From 0fa2b72e124adf5dc690e2ddc51e8e07869ab403 Mon Sep 17 00:00:00 2001
From: robiscool <robrob2626@yahoo.com>
Date: Wed, 13 Jun 2012 16:24:09 -0700
Subject: snort-dev2, upadte snort-dev2/snort_download_rules.php to include new
 preproc rules.

---
 config/snort-dev2/.buildpath                       |   5 -
 config/snort-dev2/.project                         |  22 --
 .../.settings/org.eclipse.php.core.prefs           |   4 -
 config/snort-dev2/snort_download_rules.php         | 226 ++++++++++-----------
 4 files changed, 108 insertions(+), 149 deletions(-)
 delete mode 100644 config/snort-dev2/.buildpath
 delete mode 100644 config/snort-dev2/.project
 delete mode 100644 config/snort-dev2/.settings/org.eclipse.php.core.prefs

diff --git a/config/snort-dev2/.buildpath b/config/snort-dev2/.buildpath
deleted file mode 100644
index 8bcb4b5f..00000000
--- a/config/snort-dev2/.buildpath
+++ /dev/null
@@ -1,5 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<buildpath>
-	<buildpathentry kind="src" path=""/>
-	<buildpathentry kind="con" path="org.eclipse.php.core.LANGUAGE"/>
-</buildpath>
diff --git a/config/snort-dev2/.project b/config/snort-dev2/.project
deleted file mode 100644
index 210cee14..00000000
--- a/config/snort-dev2/.project
+++ /dev/null
@@ -1,22 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<projectDescription>
-	<name>snort-dev2</name>
-	<comment></comment>
-	<projects>
-	</projects>
-	<buildSpec>
-		<buildCommand>
-			<name>org.eclipse.wst.validation.validationbuilder</name>
-			<arguments>
-			</arguments>
-		</buildCommand>
-		<buildCommand>
-			<name>org.eclipse.dltk.core.scriptbuilder</name>
-			<arguments>
-			</arguments>
-		</buildCommand>
-	</buildSpec>
-	<natures>
-		<nature>org.eclipse.php.core.PHPNature</nature>
-	</natures>
-</projectDescription>
diff --git a/config/snort-dev2/.settings/org.eclipse.php.core.prefs b/config/snort-dev2/.settings/org.eclipse.php.core.prefs
deleted file mode 100644
index c21f9750..00000000
--- a/config/snort-dev2/.settings/org.eclipse.php.core.prefs
+++ /dev/null
@@ -1,4 +0,0 @@
-eclipse.preferences.version=1
-include_path=0;/snort-dev2
-phpVersion=php5.3
-use_asp_tags_as_php=false
diff --git a/config/snort-dev2/snort_download_rules.php b/config/snort-dev2/snort_download_rules.php
index 3e6b41b3..7c6ff65c 100644
--- a/config/snort-dev2/snort_download_rules.php
+++ b/config/snort-dev2/snort_download_rules.php
@@ -382,121 +382,110 @@ if ($pfsensedownload == 'on' && $pfsense_md5_check_ok != 'on') {
 //    }
 //}
 
-/* Untar snort rules file individually to help people with low system specs */
-if ($snortdownload == 'on')
-{
-	if ($snort_md5_check_ok != 'on') {
-		if (file_exists("{$tmpfname}/{$snort_filename}")) {
-			
-			// find out if were in 1.2.3-RELEASE
-			$pfsense_ver_chk = exec('/bin/cat /etc/version');
-			if ($pfsense_ver_chk === '1.2.3-RELEASE') {
-				$pfsense_stable = 'yes';
-			}else{
-				$pfsense_stable = 'no';
-			}
-
-			// get the system arch
-			$snort_arch_ck = exec('/usr/bin/uname -m');
-			if ($snort_arch_ck === 'i386') {
-				$snort_arch = 'i386';
-			}else{
