From 7234111aaac38d620a4e5356d212fa51e2591d8b Mon Sep 17 00:00:00 2001 From: bmeeks8 Date: Tue, 7 Jan 2014 20:19:58 -0500 Subject: Fix typo in get_interface_gateway_v6() function name --- config/snort/snort.inc | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/config/snort/snort.inc b/config/snort/snort.inc index 79fef4fa..eda009d3 100755 --- a/config/snort/snort.inc +++ b/config/snort/snort.inc @@ -440,8 +440,8 @@ function snort_build_list($snortcfg, $listname = "", $whitelist = false) { $gw = get_interface_gateway($snortcfg['interface']); if (is_ipaddr($gw) && !in_array($gw, $home_net)) $home_net[] = $gw; - if (function_exists("get_interface_gatewayv6")) { - $gw = get_interface_gatewayv6($snortcfg['interface']); + if (function_exists("get_interface_gateway_v6")) { + $gw = get_interface_gateway_v6($snortcfg['interface']); if (is_ipaddrv6($gw) && !in_array($gw, $home_net)) $home_net[] = $gw; } -- cgit v1.2.3 From 51e70ca039db270bfb2678034fc0d8789715b690 Mon Sep 17 00:00:00 2001 From: bmeeks8 Date: Fri, 10 Jan 2014 23:49:43 -0500 Subject: Fix auto log limit cleanup so it actually works. --- config/snort/snort.inc | 16 ++++++++++++---- config/snort/snort_check_cron_misc.inc | 21 +++++++++++++-------- 2 files changed, 25 insertions(+), 12 deletions(-) diff --git a/config/snort/snort.inc b/config/snort/snort.inc index eda009d3..7a151f7a 100755 --- a/config/snort/snort.inc +++ b/config/snort/snort.inc @@ -636,14 +636,14 @@ function snort_get_real_interface($interface) { } /* - this code block is for deleteing logs while keeping the newest file, + this code block is for deleting logs while keeping the newest file, snort is linked to these files while running, do not take the easy way out by touch and rm, snort will lose sync and not log. */ function snort_post_delete_logs($snort_uuid = 0) { global $config, $g; - /* do not start config build if rules is empty */ + /* do nothing if no Snort interfaces active */ if (!is_array($config['installedpackages']['snortglobal']['rule'])) return; @@ -651,14 +651,22 @@ function snort_post_delete_logs($snort_uuid = 0) { if ($value['uuid'] != $snort_uuid) continue; $if_real = snort_get_real_interface($value['interface']); - $snort_log_dir = "/var/log/snort/snort_{$if_real}{$snort_uuid}"; + $snort_log_dir = SNORTLOGDIR . "/snort_{$if_real}{$snort_uuid}"; if ($if_real != '') { + /* Clean-up Barnyard2 files if any exist */ $filelist = glob("{$snort_log_dir}/*{$snort_uuid}_{$if_real}.u2.*"); unset($filelist[count($filelist) - 1]); foreach ($filelist as $file) @unlink($file); + /* Clean-up packet capture files if any exist */ + $filelist = glob("{$snort_log_dir}/snort.log.*"); + unset($filelist[count($filelist) - 1]); + foreach ($filelist as $file) + @unlink($file); + + /* Clean-up stats files if they are enabled */ if ($value['perform_stat'] == 'on') { $fd = fopen("{$snort_log_dir}/{$if_real}.stats", "w"); if ($fd) { @@ -674,7 +682,7 @@ function snort_Getdirsize($node) { if(!is_readable($node)) return false; - $blah = exec( "/usr/bin/du -kd $node" ); + $blah = exec( "/usr/bin/du -kdc $node" ); return substr( $blah, 0, strpos($blah, 9) ); } diff --git a/config/snort/snort_check_cron_misc.inc b/config/snort/snort_check_cron_misc.inc index e988b949..c1835dd0 100644 --- a/config/snort/snort_check_cron_misc.inc +++ b/config/snort/snort_check_cron_misc.inc @@ -52,27 +52,32 @@ if ($snortloglimit == 'off') if (!is_array($config['installedpackages']['snortglobal']['rule'])) return; -$snortloglimitDSKsize = exec('/bin/df -k /var | grep -v "Filesystem" | awk \'{print $4}\''); - foreach ($config['installedpackages']['snortglobal']['rule'] as $value) { $if_real = snort_get_real_interface($value['interface']); $snort_uuid = $value['uuid']; - $snort_log_dir = "/var/log/snort/snort_{$if_real}{$snort_uuid}"; + $snort_log_dir = SNORTLOGDIR . "/snort_{$if_real}{$snort_uuid}"; if (file_exists("{$snort_log_dir}/alert")) { $snortlogAlertsizeKB = snort_Getdirsize("{$snort_log_dir}/alert"); - $snortloglimitAlertsizeKB = round($snortlogAlertsizeKB * .70); $snortloglimitsizeKB = round($snortloglimitsize * 1024); - /* do I need HUP kill ? */ if (snort_Getdirsize($snort_log_dir) >= $snortloglimitsizeKB ) { conf_mount_rw(); - if ($snortlogAlertsizeKB >= $snortloglimitAlertsizeKB) - @file_put_contents("{$snort_log_dir}/alert", ""); + log_error(gettext("[Snort] Snort Log directory size exceeds limit set in Global Settings.")); + log_error(gettext("[Snort] Logs for {$value['descr']} ({$if_real}) will be truncated.")); snort_post_delete_logs($snort_uuid); + $fd = @fopen("{$snort_log_dir}/alert", "w+"); + if ($fd) + fclose($fd); + /* XXX: This is needed if snort is run as snort user */ + mwexec('/bin/chmod 660 /var/log/snort/*', true); + /* XXX: Soft-restart Snort process to resync logging */ + if (file_exists("{$g['varrun_path']}/snort_{$if_real}{$snort_uuid}.pid")) { + log_error(gettext("[Snort] Restarting logging on {$value['descr']} ({$if_real})")); + mwexec("/bin/pkill -HUP -F {$g['varrun_path']}/snort_{$if_real}{$snort_uuid}.pid -a"); + } conf_mount_ro(); } - } } -- cgit v1.2.3 From 2c38137849a0df8b0327fef2e16865c8041b37c4 Mon Sep 17 00:00:00 2001 From: bmeeks8 Date: Fri, 10 Jan 2014 23:53:32 -0500 Subject: Spell out 'Interface' in column header instead of 'I/f' --- config/snort/snort_interfaces.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/config/snort/snort_interfaces.php b/config/snort/snort_interfaces.php index 84273167..15d9addc 100755 --- a/config/snort/snort_interfaces.php +++ b/config/snort/snort_interfaces.php @@ -220,7 +220,7 @@ if ($pfsense_stable == 'yes') - + -- cgit v1.2.3 From ba3edc934faf8887fd5ea9e785392d84f2cd288c Mon Sep 17 00:00:00 2001 From: bmeeks8 Date: Sat, 11 Jan 2014 11:49:44 -0500 Subject: More fixes for auto log cleanup cron job. --- config/snort/snort.inc | 1 + config/snort/snort_check_cron_misc.inc | 54 +++++++++++++++++++++------------- 2 files changed, 35 insertions(+), 20 deletions(-) diff --git a/config/snort/snort.inc b/config/snort/snort.inc index 7a151f7a..4351a9b0 100755 --- a/config/snort/snort.inc +++ b/config/snort/snort.inc @@ -678,6 +678,7 @@ function snort_post_delete_logs($snort_uuid = 0) { } } +/* This returns size of passed directory or file in 1024-byte blocks */ function snort_Getdirsize($node) { if(!is_readable($node)) return false; diff --git a/config/snort/snort_check_cron_misc.inc b/config/snort/snort_check_cron_misc.inc index c1835dd0..038a11cd 100644 --- a/config/snort/snort_check_cron_misc.inc +++ b/config/snort/snort_check_cron_misc.inc @@ -52,33 +52,47 @@ if ($snortloglimit == 'off') if (!is_array($config['installedpackages']['snortglobal']['rule'])) return; -foreach ($config['installedpackages']['snortglobal']['rule'] as $value) { - $if_real = snort_get_real_interface($value['interface']); - $snort_uuid = $value['uuid']; - $snort_log_dir = SNORTLOGDIR . "/snort_{$if_real}{$snort_uuid}"; +/* Convert Log Limit Size setting from MB to KB */ +$snortloglimitsizeKB = round($snortloglimitsize * 1024); +$snortlogdirsizeKB = snort_Getdirsize(SNORTLOGDIR); +if ($snortlogdirsizeKB > 0 && $snortlogdirsizeKB > $snortloglimitsizeKB) { + log_error(gettext("[Snort] Log directory size exceeds configured limit of " . number_format($snortloglimitsize) . " MB set on Global Settings tab. All Snort log files will be truncated.")); + conf_mount_rw(); - if (file_exists("{$snort_log_dir}/alert")) { - $snortlogAlertsizeKB = snort_Getdirsize("{$snort_log_dir}/alert"); - $snortloglimitsizeKB = round($snortloglimitsize * 1024); + /* Truncate the Rules Update Log file if it exists */ + if (file_exists(RULES_UPD_LOGFILE)) { + log_error(gettext("[Snort] Truncating the Rules Update Log file...")); + $fd = @fopen(RULES_UPD_LOGFILE, "w+"); + if ($fd) + fclose($fd); + } + + /* Clean-up the logs for each configured Snort instance */ + foreach ($config['installedpackages']['snortglobal']['rule'] as $value) { + $if_real = snort_get_real_interface($value['interface']); + $snort_uuid = $value['uuid']; + $snort_log_dir = SNORTLOGDIR . "/snort_{$if_real}{$snort_uuid}"; + log_error(gettext("[Snort] Truncating logs for {$value['descr']} ({$if_real})...")); + snort_post_delete_logs($snort_uuid); - if (snort_Getdirsize($snort_log_dir) >= $snortloglimitsizeKB ) { - conf_mount_rw(); - log_error(gettext("[Snort] Snort Log directory size exceeds limit set in Global Settings.")); - log_error(gettext("[Snort] Logs for {$value['descr']} ({$if_real}) will be truncated.")); - snort_post_delete_logs($snort_uuid); + /* Truncate the alert log file if it exists */ + if (file_exists("{$snort_log_dir}/alert")) { $fd = @fopen("{$snort_log_dir}/alert", "w+"); if ($fd) fclose($fd); - /* XXX: This is needed if snort is run as snort user */ - mwexec('/bin/chmod 660 /var/log/snort/*', true); - /* XXX: Soft-restart Snort process to resync logging */ - if (file_exists("{$g['varrun_path']}/snort_{$if_real}{$snort_uuid}.pid")) { - log_error(gettext("[Snort] Restarting logging on {$value['descr']} ({$if_real})")); - mwexec("/bin/pkill -HUP -F {$g['varrun_path']}/snort_{$if_real}{$snort_uuid}.pid -a"); - } - conf_mount_ro(); + } + + /* This is needed if snort is run as snort user */ + mwexec('/bin/chmod 660 /var/log/snort/*', true); + + /* Soft-restart Snort process to resync logging */ + if (file_exists("{$g['varrun_path']}/snort_{$if_real}{$snort_uuid}.pid")) { + log_error(gettext("[Snort] Restarting logging on {$value['descr']} ({$if_real})...")); + mwexec("/bin/pkill -HUP -F {$g['varrun_path']}/snort_{$if_real}{$snort_uuid}.pid -a"); } } + conf_mount_ro(); + log_error(gettext("[Snort] Automatic clean-up of Snort logs completed.")); } ?> -- cgit v1.2.3 From c3b3ace436cfc9f0cc0ea7e5909c58582b7ed658 Mon Sep 17 00:00:00 2001 From: bmeeks8 Date: Sun, 12 Jan 2014 00:25:54 -0500 Subject: Ensure conf_mount_rw() and conf_mount_ro() are used where needed. --- config/snort/snort_alerts.php | 5 ++++- config/snort/snort_blocked.php | 3 +++ config/snort/snort_define_servers.php | 2 ++ config/snort/snort_download_updates.php | 2 ++ config/snort/snort_edit_hat_data.php | 4 ++++ config/snort/snort_interfaces_edit.php | 2 ++ config/snort/snort_interfaces_whitelist_edit.php | 2 -- config/snort/snort_migrate_config.php | 2 +- config/snort/snort_preprocessors.php | 14 ++++++++------ config/snort/snort_rules.php | 10 +++++++++- config/snort/snort_rulesets.php | 6 +++++- 11 files changed, 40 insertions(+), 12 deletions(-) diff --git a/config/snort/snort_alerts.php b/config/snort/snort_alerts.php index 2b957f61..97174cdd 100755 --- a/config/snort/snort_alerts.php +++ b/config/snort/snort_alerts.php @@ -221,16 +221,17 @@ if ($_GET['action'] == "clear" || $_POST['delete']) { $fd = @fopen("/var/log/snort/snort_{$if_real}{$snort_uuid}/alert", "w+"); if ($fd) fclose($fd); - conf_mount_ro(); /* XXX: This is needed if snort is run as snort user */ mwexec('/bin/chmod 660 /var/log/snort/*', true); if (file_exists("{$g['varrun_path']}/snort_{$if_real}{$snort_uuid}.pid")) mwexec("/bin/pkill -HUP -F {$g['varrun_path']}/snort_{$if_real}{$snort_uuid}.pid -a"); + conf_mount_ro(); header("Location: /snort/snort_alerts.php?instance={$instanceid}"); exit; } if ($_POST['download']) { + conf_mount_rw(); $save_date = exec('/bin/date "+%Y-%m-%d-%H-%M-%S"'); $file_name = "snort_logs_{$save_date}_{$if_real}.tar.gz"; exec("cd /var/log/snort/snort_{$if_real}{$snort_uuid} && /usr/bin/tar -czf /tmp/{$file_name} *"); @@ -255,6 +256,8 @@ if ($_POST['download']) { } else $savemsg = gettext("An error occurred while creating archive"); + + conf_mount_ro(); } /* Load up an array with the current Suppression List GID,SID values */ diff --git a/config/snort/snort_blocked.php b/config/snort/snort_blocked.php index 8d106a90..95109660 100644 --- a/config/snort/snort_blocked.php +++ b/config/snort/snort_blocked.php @@ -63,6 +63,7 @@ if ($_POST['remove']) { /* TODO: build a file with block ip and disc */ if ($_POST['download']) { + conf_mount_rw(); $blocked_ips_array_save = ""; exec('/sbin/pfctl -t snort2c -T show', $blocked_ips_array_save); /* build the list */ @@ -104,6 +105,8 @@ if ($_POST['download']) $savemsg = gettext("An error occurred while creating archive"); } else $savemsg = gettext("No content on snort block list"); + + conf_mount_ro(); } if ($_POST['save']) diff --git a/config/snort/snort_define_servers.php b/config/snort/snort_define_servers.php index e9fcfcab..7b729208 100755 --- a/config/snort/snort_define_servers.php +++ b/config/snort/snort_define_servers.php @@ -131,11 +131,13 @@ if ($_POST) { $a_nat[$id] = $natent; + conf_mount_rw(); write_config(); /* Update the snort conf file for this interface. */ $rebuild_rules = false; snort_generate_conf($a_nat[$id]); + conf_mount_ro(); /* after click go to this page */ header( 'Expires: Sat, 26 Jul 1997 05:00:00 GMT' ); diff --git a/config/snort/snort_download_updates.php b/config/snort/snort_download_updates.php index 5c9b8210..fc97ab96 100755 --- a/config/snort/snort_download_updates.php +++ b/config/snort/snort_download_updates.php @@ -87,8 +87,10 @@ if (file_exists("{$snortdir}/{$snort_community_rules_filename}.md5")) /* Check for postback to see if we should clear the update log file. */ if (isset($_POST['clear'])) { + conf_mount_rw(); if (file_exists("{$snort_rules_upd_log}")) mwexec("/bin/rm -f {$snort_rules_upd_log}"); + conf_mount_ro(); } if (isset($_POST['update'])) { diff --git a/config/snort/snort_edit_hat_data.php b/config/snort/snort_edit_hat_data.php index f6d00b0b..9189c936 100644 --- a/config/snort/snort_edit_hat_data.php +++ b/config/snort/snort_edit_hat_data.php @@ -61,19 +61,23 @@ else $pconfig['host_attribute_data'] = ""; if ($_POST['clear']) { + conf_mount_rw(); unset($a_nat[$id]['host_attribute_data']); write_config(); $rebuild_rules = false; snort_generate_conf($a_nat[$id]); + conf_mount_ro(); header("Location: /snort/snort_edit_hat_data.php?id={$id}"); exit; } if ($_POST['host_attribute_data']) { + conf_mount_rw(); $a_nat[$id]['host_attribute_data'] = base64_encode($_POST['host_attribute_data']); write_config(); $rebuild_rules = false; snort_generate_conf($a_nat[$id]); + conf_mount_ro(); header("Location: /snort/snort_preprocessors.php?id={$id}"); exit; } diff --git a/config/snort/snort_interfaces_edit.php b/config/snort/snort_interfaces_edit.php index 9d488207..0a99e60a 100755 --- a/config/snort/snort_interfaces_edit.php +++ b/config/snort/snort_interfaces_edit.php @@ -150,8 +150,10 @@ if ($_POST["Submit"]) { if ($natent['interface'] != $a_rule[$id]['interface']) { $oif_real = snort_get_real_interface($a_rule[$id]['interface']); snort_stop($a_rule[$id], $oif_real); + conf_mount_rw(); exec("rm -r /var/log/snort_{$oif_real}" . $a_rule[$id]['uuid']); exec("mv -f {$snortdir}/snort_" . $a_rule[$id]['uuid'] . "_{$oif_real} {$snortdir}/snort_" . $a_rule[$id]['uuid'] . "_{$if_real}"); + conf_mount_ro(); } $a_rule[$id] = $natent; } else { diff --git a/config/snort/snort_interfaces_whitelist_edit.php b/config/snort/snort_interfaces_whitelist_edit.php index cbc31378..882c2b6f 100644 --- a/config/snort/snort_interfaces_whitelist_edit.php +++ b/config/snort/snort_interfaces_whitelist_edit.php @@ -100,8 +100,6 @@ if ($_GET['act'] == "import") { } if ($_POST['submit']) { - conf_mount_rw(); - unset($input_errors); $pconfig = $_POST; diff --git a/config/snort/snort_migrate_config.php b/config/snort/snort_migrate_config.php index 1a555408..61989e99 100644 --- a/config/snort/snort_migrate_config.php +++ b/config/snort/snort_migrate_config.php @@ -296,7 +296,7 @@ unset($r); // Write out the new configuration to disk if we changed anything if ($updated_cfg) { - $config['installedpackages']['snortglobal']['snort_config_ver'] = "3.0.1"; + $config['installedpackages']['snortglobal']['snort_config_ver'] = "3.0.2"; log_error("[Snort] Saving configuration settings in new format..."); write_config(); log_error("[Snort] Settings successfully migrated to new configuration format..."); diff --git a/config/snort/snort_preprocessors.php b/config/snort/snort_preprocessors.php index 289a3941..d1b3e5be 100755 --- a/config/snort/snort_preprocessors.php +++ b/config/snort/snort_preprocessors.php @@ -509,25 +509,27 @@ elseif ($_POST['Submit']) { $natent['stream5_track_udp'] = $_POST['stream5_track_udp'] ? 'on' : 'off'; $natent['stream5_track_icmp'] = $_POST['stream5_track_icmp'] ? 'on' : 'off'; - /* If 'preproc_auto_rule_disable' is off, then clear log file */ - if ($natent['preproc_auto_rule_disable'] == 'off') - @unlink("{$disabled_rules_log}"); - if (isset($id) && $a_nat[$id]) { $a_nat[$id] = $natent; write_config(); } - /* Set flag to rebuild rules for this interface */ - $rebuild_rules = true; + conf_mount_rw(); /*************************************************/ /* Update the snort.conf file and rebuild the */ /* rules for this interface. */ /*************************************************/ + $rebuild_rules = true; snort_generate_conf($natent); $rebuild_rules = false; + /* If 'preproc_auto_rule_disable' is off, then clear log file */ + if ($natent['preproc_auto_rule_disable'] == 