From 89e3801c0b79e3a5f059b8f367dad0589358eade Mon Sep 17 00:00:00 2001 From: bmeeks8 Date: Tue, 11 Aug 2015 18:39:49 -0400 Subject: Need to use exec_command() since we want output back from execution. --- config/snort/snort_defs.inc | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/config/snort/snort_defs.inc b/config/snort/snort_defs.inc index 3f5c82e5..aa2d640d 100644 --- a/config/snort/snort_defs.inc +++ b/config/snort/snort_defs.inc @@ -51,11 +51,11 @@ if (!defined("SNORT_BIN_VERSION")) { // Grab the Snort binary version programmatically $snortver = array(); $snortbindir = SNORT_PBI_BINDIR; - mwexec("{$snortbindir}/snort -V 2>&1 |/usr/bin/grep Version | /usr/bin/cut -c20-26", $snortver); - if (!empty($snortver[0])) - define("SNORT_BIN_VERSION", $snortver[0]); + $snortver = exec_command("{$snortbindir}/snort -V 2>&1 |/usr/bin/grep Version | /usr/bin/cut -c20-26"); + if (!empty($snortver)) + define("SNORT_BIN_VERSION", $snortver); else - define("SNORT_BIN_VERSION", "2.9.7.3"); + define("SNORT_BIN_VERSION", ""); } if (!defined("SNORT_SID_MODS_PATH")) define('SNORT_SID_MODS_PATH', "{$g['vardb_path']}/snort/sidmods/"); -- cgit v1.2.3 From b2447d05bb64548815b4d0f72d0069e057162d9a Mon Sep 17 00:00:00 2001 From: bmeeks8 Date: Tue, 11 Aug 2015 18:43:18 -0400 Subject: Include proxy arp VIPs in default HOME_NET and PASS LIST. --- config/snort/snort.inc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/config/snort/snort.inc b/config/snort/snort.inc index 027207b1..24804461 100755 --- a/config/snort/snort.inc +++ b/config/snort/snort.inc @@ -471,7 +471,7 @@ function snort_build_list($snortcfg, $listname = "", $whitelist = false, $extern /* iterate all vips and add to whitelist */ if (is_array($config['virtualip']) && is_array($config['virtualip']['vip'])) { foreach($config['virtualip']['vip'] as $vip) { - if ($vip['subnet'] && $vip['mode'] != 'proxyarp') { + if ($vip['subnet']) { if (!in_array("{$vip['subnet']}/{$vip['subnet_bits']}", $home_net)) $home_net[] = "{$vip['subnet']}/{$vip['subnet_bits']}"; } -- cgit v1.2.3 From 19e6943e363aa043cc69972dc6e0d1c40c0e1c54 Mon Sep 17 00:00:00 2001 From: bmeeks8 Date: Tue, 11 Aug 2015 18:46:27 -0400 Subject: Add note to remind user to manually assign a new PASS LIST to an interface. --- config/snort/snort_passlist.php | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/config/snort/snort_passlist.php b/config/snort/snort_passlist.php index 965f22d7..1b377a1f 100644 --- a/config/snort/snort_passlist.php +++ b/config/snort/snort_passlist.php @@ -197,7 +197,8 @@ if ($savemsg) {




-

+
+

-- cgit v1.2.3 From 8b363a3e38ca048cf86aaf585086a5a4c942252d Mon Sep 17 00:00:00 2001 From: bmeeks8 Date: Tue, 11 Aug 2015 19:22:09 -0400 Subject: Firewall interface IPs automatically in PASS LIST, so deprecate GUI option --- config/snort/snort.inc | 3 ++- config/snort/snort_passlist_edit.php | 17 ++++------------- 2 files changed, 6 insertions(+), 14 deletions(-) diff --git a/config/snort/snort.inc b/config/snort/snort.inc index 24804461..5def1a1f 100755 --- a/config/snort/snort.inc +++ b/config/snort/snort.inc @@ -292,7 +292,8 @@ function snort_build_list($snortcfg, $listname = "", $whitelist = false, $extern if (empty($list)) return $list; $localnet = $list['localnets']; - $wanip = $list['wanips']; +// $wanip = $list['wanips']; + $wanip = 'yes'; $wangw = $list['wangateips']; $wandns = $list['wandnsips']; $vips = $list['vips']; diff --git a/config/snort/snort_passlist_edit.php b/config/snort/snort_passlist_edit.php index 75724344..25ebcc82 100644 --- a/config/snort/snort_passlist_edit.php +++ b/config/snort/snort_passlist_edit.php @@ -3,7 +3,7 @@ * snort_passlist_edit.php * Copyright (C) 2004 Scott Ullrich * Copyright (C) 2011-2012 Ermal Luci - * Copyright (C) 2014 Bill Meeks + * Copyright (C) 2015 Bill Meeks * All rights reserved. * * originially part of m0n0wall (http://m0n0.ch/wall) @@ -71,7 +71,7 @@ if (isset($id) && isset($a_passlist[$id])) { $pconfig['address'] = $a_passlist[$id]['address']; $pconfig['descr'] = html_entity_decode($a_passlist[$id]['descr']); $pconfig['localnets'] = $a_passlist[$id]['localnets']; - $pconfig['wanips'] = $a_passlist[$id]['wanips']; +// $pconfig['wanips'] = $a_passlist[$id]['wanips']; $pconfig['wangateips'] = $a_passlist[$id]['wangateips']; $pconfig['wandnsips'] = $a_passlist[$id]['wandnsips']; $pconfig['vips'] = $a_passlist[$id]['vips']; @@ -87,7 +87,7 @@ if ($_GET['act'] == "import") { $pconfig['address'] = htmlspecialchars($_GET['address']); $pconfig['descr'] = htmlspecialchars($_GET['descr']); $pconfig['localnets'] = htmlspecialchars($_GET['localnets'])? 'yes' : 'no'; - $pconfig['wanips'] = htmlspecialchars($_GET['wanips'])? 'yes' : 'no'; +// $pconfig['wanips'] = htmlspecialchars($_GET['wanips'])? 'yes' : 'no'; $pconfig['wangateips'] = htmlspecialchars($_GET['wangateips'])? 'yes' : 'no'; $pconfig['wandnsips'] = htmlspecialchars($_GET['wandnsips'])? 'yes' : 'no'; $pconfig['vips'] = htmlspecialchars($_GET['vips'])? 'yes' : 'no'; @@ -168,7 +168,7 @@ if ($_POST['save']) { $p_list['name'] = $_POST['name']; $p_list['uuid'] = $passlist_uuid; $p_list['localnets'] = $_POST['localnets']? 'yes' : 'no'; - $p_list['wanips'] = $_POST['wanips']? 'yes' : 'no'; +// $p_list['wanips'] = $_POST['wanips']? 'yes' : 'no'; $p_list['wangateips'] = $_POST['wangateips']? 'yes' : 'no'; $p_list['wandnsips'] = $_POST['wandnsips']? 'yes' : 'no'; $p_list['vips'] = $_POST['vips']? 'yes' : 'no'; @@ -255,7 +255,6 @@ if ($savemsg) - /> - - - - /> - - Date: Tue, 11 Aug 2015 19:51:47 -0400 Subject: Fix spelling error in message string. --- config/snort/snort.inc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/config/snort/snort.inc b/config/snort/snort.inc index 5def1a1f..62002b24 100755 --- a/config/snort/snort.inc +++ b/config/snort/snort.inc @@ -3455,7 +3455,7 @@ function snort_prepare_rule_files($snortcfg, $snortcfgdir) { /* Build a new sid-msg.map file from the enabled */ /* rules and copy it to the interface directory. */ - log_error(gettext("[Snort] Building new sig-msg.map file for " . convert_friendly_interface_to_friendly_descr($snortcfg['interface']) . "...")); + log_error(gettext("[Snort] Building new sid-msg.map file for " . convert_friendly_interface_to_friendly_descr($snortcfg['interface']) . "...")); snort_build_sid_msg_map("{$snortcfgdir}/rules/", "{$snortcfgdir}/sid-msg.map"); } -- cgit