aboutsummaryrefslogtreecommitdiffstats
path: root/config
diff options
context:
space:
mode:
Diffstat (limited to 'config')
-rw-r--r--config/snort/snort.inc122
-rw-r--r--config/snort/snort_interfaces.php56
2 files changed, 47 insertions, 131 deletions
diff --git a/config/snort/snort.inc b/config/snort/snort.inc
index 3d1bd57c..5b5e3dae 100644
--- a/config/snort/snort.inc
+++ b/config/snort/snort.inc
@@ -238,25 +238,10 @@ function build_base_whitelist($build_netlist, $wanip, $wangw, $wandns, $vips, $v
function Running_Ck($snort_uuid, $if_real, $id) {
global $config;
- $snort_up_ck = exec("/bin/ps -U snort | /usr/bin/grep snort | /usr/bin/awk '{print \$1;}'");
-
- if(snort_up_ck == '') {
- $snort_up = 'no';
- return $snort_up;
- }
-
- if(snort_up_ck != ''){
-
- /* use ob_clean to clear output buffer, this code needs to be watched */
- ob_clean();
- $snort_up_prell = exec("/bin/ps -U snort | /usr/bin/grep \"\-R {$snort_uuid}\" | /usr/bin/awk '{print \$1;}'");
-
- if ($snort_up_prell != '') {
- $snort_uph = 'yes';
- }else{
- $snort_uph = 'no';
- }
- }
+ $snort_uph = 'no';
+ $snort_up_prell = exec("/bin/ps -ax | /usr/bin/grep \"R {$snort_uuid}\" | /usr/bin/grep -v grep | /usr/bin/awk '{print \$1;}'");
+ if ($snort_up_prell != '')
+ $snort_uph = 'yes';
return $snort_uph;
}
@@ -265,24 +250,10 @@ function Running_Ck($snort_uuid, $if_real, $id) {
function Running_Ck_b($snort_uuid, $if_real, $id) {
global $config;
- $snort_up_ck_b = exec("/bin/ps -U snort | /usr/bin/grep barnyard2 | /usr/bin/awk '{print \$1;}'");
-
- if($snort_up_ck_b == ''){
- $snort_up_b = 'no';
- return $snort_up_b;
- }
-
- if(snort_up_ck_b != '') {
-
- ob_clean();
- $snort_up_pre_b = exec("/bin/ps -U snort | grep \"f snort_{$snort_uuid}_{$if_real}.u2\" | awk '{print \$1;}'");
-
- if ($snort_up_pre_b != '') {
- $snort_up_b = 'yes';
- }else{
- $snort_up_b = 'no';
- }
- }
+ $snort_up_b = 'no';
+ $snort_up_pre_b = exec("/bin/ps -ax | /usr/bin/grep barnyard2 | /usr/bin/grep \"f snort_{$snort_uuid}_{$if_real}.u2\" | /usr/bin/grep -v grep | /usr/bin/awk '{print \$1;}'");
+ if ($snort_up_pre_b != '')
+ $snort_up_b = 'yes';
return $snort_up_b;
}
@@ -293,43 +264,25 @@ function Running_Stop($snort_uuid, $if_real, $id) {
/* if snort.sh crashed this will remove the pid */
@unlink('/tmp/snort.sh.pid');
- $start_up_s = exec("/bin/ps -U snort | grep \"\-R {$snort_uuid}\" | awk '{ print \$1; }'");
- $start_up_r = exec("/bin/ps -U root | grep \"\-R {$snort_uuid}\" | awk '{ print \$1; }'");
-
- $start2_upb_s = exec("/bin/ps -U snort | grep \"snort_{$snort_uuid}_{$if_real}.u2\" | awk '{ print \$1; }'");
- $start2_upb_r = exec("/bin/ps -U root | grep \"snort_{$snort_uuid}_{$if_real}.u2\" | awk '{ print \$1; }'");
-
- if ($start_up_s != '' || $start_up_r != '' || $start2_upb_s != '' || $start2_upb_r != '') {
- if ($start_up_s != '')
- {
- exec("/bin/kill {$start_up_s}");
- exec("rm /var/log/snort/run/snort_{$if_real}{$snort_uuid}*");
- exec("rm /var/log/snort/snort_{$snort_uuid}_{$if_real}*");
- }
+ $start_up = exec("/bin/ps -ax | /usr/bin/grep \"R {$snort_uuid}\" | /usr/bin/grep -v grep | /usr/bin/awk '{ print \$1; }'");
+ $start_upb = exec("/bin/ps -ax | /usr/bin/grep \"snort_{$snort_uuid}_{$if_real}.u2\" | /usr/bin/grep -v grep | /usr/bin/awk '{ print \$1; }'");
- if ($start2_upb_s != '')
- {
- exec("/bin/kill {$start2_upb_s}");
- exec("/bin/rm /var/run/barnyard2_{$snort_uuid}_{$if_real}*");
- }
-
- if ($start_up_r != '')
- {
- exec("/bin/kill {$start_up_r}");
