From ea47308a8e56e633928f9d296dd0c6d4960436f8 Mon Sep 17 00:00:00 2001 From: robiscool Date: Tue, 2 Aug 2011 10:59:38 -0700 Subject: Change snort-dev to orion --- config/snort-dev/snort_download_rules.inc | 1036 ----------------------------- 1 file changed, 1036 deletions(-) delete mode 100644 config/snort-dev/snort_download_rules.inc (limited to 'config/snort-dev/snort_download_rules.inc') diff --git a/config/snort-dev/snort_download_rules.inc b/config/snort-dev/snort_download_rules.inc deleted file mode 100644 index 8953a65c..00000000 --- a/config/snort-dev/snort_download_rules.inc +++ /dev/null @@ -1,1036 +0,0 @@ - 0; - "); - - }else{ - - $result = sqlite_query($db, - "SELECT * FROM {$table} where {$type} = '{$id_uuid}'; - "); - } - - if ($type == 'rdbuuid' || $type == 'All') { - $chktable = sqlite_fetch_all($result, SQLITE_ASSOC); - }else{ - $chktable = sqlite_fetch_array($result, SQLITE_ASSOC); - } - - sqlite_close($db); - - return $chktable; - - -} // end func - -function snortSql_updateRuleSetList($type, $value, $file_size, $downloaded, $filename) -{ - - $dbname = 'snortDBtemp'; - $table = 'SnortDownloads'; - $addDate = date(U); - - // do let user pick the DB path - $db = sqlite_open("/var/snort/{$dbname}"); - - if ($type === 'percent2'){ - $query_ck = sqlite_query($db, // @ supress warnings usonly in production - "UPDATE {$table} SET date = '{$addDate}', percent = '{$value}', filesize = '{$file_size}', downloaded = '{$downloaded}' where filename = '{$filename}'; - "); - } - - - if ($type === 'percent'){ - $query_ck = sqlite_query($db, // @ supress warnings usonly in production - "UPDATE {$table} SET date = '{$addDate}', percent = '{$value}' where filename = '{$filename}'; - "); - } - - if ($type === 'msg1'){ - $query_ck = sqlite_query($db, // @ supress warnings usonly in production - "UPDATE SnortDownloadsMsg SET date = '{$addDate}', msg = '{$value}' where id = '1'; - "); - } - - if ($type === 'msg2'){ - $query_ck = sqlite_query($db, // @ supress warnings usonly in production - "UPDATE SnortDownloadsMsg SET date = '{$addDate}', msg = '{$value}' where id = '2'; - "); - } - - /* - * INPORTANT: - * Register worker to prevent loops and ghost process - * Needs to be watched, - */ - - if ($type === 'working'){ - - $getmypid = getmypid(); - $getmyfilename = $_SERVER['SCRIPT_NAME']; - - $resultChk = sqlite_query($db, - "SELECT * FROM RegisterWorker WHERE uuid = 'jdjEf!773&h3bhFd6A'; - "); - - $resultChkFinal = sqlite_fetch_all($resultChk, SQLITE_ASSOC); - - if (!empty($resultChkFinal)) { - $query_ck = sqlite_query($db, // @ supress warnings usonly in production - "UPDATE RegisterWorker SET date = '{$addDate}', processid = '{$getmypid}', filename = '{$getmyfilename}', working = '{$value}' where uuid = 'jdjEf!773&h3bhFd6A'; - "); - }else{ - $query_ck = sqlite_query($db, // @ supress warnings usonly in production - "INSERT INTO RegisterWorker (date, processid, filename, working, uuid) VALUES ('{$addDate}', '{$getmypid}', '{$getmyfilename}', '{$value}', 'jdjEf!773&h3bhFd6A'); - "); - } - } - - - if ($type === 'snortWait'){ - $query_ck = sqlite_query($db, // @ supress warnings usonly in production - "UPDATE {$table} SET waittime = '{$addDate}' where filename = '{$filename}'; - "); - } - - if (sqlite_changes($db) < 1){ - sqlite_close($db); - return 'Error in query'; - } - - sqlite_close($db); - - -} - -// reapply rule settings -function reapplyRuleSettings_run($sidRule_array) -{ - - $sid_array = snortSql_fetchAllSettings2('snortDBrules', 'SnortruleSigs', 'rdbuuid', $sidRule_array); - - if (!empty($sid_array)) { - foreach ($sid_array as $sid) - { - if (!empty($sid['enable']) && !empty($sid['signatureid']) && !empty($sid['rdbuuid']) && !empty($sid['signaturefilename'])) { - if ($sid['enable'] === 'on') { - exec('/usr/bin/sed -i \'\' \'s/^# \(.*sid:' . "{$sid['signatureid']}" . ';.*\)/\1/\' /usr/local/etc/snort/snortDBrules/DB/' . "{$sid['rdbuuid']}" . '/rules/' . "{$sid['signaturefilename']}"); - } - - if ($sid['enable'] === 'off') { - exec('/usr/bin/sed -i \'\' \'s/^\(alert.*sid:' . "{$sid['signatureid']}" . ';.*\)/# \1/\' /usr/local/etc/snort/snortDBrules/DB/' . "{$sid['rdbuuid']}" . '/rules/' . "{$sid['signaturefilename']}"); - } - } - } - } - - // NOTES: DO NOT REMOVE BELOW COMMENTS - // returns file pathe of the sid - // $testing = exec("grep -ri 'sid: \?1225; ' /usr/local/etc/snort/snortDBrules/DB/RAjFYOrC04D6/rules | tail -n1 | awk -F: '{print $1}'"); - // see if sid is enabled - // $testing2 = exec("sed -n '/^alert.*sid:1225;.