From 710e7984a4b90ca30e3daa6a6f54202e0cbb1e9f Mon Sep 17 00:00:00 2001 From: bmeeks8 Date: Fri, 3 Jul 2015 14:06:58 -0400 Subject: Show Snort binary version on package home screen. --- config/snort/snort_interfaces.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/config/snort/snort_interfaces.php b/config/snort/snort_interfaces.php index 38471ef0..803c1491 100755 --- a/config/snort/snort_interfaces.php +++ b/config/snort/snort_interfaces.php @@ -125,7 +125,7 @@ if ($_POST['toggle'] && is_numericint($_POST['id'])) { sleep(3); // So the GUI reports correctly } -$pgtitle = "Services: $snort_package_version"; +$pgtitle = "Services: Snort " . SNORT_BIN_VERSION . " pkg v{$config['installedpackages']['package'][get_pkg_id("snort")]['version']}"; include_once("head.inc"); ?> -- cgit v1.2.3 From 29e3014f516da8888a762e0a253467675113208f Mon Sep 17 00:00:00 2001 From: bmeeks8 Date: Fri, 3 Jul 2015 14:11:45 -0400 Subject: Remove unused old variables. --- config/snort/snort.inc | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/config/snort/snort.inc b/config/snort/snort.inc index bb5ff792..82692d67 100755 --- a/config/snort/snort.inc +++ b/config/snort/snort.inc @@ -43,16 +43,13 @@ require("/usr/local/pkg/snort/snort_defs.inc"); ini_set("memory_limit", "384M"); // Explicitly declare this as global so it works through function call includes -global $g, $config, $rebuild_rules, $pfSense_snort_version; +global $g, $config, $rebuild_rules; // Grab the Snort binary version programmatically, but if that fails use a safe default $snortver = array(); $snortbindir = SNORT_PBI_BINDIR; exec("{$snortbindir}snort -V 2>&1 |/usr/bin/grep Version | /usr/bin/cut -c20-26", $snortver); -/* get installed package version for display */ -$snort_package_version = "Snort {$config['installedpackages']['package'][get_pkg_id("snort")]['version']}"; - /* Rebuild Rules Flag -- if "true", rebuild enforcing rules and flowbit-rules files */ $rebuild_rules = false; -- cgit v1.2.3 From 89fb04559a6e9bf1f5806bdbf3a351fe725485e9 Mon Sep 17 00:00:00 2001 From: bmeeks8 Date: Fri, 3 Jul 2015 14:29:43 -0400 Subject: Start Snort in the background on a package re-install. --- config/snort/snort_post_install.php | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/config/snort/snort_post_install.php b/config/snort/snort_post_install.php index 7b931246..2366c87d 100644 --- a/config/snort/snort_post_install.php +++ b/config/snort/snort_post_install.php @@ -245,9 +245,8 @@ if ($config['installedpackages']['snortglobal']['forcekeepsettings'] == 'on') { if (!($g['booting'])) { if ($pkg_interface <> "console") { update_status(gettext("Starting Snort using rebuilt configuration...")); - update_output_window(gettext("Please wait while Snort is started...")); - mwexec("{$rcdir}snort.sh start"); - update_output_window(gettext("Snort has been started using the rebuilt configuration...")); + mwexec_bg("{$rcdir}snort.sh start"); + update_output_window(gettext("Snort is starting as a background taks using the rebuilt configuration...")); } else mwexec_bg("{$rcdir}snort.sh start"); -- cgit v1.2.3 From 22fe600ac74fd8cf0d9c802f52ea11e536116125 Mon Sep 17 00:00:00 2001 From: bmeeks8 Date: Fri, 3 Jul 2015 14:47:01 -0400 Subject: Use more secure CURL options for rules tarball downloads. --- config/snort/snort_check_for_rule_updates.php | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/config/snort/snort_check_for_rule_updates.php