-				$snort_arch = 'x86-64'; // amd64
-			}			
-
-			if ($pfsense_stable === 'yes') {
-				$freebsd_version_so = 'FreeBSD-7-3';
-			}else{
-				$freebsd_version_so = 'FreeBSD-8-1';
-			}
-
-			update_status(gettext("Extracting Snort.org rules..."));
-			update_output_window(gettext("May take a while..."));
-			/* extract snort.org rules and  add prefix to all snort.org files*/
-			exec("/bin/rm -r {$snortdir}/rules");
-			sleep(2);
-			exec("/usr/bin/tar xzf {$tmpfname}/{$snort_filename} -C {$snortdir} rules/");
-			chdir ("/usr/local/etc/snort/rules");
-			sleep(2);
-			
-			$snort_dirList = scandir("{$snortdir_rules}/rules"); // Waning: only in php 5
-			$snortrules_filterList = snortscandirfilter($snort_dirList, '/.*\.rules/', '/\.rules/', '');
-			
-			if (!empty($snortrules_filterList)) {
-				foreach ($snortrules_filterList as $snort_rule_move)
-				{
-					exec("/bin/mv -f {$snortdir}/rules/{$snort_rule_move}.rules {$snortdir}/rules/snort_{$snort_rule_move}.rules");
-				}
-			}
-			
-			/* extract so rules */
-			exec('/bin/mkdir -p /usr/local/lib/snort/dynamicrules/');
-			exec("/usr/bin/tar xzf {$tmpfname}/{$snort_filename} -C {$snortdir} so_rules/precompiled/$freebsd_version_so/{$snort_arch}/2.9.2.2/");
-			exec("/bin/mv -f {$snortdir}/so_rules/precompiled/$freebsd_version_so/{$snort_arch}/2.9.2.2/* /usr/local/lib/snort/dynamicrules/");		
-			
-			/* extract so rules none bin and rename */
-			exec("/usr/bin/tar xzf {$tmpfname}/{$snort_filename} -C {$snortdir} so_rules/bad-traffic.rules/" .
-			" so_rules/chat.rules/" .
-			" so_rules/dos.rules/" .
-			" so_rules/exploit.rules/" .
-			" so_rules/icmp.rules/" .
-			" so_rules/imap.rules/" .
-			" so_rules/misc.rules/" .
-			" so_rules/multimedia.rules/" .
-			" so_rules/netbios.rules/" .
-			" so_rules/nntp.rules/" .
-			" so_rules/p2p.rules/" .
-			" so_rules/smtp.rules/" .
-			" so_rules/sql.rules/" .
-			" so_rules/web-activex.rules/" .
-			" so_rules/web-client.rules/" .
-			" so_rules/web-iis.rules/" .
-			" so_rules/web-misc.rules/");
-
-				exec("/bin/mv -f {$snortdir}/so_rules/bad-traffic.rules {$snortdir}/rules/snort_bad-traffic.so.rules");
-				exec("/bin/mv -f {$snortdir}/so_rules/chat.rules {$snortdir}/rules/snort_chat.so.rules");
-				exec("/bin/mv -f {$snortdir}/so_rules/dos.rules {$snortdir}/rules/snort_dos.so.rules");
-				exec("/bin/mv -f {$snortdir}/so_rules/exploit.rules {$snortdir}/rules/snort_exploit.so.rules");
-				exec("/bin/mv -f {$snortdir}/so_rules/icmp.rules {$snortdir}/rules/snort_icmp.so.rules");
-				exec("/bin/mv -f {$snortdir}/so_rules/imap.rules {$snortdir}/rules/snort_imap.so.rules");
-				exec("/bin/mv -f {$snortdir}/so_rules/misc.rules {$snortdir}/rules/snort_misc.so.rules");
-				exec("/bin/mv -f {$snortdir}/so_rules/multimedia.rules {$snortdir}/rules/snort_multimedia.so.rules");
-				exec("/bin/mv -f {$snortdir}/so_rules/netbios.rules {$snortdir}/rules/snort_netbios.so.rules");
-				exec("/bin/mv -f {$snortdir}/so_rules/nntp.rules {$snortdir}/rules/snort_nntp.so.rules");
-				exec("/bin/mv -f {$snortdir}/so_rules/p2p.rules {$snortdir}/rules/snort_p2p.so.rules");