*/p' /usr/local/etc/snort/snortDBrules/DB/RAjFYOrC04D6/rules/snort_x11.rules"); - // enable a sid - // sed -i '' "s/^# \(.*sid:1225;.*\)/\1/" /usr/local/etc/snort/snortDBrules/DB/RAjFYOrC04D6/rules/snort_x11.rules - // disable a sid - // sed -i '' "s/^\(alert.*sid:1225;.*\)/# \1/" /usr/local/etc/snort/snortDBrules/DB/RAjFYOrC04D6/rules/snort_x11.rules - // grep "^alert.*sid:.*;" rules/emerging-worm.rules | grep -oh "\w*sid:[0-9][^*;]\w*" | awk -F: '{print $2}' - // sed -n '/^320 || .*/{p;q;}' rules/ ../etc/sid-msg.map | awk -F '|' '{print $3}' | sed -e 's/^[ \t]*//' - - -} - -function snortCmpareMD5($type, $path1, $path2, $filename_md5) -{ - update_output_window2('ms2', 'Checking ' . $filename_md5 . ' MD5...'); - - if (file_exists("{$path1}/{$filename_md5}")){ - - if ($type == 'string'){ - $md5_check_new = @file_get_contents("{$path1}/{$filename_md5}"); - $md5_check_old = @file_get_contents("{$path2}/{$filename_md5}"); - if ($md5_check_new !== $md5_check_old){ - update_output_window2('ms2', "$filename_md5 MD5s do not match..."); - return false; - } - } - - if ($type == 'md5'){ - //md5 snortrules-snapshot-2905.tar.gz | awk '{print $4}' - $md5_check_new2 = exec("/sbin/md5 {$path1}/{$filename_md5} | /usr/bin/awk '{print $4}'"); - $md5_check_old2 = exec("/sbin/md5 {$path2}/{$filename_md5} | /usr/bin/awk '{print $4}'"); - if ($md5_check_new != $md5_check_old){ - update_output_window2('ms2', "$filename_md5 MD5s do not match..."); - return false; - } - } - - if ($type == 'md5FileChk') { - //md5 snortrules-snapshot-2905.tar.gz | awk '{print $4}' - $md5_check_new = trim(exec("/sbin/md5 {$path1}/{$filename_md5} | /usr/bin/awk '{print $4}'")); - - $md5_check_old = exec("/bin/cat {$path1}/{$filename_md5}.md5"); - - $md5_check_old2 = trim(preg_replace('/"/', '', $md5_check_old)); - - if ($md5_check_new != $md5_check_old2){ - update_output_window2('ms2', "$filename_md5 MD5s do not match..."); - return false; - } - } - - - - } - - update_output_window2('ms2', "$filename_md5 MD5 File Check Passed..."); - return true; -} - - -/* - * update_output_window: update bottom textarea dynamically. - */ -function update_output_window2($type, $text) -{ - if ($type === 'ms1') { - $msg = 1; - } - - if ($type === 'ms2') { - $msg = 2; - } - - if ($GLOBALS['tmp']['snort']['downloadupdate']['console'] != 'on'){ - echo - ' - - '; - ob_flush(); - apc_clear_cache(); - - }else{ - echo "\n" . $type . ': ' . $text; - } - -} - -// returns array that matches pattern, option to replace objects in matches -function snortScanDirFilter2($arrayList, $pattmatch, $pattreplace, $pattreplacewith) -{ - foreach ( $arrayList as $val ) - { - if (preg_match($pattmatch, $val, $matches)) { - if ($pattreplace != '') { - $matches2 = preg_replace($pattreplace, $pattreplacewith, $matches[0]); - $filterDirList[] = $matches2; - }else{ - $filterDirList[] = $matches[0]; - } - } - } - return $filterDirList; -} - -// set page vars -$generalSettings = snortSql_fetchAllSettings2('snortDB', 'SnortSettings', 'id', '1'); - -// Setup file names and dir -$tmpfname = '/usr/local/etc/snort/snort_download'; -$snortdir = '/usr/local/etc/snort'; -$snortdir_rules = '/usr/local/etc/snort/snortDBrules/snort_rules'; -$emergingdir_rules = '/usr/local/etc/snort/snortDBrules/emerging_rules'; -$pfsensedir_rules = '/usr/local/etc/snort/snortDBrules/pfsense_rules'; -$customdir_rules = '/usr/local/etc/snort/snortDBrules/custom_rules'; -$snort_filename_md5 = 'snortrules-snapshot-2905.tar.gz.md5'; -$snort_filename = 'snortrules-snapshot-2905.tar.gz'; -$emergingthreats_filename_md5 = 'emerging.rules.tar.gz.md5'; -$emergingthreats_filename = 'emerging.rules.tar.gz'; -$pfsense_rules_filename_md5 = 'pfsense_rules.tar.gz.md5'; -$pfsense_rules_filename = 'pfsense_rules.tar.gz'; - -// START of MAIN function -function sendUpdateSnortLogDownload($console) -{ - - if ($console === 'console'){ - $GLOBALS['tmp']['snort']['downloadupdate']['console'] = 'on'; - } - - if ($console !