b/config/snort/snort_check_for_rule_updates.php index 842e39d5..19930f27 100755 --- a/config/snort/snort_check_for_rule_updates.php +++ b/config/snort/snort_check_for_rule_updates.php @@ -203,9 +203,11 @@ function snort_download_file_url($url, $file_out) { } curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true); - curl_setopt($ch, CURLOPT_USERAGENT, "Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Win64; x64; Trident/6.0)"); - curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false); - curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, 30); + curl_setopt($ch, CURLOPT_USERAGENT, "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 Chrome/43.0.2357.65 Safari/537.36"); + curl_setopt($ch, CURLOPT_SSL_CIPHER_LIST, "TLSv1.2, TLSv1"); + curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, true); + curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, true); + curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, 15); curl_setopt($ch, CURLOPT_TIMEOUT, 0); // Use the system proxy server setttings if configured -- cgit v1.2.3 From 9843513bfbef7b027c523af1f85d3eeeeaf35e2d Mon Sep 17 00:00:00 2001 From: bmeeks8 Date: Fri, 3 Jul 2015 15:17:48 -0400 Subject: Send OpenAppID and SNORT_VARS changes to CARP replication partners. --- config/snort/snort_define_servers.php | 3 +++ config/snort/snort_preprocessors.php | 3 +++ 2 files changed, 6 insertions(+) diff --git a/config/snort/snort_define_servers.php b/config/snort/snort_define_servers.php index ee463ac9..b72a3d4e 100755 --- a/config/snort/snort_define_servers.php +++ b/config/snort/snort_define_servers.php @@ -142,6 +142,9 @@ if ($_POST['save']) { /* Soft-restart Snort to live-load new variables. */ snort_reload_config($a_nat[$id]); + /* Sync to configured CARP slaves if any are enabled */ + snort_sync_on_changes(); + /* after click go to this page */ header( 'Expires: Sat, 26 Jul 1997 05:00:00 GMT' ); header( 'Last-Modified: ' . gmdate( 'D, d M Y H:i:s' ) . ' GMT' ); diff --git a/config/snort/snort_preprocessors.php b/config/snort/snort_preprocessors.php index 9f6879ef..de680886 100755 --- a/config/snort/snort_preprocessors.php +++ b/config/snort/snort_preprocessors.php @@ -569,6 +569,9 @@ if ($_POST['save']) { !empty($natent['host_attribute_data'])) snort_reload_config($natent, "SIGURG"); + /* Sync to configured CARP slaves if any are enabled */ + snort_sync_on_changes(); + /* after click go to this page */ header( 'Expires: Sat, 26 Jul 1997 05:00:00 GMT' ); header( 'Last-Modified: ' . gmdate( 'D, d M Y H:i:s' ) . ' GMT' ); -- cgit v1.2.3 From 4fd76cd7429085db1a43346adf5f0b309e48721e Mon Sep 17 00:00:00 2001 From: bmeeks8 Date: Fri, 3 Jul 2015 15:26:12 -0400 Subject: Sync IPREP IP List files with CARP replication partners. --- config/snort/snort.inc | 32 ++++++++++++++++++++++++++++++++ config/snort/snort_ip_reputation.php | 3 +++ 2 files changed, 35 insertions(+) diff --git a/config/snort/snort.inc b/config/snort/snort.inc index 82692d67..e6de14d6 100755 --- a/config/snort/snort.inc +++ b/config/snort/snort.inc @@ -3804,6 +3804,38 @@ function snort_do_xmlrpc_sync($syncdownloadrules, $sync_to_ip, $port, $username, if (!empty($sid_files) && $error == "") log_error("[snort] Snort pkg XMLRPC CARP sync auto-SID conf files success with {$url}:{$port} (pfsense.exec_php)."); + /*************************************************/ + /* Send over any IPREP