From 5b30f0e1acec35a572e99ee47e152e7db24b50b7 Mon Sep 17 00:00:00 2001 From: robiscool Date: Sun, 17 Jun 2012 23:07:26 -0700 Subject: snort-dev, fix snort-dev/snort_alerts.php, disable new preproc GTP until GUI is built. --- config/snort-dev/snort.inc | 8 +++++--- config/snort-dev/snort_alerts.php | 23 ++++++++++++++--------- 2 files changed, 19 insertions(+), 12 deletions(-) diff --git a/config/snort-dev/snort.inc b/config/snort-dev/snort.inc index 629c250a..b72c806e 100644 --- a/config/snort-dev/snort.inc +++ b/config/snort-dev/snort.inc @@ -274,6 +274,7 @@ function Running_Stop($snort_uuid, $if_real, $id) { /* * TODO: Add a GUI option that lets the user keep full logs */ + /* if ($start_up != '') { @exec("/bin/kill {$start_up}"); @exec("/bin/rm /var/log/snort/run/snort_{$if_real}{$snort_uuid}*"); @@ -287,6 +288,7 @@ function Running_Stop($snort_uuid, $if_real, $id) { @exec("/bin/rm /var/log/snort/barnyard2/{$snort_uuid}_{$if_real}/snort.u1*"); @exec("/bin/rm /var/log/snort/barnyard2/{$snort_uuid}_{$if_real}/snort.u2*"); } + */ /* Log Iface stop */ exec("/usr/bin/logger -p daemon.info -i -t SnortStartup 'Interface Rule STOP for {$snort_uuid}_{$if_real}...'"); @@ -1330,7 +1332,7 @@ function generate_snort_conf($id, $if_real, $snort_uuid) */ $snortalertcvs_type = ""; if ($snortcfg['snortalertcvs'] == "on") - $snortalertcvs_type = "output alert_csv: /var/log/alert.csv default 128"; + $snortalertcvs_type = "output alert_csv: /var/log/snort/{$snort_uuid}_{$if_real}/alert.csv default 128"; /* define snortalertlogtype */ if ($config['installedpackages']['snortglobal']['snortalertlogtype'] == "fast") @@ -1642,7 +1644,7 @@ function generate_snort_conf($id, $if_real, $snort_uuid) $enabled_rulesets = $snortcfg['rulesets']; $selected_rules_sections = ""; if (!empty($enabled_rulesets)) { - $enabled_rulesets_array = split("\|\|", $enabled_rulesets); + $enabled_rulesets_array = explode("\|\|", $enabled_rulesets); foreach($enabled_rulesets_array as $enabled_item) $selected_rules_sections .= "include \$RULE_PATH/{$enabled_item}\n"; } @@ -2246,7 +2248,7 @@ dynamicdetection directory /usr/local/lib/snort/dynamicrules # TODO: gui needed for pfsense # GTP Control Channle Preprocessor, README.GTP -preprocessor gtp: ports { 2123 3386 2152 } +# preprocessor gtp: ports { 2123 3386 2152 } #################################################### # Inline packet normalization, README.normalize diff --git a/config/snort-dev/snort_alerts.php b/config/snort-dev/snort_alerts.php index 354c89f4..538d49c7 100644 --- a/config/snort-dev/snort_alerts.php +++ b/config/snort-dev/snort_alerts.php @@ -48,8 +48,13 @@ if (!is_array($config['installedpackages']['snortglobal']['rule'])) $config['installedpackages']['snortglobal']['rule'] = array(); $a_instance = &$config['installedpackages']['snortglobal']['rule']; $snort_uuid = $a_instance[0]['uuid']; -if ($_POST['instance']) - $snort_uuid = $a_instance[$_POST['instance']]['uuid']; +$if_real = snort_get_real_interface($a_instance[0]['interface']); + +if ($_POST['instance']) { + $snort_uuid = $a_instance[$_POST]['instance']['uuid']; + $if_real = snort_get_real_interface($a_instance[$_POST]['instance']['interface']); +} + if (is_array($config['installedpackages']['snortglobal']['alertsblocks'])) { $pconfig['arefresh'] = $config['installedpackages']['snortglobal']['alertsblocks']['arefresh']; @@ -93,10 +98,10 @@ if ($_POST['save']) if ($_GET['action'] == "clear" || $_POST['clear']) { - if (file_exists("/var/log/snort/alert_{$snort_uuid}")) + if (file_exists("/var/log/snort/{$snort_uuid}_{$if_real}/alert")) { conf_mount_rw(); - @file_put_contents("/var/log/snort/alert_{$snort_uuid}", ""); + @file_put_contents("/var/log/snort/{$snort_uuid}_{$if_real}/alert", ""); post_delete_logs(); /* XXX: This is needed is snort is run as snort user */ //mwexec('/usr/sbin/chown snort:snort /var/log/snort/*', true); @@ -113,7 +118,7 @@ if ($_POST['download']) $save_date = exec('/bin/date "+%Y-%m-%d-%H-%M-%S"'); $file_name = "snort_logs_{$save_date}.tar.gz"; - exec("/usr/bin/tar cfz /tmp/{$file_name} /var/log/snort"); + exec("/usr/bin/tar cfz /tmp/{$file_name} /var/log/snort/{$snort_uuid}_{$if_real}"); if (file_exists("/tmp/{$file_name}")) { $file = "/tmp/snort_logs_{$save_date}.tar.gz"; @@ -381,16 +386,16 @@ if ($pconfig['arefresh'] == 'on')