'off') + @unlink("{$disabled_rules_log}"); + + conf_mount_ro(); + /*******************************************************/ /* Signal Snort to reload Host Attribute Table if one */ /* is configured and saved. */ diff --git a/config/snort/snort_rules.php b/config/snort/snort_rules.php index 0434f88f..37b06914 100755 --- a/config/snort/snort_rules.php +++ b/config/snort/snort_rules.php @@ -319,21 +319,25 @@ if ($_GET['act'] == "resetall" && !empty($rules_map)) { } if ($_POST['clear']) { + conf_mount_rw(); unset($a_rule[$id]['customrules']); write_config(); $rebuild_rules = true; snort_generate_conf($a_rule[$id]); $rebuild_rules = false; + conf_mount_ro(); header("Location: /snort/snort_rules.php?id={$id}&openruleset={$currentruleset}"); exit; } if ($_POST['customrules']) { + conf_mount_rw(); $a_rule[$id]['customrules'] = base64_encode($_POST['customrules']); write_config(); $rebuild_rules = true; snort_generate_conf($a_rule[$id]); $rebuild_rules = false; + conf_mount_ro(); $output = ""; $retcode = ""; exec("/usr/local/bin/snort -T -c {$snortdir}/snort_{$snort_uuid}_{$if_real}/snort.conf 2>&1", $output, $retcode); @@ -352,7 +356,7 @@ if ($_POST['customrules']) { } else if ($_POST['apply']) { - + conf_mount_rw(); /* Save new configuration */ write_config(); @@ -363,6 +367,10 @@ else if ($_POST['apply']) { $rebuild_rules = true; snort_generate_conf($a_rule[$id]); $rebuild_rules = false; + conf_mount_ro(); + + /* Soft-restart Snort to live-load new rules */ + snort_reload_config($a_rule[$id]); /* Return to this same page */ header("Location: /snort/snort_rules.php?id={$id}&openruleset={$currentruleset}"); diff --git a/config/snort/snort_rulesets.php b/config/snort/snort_rulesets.php index 62b68a1b..dc37cb10 100755 --- a/config/snort/snort_rulesets.php +++ b/config/snort/snort_rulesets.php @@ -118,7 +118,6 @@ if ($a_nat[$id]['ips_policy_enable'] == 'on') { else $disable_vrt_rules = ""; -/* alert file */ if ($_POST["Submit"]) { if ($_POST['ips_policy_enable'] == "on") { @@ -146,6 +145,7 @@ if ($_POST["Submit"]) { @unlink("{$snortdir}/snort_{$snort_uuid}_{$if_real}/rules/{$flowbit_rules_file}"); } + conf_mount_rw(); write_config(); /*************************************************/ @@ -155,6 +155,10 @@ if ($_POST["Submit"]) { $rebuild_rules = true; snort_generate_conf($a_nat[$id]); $rebuild_rules = false; + conf_mount_ro(); + + /* Soft-restart Snort to live-load new rules */ + snort_reload_config($a_nat[$id]); header("Location: /snort/snort_rulesets.php?id=$id"); exit; -- cgit v1.2.3 From 8e3a6c43552fa36df9dd19a0dd0db312add43d11 Mon Sep 17 00:00:00 2001 From: bmeeks8 Date: Sun, 12 Jan 2014 00:28:21 -0500 Subject: Bump Snort pkg version to 3.0.2 -- bug fixes. --- config/snort/snort.inc | 3 +-- config/snort/snort.xml | 4 ++-- config/snort/snort_post_install.php | 5 +++-- pkg_config.8.xml | 2 +- pkg_config.8.xml.amd64 | 2 +- 5 files changed, 8 insertions(+), 8 deletions(-) diff --git a/config/snort/snort.inc b/config/snort/snort.inc index 4351a9b0..91298838 100755 --- a/config/snort/snort.inc +++ b/config/snort/snort.inc @@ -54,7 +54,7 @@ if (empty($snort_version)) $snort_version = "2.9.5.5"; /* package version */ -$pfSense_snort_version = "3.0.1"; +$pfSense_snort_version = "3.0.2"; $snort_package_version = "Snort {$snort_version} pkg v{$pfSense_snort_version}"; // Define SNORTDIR and SNORTLIBDIR constants according to pfSense version @@ -662,7 +662,6 @@ function snort_post_delete_logs($snort_uuid = 0) { /* Clean-up packet capture files if any exist */ $filelist = glob("{$snort_log_dir}/snort.log.