- exec("rm /var/log/snort/run/snort_{$if_real}{$snort_uuid}*");
- exec("rm /var/log/snort/snort_{$snort_uuid}_{$if_real}*");
- }
-
- if ($start2_upb_r != '')
- {
- exec("/bin/kill {$start2_upb_r}");
- exec("/bin/rm /var/run/barnyard2_{$snort_uuid}_{$if_real}*");
- }
+ if ($start_up != '') {
+ exec("/bin/kill {$start_up}");
+ exec("/bin/rm /var/log/snort/run/snort_{$if_real}{$snort_uuid}*");
+ exec("/bin/rm /var/log/snort/snort_{$snort_uuid}_{$if_real}*");
+ exec("/bin/rm -r /usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}");
+ }
- /* Log Iface stop */
- exec("/usr/bin/logger -p daemon.info -i -t SnortStartup 'Interface Rule STOP for {$snort_uuid}_{$if_real}...'");
- sleep(2); // Give time so GUI displays correctly
+ if ($start_upb != '') {
+ exec("/bin/kill {$start_upb}");
+ exec("/bin/rm /var/run/barnyard2_{$snort_uuid}_{$if_real}*");
+ exec("/bin/rm /var/log/snort/snort.u2_{$snort_uuid}_{$if_real}*");
}
+
+ /* Log Iface stop */
+ exec("/usr/bin/logger -p daemon.info -i -t SnortStartup 'Interface Rule STOP for {$snort_uuid}_{$if_real}...'");
+ sleep(2); // Give time so GUI displays correctly
}
function Running_Start($snort_uuid, $if_real, $id) {
@@ -341,11 +294,14 @@ function Running_Start($snort_uuid, $if_real, $id) {
$snort_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['enable'];
if ($snort_info_chk == 'on')
exec("/usr/local/bin/snort -R \"{$snort_uuid}\" -D -q -l /var/log/snort --pid-path /var/log/snort/run -G {$snort_uuid} -c /usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/snort.conf -i {$if_real}");
+ else
+ return;
+
/* define snortbarnyardlog_chk */
/* top will have trouble if the uuid is to far back */
$snortbarnyardlog_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['barnyard_enable'];
$snortbarnyardlog_mysql_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['barnyard_mysql'];
- if ($snortbarnyardlog_info_chk == 'on' && $snortbarnyardlog_mysql_info_chk != '' && $snort_info_chk == 'on') {
+ if ($snortbarnyardlog_info_chk == 'on' && $snortbarnyardlog_mysql_info_chk != '') {
exec("/usr/local/bin/barnyard2 -f \"snort_{$snort_uuid}_{$if_real}.u2\" --pid-path /var/log/snort/run -c /usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/barnyard2.conf -d /var/log/snort -D -q");
}
@@ -973,13 +929,18 @@ function sync_snort_package_all($id, $if_real, $snort_uuid)
//exec("/sbin/sysctl net.bpf.maxinsns=512");
//exec("/sbin/sysctl net.inet.tcp.rfc1323=1");
+ conf_mount_rw();
+
/* do not start config build if rules is empty */
- if (!is_array($config['installedpackages']['snortglobal']['rule']))
+ if (!is_array($config['installedpackages']['snortglobal']['rule'])) {
+ exec('/bin/rm /usr/local/etc/rc.d/snort.sh');
+ conf_mount_ro();
return;
- if (!is_array($config['installedpackages']['snortglobal']['rule'][$id]))
+ }
+ if (!is_array($config['installedpackages']['snortglobal']['rule'][$id])) {
+ conf_mount_ro();
return;
-
- conf_mount_rw();
+ }
$snort_uuid = $config['installedpackages']['snortglobal']['rule'][$id]['uuid'];
$result_lan = $config['installedpackages']['snortglobal']['rule'][$id]['interface'];
@@ -1024,11 +985,14 @@ function sync_snort_package_empty()
//exec("/sbin/sysctl net.bpf.maxinsns=512");
//exec("/sbin/sysctl net.inet.tcp.rfc1323=1");
+ conf_mount_rw();
+
/* do not start config build if rules is empty */
- if (!is_array($config['installedpackages']['snortglobal']['rule']))
+ if (!is_array($config['installedpackages']['snortglobal']['rule'])) {
+ exec('/bin/rm /usr/local/etc/rc.d/snort.sh');
+ conf_mount_ro();
