From 893ca7808324f0b3fc25f9d0261d713828455e92 Mon Sep 17 00:00:00 2001 From: robiscool Date: Thu, 29 Apr 2010 11:56:05 -0700 Subject: snort, update download rules for ne version of snort, new version --- config/snort/NOTES.txt | 23 ++-- config/snort/snort.inc | 18 +++- config/snort/snort_download_rules.php | 174 ++++++++++--------------------- config/snort/snort_interfaces.php | 9 +- config/snort/snort_interfaces_global.php | 9 ++ pkg_config.7.xml | 6 +- pkg_config.8.xml | 4 +- 7 files changed, 109 insertions(+), 134 deletions(-) diff --git a/config/snort/NOTES.txt b/config/snort/NOTES.txt index 39d93061..cde858e5 100644 --- a/config/snort/NOTES.txt +++ b/config/snort/NOTES.txt @@ -1,16 +1,25 @@ -March 26 2019 -Snort-dev 2.8.5.3 pk v. 22 final +April 27 2010 +Snort-dev 2.8.5.3 pk v. 23 final TODO: -Create Threshold GUI -Pf snort block table should survive reboots. Dont know how Im going to do this. +Snort block table should survive reboots. Dont know how Im going to do this. Create Upload GUI. Use Pierre POMES code. -Use Chroot for snort. Add log rotation and log dir size display -Threshold tab needs to be added. +Redo code for rule downloads so that changes in snort.org rule gzip file does not break the package. +Add code suggested by Andrew Thompson. + +Long Term Goals: + +Use Chroot for snort. +Isolate functions using classes so we dont have double $vars errors. ! Important +The whitelist and supress code can be simplified. +Go through each tab and delete old code. +Snort Inline needs to be worked on. ! Important + +Any other Devs that read this. +Please add your intials and date to any code blocks you add. It helps me keep track. -Done. diff --git a/config/snort/snort.inc b/config/snort/snort.inc index ea5554cc..e03ec5d6 100644 --- a/config/snort/snort.inc +++ b/config/snort/snort.inc @@ -1033,6 +1033,13 @@ function sync_snort_package_empty() { global $config, $g; conf_mount_rw(); + +/* RedDevil suggested code */ +/* TODO: more testing needs to be done */ +exec("/sbin/sysctl net.bpf.bufsize=8388608"); +exec("/sbin/sysctl net.bpf.maxbufsize=4194304"); +exec("/sbin/sysctl net.bpf.maxinsns=512"); +exec("/sbin/sysctl net.inet.tcp.rfc1323=1"); /* do not start config build if rules is empty */ if (!empty($config['installedpackages']['snortglobal']['rule'])) @@ -1096,6 +1103,13 @@ function sync_snort_package_config() { global $config, $g; conf_mount_rw(); + +/* RedDevil suggested code */ +/* TODO: more testing needs to be done */ +exec("/sbin/sysctl net.bpf.bufsize=8388608"); +exec("/sbin/sysctl net.bpf.maxbufsize=4194304"); +exec("/sbin/sysctl net.bpf.maxinsns=512"); +exec("/sbin/sysctl net.inet.tcp.rfc1323=1"); /* do not start config build if rules is empty */ if (!empty($config['installedpackages']['snortglobal']['rule'])) @@ -1749,7 +1763,9 @@ snort_rules_up_deinstall_cron(""); /* Unset snort registers in conf.xml IMPORTANT snort will not start with out this */ /* Keep this as a last step */ - unset($config['installedpackages']['snortglobal']); + if($config['installedpackages']['snortglobal']['forcekeepsettings'] != 'on') { + unset($config['installedpackages']['snortglobal']); + } write_config(); conf_mount_rw(); diff --git a/config/snort/snort_download_rules.php b/config/snort/snort_download_rules.php index 6ba3c5df..2dd9a720 100644 --- a/config/snort/snort_download_rules.php +++ b/config/snort/snort_download_rules.php @@ -36,7 +36,7 @@ require_once("functions.inc"); require_once("service-utils.inc"); require_once("/usr/local/pkg/snort/snort.inc"); -$tmpfname = "/tmp/snort_rules_up"; +$tmpfname = "/usr/local/etc/snort/tmp/snort_rules_up"; $snortdir = "/usr/local/etc/snort"; $snortdir_wan = "/usr/local/etc/snort"; $snort_filename_md5 = "snortrules-snapshot-2.8.tar.gz.md5"; @@ -78,9 +78,7 @@ $emergingthreats = $config['installedpackages']['snortglobal']['emergingthreats' if (file_exists('/var/run/snort.conf.dirty')) { $snort_dirty_d = 'stop'; -} - - +} /* If no id show the user a button */ if ($id_d == "" || $snort_emrging_info == "stop" || $snort_oinkid_info == "stop" || $snort_dirty_d == 'stop') { @@ -317,9 +315,13 @@ setTimeout($.unblockUI, 2000); -'; - echo ""; - echo ""; - conf_mount_ro(); - exit(0); - } - } -} - -/* Copy renamed snort.org rules to snort dir */ -if ($snortdownload != "off") -{ - if ($snort_md5_check_ok != on) - { - if (file_exists("{$snortdir}/rules_bk/rules/Makefile.am")) - { - update_status(gettext("Copying renamed snort.org rules to snort directory...")); - exec("/bin/cp {$snortdir}/rules_bk/rules/* {$snortdir}/rules/"); - }else{ - update_status(gettext("The renamed snort.org rules do not exist...")); - update_output_window(gettext("Error copying config...")); - echo ' -'; - echo ""; - echo ""; - conf_mount_ro(); - exit(0); - } - } -} - -/* Copy configs to snort dir */ -if ($snortdownload != "off") -{ - if ($snort_md5_check_ok != on) - { - if (file_exists("{$snortdir}/etc/Makefile.am")) { - update_status(gettext("Copying configs to snort directory...")); - exec("/bin/cp {$snortdir}/etc/* {$snortdir}"); - exec("/bin/rm -r {$snortdir}/etc"); - }else{ - update_status(gettext("The snort config does not exist...")); - update_output_window(gettext("Error copying config...")); - echo ' -'; -echo ""; -echo ""; -conf_mount_ro(); - exit(0); - } - } -} - - /* Copy md5 sig to snort dir */ if ($snortdownload != "off") { @@ -1133,12 +1069,12 @@ if (!empty($config['installedpackages']['snortglobal']['rule'])) $config['installedpackages']['snortglobal']['last_rules_install'] = date("Y-M-jS-h:i-A"); /* remove old $tmpfname files */ -if (file_exists("{$tmpfname}")) +if (file_exists('/usr/local/etc/snort/tmp')) { update_status(gettext("Cleaning up...")); - exec("/bin/rm -r /tmp/snort_rules_up"); + exec("/bin/rm -r /usr/local/etc/snort/tmp/snort_rules_up"); sleep(2); - exec("/bin/rm -r {$snortdir}/rules_bk/rules/"); + exec("/bin/rm -r /usr/local/etc/snort/tmp/rules_bk"); apc_clear_cache(); } diff --git a/config/snort/snort_interfaces.php b/config/snort/snort_interfaces.php index b644d567..c2c17d56 100644 --- a/config/snort/snort_interfaces.php +++ b/config/snort/snort_interfaces.php @@ -241,7 +241,7 @@ if ($_GET['act'] == 'toggle' && $_GET['id'] != '') -$pgtitle = "Services: Snort 2.8.5.3 pkg v. 1.21"; +$pgtitle = "Services: Snort 2.8.5.3 pkg v. 1.23"; include("head.inc"); ?> @@ -481,12 +481,17 @@ padding: 15px 10px 50% 50px;
- + + + +
Note: + + Note:
This is the Snort Menu where you can see an over view of all your interface settings.
Please edit the Global Settings tab before adding an interface.

+ Warning: +
+ New settings will not take effect until interface restart. +

Click on the icon to add a interface.                                            Click on the icon to start snort and barnyard2.
Click on the icon to edit a interface and settings.                       Click on the icon to stop snort and barnyard2. diff --git a/config/snort/snort_interfaces_global.php b/config/snort/snort_interfaces_global.php index 29257bc7..24922564 100644 --- a/config/snort/snort_interfaces_global.php +++ b/config/snort/snort_interfaces_global.php @@ -46,6 +46,8 @@ $pconfig['whitelistvpns'] = $config['installedpackages']['snortglobal']['whiteli $pconfig['clickablalerteurls'] = $config['installedpackages']['snortglobal']['clickablalerteurls']; $pconfig['associatealertip'] = $config['installedpackages']['snortglobal']['associatealertip']; $pconfig['snortalertlogtype'] = $config['installedpackages']['snortglobal']['snortalertlogtype']; +$pconfig['forcekeepsettings'] = $config['installedpackages']['snortglobal']['forcekeepsettings']; + if ($_POST) { @@ -74,6 +76,7 @@ if ($_POST) { $config['installedpackages']['snortglobal']['clickablalerteurls'] = $_POST['clickablalerteurls'] ? on : off; $config['installedpackages']['snortglobal']['associatealertip'] = $_POST['associatealertip'] ? on : off; $config['installedpackages']['snortglobal']['snortalertlogtype'] = $_POST['snortalertlogtype']; + $config['installedpackages']['snortglobal']['forcekeepsettings'] = $_POST['forcekeepsettings'] ? on : off; write_config(); sleep(2); @@ -352,6 +355,12 @@ include("head.inc"); Please choose the type of Alert logging you will like see in your alert file.
Hint: Best pratice is to chose full logging. WARNING: On change, alert file will be cleared.
Keep snort settings after deinstall + onClick="enable_change(false)">
+ Settings will not be removed during deinstall.
 WARNING:
This will reset all global and interface settings. diff --git a/pkg_config.7.xml b/pkg_config.7.xml index 14fae150..8ede0026 100755 --- a/pkg_config.7.xml +++ b/pkg_config.7.xml @@ -345,7 +345,7 @@ 1.2.3 legacy snort.xml - Please visit the Snort settings tab and enter your oinkid code. Afterwards visit the update rules tab to download the snort rules. + Please visit the Snort settings tab and enter your oinkid code. Afterwards visit the update rules tab to download the snort rules. snort @@ -359,11 +359,11 @@ mysql-client-5.1.44_1.tbz snort-2.8.5.3.tbz http://www.pfsense.com/packages/config/snort/snort.xml - 2.8.5.3 pkg v. 1.22 + 2.8.5.3 pkg v. 1.23 1.2.3 Stable /snort.xml - This is the Snort branch and is stable. + Please visit the Snort settings tab and enter your oinkid code. Afterwards visit the update rules tab to download the snort rules. siproxd diff --git a/pkg_config.8.xml b/pkg_config.8.xml index efe09a59..34d5d0ba 100755 --- a/pkg_config.8.xml +++ b/pkg_config.8.xml @@ -245,11 +245,11 @@ mysql-client-5.1.45.tbz snort-2.8.5.3.tbz http://www.pfsense.com/packages/config/snort/snort.xml - 2.8.5.3 pkg v. 1.22 + 2.8.5.3 pkg v. 1.23 2.0 Stable /snort.xml - This is the Snort branch and is stable. + Please visit the Snort settings tab and enter your oinkid code. Afterwards visit the update rules tab to download the snort rules. spamd -- cgit v1.2.3