== 'console') { - - echo - ' - - '; - - } - - - //bring in the global vars - global $generalSettings, $tmpfname, $snortdir, $snortdir_rules, $emergingdir_rules, $pfsensedir_rules, $customdir_rules, $snort_filename_md5, $snort_filename, $emergingthreats_filename_md5, $emergingthreats_filename, $pfsense_rules_filename_md5, $pfsense_rules_filename; - - /* Make shure snortdir exits */ - if (!file_exists("{$snortdir}")) { - exec("/bin/mkdir -p {$snortdir}"); - } - if (!file_exists("{$tmpfname}")) { - exec("/bin/mkdir -p {$tmpfname}"); - } - if (!file_exists("{$snortdir_rules}")) { - exec("/bin/mkdir -p {$snortdir_rules}"); - } - if (!file_exists("{$emergingdir_rules}")) { - exec("/bin/mkdir -p {$emergingdir_rules}"); - } - if (!file_exists("{$pfsensedir_rules}")) { - exec("/bin/mkdir -p {$pfsensedir_rules}"); - } - if (!file_exists("{$customdir_rules}")) { - exec("/bin/mkdir -p {$customdir_rules}"); - } - if (!file_exists("{$snortdir}/signatures")) { - exec("/bin/mkdir -p {$snortdir}/signatures"); - } - if (!file_exists('/usr/local/lib/snort/dynamicrules/')) { - exec('/bin/mkdir -p /usr/local/lib/snort/dynamicrules/'); - } - - - /* Set user agent to Mozilla */ - ini_set('user_agent','Mozilla/4.0 (compatible; MSIE 6.0)'); - ini_set("memory_limit","150M"); - - - // Get file that does not use redirects, mostly for none snort.org downloads - function snort_file_get_contents($tmpfname, $snort_filename, $snort_UrlGet) - { - if (!file_exists("{$tmpfname}/{$snort_filename}") || filesize("{$tmpfname}/{$snort_filename}") <= 0){ - update_output_window2('ms2', 'Downloading ' . $snort_filename. ' MD5...'); - ini_set('user_agent','Mozilla/4.0 (compatible; MSIE 6.0)'); - $file = file_get_contents("$snort_UrlGet/{$snort_filename}"); // use a @ infront of file_get_contents when in production - $f = fopen("{$tmpfname}/{$snort_filename}", 'w'); - fwrite($f, $file); - fclose($f); - update_output_window2('ms2', 'Finnished Downloading ' . $snort_filename. ' MD5...'); - } - } - - function read_header2($ch, $string) { - global $file_size, $fout; - $length = strlen($string); - $regs = ""; - ereg("(Content-Length:) (.*)", $string, $regs); - if($regs[2] <> "") { - $file_size = intval($regs[2]); - } - ob_flush(); - return $length; - } - - function read_body2($ch, $string) { - global $fout, $file_size, $downloaded, $sendto, $static_status, $static_output, $lastseen; - global $pkg_interface; - $length = strlen($string); - $downloaded += intval($length); - if($file_size > 0) { - $downloadProgress = round(100 * (1 - $downloaded / $file_size), 0); - $downloadProgress = 100 - $downloadProgress; - } else - $downloadProgress = 0; - if($lastseen <> $downloadProgress and $downloadProgress < 101) { - if($sendto == "status") { - if($pkg_interface == "console") { - if(substr($downloadProgress,2,1) == "0" || count($downloadProgress) < 2) { - $tostatus = $static_status . $downloadProgress . "%"; - update_status($tostatus); - } - } else { - $tostatus = $static_status . $downloadProgress . "%"; - update_status($tostatus); - } - } else { - if($pkg_interface == "console") { - if(substr($downloadProgress,2,1) == "0" || count($downloadProgress) < 2) { - $tooutput = $static_output . $downloadProgress . "%"; - update_output_window($tooutput); - } - } else { - $tooutput = $static_output . $downloadProgress . "%"; - update_output_window($tooutput); - } - } - update_progress_bar($downloadProgress); - $lastseen = $downloadProgress; - } - if($fout) - fwrite($fout, $string); - ob_flush(); - return $length; - } - - /* - * update_progress_bar($percent): updates the javascript driven progress bar. - */ - function update_progress_bar2($percent, $file_size, $downloaded) - { - if ($GLOBALS['tmp']['snort']['downloadupdate']['console'] != 'on') { - if (!empty($percent)) { - echo - ' - - '; - } - - }else{ - echo "\n" . 'percent: ' . $percent . ' filesize: ' . $file_size . ' downloaded: ' . $downloaded; - } - } - - - function read_body_firmware($ch, $string) - { - global $fout, $file_size, $downloaded, $counter; - $length = strlen($string); - $downloaded += intval($length); - $downloadProgress = round(100 * (1 - $downloaded / $file_size), 0); - $downloadProgress = 100 - $downloadProgress; - $counter++; - if($counter > 150) { - update_progress_bar2($downloadProgress, $file_size, $downloaded); - flush(); - $counter = 0; - } - fwrite($fout, $string); - return $length; - } - - function download_file_with_progress_bar2($url_file, $destination, $workingfile, $readbody = 'read_body2') - { - global $ch, $fout, $file_size, $downloaded; - $file_size = 1; - $downloaded = 1; - $destination_file = $destination . '/' . $workingfile; - - /* open destination file */ - $fout = fopen($destination_file, "wb"); - - /* - * Originally by Author: Keyvan Minoukadeh - * Modified by Scott Ullrich to return Content-Length size - */ - - $ch = curl_init(); - curl_setopt($ch, CURLOPT_URL, $url_file); - curl_setopt($ch, CURLOPT_HEADERFUNCTION, 'read_header2'); - curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true); - curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false); - curl_setopt($ch, CURLOPT_WRITEFUNCTION, $readbody); - curl_setopt($ch, CURLOPT_NOPROGRESS, '1'); - curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, '5'); - curl_setopt($ch, CURLOPT_TIMEOUT, 