v1.2.3 From 1424f3c70d34e58543de64840d708f88e5cb8379 Mon Sep 17 00:00:00 2001 From: bmeeks8 Date: Tue, 11 Aug 2015 19:52:11 -0400 Subject: Simplify future updates by removing hard-coded version strings. --- config/snort/snort_migrate_config.php | 4 ++-- config/snort/snort_post_install.php | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/config/snort/snort_migrate_config.php b/config/snort/snort_migrate_config.php index ae1daf6a..edcbb2d5 100644 --- a/config/snort/snort_migrate_config.php +++ b/config/snort/snort_migrate_config.php @@ -541,10 +541,10 @@ unset($r); // Log a message if we changed anything if ($updated_cfg) { - $config['installedpackages']['snortglobal']['snort_config_ver'] = "3.2.6"; log_error("[Snort] Settings successfully migrated to new configuration format..."); } -else +else { log_error("[Snort] Configuration version is current..."); +} ?> diff --git a/config/snort/snort_post_install.php b/config/snort/snort_post_install.php index 280f0efe..bbb2642c 100644 --- a/config/snort/snort_post_install.php +++ b/config/snort/snort_post_install.php @@ -265,8 +265,8 @@ if (stristr($config['widgets']['sequence'], "snort_alerts-container") === FALSE) $config['widgets']['sequence'] .= ",{$snort_widget_container}"; /* Update Snort package version in configuration */ -$config['installedpackages']['snortglobal']['snort_config_ver'] = "3.2.6"; -write_config("Snort pkg v3.2.6: post-install configuration saved."); +$config['installedpackages']['snortglobal']['snort_config_ver'] = $config['installedpackages']['package'][get_pkg_id("snort")]['version']; +write_config("Snort pkg v{$config['installedpackages']['package'][get_pkg_id("snort")]['version']}: post-install configuration saved."); /* Done with post-install, so clear flag */ unset($g['snort_postinstall']); -- cgit v1.2.3 From 63151a3f2241f14677df474bc61d9b51469d84ea Mon Sep 17 00:00:00 2001 From: bmeeks8 Date: Thu, 13 Aug 2015 19:15:29 -0400 Subject: Remove unneeded duplicate code to simplify things. --- config/snort/snort.inc | 5 ----- config/snort/snort_check_for_rule_updates.php | 17 ++++++----------- config/snort/snort_defs.inc | 3 +-- 3 files changed, 7 insertions(+), 18 deletions(-) diff --git a/config/snort/snort.inc b/config/snort/snort.inc index 62002b24..fb8cd9d8 100755 --- a/config/snort/snort.inc +++ b/config/snort/snort.inc @@ -45,11 +45,6 @@ ini_set("memory_limit", "384M"); // Explicitly declare this as global so it works through function call includes global $g, $config, $rebuild_rules; -// Grab the Snort binary version programmatically, but if that fails use a safe default -$snortver = array(); -$snortbindir = SNORT_PBI_BINDIR; -exec("{$snortbindir}snort -V 2>&1 |/usr/bin/grep Version | /usr/bin/cut -c20-26", $snortver); - /* Rebuild Rules Flag -- if "true", rebuild enforcing rules and flowbit-rules files */ $rebuild_rules = false; diff --git a/config/snort/snort_check_for_rule_updates.php b/config/snort/snort_check_for_rule_updates.php index 0c4543cd..123661e4 100755 --- a/config/snort/snort_check_for_rule_updates.php +++ b/config/snort/snort_check_for_rule_updates.php @@ -64,19 +64,14 @@ $openappid_detectors = $config['installedpackages']['snortglobal']['openappid_de /* Working directory for downloaded rules tarballs and extraction */ $tmpfname = "{$g['tmp_path']}/snort_rules_up"; -/* Grab the Snort binary version programmatically and use it to construct */ -/* the proper Snort VRT rules tarball and md5 filenames. Fallback to a */ -/* default in the event we fail. */ -$snortver = array(); -exec("{$snortbindir}snort -V 2>&1 |/usr/bin/grep Version | /usr/bin/cut -c20-26", $snortver); -// Save the version with decimal delimiters for use in extracting the rules -$snort_version = $snortver[0]; -if (empty($snort_version)) - $snort_version = SNORT_BIN_VERSION; +/* Use the Snort binary version to construct the proper Snort VRT */ +/* rules tarball and md5 filenames. Save the version with decimal */ +/* delimiters for use in extracting the rules. */ +$snort_version = SNORT_BIN_VERSION; // Create a collapsed version string for use in the tarball filename -$snortver[0] = str_replace(".", "", $snortver[0]); -$snort_filename = "snortrules-snapshot-{$snortver[0]}.tar.gz"; +$snortver = str_replace(".", "", SNORT_BIN_VERSION); +$snort_filename = "snortrules-snapshot-{$snortver}.tar.gz"; $snort_filename_md5 = "{$snort_filename}.md5"; $snort_rule_url = VRT_DNLD_URL; diff --git a/config/snort/snort_defs.inc b/config/snort/snort_defs.inc index aa2d640d..ac09db44 100644 --- a/config/snort/snort_defs.inc +++ b/config/snort/snort_defs.inc @@ -49,13 +49,12 @@ if (!defined("SNORTLOGDIR")) define("SNORTLOGDIR", "{$g['varlog_path']}/snort"); if (!defined("SNORT_BIN_VERSION")) { // Grab the Snort binary version programmatically - $snortver = array(); $snortbindir = SNORT_PBI_BINDIR; $snortver = exec_command("{$snortbindir}/snort -V 2>&1 |/usr/bin/grep Version | /usr/bin/cut -c20-26"); if (!empty($snortver)) define("SNORT_BIN_VERSION", $snortver); else - define("SNORT_BIN_VERSION", ""); + define("SNORT_BIN_VERSION", "2.9.7.5"); } if (!defined("SNORT_SID_MODS_PATH")) define('SNORT_SID_MODS_PATH', "{$g['vardb_path']}/snort/sidmods/"); -- cgit v1.2.3 From dbd5dd1973be6bb4994f8f70735bca87398ab1da Mon Sep 17 00:00:00 2001 From: bmeeks8 Date: Thu, 13 Aug 2015 19:16:51 -0400 Subject: Update Snort binary to 2.9.7.5 and GUI pkg to v3.2.7 --- config/snort/snort.xml | 2 +- pkg_config.10.xml | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/config/snort/snort.xml b/config/snort/snort.xml index e3e1cdad..b8444009 100755 --- a/config/snort/snort.xml +++ b/config/snort/snort.xml @@ -45,7 +45,7 @@ Snort IDS/IPS Package Snort - 3.2.6 + 3.2.7 Services: Snort IDS /usr/local/pkg/snort/snort.inc diff --git a/pkg_config.10.xml b/pkg_config.10.xml index c66d2b96..c52f6603 100644 --- a/pkg_config.10.xml +++ b/pkg_config.10.xml @@ -388,14 +388,14 @@ Security bin/snort:security/snort security - snort-2.9.7.3-##ARCH##.pbi + snort-2.9.7.5-##ARCH##.pbi security/snort security/barnyard2 barnyard2_UNSET_FORCE=ODBC PGSQL PRELUDE;barnyard2_SET_FORCE=GRE IPV6 MPLS MYSQL PORT_PCAP BRO;snort_SET_FORCE=BARNYARD PERFPROFILE SOURCEFIRE GRE IPV6 NORMALIZER APPID;snort_UNSET_FORCE=PULLEDPORK FILEINSPECT HA https://packages.pfsense.org/packages/config/snort/snort.xml - 3.2.6 + 3.2.7 2.2 Stable /snort.xml -- cgit v1.2.3