-				exec("/bin/mv -f {$snortdir}/so_rules/smtp.rules {$snortdir}/rules/snort_smtp.so.rules");
-				exec("/bin/mv -f {$snortdir}/so_rules/sql.rules {$snortdir}/rules/snort_sql.so.rules");
-				exec("/bin/mv -f {$snortdir}/so_rules/web-activex.rules {$snortdir}/rules/snort_web-activex.so.rules");
-				exec("/bin/mv -f {$snortdir}/so_rules/web-client.rules {$snortdir}/rules/snort_web-client.so.rules");
-				exec("/bin/mv -f {$snortdir}/so_rules/web-iis.rules {$snortdir}/rules/snort_web-iis.so.rules");
-				exec("/bin/mv -f {$snortdir}/so_rules/web-misc.rules {$snortdir}/rules/snort_web-misc.so.rules");
-				exec("/bin/rm -r {$snortdir}/so_rules");
-			}
-			
-			//// rob
-			
-			// list so_rules and exclude dir
-			exec("/usr/bin/tar --exclude='precompiled' --exclude='src' -tf {$tmpfname}/{$snort_filename} so_rules", $so_rules_list);
-
-			$so_rulesPattr = array('/\//', '/\.rules/');
-			$so_rulesPattw = array('', '');
-				
-			// build list of so rules
-			$so_rules_filterList = snortscandirfilter($so_rules_list, '/\/.*\.rules/', $so_rulesPattr, $so_rulesPattw);			
-			
-			//// end
-
-			/* extract base etc files */
-			exec("/usr/bin/tar xzf {$tmpfname}/{$snort_filename} -C {$snortdir} etc/");
-			exec("/bin/mv -f {$snortdir}/etc/* {$snortdir}");
-			exec("/bin/rm -r {$snortdir}/etc");
-
-			update_status(gettext("Done extracting Snort.org Rules."));
-		}else{
-			update_status(gettext("Error extracting Snort.org Rules..."));
-			update_output_window(gettext("Error Line 755"));
-			$snortdownload = 'off';
-		}
+/* Untar snort rules file individually to help people with low system specs */
+if ($snortdownload == 'on' && $snort_md5_check_ok != 'on') {
+	if (file_exists("{$tmpfname}/{$snort_filename}")) {
+
+		// find out if were in 1.2.3-RELEASE
+		$pfsense_ver_chk = exec('/bin/cat /etc/version');
+		if ($pfsense_ver_chk === '1.2.3-RELEASE') {
+			$pfsense_stable = 'yes';
+		}else{
+			$pfsense_stable = 'no';
+		}
+
+		// get the system arch
+		$snort_arch_ck = exec('/usr/bin/uname -m');
+		if ($snort_arch_ck === 'i386') {
+			$snort_arch = 'i386';
+		}else{
+			$snort_arch = 'x86-64'; // amd64
+		}
+
+		if ($pfsense_stable === 'yes') {
+			$freebsd_version_so = 'FreeBSD-7-3';
+		}else{
+			$freebsd_version_so = 'FreeBSD-8-1';
+		}
+
+		update_status(gettext("Extracting Snort.org rules..."));
+		update_output_window(gettext("May take a while..."));
+		/* extract snort.org rules and  add prefix to all snort.org files*/
+		exec("/bin/rm -r {$snortdir}/rules");
+		sleep(2);
+		exec("/usr/bin/tar xzf {$tmpfname}/{$snort_filename} -C {$snortdir} rules/");
+		chdir ("/usr/local/etc/snort/rules");
+		sleep(2);
+
+		$snort_dirList = scandir("{$snortdir}/rules"); // Waning: only in php 5
+		$snortrules_filterList = snortscandirfilter($snort_dirList, '/.*\.rules/', '/\.rules/', '');
+
+		if (!empty($snortrules_filterList)) {
+			foreach ($snortrules_filterList as $snort_rule_move)
+			{
+				exec("/bin/mv -f {$snortdir}/rules/{$snort_rule_move}.rules {$snortdir}/rules/snort_{$snort_rule_move}.rules");
+			}
+		}
+
+		/* extract so_rules */