0); - - curl_exec($ch); - $http_code = curl_getinfo($ch, CURLINFO_HTTP_CODE); - if($fout) - fclose($fout); - curl_close($ch); - return ($http_code == 200) ? true : $http_code; - } - -// ----------------------------------------------------- Begin Code -------------------------------------------- - - - // rm all tmp filea - @exec("/bin/rm -r $tmpfname/*"); - - // Set all downloads to be false, download by default - - $snort_md5_check_ok = false; - $emerg_md5_check_ok = false; - $pfsense_md5_check_ok = false; - - // define checks - $oinkid = $generalSettings['oinkmastercode']; - - $emergingthreatscode = $generalSettings['emergingthreatscode']; - - // dsable downloads if there settings are off - if ($generalSettings['snortdownload'] === 'off') { - $snort_md5_check_ok = true; - } - - if ($generalSettings['emergingthreatsdownload'] == 'off') { - $emerg_md5_check_ok = true; - } - - if ($oinkid == '' && $generalSettings['snortdownload'] === 'on') { - update_output_window2('ms1', 'Snort Error!'); - update_output_window2('ms2', 'You must obtain an oinkid from snort.org and set its value in the Snort settings tab.'); - exec("/usr/bin/logger -p daemon.info -i -t SnortStartup 'You must obtain an oinkid from snort.org and set its value in the Snort settings tab.'"); - return false; - } - - if ($emergingthreatscode === '' && $generalSettings['snortdownload'] === 'pro') { - update_output_window2('ms1', 'Snort Error!'); - update_output_window2('ms2', 'You must obtain an emergingthreat pro id from emergingthreatspro.com and set its value in the Snort settings tab.'); - exec("/usr/bin/logger -p daemon.info -i -t SnortStartup 'You must obtain an emergingthreat pro id from emergingthreatspro.com and set its value in the Snort settings tab.'"); - return false; - } - - if ($generalSettings['snortdownload'] === 'off' && $generalSettings['emergingthreatsdownload'] === 'off') { // note: basic and pro - update_output_window2('ms1', 'Snort Error!'); - update_output_window2('ms2', 'SnortStartup: No rules have been selected to download.'); - exec("/usr/bin/logger -p daemon.info -i -t SnortStartup 'No rules have been selected to download.'"); - return false; - } - - /* - * Check MD5s and MARK - * - */ - - update_output_window2('ms1', 'Starting MD5 checks...'); - - // check is we need to wait - update_output_window2('ms2', 'Checking Wait Status for Snort.org...'); - $getSnort_filename_Waittime_chk = snortSql_fetchAllSettings2('snortDBtemp', 'SnortDownloads', 'filename', $snort_filename); - - if (date(U) > $getSnort_filename_Waittime_chk['waittime'] + 900) { - update_output_window2('ms2', 'Snort.org Wait Time Status: OK...'); - }else{ - update_output_window2('ms2', 'Snort.org Wait Time Status: Wait 15 min Please...'); - $snort_md5_check_ok = true; - $snort_wait = true; - } - - // check is we need to wait - update_output_window2('ms2', 'Checking Wait Status for Emergingthreats.net...'); - $getEmergingthreats_filename_Waittime_chk = snortSql_fetchAllSettings2('snortDBtemp', 'SnortDownloads', 'filename', $emergingthreats_filename); - - if (date(U) > $getEmergingthreats_filename_Waittime_chk['waittime'] + 900) { - update_output_window2('ms2', 'Emergingthreats.net Wait Time Status: OK...'); - }else{ - update_output_window2('ms2', 'Emergingthreats.net Wait Time Status: Wait 15 min Please...'); - $emerg_md5_check_ok = true; - $emerg_wait = true; - } - - // if all rules need wait stop - if ($snort_wait === true && $emerg_wait === true) { - return false; - } - - // download snort.org md5 and compare - if ($snort_md5_check_ok === false) { - - snort_file_get_contents($tmpfname, $snort_filename_md5, 'http://www.snort.org/pub-bin/oinkmaster.cgi/' . $oinkid); - snortSql_updateRuleSetList('percent', '100', '', '', $snort_filename_md5); // finsh percent - - // if snort.org md5 do not match - if(snortCmpareMD5('string', $tmpfname, $snortdir_rules, $snort_filename_md5)) { - $snort_md5_check_ok = true; - } - - } - - // download emergingthreats.net md5 and compare - if ($emerg_md5_check_ok === false) { - - snort_file_get_contents($tmpfname, $emergingthreats_filename_md5, 'http://rules.emergingthreats.net/open/snort-2.9.0'); - snortSql_updateRuleSetList('percent', '100', '', '', $emergingthreats_filename_md5); // finsh percent - - // if emergingthreats.net md5 do not match - if(snortCmpareMD5('string', $tmpfname, $emergingdir_rules, $emergingthreats_filename_md5)) { - $emerg_md5_check_ok = true; - } - - } - - // download pfsense.org md5 and compare - snort_file_get_contents($tmpfname, $pfsense_rules_filename_md5, 'http://www.pfsense.com/packages/config/snort/pfsense_rules'); - snortSql_updateRuleSetList('percent', '100', '', '', $pfsense_rules_filename_md5); // finsh percent - - // if pfsense.org md5 do not match - if(snortCmpareMD5('string', $tmpfname, $pfsensedir_rules, $pfsense_rules_filename_md5)) { - $pfsense_md5_check_ok = true; - } - - /* - * If all rule type is not check clean up. - */ - - /* Make Clean Snort Directory emergingthreats not checked */ - if ($snort_md5_check_ok === false && $emergingthreatsdownload === 'off') { - update_output_window2('ms1', 'Cleaning the emergingthreats Directory...'); - exec("/bin/rm {$snortdir}/emerging_rules/*.rules"); - exec("/bin/rm {$snortdir}/version.txt"); - update_output_window2('ms2', 'Done cleaning emrg direcory.'); - } - - /* Make Clean Snort Directory snort.org not checked */ - if ($emerg_md5_check_ok === false && $snortdownload !== 'on') { - update_output_window2('ms1', 'Cleaning the snort Directory...'); - exec("/bin/rm {$snortdir}/snort_rules/*.rules"); - exec("/bin/rm {$snortdir}/snortrules-snapshot-2905.tar.gz.md5"); - update_output_window2('ms2', 'Done cleaning snort direcory.'); - } - - - /* Check if were up to date exits */ - if ($snort_md5_check_ok === true && $emerg_md5_check_ok === true && $pfsense_md5_check_ok === true) { - update_output_window2('ms1', 'Your rules are up to date...'); - return false; - } - - - /* You are Not Up to date, always stop snort when updating rules for low end machines */; - update_output_window2('ms1', 'You are NOT up to date...'); - update_output_window2('ms2', 'Stopping Snort and Barnyard2 service...'); - $chk_if_snort_up = exec('pgrep -x snort'); - $chk_if_barnyad_up = exec('pgrep -x barnyad2'); - if ($chk_if_snort_up != '') { - exec('/usr/bin/touch /tmp/snort_download_halt.pid'); // IMPORTANT: incase of script crash or error, Mabe use DB - exec('/usr/bin/killall snort'); - if ($chk_if_barnyad_up != ''){ - exec('/usr/bin/killall barnyad2'); - } - sleep(2); - } - - - /* download snortrules file */ - if ($snort_md5_check_ok === false) { - - $GLOBALS['tmp']['snort']['downloadupdate']['workingfile'] = $snort_filename; - update_output_window2('ms1', 'Snort.org: Starting Download...'); - update_output_window2('ms2', 'May take a while...'); - download_file_with_progress_bar2("http://www.snort.org/pub-bin/oinkmaster.cgi/{$oinkid}/{$snort_filename}", $tmpfname, $snort_filename, "read_body_firmware"); - //download_file_with_progress_bar2("http://theseusnetworking.com/pub-bin/oinkmaster.cgi/{$oinkid}/{$snort_filename}", $tmpfname, $snort_filename, "read_body_firmware"); - update_progress_bar2(100, '', ''); // finsh percent - snortSql_updateRuleSetList('percent', '100', '', '', $snort_filename); // finsh percent, add date time finnished - update_output_window2('ms2', 'Snort.org: Finished Download...'); - - // if md5 does not match then the file is bad or snort.org says wait 15 min - update_output_window2('ms1', 'Snort.org MD5 File Check ...'); - if (!snortCmpareMD5('md5FileChk', $tmpfname, '', $snort_filename)) { - - $snort_filename_wait_ck = exec("/usr/bin/egrep '\bYou must wait 15\b' {$tmpfname}/{$snort_filename}"); - if ($snort_filename_wait_ck != '') { - update_output_window2('ms2', 'Snort.org: You must wait 15 min...'); - } - - // disable snort.org download - $snort_md5_check_ok = true; - $snort_filename_corrupted = true; - - } - } - - /* download emergingthreats file */ - if ($emerg_md5_check_ok === false) { - - $GLOBALS['tmp']['snort']['downloadupdate']['workingfile'] = $emergingthreats_filename; - update_output_window2('ms1', 'Emergingthreats.net: Starting Download...'); - update_output_window2('ms2', 'May take a while...'); - download_file_with_progress_bar2("http://rules.emergingthreats.net/open/snort-2.9.0/{$emergingthreats_filename}", $tmpfname, $emergingthreats_filename, "read_body_firmware"); - update_progress_bar2(100, '', ''); // finsh percent - snortSql_updateRuleSetList('percent', '100', '', '', $emergingthreats_filename); // finsh percent - update_output_window2('ms2', 'Emergingthreats.net: Finished Download...'); - - // if md5 does not match then the file is bad or snort.org says wait 15 min - update_output_window2('ms1', 'Emergingthreats MD5 File Check ...'); - if (!snortCmpareMD5('md5FileChk', $tmpfname, '', $emergingthreats_filename)) { - - // disable snort.org download - $emerg_md5_check_ok = true; - $emerg_filename_corrupted = true; - - } - } - - /* download pfsense rule file */ - if ($pfsense_md5_check_ok === false) { - - $GLOBALS['tmp']['snort']['downloadupdate']['workingfile'] = $pfsense_rules_filename; - update_output_window2('ms1', 'pfSense.org: Starting Download...'); - update_output_window2('ms2', 'May take a while...'); - download_file_with_progress_bar2("http://www.pfsense.com/packages/config/snort/pfsense_rules/{$pfsense_rules_filename}", $tmpfname, $pfsense_rules_filename, "read_body_firmware"); - update_progress_bar2(100, '', ''); // finsh percent - snortSql_updateRuleSetList('percent', '100', '', '', $pfsense_rules_filename); // finsh percent - update_output_window2('ms2', 'pfSense.org: Finished Download...'); - - // if md5 does not match then the file is bad or snort.org says wait 15 min - update_output_window2('ms1', 'pfSense.org MD5 File Check ...'); - if (!snortCmpareMD5('md5FileChk', $tmpfname, '', $pfsense_rules_filename)) { - - // disable snort.org download - $pfsense_md5_check_ok = true; - - } - } - - // if both files are corrupted stop - if ($snort_filename_corrupted === true && $emerg_filename_corrupted === true) { - update_output_window2('ms1', 'Snort.org and Emergingthreats.net files are corrupted.'); - update_output_window2('ms2', 'Stoping Script...'); - return false; - } - - /* - * START: Untar Files - */ - - // Untar snort rules file individually to help people with low system specs - if ($snort_md5_check_ok === false && file_exists("{$tmpfname}/{$snort_filename}")) { - - update_output_window2('ms1', 'Extracting Snort.org rules...'); - update_output_window2('ms2', 'May take a while...'); - - function build_SnortRuleDir() - { - global $tmpfname, $snortdir, $snortdir_rules, $snort_filename; - - // find out if were in 1.2.3-RELEASE - $pfsense_ver_chk = exec('/bin/cat /etc/version'); - if ($pfsense_ver_chk === '1.2.3-RELEASE') { - $pfsense_stable = 'yes'; - }else{ - $pfsense_stable = 'no'; - } - - // get the system arch - $snort_arch_ck = exec('/usr/bin/uname -m'); - if ($snort_arch_ck === 'i386') { - $snort_arch = 'i386'; - }else{ - $snort_arch = 'x86-64'; // amd64 - } - - if ($pfsense_stable === 'yes') { - $freebsd_version_so = 'FreeBSD-7-3'; - }else{ - $freebsd_version_so = 'FreeBSD-8-1'; - } - - // extract snort.org rules and add prefix to all snort.org files - @exec("/bin/rm -r {$snortdir_rules}/rules"); - exec("/usr/bin/tar xzf {$tmpfname}/{$snort_filename} -C {$snortdir_rules} rules/"); - - $snort_dirList = scandir("{$snortdir_rules}/rules"); // Waning: only in php 5 - $snortrules_filterList = snortscandirfilter2($snort_dirList, '/.*\.rules/', '/\.rules/', ''); - - if (!empty($snortrules_filterList)) { - foreach ($snortrules_filterList as $snort_rule_move) - { - exec("/bin/mv -f {$snortdir_rules}/rules/{$snort_rule_move}.rules {$snortdir_rules}/rules/snort_{$snort_rule_move}.rules"); - } - } - - // extract so rules - exec("/usr/bin/tar xzf {$tmpfname}/{$snort_filename} -C {$snortdir_rules} so_rules/precompiled/$freebsd_version_so/$snort_arch/2.9.0.5/"); - exec("/bin/mv -f {$snortdir_rules}/so_rules/precompiled/$freebsd_version_so/$snort_arch/2.9.0.5/* /usr/local/lib/snort/dynamicrules/"); - - // list so_rules and exclude dir - exec("/usr/bin/tar --exclude='precompiled' --exclude='src' -tf {$tmpfname}/{$snort_filename} so_rules", $so_rules_list); - - $so_rulesPattr = array('/\//', '/\.rules/'); - $so_rulesPattw = array('', ''); - - // build list of so rules - $so_rules_filterList = snortscandirfilter2($so_rules_list, '/\/.*\.rules/', $so_rulesPattr, $so_rulesPattw); - - if (!empty($so_rules_filterList)) { - // cp rule to so tmp dir - foreach ($so_rules_filterList as $so_rule) - { - - exec("/usr/bin/tar xzf {$tmpfname}/{$snort_filename} -C {$snortdir_rules} so_rules/{$so_rule}.rules"); - - } - // mv and rename so rules - foreach ($so_rules_filterList as $so_rule_move) - { - exec("/bin/mv -f {$snortdir_rules}/so_rules/{$so_rule_move}.rules {$snortdir_rules}/rules/snort_{$so_rule_move}.so.rules"); - } - } - - exec("/bin/rm -r {$snortdir_rules}/so_rules"); - - // extract base etc files - exec("/usr/bin/tar xzf {$tmpfname}/{$snort_filename} -C {$snortdir} etc/"); - - } - build_SnortRuleDir(); - // cp md5 to main snort dir - exec("/bin/cp {$tmpfname}/{$snort_filename_md5} {$snortdir_rules}/{$snort_filename_md5}"); - update_output_window2('ms2', 'Done extracting Snort.org Rules.'); - } - - /* Untar emergingthreats rules to tmp */ - if ($emerg_md5_check_ok === false && file_exists("{$tmpfname}/{$emergingthreats_filename}")) { - if (file_exists("{$tmpfname}/{$emergingthreats_filename}")) { - update_output_window2('ms1', 'Extracting Emergingthreats Rules...'); - update_output_window2('ms2', 'May take a while...'); - @exec("/bin/rm -r {$emergingdir_rules}/rules"); - exec("/usr/bin/tar xzf {$tmpfname}/{$emergingthreats_filename} -C {$emergingdir_rules} rules/"); - exec("/bin/cp {$tmpfname}/{$emergingthreats_filename_md5} {$emergingdir_rules}/{$emergingthreats_filename_md5}"); - update_output_window2('ms2', 'Done extracting Emergingthreats.net Rules.'); - } - } - - /* Untar Pfsense rules to tmp */ - if ($pfsense_md5_check_ok === false && file_exists("{$tmpfname}/{$pfsense_rules_filename}")) { - if (file_exists("{$tmpfname}/{$pfsense_rules_filename}")) { - update_output_window2('ms1', 'Extracting Pfsense rules...'); - update_output_window2('ms1', 'May take a while...'); - @exec("/bin/rm -r {$pfsensedir_rules}/rules"); - exec("/usr/bin/tar xzf {$tmpfname}/{$pfsense_rules_filename} -C {$pfsensedir_rules} rules/"); - exec("/bin/cp {$tmpfname}/{$pfsense_rules_filename_md5} {$pfsensedir_rules}/{$pfsense_rules_filename_md5}"); - update_output_window2('ms2', 'Done extracting pfSense.org Rules.'); - - } - } - - /* double make shure cleanup emerg rules that dont belong */ - if (file_exists("/usr/local/lib/snort/dynamicrules/lib_sfdynamic_example_rule.so")) { - exec("/bin/rm /usr/local/lib/snort/dynamicrules/lib_sfdynamic_example_rule.so"); - exec("/bin/rm /usr/local/lib/snort/dynamicrules/lib_sfdynamic_example\*"); - } - - // make sure default rules are in the right format - update_output_window2('ms1', 'Reformatting Rules To One Standard...'); - update_output_window2('ms2', 'Please Wait...'); - exec("/usr/bin/sed -i '' 's/^[ \t]*//' {$snortdir_rules}/rules/*.rules"); // remove white spaces from begining of line - exec("/usr/bin/sed -i '' 's/^#alert*/\# alert/' {$snortdir_rules}/rules/*.rules"); - exec("/usr/bin/sed -i '' 's/^##alert*/\# alert/' {$snortdir_rules}/rules/*.rules"); - exec("/usr/bin/sed -i '' 's/^## alert*/\# alert/' {$snortdir_rules}/rules/*.rules"); - - exec("/usr/bin/sed -i '' 's/^[ \t]*//' {$emergingdir_rules}/rules/*.rules"); - exec("/usr/bin/sed -i '' 's/^#alert*/\# alert/' {$emergingdir_rules}/rules/*.rules"); - exec("/usr/bin/sed -i '' 's/^##alert*/\# alert/' {$emergingdir_rules}/rules/*.rules"); - exec("/usr/bin/sed -i '' 's/^## alert*/\# alert/' {$emergingdir_rules}/rules/*.rules"); - - exec("/usr/bin/sed -i '' 's/^[ \t]*//' {$pfsensedir_rules}/rules/*.rules"); - exec("/usr/bin/sed -i '' 's/^#alert*/\# alert/' {$pfsensedir_rules}/rules/*.rules"); - exec("/usr/bin/sed -i '' 's/^##alert*/\# alert/' {$pfsensedir_rules}/rules/*.rules"); - exec("/usr/bin/sed -i '' 's/^## alert*/\# alert/' {$pfsensedir_rules}/rules/*.rules"); - update_output_window2('ms2', 'Done...'); - - /* create a msg-map for snort */ - update_output_window2('ms1', 'Updating Alert Sid Messages...'); - update_output_window2('ms2', 'Please Wait...'); - exec("/usr/local/bin/perl /usr/local/bin/create-sidmap.pl {$snortdir_rules}/rules > /usr/local/etc/snort/etc/sid-msg.map"); - exec("/usr/local/bin/perl /usr/local/bin/create-sidmap.pl {$emergingdir_rules}/rules >> /usr/local/etc/snort/etc/sid-msg.map"); - exec("/usr/local/bin/perl /usr/local/bin/create-sidmap.pl {$pfsensedir_rules}/rules >> /usr/local/etc/snort/etc/sid-msg.map"); - update_output_window2('ms2', 'Done...'); - - // create default dir - if (!file_exists('/usr/local/etc/snort/snortDBrules/DB/default/rules')) { - exec('/bin/mkdir -p /usr/local/etc/snort/snortDBrules/DB/default/rules'); - } - - // cp new rules to default dir - exec('/bin/rm /usr/local/etc/snort/snortDBrules/DB/default/rules/*.rules'); - exec("/bin/cp {$snortdir_rules}/rules/*.rules /usr/local/etc/snort/snortDBrules/DB/default/rules"); - exec("/bin/cp {$emergingdir_rules}/rules/*.rules /usr/local/etc/snort/snortDBrules/DB/default/rules"); - exec("/bin/cp {$pfsensedir_rules}/rules/*.rules /usr/local/etc/snort/snortDBrules/DB/default/rules"); - - - // reapplay rules from DB cp base rules to dirs - $sidOnOff_array = snortSql_fetchAllSettings2('snortDBrules', 'Snortrules', 'All', ''); - - if (!empty($sidOnOff_array)) { - update_output_window2('ms1', 'Reapplying User Settings...'); - update_output_window2('ms2', 'Please Wait...'); - foreach ($sidOnOff_array as $preSid_Array) - { - if (!file_exists("/usr/local/etc/snort/snortDBrules/DB/{$preSid_Array['uuid']}/rules")) { - exec("/bin/mkdir -p /usr/local/etc/snort/snortDBrules/DB/{$preSid_Array['uuid']}/rules"); - } - - exec("/bin/rm /usr/local/etc/snort/snortDBrules/DB/{$preSid_Array['uuid']}/rules/*.rules"); - exec("/bin/cp {$snortdir_rules}/rules/*.rules /usr/local/etc/snort/snortDBrules/DB/{$preSid_Array['uuid']}/rules"); - exec("/bin/cp {$emergingdir_rules}/rules/*.rules /usr/local/etc/snort/snortDBrules/DB/{$preSid_Array['uuid']}/rules"); - exec("/bin/cp {$pfsensedir_rules}/rules/*.rules /usr/local/etc/snort/snortDBrules/DB/{$preSid_Array['uuid']}/rules"); - reapplyRuleSettings_run($preSid_Array['uuid']); - update_output_window2('ms2', 'Done...'); - } - } - - // cp snort conf's to Ifaces - $ifaceConfMaps_array = snortSql_fetchAllSettings2('snortDB', 'SnortIfaces', 'All', ''); - - if (!empty($ifaceConfMaps_array)) { - update_output_window2('ms1', 'Reapplying User Settings...'); - update_output_window2('ms2', 'Please Wait...'); - foreach ($ifaceConfMaps_array as $preIfaceConfMaps_array) - { - // create iface dir if missing - if (!file_exists("/usr/local/etc/snort/sn_{$preIfaceConfMaps_array['uuid']}")) { - exec("/bin/mkdir -p /usr/local/etc/snort/sn_{$preIfaceConfMaps_array['uuid']}"); - } - - // create rules dir soft link if setting is default - if ($preIfaceConfMaps_array['ruledbname'] === 'default' || $preIfaceConfMaps_array['ruledbname'] === '') { - if (!file_exists("/usr/local/etc/snort/sn_{$preIfaceConfMaps_array['uuid']}/rules") && file_exists('/usr/local/etc/snort/snortDBrules/DB/default/rules')) { - exec("/bin/ln -s /usr/local/etc/snort/snortDBrules/DB/default/rules /usr/local/etc/snort/sn_{$preIfaceConfMaps_array['uuid']}/rules"); - } - } - - // create rules dir soft link if setting is not default - if ($preIfaceConfMaps_array['ruledbname'] !== 'default' || $preIfaceConfMaps_array['ruledbname'] != '') { - if (!file_exists("/usr/local/etc/snort/sn_{$preIfaceConfMaps_array['uuid']}/rules") && file_exists("/usr/local/etc/snort/snortDBrules/DB/{$preIfaceConfMaps_array['ruledbname']}/rules")) { - exec("/bin/ln -s /usr/local/etc/snort/snortDBrules/DB/{$preIfaceConfMaps_array['ruledbname']}/rules /usr/local/etc/snort/sn_{$preIfaceConfMaps_array['uuid']}/rules"); - } - } - - exec("/bin/cp {$snortdir}/etc/*.config /usr/local/etc/snort/sn_{$preIfaceConfMaps_array['uuid']}"); - exec("/bin/cp {$snortdir}/etc/*.conf /usr/local/etc/snort/sn_{$preIfaceConfMaps_array['uuid']}"); - exec("/bin/cp {$snortdir}/etc/*.map /usr/local/etc/snort/sn_{$preIfaceConfMaps_array['uuid']}"); - exec("/bin/cp {$snortdir}/etc/generators /usr/local/etc/snort/sn_{$preIfaceConfMaps_array['uuid']}"); - exec("/bin/cp {$snortdir}/etc/sid /usr/local/etc/snort/sn_{$preIfaceConfMaps_array['uuid']}"); - - reapplyRuleSettings_run($preSid_Array['uuid']); - update_output_window2('ms2', 'Done...'); - } - } - - - // remove old $tmpfname files */ - update_output_window2('ms1', 'Removing old files...'); - update_output_window2('ms2', 'Working...'); - if (file_exists('/usr/local/etc/snort/tmp')) { - exec("/bin/rm -r /usr/local/etc/snort/tmp/snort_rules_up"); - exec("/bin/rm -r /usr/local/etc/snort/tmp/rules_bk"); - apc_clear_cache(); - } - update_output_window2('ms2', 'Done...'); - - // php code to flush out cache some people are reportting missing files this might help - apc_clear_cache(); - exec("/bin/sync ;/bin/sync ;/bin/sync ;/bin/sync ;/bin/sync ;/bin/sync ;/bin/sync ;/bin/sync"); - - // make all dirs snorts - exec("/usr/sbin/chown -R snort:snort /var/log/snort"); - exec("/usr/sbin/chown -R snort:snort /usr/local/etc/snort"); - exec("/usr/sbin/chown -R snort:snort /usr/local/lib/snort"); - exec("/bin/chmod -R 755 /var/log/snort"); - exec("/bin/chmod -R 755 /usr/local/etc/snort"); - exec("/bin/chmod -R 755 /usr/local/lib/snort"); - - - update_output_window2('ms1', 'Finnished Updateing...'); - update_output_window2('ms2', 'Finnished Updateing...'); - - - // if snort is running hard restart, if snort is not running do nothing - - // TODO: Restart Ifaces - -// ----------------------------------------------------- End Code -------------------------------------------- - -} // -------------------- END Main function ------------ - -//$argv[1] = 'console'; - - //$getWorkerStat = snortSql_fetchAllSettings2('snortDBtemp', 'RegisterWorker', 'uuid', 'jdjEf!773&h3bhFd6A'); - - //if ($getWorkerStat['working'] !== 'on') { - //snortSql_updateRuleSetList2('working', 'on', '', '', ''); // Register Worker on - //sendUpdateSnortLogDownload($argv[1]); // start main function - //snortSql_updateRuleSetList2('working', 'off', '', '', ''); // Register Worker off - //} - - - - - -?> \ No newline at end of file -- cgit v1.2.3