return;
-
- conf_mount_rw();
+ }
foreach ($config['installedpackages']['snortglobal']['rule'] as $id => $value) {
$if_real = snort_get_real_interface($value['interface']);
diff --git a/config/snort/snort_interfaces.php b/config/snort/snort_interfaces.php
index 39f8eddc..b00b107e 100644
--- a/config/snort/snort_interfaces.php
+++ b/config/snort/snort_interfaces.php
@@ -51,56 +51,13 @@ if (isset($_POST['del_x'])) {
/* delete selected rules */
if (is_array($_POST['rule'])) {
conf_mount_rw();
-
foreach ($_POST['rule'] as $rulei) {
/* convert fake interfaces to real */
$if_real = snort_get_real_interface($a_nat[$rulei]['interface']);
$snort_uuid = $a_nat[$rulei]['uuid'];
- /* cool code to check if any snort is up */
- $snort_up_ck = exec("/bin/ps -auwx | /usr/bin/grep -v grep | /usr/bin/grep snort | /usr/bin/awk '{print \$2;}' | sed 1q");
-
- if ($snort_up_ck != "")
- {
-
- $start_up_pre = exec("/usr/bin/top -a -U snort -u | grep -v grep | grep \"R {$snort_uuid}\" | awk '{print \$1;}'");
- $start_up_s = exec("/usr/bin/top -U snort -u | grep snort | grep {$start_up_pre} | awk '{ print $1; }'");
- $start_up_r = exec("/usr/bin/top -U root -u | grep snort | grep {$start_up_pre} | awk '{ print $1; }'");
-
- $start2_upb_pre = exec("/bin/cat /var/run/barnyard2_{$snort_uuid}_{$if_real}.pid");
- $start2_upb_s = exec("/usr/bin/top -U snort -u | grep barnyard2 | grep {$start2_upb_pre} | awk '{ print $1; }'");
- $start2_upb_r = exec("/usr/bin/top -U root -u | grep barnyard2 | grep {$start2_upb_pre} | awk '{ print $1; }'");
-
-
- if ($start_up_s != "" || $start_up_r != "" || $start2_upb_s != "" || $start2_upb_r != "") {
- /* remove only running instances */
- if ($start_up_s != "") {
- exec("/bin/kill {$start_up_s}");
- exec("/bin/rm /var/run/snort_{$snort_uuid}_{$if_real}*");
- }
-
- if ($start2_upb_s != "") {
- exec("/bin/kill {$start2_upb_s}");
- exec("/bin/rm /var/run/barnyard2_{$snort_uuid}_{$if_real}*");
- }
-
- if ($start_up_r != "") {
- exec("/bin/kill {$start_up_r}");
- exec("/bin/rm /var/run/snort_{$snort_uuid}_{$if_real}*");
- }
-
- if ($start2_upb_r != "") {
- exec("/bin/kill {$start2_upb_r}");
- exec("/bin/rm /var/run/barnyard2_{$snort_uuid}_{$if_real}*");
- }
- }
-
- }
-
- /* for every iface do these steps */
- exec("/bin/rm /var/log/snort/snort.u2_{$snort_uuid}_{$if_real}*");
- exec("/bin/rm -r /usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}");
+ Running_Stop($snort_uuid,$if_real, $rulei);
unset($a_nat[$rulei]);
}
@@ -110,9 +67,9 @@ if (isset($_POST['del_x'])) {
sleep(2);
/* if there are no ifaces do not create snort.sh */
- if (isset($config['installedpackages']['snortglobal']['rule'][0]['enable'])) {
+ if (!empty($config['installedpackages']['snortglobal']['rule']))
create_snort_sh();
- }else{
+ else {
conf_mount_rw();
exec('/bin/rm /usr/local/etc/rc.d/snort.sh');
conf_mount_ro();
@@ -146,10 +103,6 @@ if ($_GET['act'] == 'toggle' && is_numeric($id)) {
$tester2 = Running_Ck($snort_uuid, $if_real, $id);
if ($tester2 == 'yes') {
-
- /* Log Iface stop */
- exec("/usr/bin/logger -p daemon.info -i -t SnortStartup '{$tester2} yn for {$snort_uuid}_{$if_real}...'");
-
Running_Stop($snort_uuid, $if_real, $id);
header( 'Expires: Sat, 26 Jul 1997 05:00:00 GMT' );
@@ -158,8 +111,7 @@ if ($_GET['act'] == 'toggle' && is_numeric($id)) {
header( 'Cache-Control: post-check=0, pre-check=0', false );
header( 'Pragma: no-cache' );
- }else{
-
+ } else {
Running_Start($snort_uuid, $if_real, $id);
header( 'Expires: Sat, 26 Jul 1997 05:00:00 GMT' );