12px" width="725px" border="0" cellpadding="5px"
- cellspacing="0">
- <tr>
- <td style='background-color: #eeeeee'>
- <div height="12px" width="725px" style='background-color: #eeeeee'>
- </div>
- </td>
- </tr>
- </table>
-
</td>
</tr>
</table>
@@ -312,10 +200,6 @@ enable JavaScript to view this content
</tr>
</table>
<!-- end of final table --></div>
-
<?php include("fend.inc"); ?>
-
-<?php echo "$snort_custom_rnd_box\n"; ?>
-
</body>
</html>