IP List files */ + /*************************************************/ + $sid_files = glob(SNORT_IPREP_PATH . '*'); + foreach ($sid_files as $file) { + $content = base64_encode(file_get_contents($file)); + $payload = "@file_put_contents('{$file}', base64_decode('{$content}'));"; + + /* assemble xmlrpc payload */ + $method = 'pfsense.exec_php'; + $params = array( XML_RPC_encode($password), XML_RPC_encode($payload) ); + + log_error("[snort] Snort XMLRPC CARP sync sending IPREP files to {$url}:{$port}."); + $msg = new XML_RPC_Message($method, $params); + $cli = new XML_RPC_Client('/xmlrpc.php', $url, $port); + $cli->setCredentials($username, $password); + $resp = $cli->send($msg, $synctimeout); + $error = ""; + if(!$resp) { + $error = "A communications error occurred while attempting Snort XMLRPC CARP sync with {$url}:{$port}. Failed to transfer file: " . basename($file); + log_error($error); + file_notice("sync_settings", $error, "Snort Settings Sync", ""); + } elseif($resp->faultCode()) { + $error = "An error code was received while attempting Snort XMLRPC CARP sync with {$url}:{$port}. Failed to transfer file: " . basename($file) . " - Code " . $resp->faultCode() . ": " . $resp->faultString(); + log_error($error); + file_notice("sync_settings", $error, "Snort Settings Sync", ""); + } + } + + if (!empty($sid_files) && $error == "") + log_error("[snort] Snort pkg XMLRPC CARP sync IPREP files success with {$url}:{$port} (pfsense.exec_php)."); + /**************************************************/ /* Send over the portion of the */ /* config.xml. $xml will hold section to sync. */ diff --git a/config/snort/snort_ip_reputation.php b/config/snort/snort_ip_reputation.php index 4c3065a0..c190b0e6 100644 --- a/config/snort/snort_ip_reputation.php +++ b/config/snort/snort_ip_reputation.php @@ -170,6 +170,9 @@ if ($_POST['save'] || $_POST['apply']) { snort_reload_config($a_nat[$id]); $pconfig = $natent; + // Sync to configured CARP slaves if any are enabled + snort_sync_on_changes(); + // We have saved changes and done a soft restart, so clear "dirty" flag clear_subsystem_dirty('snort_iprep'); } -- cgit v1.2.3 From 129844406855b3406d9d220df776a3e12ffc55da Mon Sep 17 00:00:00 2001 From: bmeeks8 Date: Fri, 3 Jul 2015 15:58:03 -0400 Subject: Show validation error for FQDN alias since we do not support them in pkgs. --- config/snort/snort_define_servers.php | 8 ++++++-- config/snort/snort_passlist_edit.php | 7 +++++-- config/snort/snort_preprocessors.php | 6 ++++++ 3 files changed, 17 insertions(+), 4 deletions(-) diff --git a/config/snort/snort_define_servers.php b/config/snort/snort_define_servers.php index b72a3d4e..0d24f197 100755 --- a/config/snort/snort_define_servers.php +++ b/config/snort/snort_define_servers.php @@ -107,11 +107,15 @@ if ($_POST['save']) { foreach ($snort_servers as $key => $server) { if ($_POST["def_{$key}"] && !is_alias($_POST["def_{$key}"])) - $input_errors[] = "Only aliases are allowed"; + $input_errors[] = "Only aliases are allowed."; + if ($_POST["def_{$key}"] && is_alias($_POST["def_{$key}"]) && trim(filter_expand_alias($_POST["def_{$key}"])) == "") + $input_errors[] = "FQDN aliases are not allowed in Snort."; } foreach ($snort_ports as $key => $server) { if ($_POST["def_{$key}"] && !is_alias($_POST["def_{$key}"])) - $input_errors[] = "Only aliases are allowed"; + $input_errors[] = "Only aliases are allowed."; + if ($_POST["def_{$key}"] && is_alias($_POST["def_{$key}"]) && trim(filter_expand_alias($_POST["def_{$key}"])) == "") + $input_errors[] = "FQDN aliases are not allowed in Snort."; } /* if no errors write to conf */ if (!