+
+		// list so_rules and exclude dir
+		exec("/usr/bin/tar --exclude='precompiled' --exclude='src' -tf {$tmpfname}/{$snort_filename} so_rules", $so_rules_list);
+
+		$so_rulesPattr = array('/\//', '/\.rules/');
+		$so_rulesPattw = array('', '');
+
+		// build list of so_rules
+		$so_rules_filterList = snortscandirfilter($so_rules_list, '/\/.*\.rules/', $so_rulesPattr, $so_rulesPattw);
+
+		if (!empty($so_rules_filterList)) {
+			// cp rule to so tmp dir
+			foreach ($so_rules_filterList as $so_rule)
+			{
+
+				exec("/usr/bin/tar xzf {$tmpfname}/{$snort_filename} -C {$snortdir} so_rules/{$so_rule}.rules");
+
+			}
+			// mv and rename so rules
+			foreach ($so_rules_filterList as $so_rule_move)
+			{
+				exec("/bin/mv -f {$snortdir}/so_rules/{$so_rule_move}.rules {$snortdir}/rules/snort_{$so_rule_move}.so.rules");
+			}
+		}
+
+		/* extract preproc_rules */
+
+		// list so_rules and exclude dir
+		exec("/usr/bin/tar --exclude='precompiled' --exclude='src' -tf {$tmpfname}/{$snort_filename} preproc_rules", $preproc_rules_list);
+
+		$preproc_rules_filterList = snortscandirfilter($preproc_rules_list, '/\/.*\.rules/', $so_rulesPattr, $so_rulesPattw);
+
+		if (!empty($preproc_rules_filterList)) {
+			// cp rule to so tmp dir
+			foreach ($preproc_rules_filterList as $preproc_rule)
+			{
+
+				exec("/usr/bin/tar xzf {$tmpfname}/{$snort_filename} -C {$snortdir} preproc_rules/{$preproc_rule}.rules");
+
+			}
+			// mv and rename preproc_rules
+			foreach ($preproc_rules_filterList as $preproc_rule_move)
+			{
+				exec("/bin/mv -f {$snortdir}/preproc_rules/{$preproc_rule_move}.rules {$snortdir}/rules/snort_{$preproc_rule_move}.preproc.rules");
+			}
+		}
+
+		/* extract base etc files */
+		exec("/usr/bin/tar xzf {$tmpfname}/{$snort_filename} -C {$snortdir} etc/");
+		exec("/bin/mv -f {$snortdir}/etc/* {$snortdir}");
+		exec("/bin/rm -r {$snortdir}/etc");
+
+		update_status(gettext("Done extracting Snort.org Rules."));
+	}else{
+		update_status(gettext("Error extracting Snort.org Rules..."));
+		update_output_window(gettext("Error Line 755"));
+		$snortdownload = 'off';
+	}
 }
 
 /* Untar emergingthreats rules to tmp */
@@ -620,9 +609,10 @@ if (file_exists("/usr/local/lib/snort/dynamicrules/lib_sfdynamic_example_rule.so
 }
 
 /* make shure default rules are in the right format */
-exec("/usr/local/bin/perl -pi -e 's/#alert/# alert/g' /usr/local/etc/snort/rules/*.rules");
-exec("/usr/local/bin/perl -pi -e 's/##alert/# alert/g' /usr/local/etc/snort/rules/*.rules");
-exec("/usr/local/bin/perl -pi -e 's/## alert/# alert/g' /usr/local/etc/snort/rules/*.rules");
+exec("/usr/bin/sed -i '' 's/^[ \t]*//' /usr/local/etc/snort/rules/*.rules"); // remove white spaces from begining of line
+exec("/usr/bin/sed -i '' 's/^#alert*/\# alert/' /usr/local/etc/snort/rules/*.rules");
+exec("/usr/bin/sed -i '' 's/^##alert*/\# alert/' /usr/local/etc/snort/rules/*.rules");
+exec("/usr/bin/sed -i '' 's/^## alert*/\# alert/' /usr/local/etc/snort/rules/*.rules");
 
 /* create a msg-map for snort  */
 update_status(gettext("Updating Alert Messages..."));
-- 
cgit v1.2.3