*"); - unset($filelist[count($filelist) - 1]); foreach ($filelist as $file) @unlink($file); diff --git a/config/snort/snort.xml b/config/snort/snort.xml index c50c066a..9d4f1d61 100755 --- a/config/snort/snort.xml +++ b/config/snort/snort.xml @@ -47,7 +47,7 @@ Currently there are no FAQ items provided. Snort 2.9.5.5 - Services:2.9.5.5 pkg v3.0.1 + Services:2.9.5.5 pkg v3.0.2 /usr/local/pkg/snort/snort.inc Snort @@ -244,7 +244,7 @@ diff --git a/config/snort/snort_post_install.php b/config/snort/snort_post_install.php index a7b54503..f79737a2 100644 --- a/config/snort/snort_post_install.php +++ b/config/snort/snort_post_install.php @@ -1354,6 +1354,7 @@ EOD; /*****************************************************************************/ /* This starts the actual post-install code */ /*****************************************************************************/ +conf_mount_rw(); /* Hard kill any running Snort processes that may have been started by any */ /* of the pfSense scripts such as check_reload_status() or rc.start_packages */ @@ -1436,7 +1437,6 @@ if ($config['installedpackages']['snortglobal']['forcekeepsettings'] == 'on') { /* Add the recurring jobs created above to crontab */ configure_cron(); - conf_mount_ro(); $rebuild_rules = false; update_output_window(gettext("Finished rebuilding Snort configuration files...")); @@ -1453,8 +1453,9 @@ if ($config['installedpackages']['snortglobal']['forcekeepsettings'] == 'on') { } /* Update Snort package version in configuration */ -$config['installedpackages']['snortglobal']['snort_config_ver'] = "3.0.1"; +$config['installedpackages']['snortglobal']['snort_config_ver'] = "3.0.2"; write_config(); +conf_mount_ro(); /* Done with post-install, so clear flag */ unset($g['snort_postinstall']); diff --git a/pkg_config.8.xml b/pkg_config.8.xml index ad96f673..d6111546 100644 --- a/pkg_config.8.xml +++ b/pkg_config.8.xml @@ -525,7 +525,7 @@ barnyard2_UNSET=ODBC PGSQL PRELUDE;barnyard2_SET=GRE IPV6 MPLS MYSQL;snort_SET=TARGETBASED PERFPROFILE DECODERPRE REACT FLEXRESP3 GRE IPV6 MPLS NORMALIZER ZLIB;perl_SET=THREADS;WITH_THREADS=yes;WITH_IPV6=true;WITH_MPLS=true;WITH_GRE=true;WITH_TARGETBASED=true;WITH_PERFPROFILE=true;WITH_DECODERPRE=true;WITH_ZLIB=true;WITH_NORMALIZER=true;WITH_REACT=true;WITH_FLEXRESP3=true;WITHOUT_ODBC=true;WITHOUT_POSTGRESQL=true;WITHOUT_PRELUDE=true;NOPORTDOCS=true http://www.pfsense.com/packages/config/snort/snort.xml - 2.9.5.5 pkg v3.0.1 + 2.9.5.5 pkg v3.0.2 2.0 Stable /snort.xml diff --git a/pkg_config.8.xml.amd64 b/pkg_config.8.xml.amd64 index e9560106..56ac8420 100644 --- a/pkg_config.8.xml.amd64 +++ b/pkg_config.8.xml.amd64 @@ -512,7 +512,7 @@ barnyard2_UNSET=ODBC PGSQL PRELUDE;barnyard2_SET=GRE IPV6 MPLS MYSQL;snort_SET=TARGETBASED PERFPROFILE DECODERPRE FLEXRESP3 GRE IPV6 MPLS NORMALIZER ZLIB;perl_SET=THREADS;WITH_THREADS=yes;WITH_IPV6=true;WITH_MPLS=true;WITH_GRE=true;WITH_TARGETBASED=true;WITH_PERFPROFILE=true;WITH_DECODERPRE=true;WITH_ZLIB=true;WITH_NORMALIZER=true;WITH_REACT=true;WITH_FLEXRESP3=true;WITHOUT_ODBC=true;WITHOUT_POSTGRESQL=true;WITHOUT_PRELUDE=true;NOPORTDOCS=true http://www.pfsense.com/packages/config/snort/snort.xml - 2.9.5.5 pkg v3.0.1 + 2.9.5.5 pkg v3.0.2 2.0 Stable /snort.xml -- cgit v1.2.3