$input_errors) { diff --git a/config/snort/snort_passlist_edit.php b/config/snort/snort_passlist_edit.php index 9f95adb4..75724344 100644 --- a/config/snort/snort_passlist_edit.php +++ b/config/snort/snort_passlist_edit.php @@ -155,9 +155,12 @@ if ($_POST['save']) { } } - if ($_POST['address']) + if ($_POST['address']) { if (!is_alias($_POST['address'])) - $input_errors[] = gettext("A valid alias must be provided"); + $input_errors[] = gettext("A valid alias must be provided."); + if (is_alias($_POST['address']) && trim(filter_expand_alias($_POST['address'])) == "") + $input_errors[] = gettext("FQDN aliases are not supported in Snort."); + } if (!$input_errors) { $p_list = array(); diff --git a/config/snort/snort_preprocessors.php b/config/snort/snort_preprocessors.php index de680886..d5eadfd9 100755 --- a/config/snort/snort_preprocessors.php +++ b/config/snort/snort_preprocessors.php @@ -451,6 +451,12 @@ if ($_POST['save']) { $input_errors[] = gettext("The value for Application ID Stats Period must be between 60 and 3600."); } + // Validate Portscan Ignore_Scanners parameter + if ($_POST['sf_portscan'] == 'on' && is_alias($_POST['pscan_ignore_scanners'])) { + if (trim(filter_expand_alias($_POST["def_{$key}"])) == "") + $input_errors[] = gettext("FQDN aliases are not supported in Snort for the PORTSCAN IGNORE_SCANNERS parameter."); + } + /* if no errors write to conf */ if (!$input_errors) { /* post new options */ -- cgit v1.2.3 From 168d9e3a981e7bbf9d54aa2dd8c1aed4d904238c Mon Sep 17 00:00:00 2001 From: bmeeks8 Date: Fri, 3 Jul 2015 22:25:20 -0400 Subject: Add new feature to hide deprecated rules categories in GUI. --- config/snort/deprecated_rules | 62 +++++++++++++++++++++++++ config/snort/snort.inc | 67 +++++++++++++++++++++++++++ config/snort/snort.xml | 5 ++ config/snort/snort_check_for_rule_updates.php | 6 +++ config/snort/snort_interfaces_global.php | 15 ++++++ config/snort/snort_migrate_config.php | 8 ++++ config/snort/snort_post_install.php | 3 ++ 7 files changed, 166 insertions(+) create mode 100644 config/snort/deprecated_rules diff --git a/config/snort/deprecated_rules b/config/snort/deprecated_rules new file mode 100644 index 00000000..d17cb395 --- /dev/null +++ b/config/snort/deprecated_rules @@ -0,0 +1,62 @@ +# +# Obsoleted Snort VRT rule categories +# +snort_attack-responses.rules +snort_backdoor.rules +snort_bad-traffic.rules +snort_botnet-cnc.rules +snort_chat.rules +snort_ddos.rules +snort_dns.rules +snort_dos.rules +snort_experimental.rules +snort_exploit.rules +snort_finger.rules +snort_ftp.rules +snort_icmp-info.rules +snort_icmp.rules +snort_imap.rules +snort_info.rules +snort_misc.rules +snort_multimedia.rules +snort_mysql.rules +snort_nntp.rules +snort_oracle.rules +snort_other-ids.rules +snort_p2p.rules +snort_phishing-spam.rules +snort_policy.rules +snort_pop2.rules +snort_pop3.rules +snort_rpc.rules +snort_rservices.rules +snort_scada.rules +snort_scan.rules +snort_shellcode.rules +snort_smtp.rules +snort_snmp.rules +snort_specific-threats.rules +snort_spyware-put.rules +snort_telnet.rules +snort_tftp.rules +snort_virus.rules +snort_voip.rules +snort_web-activex.rules +snort_web-attacks.rules +snort_web-cgi.rules +snort_web-client.rules +snort_web-coldfusion.rules +snort_web-frontpage.rules +snort_web-iis.rules +snort_web-misc.rules +snort_web-php.rules +# +# Obsoleted Emerging Threats Categories +# +emerging-rbn-malvertisers.rules +emerging-rbn.rules +# +# Obsoleted Emerging Threats PRO Categories +# +etpro-rbn-malvertisers.rules +etpro-rbn.rules \ No newline at end of file diff --git a/config/snort/snort.inc b/config/snort/snort.inc index e6de14d6..027207b1 100755 --- a/config/snort/snort.inc +++ b/config/snort/snort.inc @@ -3668,6 +3668,73 @@ function snort_generate_conf($snortcfg) { unset($home_net, $external_net, $ipvardef, $portvardef); } +function snort_remove_dead_rules() { + + /********************************************************/ + /* This function removes dead and deprecated rules */ + /* category files from the base Snort rules directory */ + /* and from the RULESETS setting of each interface. */ + /* The file "deprecated_rules", if it exists, is used */ + /* to determine which rules files to remove. */ + /********************************************************/ + + global $config, $g; + $rulesdir = SNORTDIR . "/rules/"; + $count = 0; + $cats = array(); + + // If there is no "deprecated_rules" file, then exit + if (!file_exists("{$rulesdir}deprecated_rules")) + return; + + // Open a SplFileObject to read in deprecated rules + $file = new SplFileObject("{$rulesdir}/deprecated_rules"); + $file->setFlags(SplFileObject::READ_AHEAD | SplFileObject::SKIP_EMPTY | SplFileObject::DROP_NEW_LINE); + while (!$file->eof()) { + $line = $file->fgets(); + + // Skip any lines with just spaces + if (trim($line) == "") + continue; + + // Skip any comment lines starting with '#' + if (preg_match('/^\s*\#+/', $line)) + continue; + + $cats[] = $line; + } + + // Close the SplFileObject since we are finished with it + $file = null; + + // Delete any dead rules files from the Snort RULES directory + foreach ($cats as $file) { + if (file_exists("{$rulesdir}{$file}")) + $count++; + unlink_if_exists("{$rulesdir}{$file}"); + } + + // Log how many obsoleted files were removed + log_error(gettext("[Snort] Removed {$count} obsoleted rules category files.")); + + // Now remove any dead rules files from the interface configurations + if (!empty($cats) && is_array($config['installedpackages']['snortglobal']['rule'])) { + foreach ($config['installedpackages']['snortglobal']['rule'] as &$iface) { + $enabled_rules = explode("||", $iface['rulesets']); + foreach ($enabled_rules as $k => $v) { + foreach ($cats as $d) { + if (strpos(trim($v), $d) !== false) + unset($enabled_rules[$k]); + } + } + $iface['rulesets'] = implode("||", $enabled_rules); + } + } + + // Clean up + unset($cats, $enabled_rules); +} + /* Uses XMLRPC to synchronize the changes to a remote node */ function snort_sync_on_changes() { global $config, $g; diff --git a/config/snort/snort.xml b/config/snort/snort.xml index c9401f05..a9b4bed4 100755 --- a/config/snort/snort.xml +++ b/config/snort/snort.xml @@ -93,6 +93,11 @@ 077 https://packages.pfsense.org/packages/config/snort/snort_sync.xml + + /usr/local/pkg/snort/ + 077 + https://packages.pfsense.org/packages/config/snort/deprecated_rules + /usr/local/www/snort/ 077 diff --git a/config/snort/snort_check_for_rule_updates.php b/config/snort/snort_check_for_rule_updates.php index 19930f27..0c4543cd 100755 --- a/config/snort/snort_check_for_rule_updates.php +++ b/config/snort/snort_check_for_rule_updates.php @@ -682,6 +682,12 @@ if ($emergingthreats == 'on') { } } +// If removing deprecated rules categories, then do it +if ($config['installedpackages']['snortglobal']['hide_deprecated_rules'] == "on") { + log_error(gettext("[Snort] Hide Deprecated Rules is enabled. Removing obsoleted rules categories.")); + snort_remove_dead_rules(); +} + function snort_apply_customizations($snortcfg, $if_real) { global $vrt_enabled, $rebuild_rules; diff --git a/config/snort/snort_interfaces_global.php b/config/snort/snort_interfaces_global.php index 6c1d56ac..b2ecefee 100644 --- a/config/snort/snort_interfaces_global.php +++ b/config/snort/snort_interfaces_global.php @@ -60,6 +60,7 @@ else { $pconfig['clearblocks'] = $config['installedpackages']['snortglobal']['clearblocks'] == "on" ? 'on' : 'off'; $pconfig['verbose_logging'] = $config['installedpackages']['snortglobal']['verbose_logging'] == "on" ? 'on' : 'off'; $pconfig['openappid_detectors'] = $config['installedpackages']['snortglobal']['openappid_detectors'] == "on" ? 'on' : 'off'; + $pconfig['hide_deprecated_rules'] = $config['installedpackages']['snortglobal']['hide_deprecated_rules'] == "on" ? 'on' : 'off'; } /* Set sensible values for any empty default params */ @@ -100,6 +101,7 @@ if (!$input_errors) { $config['installedpackages']['snortglobal']['clearblocks'] = $_POST['clearblocks'] ? 'on' : 'off'; $config['installedpackages']['snortglobal']['verbose_logging'] = $_POST['verbose_logging'] ? 'on' : 'off'; $config['installedpackages']['snortglobal']['openappid_detectors'] = $_POST['openappid_detectors'] ? 'on' : 'off'; + $config['installedpackages']['snortglobal']['hide_deprecated_rules'] = $_POST['hide_deprecated_rules'] ? 'on' : 'off'; // If any rule sets are being turned off, then remove them // from the active rules section of each interface. Start @@ -136,6 +138,12 @@ if (!$input_errors) { } } + // If deprecated rules should be removed, then do it + if ($config['installedpackages']['snortglobal']['hide_deprecated_rules'] == "on") { + log_error(gettext("[Snort] Hide Deprecated Rules is enabled. Removing obsoleted rules categories.")); + snort_remove_dead_rules(); + } + $config['installedpackages']['snortglobal']['oinkmastercode'] = $_POST['oinkmastercode']; $config['installedpackages']['snortglobal']['etpro_code'] = $_POST['etpro_code']; @@ -333,6 +341,13 @@ if ($input_errors) + + + /> +   " . gettext("Not Checked") . "" . gettext("."); ?> + diff --git a/config/snort/snort_migrate_config.php b/config/snort/snort_migrate_config.php index dcc5aa76..2d8d8927 100644 --- a/config/snort/snort_migrate_config.php +++ b/config/snort/snort_migrate_config.php @@ -116,6 +116,14 @@ if (empty($config['installedpackages']['snortglobal']['openappid_detectors'])) { $updated_cfg = true; } +/**********************************************************/ +/* Create new HIDE_DEPRECATED_RULES setting if not set */ +/**********************************************************/ +if (empty($config['installedpackages']['snortglobal']['hide_deprecated_rules'])) { + $config['installedpackages']['snortglobal']['hide_deprecated_rules'] = "off"; + $updated_cfg = true; +} + /**********************************************************/ /* Migrate per interface settings if required. */ /**********************************************************/ diff --git a/config/snort/snort_post_install.php b/config/snort/snort_post_install.php index 2366c87d..0c0fb723 100644 --- a/config/snort/snort_post_install.php +++ b/config/snort/snort_post_install.php @@ -85,6 +85,9 @@ conf_mount_rw(); @rename("{$snortdir}/gen-msg.map-sample", "{$snortdir}/gen-msg.map"); //@rename("{$snortdir}/attribute_table.dtd-sample", "{$snortdir}/attribute_table.dtd"); +/* Move deprecated_rules file to SNORTDIR/rules directory */ +@rename("/usr/local/pkg/snort/deprecated_rules", "{$snortdir}/rules/deprecated_rules"); + /* fix up the preprocessor rules filenames from a PBI package install */ $preproc_rules = array("decoder.rules", "preprocessor.rules", "sensitive-data.rules"); foreach ($preproc_rules as $file) { -- cgit v1.2.3 From 615385a377ab13f038f4e438b53924e3ee70a584 Mon Sep 17 00:00:00 2001 From: bmeeks8 Date: Fri, 3 Jul 2015 23:09:38 -0400 Subject: Fix PHP warnings from array/string mismatch error. --- config/snort/snort_preprocessors.php | 18 +++++++++++++++--- 1 file changed, 15 insertions(+), 3 deletions(-) diff --git a/config/snort/snort_preprocessors.php b/config/snort/snort_preprocessors.php index d5eadfd9..dd8ec660 100755 --- a/config/snort/snort_preprocessors.php +++ b/config/snort/snort_preprocessors.php @@ -80,6 +80,18 @@ $pconfig = array(); if (isset($id) && isset($a_nat[$id])) { $pconfig = $a_nat[$id]; + // Initialize multiple config engine arrays for supported preprocessors if necessary + if (!is_array($pconfig['frag3_engine']['item'])) + $pconfig['frag3_engine']['item'] = array(); + if (!is_array($pconfig['stream5_tcp_engine']['item'])) + $pconfig['stream5_tcp_engine']['item'] = array(); + if (!is_array($pconfig['http_inspect_engine']['item'])) + $pconfig['http_inspect_engine']['item'] = array(); + if (!is_array($pconfig['ftp_server_engine']['item'])) + $pconfig['ftp_server_engine']['item'] = array(); + if (!is_array($pconfig['ftp_client_engine']['item'])) + $pconfig['ftp_client_engine']['item'] = array(); + /************************************************************/ /* To keep new users from shooting themselves in the foot */ /* enable the most common required preprocessors by default */ @@ -1509,10 +1521,10 @@ if ($savemsg) { - - +

-- cgit v1.2.3 From 516e627d3fab68844fb4c69257834c847fa92731 Mon Sep 17 00:00:00 2001 From: bmeeks8 Date: Fri, 3 Jul 2015 23:11:39 -0400 Subject: Add missing newline to end of last line in file. --- config/snort/deprecated_rules | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/config/snort/deprecated_rules b/config/snort/deprecated_rules index d17cb395..3d8b2c3f 100644 --- a/config/snort/deprecated_rules +++ b/config/snort/deprecated_rules @@ -59,4 +59,4 @@ emerging-rbn.rules # Obsoleted Emerging Threats PRO Categories # etpro-rbn-malvertisers.rules -etpro-rbn.rules \ No newline at end of file +etpro-rbn.rules -- cgit v1.2.3 From 945bdb61b7486d61008656cff1c60410e65a387a Mon Sep 17 00:00:00 2001 From: bmeeks8 Date: Fri, 3 Jul 2015 23:25:21 -0400 Subject: Verify snort_widget file handle before trying to use it. --- config/snort/snort_alerts.widget.php | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/config/snort/snort_alerts.widget.php b/config/snort/snort_alerts.widget.php index 96c70562..2b7a10c7 100644 --- a/config/snort/snort_alerts.widget.php +++ b/config/snort/snort_alerts.widget.php @@ -125,7 +125,10 @@ function snort_widget_get_alerts() { /* 0 1 2 3 4 5 6 7 8 9 10 11 12 */ /* File format: timestamp,generator_id,sig_id,sig_rev,msg,proto,src,srcport,dst,dstport,id,classification,priority */ - $fd = fopen("/tmp/alert_snort{$snort_uuid}", "r"); + if (!$fd = fopen("/tmp/alert_snort{$snort_uuid}", "r")) { + log_error(gettext("[Snort Widget] Failed to open file /tmp/alert_snort{$snort_uuid}")); + continue; + } while (($fields = fgetcsv($fd, 1000, ',', '"')) !== FALSE) { if(count($fields) < 13) continue; -- cgit v1.2.3 From 4106c494cdc49668e23a4bae378edc69521468bb Mon Sep 17 00:00:00 2001 From: bmeeks8 Date: Mon, 13 Jul 2015 19:26:12 -0400 Subject: Bump Snort package to version 3.2.6 --- config/snort/snort.xml | 2 +- config/snort/snort_migrate_config.php | 2 +- config/snort/snort_post_install.php | 6 +++--- pkg_config.10.xml | 2 +- 4 files changed, 6 insertions(+), 6 deletions(-) diff --git a/config/snort/snort.xml b/config/snort/snort.xml index a9b4bed4..6c70b39e 100755 --- a/config/snort/snort.xml +++ b/config/snort/snort.xml @@ -47,7 +47,7 @@ Currently there are no FAQ items provided. Snort 2.9.7.3 - Services:2.9.7.3 pkg v3.2.5 + Services:2.9.7.3 pkg v3.2.6 /usr/local/pkg/snort/snort.inc Snort diff --git a/config/snort/snort_migrate_config.php b/config/snort/snort_migrate_config.php index 2d8d8927..ae1daf6a 100644 --- a/config/snort/snort_migrate_config.php +++ b/config/snort/snort_migrate_config.php @@ -541,7 +541,7 @@ unset($r); // Log a message if we changed anything if ($updated_cfg) { - $config['installedpackages']['snortglobal']['snort_config_ver'] = "3.2.5"; + $config['installedpackages']['snortglobal']['snort_config_ver'] = "3.2.6"; log_error("[Snort] Settings successfully migrated to new configuration format..."); } else diff --git a/config/snort/snort_post_install.php b/config/snort/snort_post_install.php index 0c0fb723..280f0efe 100644 --- a/config/snort/snort_post_install.php +++ b/config/snort/snort_post_install.php @@ -249,7 +249,7 @@ if ($config['installedpackages']['snortglobal']['forcekeepsettings'] == 'on') { if ($pkg_interface <> "console") { update_status(gettext("Starting Snort using rebuilt configuration...")); mwexec_bg("{$rcdir}snort.sh start"); - update_output_window(gettext("Snort is starting as a background taks using the rebuilt configuration...")); + update_output_window(gettext("Snort is starting as a background task using the rebuilt configuration...")); } else mwexec_bg("{$rcdir}snort.sh start"); @@ -265,8 +265,8 @@ if (stristr($config['widgets']['sequence'], "snort_alerts-container") === FALSE) $config['widgets']['sequence'] .= ",{$snort_widget_container}"; /* Update Snort package version in configuration */ -$config['installedpackages']['snortglobal']['snort_config_ver'] = "3.2.5"; -write_config("Snort pkg v3.2.5: post-install configuration saved."); +$config['installedpackages']['snortglobal']['snort_config_ver'] = "3.2.6"; +write_config("Snort pkg v3.2.6: post-install configuration saved."); /* Done with post-install, so clear flag */ unset($g['snort_postinstall']); diff --git a/pkg_config.10.xml b/pkg_config.10.xml index 59ccb704..de56da0f 100644 --- a/pkg_config.10.xml +++ b/pkg_config.10.xml @@ -404,7 +404,7 @@ barnyard2_UNSET_FORCE=ODBC PGSQL PRELUDE;barnyard2_SET_FORCE=GRE IPV6 MPLS MYSQL PORT_PCAP BRO;snort_SET_FORCE=BARNYARD PERFPROFILE SOURCEFIRE GRE IPV6 NORMALIZER APPID;snort_UNSET_FORCE=PULLEDPORK FILEINSPECT HA https://packages.pfsense.org/packages/config/snort/snort.xml - 3.2.5 + 3.2.6 2.2 Stable /snort.xml -- cgit v1.2.3